← Back to The Drowning Man
Privacy Policy
Last updated: April 2026 · Effective for all users
This site collects psychometric and demographic data as part of the Drowning Man Index (DMI) audit. Because some of that data touches on emotional health and personal circumstances, it qualifies as sensitive personal data under GDPR. This policy explains exactly what is collected, why, and what you can do about it.
1. Who Is the Data Controller
[OÜ NAME] OÜ is the data controller for all personal data collected through this site.
Registry code: [REGISTRY CODE]
Registered address: [REGISTERED ADDRESS]
Contact: benjamin@patriarchfoundry.com
2. What Data We Collect and Why
When you complete the DMI audit, we collect:
- Email address — to deliver your report and to retrieve your audit history if you return.
- Your answers to Q1–Q21 — psychometric responses covering attachment patterns, emotional regulation, relational behaviour, and sexual experience.
- Computed scores — your overall DMI score, subscale scores, tier, pattern classification, and psychometric flags derived from your answers.
- Optional demographics — birth year, relationship status, whether you have children, neurodivergence status, referral source, sexual experience level, and a subjective wellbeing rating. These are voluntary and improve the precision of your results.
Some of this data — specifically information touching on emotional states, wellbeing, and neurodivergence — constitutes Special Category Data under Article 9 of the GDPR. We process it only on the basis of your explicit consent, which you provide by checking the consent box before submitting the audit.
We do not collect this data for marketing, profiling, or sale to third parties.
3. Legal Basis for Processing
- Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR) — the primary basis for processing your audit data.
- Legitimate interests (Art. 6(1)(f) GDPR) — for returning-user history retrieval, which is a core function of the service you requested.
4. How Your Data Is Stored
Your data is stored in Google Sheets via Google Apps Script, both operated by Google LLC. Google acts as a data processor on our behalf under a Data Processing Agreement.
Data is stored indefinitely unless you request deletion (see Section 6). We do not currently operate an automatic data expiry process, but we honour all deletion requests within 30 days.
5. Sub-Processors
We use the following third-party services that may process or interact with your data:
- Google LLC (United States) — Google Apps Script and Google Sheets are used to store and retrieve your audit data. Google Fonts is loaded from Google's CDN for typography; as a result of this request, Google may receive your IP address as standard browser metadata. Google LLC participates in the EU–US Data Privacy Framework.
- YouTube (Google LLC) — an embedded video player using privacy-enhanced mode (
youtube-nocookie.com). If you interact with the player, YouTube may set cookies and collect viewing behaviour per Google's privacy policy.
- Skool — our community and product delivery platform. Clicking through to Skool takes you to a separate site; Skool is an independent data controller for any information you provide there. See Skool's own privacy policy for details.
To be precise about what the above means: your audit data — your answers, scores, and personal details — are never shared with any of these third parties. The Google and YouTube references above relate only to incidental browser-level metadata (such as IP addresses) that may be logged by their infrastructure as a side-effect of loading page resources. We do not use analytics platforms, advertising networks, or marketing pixels.
6. Your Rights
Under GDPR, you have the right to:
- Access — request a copy of the data we hold about you.
- Erasure ("right to be forgotten") — request deletion of your data. You can also trigger a soft reset via the settings icon on your audit dashboard, which hides your prior history from future results without permanently deleting it from our records. A full deletion request removes all stored data.
- Portability — request your data in a machine-readable format.
- Withdraw consent — at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Lodge a complaint — with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or the supervisory authority in your country of residence.
To exercise any of these rights, email benjamin@patriarchfoundry.com. We will respond within 30 days.
7. Data Security
Access to the Google Sheet containing your data is restricted to the data controller. We do not share raw audit data with any third party. Transmission to the Apps Script endpoint uses HTTPS.
8. Children
This site is intended for adults aged 18 and over. We do not knowingly collect data from anyone under 18.
9. Changes to This Policy
If we make material changes, we will update the "last updated" date above. Continued use of the site after changes constitutes acceptance of the revised policy.
Home · Terms · Legal Notice