Privacy Policy
Last Updated: November 21, 2025
TL;DR (Summary)
- You can use the quizzes without creating an account or entering personal details.
- The Site is served through Cloudflare, which processes technical data (like IP address) and sets strictly necessary security cookies.
- The Site may use Cloudflare Web Analytics, which is cookieless and does not fingerprint individual users.
- Quiz progress and settings are stored in your browser’s localStorage (question IDs, answers, scores), not on my servers.
- If you subscribe for updates, an email form powered by Kit.com collects your email address, with double opt-in and an unsubscribe link in every email.
- I do not use Google Analytics, Facebook pixels, or advertising cookies.
This policy applies only to synapticfrontiers.com. Linked services, such as Kit.com or Google Forms, have their own privacy policies.
1. Who is responsible
For visitors to synapticfrontiers.com, the data controller is the Synaptic Frontiers site operator, an individual creator based in the Czech Republic (“Site operator”). For certain services (Cloudflare, Kit.com), I act as a customer and they act as data processors under their own GDPR terms.
2. What data is processed and why
2.1. Technical data when you visit the Site
When you visit the Site, some technical information is processed automatically, such as:
- IP address
- date and time of the request
- URL(s) requested
- HTTP status codes
- basic browser and operating system information (User-Agent)
- referrer URL (if your browser sends it)
Who processes this:
- Cloudflare, which provides the Worker runtime, reverse proxy, and security layer.
- If enabled, Cloudflare Web Analytics, which generates aggregate, cookie-less usage statistics.
Cloudflare’s Web Analytics is designed to avoid using cookies and to avoid fingerprinting individual users. It relies on minimal request-level data and aggregates it.
Why:
- to deliver the Site to you,
- to protect the Site from attacks (e.g. DDoS, bots, abuse),
- to ensure stability and performance,
- to understand, in aggregate, how often pages are visited (if analytics is enabled).
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in operating and protecting a functional website.
2.2. Security cookies from Cloudflare
Cloudflare may set strictly necessary cookies such as:
- __cf_bm – used for bot management,
- cf_clearance – used to remember that your browser has passed a security challenge.
These cookies:
- help distinguish legitimate visitors from automated traffic,
- are only used for security and performance,
- are not used to track you across other sites.
Legal basis: Legitimate interest in protecting the Site (Article 6(1)(f) GDPR). Because these are essential for security, they do not require a cookie banner under current EU ePrivacy rules.
2.3. Quiz state in localStorage (on your device)
To make the quizzes usable, the Site stores some state in your browser’s localStorage. This includes, for example:
- which quizzes you’ve started,
- which question IDs you have seen and in what order,
- which choices you selected,
- your quiz scores or progress.
This information relates only to your quiz activity on the Site and does not include personal identifiers like your name or email address.
This data:
- remains on your device in your browser,
- is not sent to my servers or to third-party APIs,
- is used only to restore your quiz state when you return.
You can clear this data at any time via your browser’s “clear site data” / “clear storage” settings. Legal basis: Legitimate interest in providing a functional and user-friendly quiz experience (Article 6(1)(f) GDPR).
2.4. Email subscriptions via Kit.com
If you choose to subscribe for updates about Synaptic Frontiers, the subscription form collects:
- your email address, and
- related meta-data (for example, time of subscription and IP/country at signup), which Kit.com may store for compliance and deliverability.
This form is embedded from Kit.com (formerly ConvertKit), an email service provider. I control the list (data controller for the email addresses), and Kit acts as my processor under its GDPR terms.
Purpose – to send occasional updates about Synaptic Frontiers, such as:
- new quizzes or levels,
- major project announcements.
Currently, this is not a regular newsletter and it is possible that few or no emails will be sent.
Double opt-in:
- After entering your email in the form, you receive a confirmation email.
- Your subscription is activated only if you click the confirmation link.
Unsubscribe:
- Every email sent via Kit includes an unsubscribe link.
- You can also email dave@dnarna.co to request removal.
Legal basis: Consent (Article 6(1)(a) GDPR): you actively subscribe and confirm via double opt-in.
Retention – your email address is kept while:
- you remain subscribed, and
- the project’s mailing list is maintained.
If you unsubscribe, your address is marked as unsubscribed in Kit and will no longer receive messages. You may also request deletion. Please also consult Kit’s own Privacy Policy for details on how they process data and handle international transfers.
2.5. Cloudflare Turnstile
The email form is protected by Cloudflare Turnstile, a CAPTCHA-like, privacy-focused bot detection service. Turnstile processes various signals from your browser, such as:
- IP address,
- User-Agent (browser and OS),
- aspects of how the browser behaves and renders,
- other technical attributes used to decide whether the request is from a human or a bot.
Cloudflare describes Turnstile as:
- designed to minimize data collection and
- not used to build advertising profiles or to read login cookies from unrelated sites.
Purpose: to protect the form and the Site from spam and automated abuse. Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in maintaining the security and integrity of the Site.
2.6. Feedback via Google Forms
If you choose to provide feedback via a Google Form linked from the Site:
- The information you enter (and any personal data you choose to include) is sent directly to Google, not to synapticfrontiers.com itself.
- Google processes that data under its own terms and privacy policy.
The way Google handles this data is governed by Google’s own documentation and agreements.
2.7. Where quiz content is stored
The quiz questions, choices, explanations, and related metadata are stored on servers used by the Site operator (for example, in a database provided by Cloudflare).
- These datasets contain quiz content, not personal data about visitors.
- No personal data from you is written into these quiz content stores in the current version of the Site.
If the Site later adds features that do store personal data (for example, accounts or saved results), this Policy will be updated.
3. International data transfers
Because I use services such as Cloudflare and Kit:
- some technical data (e.g. IP address) and
- any email addresses you submit
may be processed in the European Union, in the United States, and possibly in other countries where these providers operate.
These providers publish information on their own GDPR compliance and international transfer mechanisms (for example, Standard Contractual Clauses or the EU–US Data Privacy Framework). By using the Site or subscribing via Kit, you acknowledge that these international transfers may occur under such safeguards.
4. Your rights under GDPR
If you are in the EEA, UK, or a similar jurisdiction, you may have the following rights regarding your personal data:
- Access – to know what personal data is held about you (practically, this is mainly your email if you subscribed).
- Rectification – to correct inaccurate data.
- Erasure – to request deletion of your personal data where applicable.
- Restriction – to request that processing be limited in certain situations.
- Objection – to object to processing based on legitimate interests.
- Data portability – to receive personal data you provided in a portable format, where technically feasible.
Because the Site is designed to minimize collection:
- For visitors who do not subscribe, I typically cannot identify you individually based on Cloudflare-level logs alone.
- For subscribers, the primary personally identifiable data is your email address stored in Kit.
To exercise your rights in relation to data I control (especially the subscription list), contact dave@dnarna.co. I will do my best to respond within one month, as GDPR expects. You also have the right to lodge a complaint with your local data protection authority.
5. Children’s privacy
The Site is not designed or marketed as a service specifically for children. It is suitable for general audiences interested in neuroscience, including older teenagers, but:
- I do not knowingly collect personal data from children under 16.
- If you are under 16, you should only provide your email address (for subscription) with permission from a parent or guardian.
If you are a parent or guardian and believe that a child has provided personal data via the email form, please contact me so I can arrange deletion.
6. Security measures
To help protect the Site and the limited personal data involved, I use measures such as:
- Cloudflare’s security features (WAF, DDoS protection, bot management),
- serving the Site over HTTPS,
- keeping data collection to what is necessary (primarily email if you subscribe),
- using reputable third-party providers with published security and privacy practices.
No system can be perfectly secure, but the aim here is to keep both data collection and exposure as low as reasonably possible.
7. External links
The Site may link to external websites or services, for example:
- Kit.com,
- Google Forms,
- external articles or resources.
This Privacy Policy applies only to synapticfrontiers.com. External sites are responsible for their own privacy practices. You should review their policies when you visit them.
8. This is not legal advice
This Policy is written as a good-faith effort to be transparent and aligned with GDPR principles. It does not constitute legal advice. If you need legal advice about your rights or obligations, please consult a qualified legal professional.
9. Changes to this Policy
This Privacy Policy may be updated from time to time, for example if:
- the Site’s features change (e.g. introduction of accounts, payments, or new analytics), or
- new services are added that affect privacy.
The “Last updated” date at the top of this page will be changed whenever a new version is published.
10. Contact
If you have questions, concerns, or requests about this Privacy Policy or how your data is handled, you can contact me at dave@dnarna.co.