1.Introduction
Welcome to AI Archetypes. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website at https://www.elyscel.com, take the AI Archetypes quiz, or purchase any of our digital products.
AI Archetypes is a research-based psychometric assessment that classifies users into seven archetypes based on their relationship with artificial intelligence. The service is operated by Elyscel Co., Ltd. (“we,” “us,” “our,” or “Elyscel”), a company registered in Thailand.
Please read this policy carefully. By using AI Archetypes, you confirm that you have read and understood this Policy. If you do not agree with any part of it, please do not use the service.
2.Who We Are (Data Controller)
For the purposes of GDPR, CCPA, and PDPA, the data controller responsible for your personal data is:
304 Vanit Place Aree (Building A), Phaholyothin Road, Samsen Nai, Phayathai, Bangkok 10400, Thailand
Company Registration: 0105569055397
Privacy contact: contact@elyscel.com
Data Protection Officer (DPO): contact@elyscel.com
If you reside in the European Union or United Kingdom and have a complaint we have not resolved to your satisfaction, you may also contact your local data protection authority.
3.Information We Collect
We collect personal data only to the extent necessary to provide the AI Archetypes service. We have designed the service to minimise personal data collection — for example, the free quiz does not require account creation or email registration.
3.1 Information You Provide Directly
- Quiz responses: Your answers to the AI Archetypes quiz questions (28 questions: 24 scoring questions and 4 demographic questions covering age range, occupation, AI experience level, and frequency of AI use).
- Payment information: If you purchase a paid Unlock or Bundle, your payment is processed directly by our payment processor (Stripe). We do not store full payment card details on our servers. We receive only a transaction confirmation, the email address you provided to Stripe (for receipt purposes), and the country/billing region where applicable.
- Communications: If you contact us via email or through any contact form, we collect the contents of your message and any information you choose to share.
3.2 Information Collected Automatically
- Technical data: IP address (anonymised after 30 days), browser type and version, operating system, device type, time zone, and referring URL.
- Usage data: Pages viewed, time spent on each page, quiz completion timestamp, archetype result generated, whether you purchased any Unlock, and aggregated anonymous analytics.
- Cookies and similar technologies: We use essential cookies for the service to function (e.g., session continuity during the quiz) and, with your consent, analytics cookies. See Section 9 for details.
3.3 What We Do Not Collect
We deliberately do not collect the following during the free quiz:
- Your full name
- Your email address (unless you contact us or purchase an Unlock)
- Your physical address
- Your phone number
- Government identification numbers
- Biometric data
- Financial account numbers (handled exclusively by Stripe)
We do not knowingly process special category data under GDPR Article 9 (such as racial origin, political opinions, religious beliefs, health data, or sexual orientation), and our quiz questions are designed to avoid eliciting such information.
4.How and Why We Use Your Information
The table below summarises each category of personal data we process, the purpose for processing, and our lawful basis under GDPR. For users in California, this also satisfies the CCPA disclosure requirement. For users in Thailand, this satisfies the PDPA Section 23 notice requirement.
| Data category | Purpose | Lawful basis (GDPR) |
|---|---|---|
| Quiz responses | Calculate your archetype, dimension scores, and dependency risk score; generate your free result | Performance of contract / Legitimate interest |
| Quiz responses (aggregated) | Research and continuous improvement of the AI Archetypes model | Legitimate interest / Consent (where applicable) |
| Demographic data (age range, occupation, AI experience) | Calibrate archetype distributions; calculate cohort-relative scores | Performance of contract / Legitimate interest |
| Payment data (via Stripe) | Process your purchase and issue receipts | Performance of contract |
| Email address (Stripe receipt) | Provide receipt, handle refund requests, and respond to support inquiries | Performance of contract / Legitimate interest |
| Technical & usage data | Operate, secure, and improve the service; detect fraud and abuse | Legitimate interest |
| Cookies (essential) | Maintain session continuity during the quiz | Strictly necessary |
| Cookies (analytics) | Understand user behaviour and improve the service | Consent |
Note on “legitimate interest”: Where we rely on legitimate interest as our lawful basis, we have conducted a balancing test to ensure that our processing does not override your rights and freedoms. You can request a copy of this assessment by contacting us.
5.Sharing Your Information
We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes.
We share personal data only with the following categories of recipients, and only to the extent necessary:
- Payment processor: Stripe, Inc. processes all payments. Your card details are submitted directly to Stripe and are not stored on our servers. Stripe's privacy policy is available at stripe.com/privacy.
- Hosting and infrastructure providers: Our website and database are hosted by reputable cloud infrastructure providers (e.g., Cloudflare, AWS, or equivalent). These providers act as data processors on our behalf under contractual agreements that comply with GDPR Article 28 and equivalent provisions under PDPA.
- Analytics providers: Where you have consented, we use privacy-respecting analytics tools to understand aggregated usage patterns. We do not share personally identifying information with analytics providers for advertising profiling.
- Email service providers: If we send transactional emails (e.g., refund confirmations, support responses), we may use an email delivery service to do so.
- Legal authorities: Where we are required by law, court order, or regulatory authority to disclose personal data, we will do so. Where legally permitted, we will notify you before disclosure.
- Business transfers: If Elyscel is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users in advance where practicable.
6.International Data Transfers
Elyscel Co., Ltd. is based in Thailand. Our service is offered globally, and the infrastructure providers we use may store and process data in various countries, including the United States, the European Union, and Singapore.
Where personal data is transferred outside your country of residence, we ensure appropriate safeguards are in place:
- For transfers from the EU/EEA or UK: We rely on EU Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreement (IDTA), or transfer to countries with an adequacy decision from the European Commission.
- For transfers from Thailand: We comply with PDPA Section 28 by transferring only to recipients with adequate data protection standards or under appropriate safeguards as required by the Personal Data Protection Committee (PDPC).
- For transfers from California: Transfers comply with CCPA/CPRA requirements regarding service providers and contractors.
You can request more information about the specific safeguards in place by contacting us at contact@elyscel.com.
7.How Long We Keep Your Information
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.
| Data type | Retention period |
|---|---|
| Free quiz responses (linked to identifiers) | Up to 12 months from completion, then anonymised |
| Anonymised aggregated research data | Retained indefinitely for ongoing research, with no personal identifiers |
| Purchase records (incl. Stripe email) | 7 years (for tax and accounting compliance with Thai law) |
| Support correspondence | Up to 24 months from last contact |
| IP address (in raw form) | 30 days, then anonymised or deleted |
| Cookies (analytics) | Up to 13 months, or until you withdraw consent |
After the retention period ends, we either securely delete or anonymise the data so that it can no longer be linked back to you.
8.Your Rights
You have rights regarding your personal data. The rights available to you depend on the jurisdiction whose laws apply to your data. The most commonly applicable rights are listed below; we will honour all rights that apply under the law of your country of residence.
8.1 Rights Under GDPR and UK GDPR (Applicable to EU/EEA/UK Residents)
- Right of access (Article 15): You may request a copy of the personal data we hold about you.
- Right to rectification (Article 16): You may request correction of inaccurate or incomplete data.
- Right to erasure (Article 17): You may request deletion of your data, subject to legal retention requirements.
- Right to restrict processing (Article 18): You may request that we limit how we use your data.
- Right to data portability (Article 20): You may request a machine-readable copy of your data.
- Right to object (Article 21): You may object to processing based on legitimate interest.
- Right to withdraw consent (Article 7): Where processing relies on consent, you may withdraw it at any time.
- Right to lodge a complaint: You may complain to your local supervisory authority (e.g., the ICO in the UK, your national DPA in the EU).
8.2 Rights Under CCPA/CPRA (Applicable to California Residents)
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to delete: You may request deletion of personal information we collected from you, subject to legal exceptions.
- Right to correct: You may request correction of inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioural advertising. There is nothing to opt out of, but this right is recognised.
- Right to limit use of sensitive personal information: We do not collect sensitive personal information as defined under CPRA.
- Right to non-discrimination: We will not discriminate against you for exercising your rights.
8.3 Rights Under PDPA (Applicable to Thai Residents)
- Right to be informed (Section 23): You have the right to know how your data is processed (this Policy fulfils that requirement).
- Right of access (Section 30): You may request access to your personal data.
- Right to data portability (Section 31): You may request your data in a machine-readable format.
- Right to object (Section 32): You may object to certain processing activities.
- Right to erasure (Section 33): You may request deletion of your data.
- Right to restrict processing (Section 34): You may request restriction of processing in certain circumstances.
- Right to rectification (Section 35): You may request correction of inaccurate data.
- Right to withdraw consent (Section 19): Where processing relies on consent, you may withdraw it at any time.
- Right to lodge a complaint: You may file a complaint with the Personal Data Protection Committee (PDPC) of Thailand.
8.4 How to Exercise Your Rights
To exercise any of the rights above, please email us at contact@elyscel.com with the following information:
- The right you wish to exercise
- Sufficient information to identify the data in question — typically this means the email address used to make a purchase (for paid users) or the approximate date and time you took the quiz plus general device details (for free users)
- A description of the data or the action you are requesting
Important regarding free quiz users: Because the free quiz does not require account creation, we may be unable to identify the specific records associated with a free user with certainty. We will make reasonable efforts based on the information you provide (e.g., approximate timestamp, IP range, device type, demographic data combination) but cannot guarantee identification in all cases. This limitation is a deliberate consequence of our data-minimisation design choice.
We will respond to verifiable requests within 30 days (GDPR/PDPA) or 45 days (CCPA, extendable by another 45 days where justified). There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.
9.Cookies and Tracking Technologies
We use cookies and similar technologies on our website. Cookies are small text files placed on your device to make the service work efficiently and to provide reporting information.
We use two categories of cookies:
- Strictly necessary cookies: These are required for the website and quiz to function. They do not require consent. Examples include session management and security cookies.
- Analytics cookies: These help us understand how visitors use the website. We only set these with your consent. You can change your cookie preferences at any time via the cookie banner on the website or in our cookie settings.
We do not use advertising or cross-site tracking cookies. Most browsers also allow you to block or delete cookies through their settings.
10.Children's Privacy
AI Archetypes is intended for users aged 16 and above. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take steps to delete that data.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@elyscel.com so we can take appropriate action.
11.Security
We implement appropriate technical and organisational measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/HTTPS for all website traffic)
- Encryption of sensitive data at rest where technically feasible
- Access controls limiting who within our team can access personal data
- Regular security reviews of our infrastructure and code
- Payment processing isolated to a PCI-DSS compliant third-party processor (Stripe)
Despite these measures, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, as required by applicable law.
12.Automated Decision-Making
AI Archetypes uses an algorithmic scoring system to classify your quiz responses into one of seven archetypes and to calculate dimension and dependency scores. This is automated processing as defined under GDPR Article 22 and equivalent provisions under PDPA.
However, this processing:
- Does not produce legal effects concerning you
- Does not significantly affect you in similar ways (it is provided for self-reflection, education, and entertainment purposes, not for hiring, credit, insurance, or any consequential decision-making)
- Is based on a transparent, research-validated scoring methodology
Our archetype result is informational only. It should not be used as the sole basis for any consequential personal, professional, financial, or medical decision.
You have the right to request a human review of your result, to express your point of view, and to contest the classification. To do so, contact us at contact@elyscel.com.
13.Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we make material changes, we will:
- Update the “Effective Date” at the top of this Policy
- Post a notice on our website for at least 30 days following the change
- Where required by law, obtain fresh consent for any new processing activities
We encourage you to review this Policy periodically to stay informed about how we protect your personal data.
14.Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
304 Vanit Place Aree (Building A), Phaholyothin Road, Samsen Nai, Phayathai, Bangkok 10400, Thailand
Company Registration: 0105569055397
Privacy contact: contact@elyscel.com
Data Protection Officer (DPO): contact@elyscel.com
Website: https://www.elyscel.com
Document version: 1.0 — Last updated: 24 May 2026
← Back to Home