Privacy Policy

Introduction

The True Norm ("we," "us," or "our") operates the website thetruenorm.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you consent to the practices described in this policy.

Information we collect

Information you provide directly

When you create an account via Google Sign-In, we receive your email address and display name from Google. When you answer questions on the Service, your responses are recorded. You may optionally provide demographic information such as birth month and year, gender, and household income range.

Information collected automatically

When you use the Service, we may automatically collect your timezone and browser language preference. This data is derived from your browser settings and does not involve sending your IP address to any third party. This data is only collected if you have accepted our cookie consent banner. We also collect standard usage data through analytics tools, including pages visited, clicks, scrolls, and device type. Analytics data is aggregated and cannot identify you individually.

Cookies

We use essential cookies for authentication (keeping you signed in). We use analytics cookies to understand how people use the Service. Analytics cookies are only loaded after you explicitly accept them via our cookie consent banner. We do not use advertising cookies, tracking cookies from ad networks, or any third-party marketing cookies.

How we use your information

We use the information we collect to provide the Service, including displaying your percentile ranking compared to other users; to improve and optimize the Service based on usage patterns; to generate anonymized, aggregated insights and statistics that do not identify any individual; to communicate with you about your account if necessary; and to comply with legal obligations.

How we protect your data

Your responses are stored with a unique identifier, not your name or email. The database that stores responses does not contain personally identifiable information. Authentication data (your email and name) is managed by our authentication provider in a separate system from your responses. All data is encrypted at rest and all connections use TLS/HTTPS encryption in transit. Access to your personal data is restricted through row-level security policies that ensure users can only access their own information.

What we never do

We never sell, rent, or trade your personal information to any third party. We never share your individual responses with anyone — Room members only see group averages, never individual answers (see “Rooms” below). We never use your data for targeted advertising. We never combine your responses with external data sources to re-identify you. We never contact you for marketing purposes unless you have explicitly opted in.

Rooms

The Service allows you to create and join Rooms — private groups where members answer the same questions and see the group portrait. Here is how data works in Rooms:

• Room members see only group averages — never individual answers
• In small Rooms (fewer than 5 members), a disclosure warns that individual answers may be inferable from the average
• Room creators see the member count; in open Rooms, no display names are shown
• When you leave a Room, your data is removed from Room aggregates
• Anonymous users can join open Rooms without an account; their contributions expire after 48 hours unless they sign in

Your responses in a Room also contribute to the global TTN dataset. Room invite links are active until the creator revokes them. You may leave a Room at any time.

Data export

You may export your data at any time from your profile page. The export includes all questions you have answered and your response values, delivered as a CSV file. This file is generated in your browser and is not transmitted to any server.

Aggregated data and third-party sharing

We may create, publish, license, or share anonymized, aggregated statistical data derived from user responses. For example, we may report that "users aged 25-34 report an average sleep quality of 6.2 out of 10." This data is derived from cohorts of sufficient size to prevent individual identification (minimum 50 respondents per data point). This aggregated data may be shared with researchers, academic institutions, media organizations, or other third parties. Aggregated data never contains information that could reasonably be used to identify any individual.

Data retention

Your responses and profile data are retained as long as your account exists. When you delete your account, your individual responses and profile data are permanently removed from our systems. Aggregated statistics that were computed before deletion are not retroactively adjusted, as they contain no individually identifiable information.

Your rights

All users

You may access, review, and delete your data at any time by visiting your profile page. Account deletion permanently removes all your responses and profile data.

European Economic Area (GDPR)

If you reside in the EEA, you have additional rights including the right to access, rectify, erase, restrict processing, data portability, and objection. Our legal basis for processing is consent (which you provide by creating an account and accepting cookies) and legitimate interest (improving the Service). You may withdraw consent at any time by deleting your account. To exercise these rights, contact us at privacy@thetruenorm.com.

California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, to request deletion of your personal information, and to opt out of the sale of personal information. We do not sell personal information. To exercise these rights, contact us at privacy@thetruenorm.com or use the self-service deletion feature on your profile page.

Other jurisdictions

We comply with applicable data protection laws in the jurisdictions where we operate. If your jurisdiction provides additional privacy rights, please contact us and we will work to accommodate your request.

Third-party services

The Service uses third-party providers that may process data on our behalf, including authentication services, database hosting, analytics, and web hosting. These providers process data in accordance with their own privacy policies and applicable data protection agreements. Analytics services are only activated after you provide consent via our cookie banner.

Children's privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from someone under 18, we will take steps to delete that information promptly.

Data breach notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, in accordance with applicable law.

Contact

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, contact us at: privacy@thetruenorm.com

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and may notify users through the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.