ProfileProfile Logo
HomeResourcesCareersContactLog in →

Terms of Service

These Terms of Service govern your use of the website located at https://profilebehavior.com and any related services provided by Profile, LLC.

By accessing https://profilebehavior.com, you agree to abide by these Terms of Service and to comply with all applicable laws and regulations. If you do not agree with these Terms of Service, you are prohibited from using or accessing this website or using any other services provided by Profile, LLC.

We, Profile, LLC, reserve the right to review and amend any of these Terms of Service at our sole discretion. Upon doing so, we will update this page. Any changes to these Terms of Service will take effect immediately from the date of publication.

These Terms of Service were last updated on September 22, 2025.

Limitations of Use

By using this website, you warrant on behalf of yourself, your users, and other parties you represent that you will not:

  • modify, copy, prepare derivative works of, decompile, or reverse engineer any materials and software contained on this website;
  • remove any copyright or other proprietary notations from any materials and software on this website;
  • transfer the materials to another person or "mirror" the materials on any other server;
  • knowingly or negligently use this website or any of its associated services in a way that abuses or disrupts our networks or any other service Profile, LLC provides;
  • use this website or its associated services to transmit or publish any harassing, indecent, obscene, fraudulent, or unlawful material;
  • use this website or its associated services in violation of any applicable laws or regulations;
  • use this website in conjunction with sending unauthorized advertising or spam;
  • harvest, collect, or gather user data without the user's consent; or
  • use this website or its associated services in such a way that may infringe the privacy, intellectual property rights, or other rights of third parties.

Intellectual Property

The intellectual property in the materials contained in this website are owned by or licensed to Profile, LLC and are protected by applicable copyright and trademark law. We grant our users permission to download one copy of the materials for personal, non-commercial transitory use.

This constitutes the grant of a license, not a transfer of title. This license shall automatically terminate if you violate any of these restrictions or the Terms of Service, and may be terminated by Profile, LLC at any time.

Liability

Our website and the materials on our website are provided on an 'as is' basis. To the extent permitted by law, Profile, LLC makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property, or other violation of rights.

In no event shall Profile, LLC or its suppliers be liable for any consequential loss suffered or incurred by you or any third party arising from the use or inability to use this website or the materials on this website, even if Profile, LLC or an authorized representative has been notified, orally or in writing, of the possibility of such damage.

In the context of this agreement, "consequential loss" includes any consequential loss, indirect loss, real or anticipated loss of profit, loss of benefit, loss of revenue, loss of business, loss of goodwill, loss of opportunity, loss of savings, loss of reputation, loss of use and/or loss or corruption of data, whether under statute, contract, equity, tort (including negligence), indemnity or otherwise.

Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

Accuracy of Materials

The materials appearing on our website are not comprehensive and are for general information purposes only. Profile, LLC does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on this website, or otherwise relating to such materials or on any resources linked to this website.

Links

Profile, LLC has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement, approval or control by Profile, LLC of the site. Use of any such linked site is at your own risk and we strongly advise you make your own investigations with respect to the suitability of those sites.

Right to Terminate

We may suspend or terminate your right to use our website and terminate these Terms of Service immediately upon written notice to you for any breach of these Terms of Service.

Severance

Any term of these Terms of Service which is wholly or partially void or unenforceable is severed to the extent that it is void or unenforceable. The validity of the remainder of these Terms of Service is not affected.

Governing Law

These Terms of Service are governed by and construed in accordance with the laws of West Lafayette, IN. You irrevocably submit to the exclusive jurisdiction of the courts in that State or location.

Ownership; Licenses

Users own their data. As between you and Profile, you own your User Content and your Assessment Data. You grant Profile a worldwide, non-exclusive license to host, process, and display it solely to provide the Services, comply with law, and maintain security/availability.

Organizations own Organization Data. As between Profile and an Organization, the Organization owns Organization Data. The Organization grants Profile the same limited license as above to operate the Services.

Student Data (FERPA). If you are a student using the Services through a U.S. educational institution, then your Assessment Data may be Student Data. In that case: (a) the Institution controls Student Data; (b) Profile acts as a school official with legitimate educational interest; and (c) the FERPA Addendum (Schedule B) overrides conflicting terms.

Profile Materials. We own the Profile Materials. No rights are granted except as explicitly stated. These Terms do not transfer ownership of our IP.

Schedule A - Organization Terms

Scope. This Schedule applies when an Organization account is created or used.

Admins & End Users. The Organization is responsible for (i) designating admins; (ii) end-user invitations; (iii) ensuring a lawful basis to process personal data; and (iv) its users’ compliance with these Terms and the AUP.

Controller/Processor Allocation. Except for limited direct-to-user operations by Profile, the Organization is the controller/business of Organization Data and Assessment Data collected through its workspace; Profile is the processor/service provider. When the Organization is a U.S. educational institution, Schedule B may also apply.

Data Return/Deletion. Upon termination/expiry, and upon written request within 30 days, Profile will return available Organization Data (and Student Data, via the Institution) in a common format, then delete per our standard cycle, subject to legal retention and security backups.

Schedule B - FERPA Addendum

Scope. Applies only if the Organization is a U.S. educational institution subject to FERPA.

School Official. Profile acts as a school official with a legitimate educational interest and will process Student Data only for the Institution’s authorized educational purposes and per its documented instructions.

Access & Amendment. Students must submit FERPA requests to the Institution. Profile will not respond directly except as required by law; it will refer or forward such requests to the Institution.

Redisclosure. No redisclosure of Student Data except as directed by the Institution, required by law, or with the student’s prior written consent (including consent captured through the platform for transfer-portal sharing).

Security; Breach Notice. Profile will implement administrative, technical, and physical safeguards appropriate to Student Data and will notify the Institution of confirmed security incidents affecting Student Data without undue delay.

De-identification. De-identified/aggregated data (per FERPA standards) are not education records; Profile may use/disclose such data for the purposes outlined in Section 9.

Retention/Destruction. Profile will retain/return/destroy Student Data as instructed by the Institution and as required by law. Minimal backups and logs may be retained for security/audit/legal purposes, subject to protections.

Precedence. If this Schedule conflicts with any other document, this Schedule controls with respect to Student Data.

Schedule C - Data Processing Addendum (DPA)

This Data Processing Addendum (“DPA”) forms part of the Agreement between Profile, LLC (“Provider”) and the counterparty (“Customer”) that has entered into the Agreement for Services.

Definitions

  • “Agreement” means the main services agreement, order form, or Terms of Service governing the provision of Services by Provider to Customer.
  • “Data Protection Laws” means all applicable laws relating to the protection of personal data, including the EU General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR and Data Protection Act 2018, and the Swiss Federal Act on Data Protection.
  • “Customer Data” means personal data processed by Provider on behalf of Customer in connection with the Services.
  • “Standard Contractual Clauses (SCCs)” means the clauses adopted by the European Commission in June 2021 (Commission Implementing Decision (EU) 2021/914).
  • “Subprocessor” means a third party engaged by Provider to process Customer Data.

Roles of the Parties

Customer acts as controller (or equivalent term under Data Protection Laws).

Provider acts as processor/service provider, processing Customer Data only on Customer’s behalf and per documented instructions.

Customer Instructions

Provider will process Customer Data only:

  1. To provide and maintain the Services;
  2. To comply with law;
  3. For security, back-up, and disaster recovery;
  4. As otherwise instructed in writing by Customer.

Provider does not access Customer Data unnecessarily or for its own purposes.

Security

Provider will implement appropriate technical and organizational measures designed to protect Customer Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

These measures include access controls, encryption in transit and at rest, logical separation of data, and security testing.

Subprocessors

Customer authorizes Provider to use subprocessors to deliver the Services. Provider will ensure subprocessors are bound by written agreements providing at least the same level of protection as this DPA.

A current list of subprocessors is maintainted on our Trust & Compliance page (subprocessors).

International Transfers

Customer acknowledges that the Services involve replication of Customer Data across data centers located in the United States, EU, and Asia. To the extent such transfers are subject to the GDPR or UK GDPR:

  • The SCCs (Module Two: Controller → Processor) are incorporated by reference and apply.
  • For UK transfers, the UK International Data Transfer Addendum (IDTA) applies.
  • For Swiss transfers, the SCCs as amended by the Swiss Federal Data Protection and Information Commissioner apply.

Provider will not access or transfer Customer Data outside these regions except as necessary to provide the Services or comply with law.

Data Subject Rights

Provider will provide reasonable assistance to Customer to respond to requests from individuals exercising their rights under Data Protection Laws. If Provider receives a request directly, it will promptly forward it to Customer and not respond without Customer’s instruction, unless legally required.

Data Breach Notification

Provider will notify Customer without undue delay after becoming aware of a security incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data. Such notice will include information reasonably available at the time.

Data Return or Deletion

  • Upon termination of the Services, Provider will, at Customer’s choice, delete or return all Customer Data, unless retention is required by law.
  • Minimal encrypted backups may be retained for a limited period, subject to confidentiality and security protections.

Audit Rights

Provider will make available information necessary to demonstrate compliance with this DPA and allow for audits by Customer or its designee, provided such audits are limited to once per year and do not unreasonably interfere with Provider’s operations.

Miscellaneous

  • This DPA will survive termination of the Agreement to the extent Provider continues to process Customer Data.
  • In the event of conflict, the DPA and applicable SCCs will control.

Annex I - SCC Details

Data Exporter: Customer (controller)

Data Importer: Profile, LLC (processor)

Categories of Data Subjects: End users, employees, student-athletes, contractors, or other individuals designated by Customer.

Categories of Personal Data: Identifiers, account data, assessment responses, report outputs, technical usage data.

Sensitive Data: Behavioral assessment data.

Processing Operations: Hosting, replication, storage, and processing to provide the Services, maintain security, comply with law, and as otherwise instructed by Customer.

Annex II - Security Measures

Provider implements the following technical and organizational measures:

  • Access controls (role-based access, multi-factor authentication)
  • Encryption of data in transit (TLS) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Data minimization and logical separation of data
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery plans
  • Employee training on data protection and security

Footer

Profile

Profile is the leading assessment provider for athletic, corporate, and higher education organizations. We help leaders enhance their communication and self-awareness through a suite of validated behavioral assessments and online tools.

X (formally known as Twitter)GitHub
  • Home
  • Resources
  • Careers
  • Log in
  • Contact
  • Consent Preferences
  • API Docs
  • System Status
  • Privacy
  • Terms of Service
  • Cookies
  • Acceptable Use

© 2025 Profile, LLC. All rights reserved.