Alpha SELF
EN
Take the test
Test
Self-esteem
The programWho am I?My voice mattersHow others see me vs how I see myselfThe courage to ask for helpRelationships that grow meResilience and failurePass it onArchetypesVisionaryCreatorAmbassadorProtector
Community
MapMissions
Events
Partners
NGOsSchools & universitiesCompanies (CSR)Trainers
More
BarometerMediaResourcesContact
Login
Take the Alpha SELF test

Legal

Alpha SELF Privacy Policy

Last updated: 2026-06-04 · v1.0

Cookie settings Request data deletion Download my data

Operational template for publication. Legal-entity details to be confirmed by a lawyer/DPO before launch.

Data controller: Alpha SELF, non-profit association, registered under registration pending, with registered office at Romania. Privacy contact: privacy@alphaself.eu. DPO / privacy lead: privacy@alphaself.eu.

This Policy explains what data we collect, why we collect it, how we protect it and what rights you have. We use clear language because Alpha SELF is also used by young people aged 16–17.

1. Short version

Alpha SELF collects data to:

  • show your test result;
  • recommend your archetype and suitable missions;
  • build an aggregated map of youth self-esteem;
  • organise communities and events;
  • train and validate trainers and mentors;
  • produce statistical reports and media materials without identifying you;
  • report impact to funders and partners without giving them your personal data.

We do not sell your personal data. We do not publish your name next to your answers. We do not provide medical or psychological diagnosis.

Some questions may be sensitive. If you do not want to answer a sensitive question, you can skip it or choose “Prefer not to answer”.

2. Who controls the data

The data controller is Alpha SELF. This entity decides why and how personal data is processed within Alpha SELF.

Contact details: privacy email privacy@alphaself.eu, general email hello@alphaself.eu, address Romania, DPO privacy@alphaself.eu.

3. Who the platform is for

Alpha SELF is for young people aged 16–24, trainers, mentors and facilitators, educational partners, NGOs, schools, universities, companies and funders, website visitors, and parents/guardians.

Alpha SELF is not intended to collect personal data from children under 16 through the main test. If you are under 16, do not create an account and do not complete the main tests without parent/guardian consent and a special Alpha SELF-approved flow.

4. What data we collect

  • Account data: name or display name, email, phone (if needed), encrypted password, age or age range, county/city/urban-rural, platform role.
  • Alpha SELF test data: answers about self-esteem, self-image, belonging, social pressure, family, social media, asking for help, resilience, voice, autonomy, community interests.
  • Sensitive or potentially sensitive data: some answers may touch emotional wellbeing, vulnerabilities, loneliness, pressure or safety questions. Where needed we request separate explicit consent. We do not ask for a medical diagnosis.
  • Trainer and mentor data: contact, CV/experience, certifications, counties, experience with young people, survey answers, comfort with sensitive modules, feedback, validation status, documents, event history.
  • Event data: registration, attendance, feedback, logistics preferences, photo/video consent, minimum safety data.
  • Technical data: IP or anonymised IP, session identifiers, browser and device, pages visited, errors, security logs, cookies (see Cookie Policy).
  • Partner data: organisation, contact person, email/phone, partner type, counties/programmes, contracts and impact reports.

5. Why we collect data

To operate the platform, calculate your Alpha SELF profile (indicative scores, not a diagnosis), run research and aggregated reports, design the “Self-Esteem” programme, run pre/post evaluation, ensure safety and moderation, send communications (with the right legal basis) and report aggregated impact to partners and funders.

  • Consent: surveys, newsletter, non-essential cookies, some sensitive questions, testimonials, public photo/video.
  • Explicit consent: sensitive data, where required.
  • Contract or pre-contractual steps: accounts, registrations, trainer applications, collaborations.
  • Legitimate interest: security, abuse prevention, minimal internal statistics, platform improvement.
  • Legal obligation: accounting records, authority requests.
  • Vital interests: serious and immediate risk to someone’s safety.
  • Research/statistics: aggregated, anonymised or pseudonymised results with safeguards.

The main platform is for young people aged 16–24. If you are 16–17 we use clear explanations and easy-to-understand consent; for offline activities we may request parent/guardian consent. If you are under 16, do not create an account or take the main test without a special parental-consent flow.

8. Profiling and automated decisions

We calculate scores and archetypes — a form of educational profiling. We do not use scores for decisions with legal effects about you. For trainers, the final decision includes human review. You may ask for an explanation at privacy@alphaself.eu.

9. Who we may share data with

Suppliers and partners that help operate the platform: infrastructure (Cloudflare Workers, D1, Queues, R2), email/notifications, analytics, cookie consent management, technical support, security, form processing, event services, legal/accounting/DPO consultants, trainers and coordinators (only as needed), and authorities (if required by law). CSR partners, media and funders normally receive only aggregated or anonymised data.

10. International transfers

We may use suppliers who process data in the EU/EEA or other countries. For transfers outside the EEA we use appropriate safeguards (adequacy decisions, standard contractual clauses or other GDPR safeguards). Main providers: Cloudflare (Workers, D1, KV, R2, Queues), Resend.

11. How long we keep data

Only as long as needed: active account — while active; inactive account — anonymisation/deletion after 24 months; survey answers linked to account — pseudonymisation after 24 months; aggregated data — long-term without identification; consent records — as long as needed for compliance; security logs — 6–12 months; event data — 3 years; rejected trainer applications — 24 months; active trainers — during collaboration; safety cases — as long as necessary for protection and legal duties.

12. How we protect data

HTTPS, encrypted passwords, role-based access control, audit logs, pseudonymisation, separation of sensitive data, limited access for trainers/partners, backups, security monitoring, data minimisation, internal training and incident procedures.

13. Your rights

You have the right to request access, correction, deletion, restriction, to object to processing, portability, to withdraw consent, and to lodge a complaint with a data protection authority (in Romania: the Romanian National Supervisory Authority for Personal Data Processing, https://www.dataprotection.ro/). To make a request, contact privacy@alphaself.eu.

You can withdraw consent for newsletter, non-essential cookies, identifiable research, marketing, testimonials, photo/video and optional sensitive questions. Withdrawal does not affect prior processing.

15. Anonymised and aggregated data

We may publish anonymised/aggregated data (e.g. percentage reporting high social pressure, average scores by county, urban/rural differences, age-group results, pre/post impact, archetype distribution). This data must not identify you.

16. Cookies

We use cookies for operation, security, preferences, analytics and, only with consent, marketing. Details at /en/cookies/.

Alpha SELF may link to external sites. We do not control their policies; read them before using them.

18. Changes to this Policy

We may update this Policy. For important changes we announce on the site, in the account or by email (where allowed).

19. Contact

Your data: privacy@alphaself.eu · Safety: safety@alphaself.eu · Account support: support@alphaself.eu · General contact: hello@alphaself.eu

Have a question? Contact us.