Privacy & Ethics
SAMRUM is built with privacy and trust as cornerstones. Here's how we handle data and consent — including when you connect an AI assistant (e.g. ChatGPT, Claude, or Cursor) via our MCP server.
Short version
- Test answers are always private — even within the family.
- Reports show patterns between you, never raw answers.
- Adults can manage children's profiles, but cannot see raw test answers.
- Data is never sold or used to train third-party AI models.
- You can delete your account and all associated data at any time.
What does SAMRUM promise about your privacy?
Your answers are private
No one else in the family can see your test answers. Reports describe patterns between people – not what anyone answered.
Each person in context
The focus is on dynamics between you. Each person is seen in relation to the others.
No selling data
Your data is never sold to third parties. We make money on reports, not on selling information about you.
Control over consent
You decide what your data can be used for. Consent can always be changed in Settings.
What does SAMRUM store about you?
What we store
- Your test answers (only visible to you)
- Computed profile for report generation
- Generated reports (text + audio file and transcript, if you chose to generate an audio summary)
- Purchase history and receipts
- Consent log with timestamps
- OAuth tokens for AI assistants you've connected via MCP (stored hashed, auto-expiring, revocable at any time).
- MCP audit log: which tool was called, timestamp and duration for each call from a connected AI assistant. Contains no conversation content. Deleted after 90 days.
Who can see what
- Your test answers: Only you
- Your individual report: Only you
- Couple and parent-child reports: Adults only
- Sibling reports: Adults, and teens if both participants are teens
- Family overview: Adults, and teenagers if an adult grants access
- Children's individual reports: Adults in the family
- Teenagers' individual reports: Only the teenager (unless they don't have their own user)
Data commitments
- Raw test answers are only visible to you
- Data is not sold to advertisers or third parties
- Data is not used for targeted advertising
- Focus is on dynamics, not ranking people
How does consent work in SAMRUM?
Optional consents include product improvement, in-app marketing — and you can sign up for the website newsletter (double opt-in).
Product improvement
OptionalOptional. Allows us to use anonymized data to improve questions and reports. You can opt out at any time.
Marketing cookies
OptionalOptional. Allows Google, Meta, and Reddit to measure ad effectiveness. On purchases and signups, a one-way hashed version of your email is sent from our server for improved conversion measurement. Test results are never shared. You can opt out at any time.
Website newsletter
OptionalIf you subscribe without an account, we store your email for double opt-in and emails you asked for. You can unsubscribe in one click from any email or contact us for deletion.
You can use SAMRUM fully without giving consent. You can change it anytime in Settings.
You can adjust your cookie choices at any time here:
How is children's data protected?
Extra rules apply for people under 18.
- Children under 13 don't have their own login – an adult manages their profile
- Adults can see children's individual reports
- Teenagers (13-17) have private individual reports (unless they don't have their own user)
- Children's results are described carefully – without harsh words
- Children can never initiate purchases of reports
Who has access on SAMRUM's behalf?
We use selected service providers to deliver the service. They process data on our behalf and are covered by data processing agreements.
Anthropic (Claude)
Writes reports and the audio summary script. Receives profile results, nicknames, and report content — never raw test answers or email. Anthropic does not train on our data. Covered by the EU-US Data Privacy Framework.
Google (Gemini TTS)
Synthesises the audio summary — only when you actively tap "Generate audio". Receives the script and nicknames. The script is a narration of the report and therefore contains observations about your relationship. The finished audio file is stored with us, not with Google. Covered by the EU-US Data Privacy Framework.
Resend
Sends login links, receipts, and notifications.
Mollie
Handles payment processing. We don't store card details.
Google (Analytics)
We use Google Analytics to understand how the site is used – e.g. page views, flows and conversions. Without consent, only anonymous cookieless measurements are collected (no personal data). With analytics consent, full cookie-based measurement is enabled. Data is also sent from our server on purchases and signups. Test results are never shared.
Google (Google Ads)
We use Google Ads to measure ad effectiveness. On purchases, we send a one-way hashed version of your email to Google for improved conversion measurement (Enhanced Conversions). Test results are never shared. Requires marketing consent.
Meta (Facebook/Instagram)
We use Meta Pixel and Conversions API to measure ad effectiveness. On purchases and signups, our server sends a one-way hashed version of your email to Meta for improved conversion measurement. Test results are never shared. Requires marketing consent.
We use Reddit Pixel and Conversions API to measure ad effectiveness. On purchases and signups, our server sends a one-way hashed version of your email to Reddit for improved conversion measurement. Test results are never shared. Requires marketing consent.
Internal statistics (self-hosted)
We use self-hosted, cookie-free statistics to understand traffic patterns, bounce rates and page flows. No personal data is collected, no cookies are set and no data is shared with third parties. Does not require consent.
What happens when you connect an AI assistant?
This only applies if you choose to connect your own AI assistant — such as ChatGPT, Claude, or Cursor — to SAMRUM via our MCP server. It never happens automatically. You start the connection from the assistant, grant consent via OAuth 2.1, and the assistant then uses a time-limited token to fetch selected data on your behalf — until you revoke access. All tools are read-only; the assistant can view data, but never change your account, make purchases, or write messages on your behalf. Here's exactly what's shared, who receives it, how long we keep connection data, and how to disconnect.
Purposes
- Let you talk to an AI assistant about your family personality data: reports, profiles, and focus tracks.
- Send you to the right places in the SAMRUM app via deep links.
- Help you find the next step — for example, a focus track that fits a situation.
What's sent to the AI assistant
- Coarse personality bands (high/middle/low) and plain-language summaries — never precise scores, percentiles, or internal axis keys.
- Report content for reports you already have access to (same as in the app).
- Focus track content: week text, check-in status, and tracks you participate in.
- Family overview: members, test status, existing reports, and active tracks — limited to the family you have set as active.
- Product and pricing information, plus links into the SAMRUM app.
What's NEVER sent to the AI assistant
- Raw test answers. They never leave SAMRUM.
- Precise 5-zone scores, percentiles, or internal axis keys (e.g. "structure_need").
- Other families you're not a member of.
- Other family members' raw answers or individual reports they haven't shared with you.
- Card details, passwords, login sessions, or other credentials.
Recipients
- The AI provider you chose — typically OpenAI (ChatGPT), Anthropic (Claude Desktop), or Cursor. They receive the data as an independent data controller and handle it under their own privacy policy, including any transfers outside the EU/EEA.
- SAMRUM has no control over how the AI provider stores, logs, or uses the data. Read their privacy policy before you connect.
- We don't share MCP data with advertisers, analytics tools, or any other third parties.
What we store about the connection
- OAuth client registration (the assistant's name, redirect URL, and technical keys).
- Hashed access tokens and refresh tokens tied to your user. Access tokens expire quickly; refresh tokens can be revoked at any time.
- Audit log of tool calls (tool, timestamp, duration, error code if any). Contains no conversation content and is deleted after 90 days.
- Rate-limit and deduplication state — short-lived, used to protect the service and deleted automatically.
Your controls
- You can revoke an AI assistant's access at any time — from the assistant's own settings, or by writing to [email protected].
- Tokens expire automatically. Without an active refresh token, the assistant loses access.
- You can request access to or deletion of your MCP audit log under your GDPR rights (see next section).
- If you delete your SAMRUM account, all OAuth tokens and audit logs are deleted with it.
Technical documentation for the MCP server is available on the developer page.
What rights do you have over your data?
Under GDPR, you have a number of rights over your personal data.
Access
You can request access to all the data we have about you.
Correction
You can correct incorrect information.
Deletion
You can delete your account and all associated data — or request deletion by contacting us.
Portability
You can request your data in a structured format.
Objection
You can object to certain types of processing.
Restriction
You can request restriction of processing.
To exercise your rights, you can write to us or use the options in your account.
Who is behind SAMRUM?
SAMRUM is the data controller for the processing of your personal data.
- Company
- SAMRUM, xrplorer ApS
- Address
- Moesgårdvej 12B, 8270 Højbjerg, Denmark
- VAT
- DK41348534
- [email protected]
- Website
- https://samrum.io
Questions about privacy?
Write to us if you're unsure about anything.
Not ready to start?
Newsletter
Get updates instead — completely optional.
Written and reviewed by Thomas Silkjær, founder of SAMRUMLast updated