Skip to content
Elementals

Privacy Policy

Last updated: March 5, 2026

At Elementals, we take your privacy seriously. This privacy policy describes what personal data we collect, why we collect it, how we protect it and what rights you have. Elementals.nl is a personality assessment platform based on the Big Five (OCEAN) model, enriched with Norse mythology archetypes and five elements.

Data Controller

Theuws Consulting, registered at the Dutch Chamber of Commerce under number 71820132, based in Bladel, the Netherlands, is the data controller for the processing of personal data via Elementals.nl. For questions about this privacy policy, you can contact us at [email protected].

What data do we collect?

We only collect data that is necessary for providing and improving our services. This includes the following categories:

  • Account data — email address, name and password hash (your password itself is never stored)
  • Assessment data — your answers to assessment questions, calculated scores (element scores, facet scores) and results (archetypes, profiles)
  • Payment data — processed via Mollie; we do not store credit card numbers or bank account numbers
  • Coaching data — client notes, journey sessions and reports (only for coach and HR accounts)
  • AI chat conversations — sessions with the AI coaching feature, including your messages and the AI responses
  • Billing data — name, address and email address for invoicing via Moneybird
  • Analytical data — anonymised page visits and usage statistics

Legal basis for processing

We process your data on the following legal grounds under the GDPR:

  • Performance of the contract (Art. 6(1)(b) GDPR) — to deliver your assessment, display results and manage your account
  • Legitimate interest (Art. 6(1)(f) GDPR) — to improve, secure and protect the platform against fraud
  • Consent (Art. 6(1)(a) GDPR) — for analytical cookies, marketing cookies and the generation of AI-enriched reports
  • Legal obligation (Art. 6(1)(c) GDPR) — for retaining invoices in accordance with the 7-year fiscal retention requirement

Cookies

Elementals uses cookies and similar technologies. We distinguish three categories:

Necessary cookies

These cookies are essential for the platform to function and are always active. They include session cookies (to keep you logged in), language preference cookies (NL/EN) and CSRF protection tokens. No consent is required for these cookies.

Analytical cookies

We use Google Analytics 4 via Google Tag Manager and a first-party analytics endpoint (/api/analytics/collect) to analyse platform usage. IP anonymisation is enabled. These cookies are only placed after your explicit opt-in via the cookie banner.

Marketing cookies

We use Meta Pixel, LinkedIn Insight Tag and Google Ads to measure advertising campaigns. These cookies are only placed after your explicit opt-in via the cookie banner. You can withdraw your consent at any time via the cookie banner.

Third parties and service providers

We share personal data with the following third parties, solely for the purposes described below:

  • Anthropic (Claude) — AI reports and coaching chat; receives element scores, facet scores, archetype result and language preference, but no raw assessment answers
  • fal.ai (Flux Pro) — image generation of archetype illustrations; receives only text prompts, no personal data
  • Mollie — payment processing; receives payment details necessary for the transaction
  • Moneybird — invoicing; receives name, address and email address
  • Resend — email delivery; receives email address and name for sending transactional emails
  • Cloudflare — DNS, CDN and tunnel; all traffic to Elementals.nl passes through Cloudflare
  • Google (GTM/GA4) — analytics, only with opt-in via cookie banner
  • Meta (Pixel) — marketing tracking, only with opt-in via cookie banner
  • LinkedIn (Insight Tag) — marketing tracking, only with opt-in via cookie banner

AI processing

Elementals uses AI (Claude by Anthropic) for generating personality reports, coaching chat and analysis. The following data is sent to the AI: element scores, facet scores, archetype result and language preference. Raw assessment answers, passwords and payment data are never sent to the AI. The scoring of your assessment is fully deterministic — AI plays no role in the calculation of your scores. No automated decision-making takes place within the meaning of Article 22 GDPR.

International data transfers

Some of our service providers (Anthropic, Cloudflare, fal.ai, Google, Meta, LinkedIn) are based in the United States. Transfer of personal data to countries outside the EEA takes place on the basis of EU Standard Contractual Clauses (SCCs) or adequacy decisions of the European Commission, in accordance with GDPR requirements.

Retention periods

We do not retain your data longer than necessary. The following retention periods apply:

  • Anonymous sessions (not logged in) — 30 days after the last activity
  • Registered accounts — as long as your account is active, plus 30 days after deletion
  • Invoices — 7 years (statutory retention requirement)
  • Analytical data — 26 months
  • AI chat history — 12 months
  • Generated images — indefinitely (these do not contain personal data)

Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — you can request which data we process about you
  • Right to rectification — you can have incorrect data corrected
  • Right to erasure — you can delete your account and all associated data via your account settings or by email
  • Right to data portability — you can request a copy of your data in a common format
  • Right to restriction of processing — you can request a temporary halt of processing
  • Right to object — you can object to processing based on legitimate interest
  • Right to withdraw consent — you can withdraw your cookie consent at any time via the cookie banner
  • Right to lodge a complaint — you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl)

Coaches and organisations

Coaches and HR users process personal data of their clients and employees through the platform. They are the data controller for that data; Theuws Consulting acts as data processor. A Data Processing Agreement (DPA) is available on request via [email protected].

Security

We take appropriate technical and organisational measures to protect your data. This includes HTTPS encryption for all traffic, bcrypt hashing of passwords, Docker containerisation of the application, role-based access control, rate limiting to prevent abuse and comprehensive input validation.

Minors

Elementals is not intended for persons under the age of 16. We do not knowingly collect personal data from minors. If we discover that a user is under 16 years of age, the account will be deleted and all associated data will be erased.

Changes

We may update this privacy policy from time to time. Changes will be communicated via the website and, where relevant, by email. Material changes will be announced at least 30 days in advance, giving you the opportunity to delete your data if you do not agree.

Contact

Do you have questions about this privacy policy, would you like to exercise your rights or do you have a complaint? Contact us at [email protected]. We will respond to your request within 30 days.