Privacy Policy
How we collect, use, store, and protect personal data across the BigFive.ly website and Services
Last updated: 31 March 2026
GLORIAPR LTD (trading as BigFive.ly) is the controller for the BigFive.ly website and Services, including the free Big Five test, B5+ paid reports, BigFive Companion, related result and account features, and the public support, marketing, and onboarding flows we operate on the site. We are registered in England & Wales (Company No. 16313878) with our registered office at 182-184 High Street North, London, E6 2JA, United Kingdom, and we currently identify ourselves publicly with UK ICO registration number ZB946447. This Privacy Policy explains what personal data we collect, how we use it, the legal bases we rely on, who we share it with, how long we keep it, and the rights and choices available to you.
What data do we collect?
The categories of data we collect depend on which parts of the website and Services you use. They may include identity and account data such as name, email address, Google account identifiers, avatar, locale, and account preferences; test and result data such as questionnaire responses, scores, generated outputs, attached-result identifiers, and result-link state; Companion chat, memory, summary, and feedback data; billing and transaction data; technical, security, session, cookie, and quota data; communications, support, marketing, lottery, waitlist, or onboarding data; and consent or compliance records. Companion accepts open-text input, so please do not share highly sensitive personal data unless it is necessary and you are comfortable with its processing.
Google sign-in and Save with Google
If you use Google sign-in or Save with Google, we collect the Google account data needed to authenticate you, create or log you into a Companion account, or link saved results to your account. This may include your Google subject identifier, name, email address, profile picture URL, and locale. You can revoke this access from your Google Account.
We never collect or store your Google password.
We use Google Analytics and may use Meta/Facebook Pixel to understand how users interact with our site and measure campaigns. We also use strictly necessary cookies, session technologies, and related preference storage for sign-in, security, billing, result retrieval, privacy choices, and Companion account sessions. In the EU/UK, non-essential cookies are only set after you give consent, and you can withdraw it at any time via Cookie settings.
Google Analytics does not allow the collection of personally identifiable information. Read more about its privacy practices here.
How do we collect your data?
You directly provide most of the data we process when you take the test, save a result, buy a report, sign in with Google, use Companion, attach a result, manage memory or billing, join a newsletter, lottery, waitlist, or onboarding flow, or contact support. We also collect technical and usage data automatically through cookies, sessions, device or browser information, and security logs, and we may receive limited data from service providers such as Google, Stripe, email or support tools, analytics or advertising tools where consent applies, and AI providers used to generate Companion replies.
How do we use your data?
We use personal data to provide the Services you request, generate results, reports, and Companion replies, authenticate accounts, keep sessions active, operate sharing and retrieval features, personalise Companion where enabled, process billing and subscriptions, send service emails, administer newsletters, lotteries, waitlists, or onboarding flows where offered, maintain security, prevent fraud and abuse, investigate misuse, improve quality and reliability, and meet legal, tax, accounting, and regulatory obligations. Depending on the context, our legal bases include contract, consent, legitimate interests, and legal obligation.
Cookie Policy
This section explains what cookies and similar technologies are, how we use them, and how you can manage your preferences.
How We Use Cookies
- Strictly Necessary: Required for core functionality like security, sign-in, result retrieval, payment processing, Companion sessions, and remembering your privacy choices.
- Analytics: To understand how visitors use our services (e.g., Google Analytics 4). These are non-essential and require your consent in the EU/UK.
- Advertising/Marketing: To measure and improve our marketing campaigns and deliver optimised ads (e.g., Meta/Facebook Pixel, Google Ads). These are non-essential and require your consent in the EU/UK.
Legal Basis & Consent
For visitors in the EU/UK, we only set non-essential cookies after you give consent. You can withdraw or change your consent at any time via the Cookie Settings link in our site footer or by contacting us. We keep records of consent choices where needed for compliance.
Managing Cookies
- Use the Cookie Settings link on our site to enable or disable non-essential cookie categories.
- You can also adjust cookie settings directly in your browser to block, delete, or limit cookies.
- If you block certain cookies, some features of our site may not work as intended.
Cookies We Use
Below is a non-exhaustive list of the main non-essential cookies and pixels we may use. This may change as our services evolve.
| Name / Identifier | Provider | Purpose | Typical Lifetime |
|---|---|---|---|
| _ga, _ga_*, _gid, _gat | Google Analytics 4 | Distinguish users, throttle requests, and generate aggregate analytics. | Up to 2 years |
| _fbp | Meta / Facebook Pixel | Identify browsers for ad/remarketing measurement and optimisation. | 3 months |
| _gcl_au | Google Ads | Store and track conversions for Google Ads campaigns. | 3 months |
Strictly necessary cookies, such as those used for security, sessions, and sign-in, may also be set. These are essential for the site to function and are not used for advertising tracking.
How do we store your data?
We store personal data securely and keep it only for as long as reasonably necessary for the purposes described in this Policy. Retention varies by category and purpose. Transaction, tax, and accounting records may be kept for 6 to 10 years where required by law. Regular Companion chats, saved memories, summaries, and linked personalisation context are generally kept while your account remains active unless you remove them earlier where controls are available. Where individual deletion controls are available, deleting a chat permanently removes that chat, its stored messages, and related thread-level records from the live Companion account, and deleting a saved memory permanently removes it from the memory library for future Companion replies. Private chats are designed not to be added to chat history or the memory library in normal operation. If you delete a Companion account, we delete the live Companion account profile and active Companion content associated with that account, but we may still retain limited hashed, pseudonymous, or anonymized records where reasonably necessary for legal compliance, tax and accounting, security, fraud prevention, dispute handling, quota enforcement, trial-eligibility checks, or service integrity.
Our service providers may process personal data on our behalf under contracts or similar legal protections. These providers may include hosting and infrastructure vendors, Google for authentication or save flows, Stripe for billing, analytics and advertising tools where consent applies, email and support tools, and AI providers, currently including OpenAI API services, used to generate Companion replies and related features. Where personal data is transferred outside the UK/EU, we rely on recognised transfer mechanisms such as the Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum where applicable.
Regional Supplements
A) EU / UK (GDPR / UK GDPR)
You have rights of access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with your data protection authority, including the UK ICO where relevant. Non-essential cookies are set only after opt-in consent. International transfers rely on SCCs, the UK IDTA, or comparable lawful safeguards where applicable.
B) United States (CCPA / CPRA and similar)
California residents may have rights to access, delete, correct, and opt out of the sale or sharing of personal information. We do not knowingly sell personal data, and tracking technologies are used only after consent where required. Use the Do Not Sell/Share link or cookie banner to manage your choices.
C) Other Regions
For Canada, Australia, Middle East privacy laws, and APAC privacy regimes, you may retain local rights to access, correction, deletion, or withdrawal of consent depending on the law that applies to you. International transfers use SCCs or equivalent safeguards where required.
How to contact us?
You can exercise applicable data protection rights by emailing support@b5.ly. You may also have the right to complain to the UK Information Commissioner's Office (ICO) or your local data protection authority.