These Terms of Service govern your use of the website located at https://profilebehavior.com and any related services provided by Profile, LLC.
By accessing https://profilebehavior.com, you agree to abide by these Terms of Service and to comply with all applicable laws and regulations. If you do not agree with these Terms of Service, you are prohibited from using or accessing this website or using any other services provided by Profile, LLC.
We, Profile, LLC, reserve the right to review and amend any of these Terms of Service at our sole discretion. Upon doing so, we will update this page. Any changes to these Terms of Service will take effect immediately from the date of publication.
These Terms of Service were last updated on September 22, 2025.
By using this website, you warrant on behalf of yourself, your users, and other parties you represent that you will not:
The intellectual property in the materials contained in this website are owned by or licensed to Profile, LLC and are protected by applicable copyright and trademark law. We grant our users permission to download one copy of the materials for personal, non-commercial transitory use.
This constitutes the grant of a license, not a transfer of title. This license shall automatically terminate if you violate any of these restrictions or the Terms of Service, and may be terminated by Profile, LLC at any time.
Our website and the materials on our website are provided on an 'as is' basis. To the extent permitted by law, Profile, LLC makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property, or other violation of rights.
In no event shall Profile, LLC or its suppliers be liable for any consequential loss suffered or incurred by you or any third party arising from the use or inability to use this website or the materials on this website, even if Profile, LLC or an authorized representative has been notified, orally or in writing, of the possibility of such damage.
In the context of this agreement, "consequential loss" includes any consequential loss, indirect loss, real or anticipated loss of profit, loss of benefit, loss of revenue, loss of business, loss of goodwill, loss of opportunity, loss of savings, loss of reputation, loss of use and/or loss or corruption of data, whether under statute, contract, equity, tort (including negligence), indemnity or otherwise.
Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
The materials appearing on our website are not comprehensive and are for general information purposes only. Profile, LLC does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on this website, or otherwise relating to such materials or on any resources linked to this website.
Profile, LLC has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement, approval or control by Profile, LLC of the site. Use of any such linked site is at your own risk and we strongly advise you make your own investigations with respect to the suitability of those sites.
We may suspend or terminate your right to use our website and terminate these Terms of Service immediately upon written notice to you for any breach of these Terms of Service.
Any term of these Terms of Service which is wholly or partially void or unenforceable is severed to the extent that it is void or unenforceable. The validity of the remainder of these Terms of Service is not affected.
These Terms of Service are governed by and construed in accordance with the laws of West Lafayette, IN. You irrevocably submit to the exclusive jurisdiction of the courts in that State or location.
Users own their data. As between you and Profile, you own your User Content and your Assessment Data. You grant Profile a worldwide, non-exclusive license to host, process, and display it solely to provide the Services, comply with law, and maintain security/availability.
Organizations own Organization Data. As between Profile and an Organization, the Organization owns Organization Data. The Organization grants Profile the same limited license as above to operate the Services.
Student Data (FERPA). If you are a student using the Services through a U.S. educational institution, then your Assessment Data may be Student Data. In that case: (a) the Institution controls Student Data; (b) Profile acts as a school official with legitimate educational interest; and (c) the FERPA Addendum (Schedule B) overrides conflicting terms.
Profile Materials. We own the Profile Materials. No rights are granted except as explicitly stated. These Terms do not transfer ownership of our IP.
Scope. This Schedule applies when an Organization account is created or used.
Admins & End Users. The Organization is responsible for (i) designating admins; (ii) end-user invitations; (iii) ensuring a lawful basis to process personal data; and (iv) its users’ compliance with these Terms and the AUP.
Controller/Processor Allocation. Except for limited direct-to-user operations by Profile, the Organization is the controller/business of Organization Data and Assessment Data collected through its workspace; Profile is the processor/service provider. When the Organization is a U.S. educational institution, Schedule B may also apply.
Data Return/Deletion. Upon termination/expiry, and upon written request within 30 days, Profile will return available Organization Data (and Student Data, via the Institution) in a common format, then delete per our standard cycle, subject to legal retention and security backups.
Scope. Applies only if the Organization is a U.S. educational institution subject to FERPA.
School Official. Profile acts as a school official with a legitimate educational interest and will process Student Data only for the Institution’s authorized educational purposes and per its documented instructions.
Access & Amendment. Students must submit FERPA requests to the Institution. Profile will not respond directly except as required by law; it will refer or forward such requests to the Institution.
Redisclosure. No redisclosure of Student Data except as directed by the Institution, required by law, or with the student’s prior written consent (including consent captured through the platform for transfer-portal sharing).
Security; Breach Notice. Profile will implement administrative, technical, and physical safeguards appropriate to Student Data and will notify the Institution of confirmed security incidents affecting Student Data without undue delay.
De-identification. De-identified/aggregated data (per FERPA standards) are not education records; Profile may use/disclose such data for the purposes outlined in Section 9.
Retention/Destruction. Profile will retain/return/destroy Student Data as instructed by the Institution and as required by law. Minimal backups and logs may be retained for security/audit/legal purposes, subject to protections.
Precedence. If this Schedule conflicts with any other document, this Schedule controls with respect to Student Data.
This Data Processing Addendum (“DPA”) forms part of the Agreement between Profile, LLC (“Provider”) and the counterparty (“Customer”) that has entered into the Agreement for Services.
Customer acts as controller (or equivalent term under Data Protection Laws).
Provider acts as processor/service provider, processing Customer Data only on Customer’s behalf and per documented instructions.
Provider will process Customer Data only:
Provider does not access Customer Data unnecessarily or for its own purposes.
Provider will implement appropriate technical and organizational measures designed to protect Customer Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
These measures include access controls, encryption in transit and at rest, logical separation of data, and security testing.
Customer authorizes Provider to use subprocessors to deliver the Services. Provider will ensure subprocessors are bound by written agreements providing at least the same level of protection as this DPA.
A current list of subprocessors is maintainted on our Trust & Compliance page (subprocessors).
Customer acknowledges that the Services involve replication of Customer Data across data centers located in the United States, EU, and Asia. To the extent such transfers are subject to the GDPR or UK GDPR:
Provider will not access or transfer Customer Data outside these regions except as necessary to provide the Services or comply with law.
Provider will provide reasonable assistance to Customer to respond to requests from individuals exercising their rights under Data Protection Laws. If Provider receives a request directly, it will promptly forward it to Customer and not respond without Customer’s instruction, unless legally required.
Provider will notify Customer without undue delay after becoming aware of a security incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data. Such notice will include information reasonably available at the time.
Provider will make available information necessary to demonstrate compliance with this DPA and allow for audits by Customer or its designee, provided such audits are limited to once per year and do not unreasonably interfere with Provider’s operations.
Data Exporter: Customer (controller)
Data Importer: Profile, LLC (processor)
Categories of Data Subjects: End users, employees, student-athletes, contractors, or other individuals designated by Customer.
Categories of Personal Data: Identifiers, account data, assessment responses, report outputs, technical usage data.
Sensitive Data: Behavioral assessment data.
Processing Operations: Hosting, replication, storage, and processing to provide the Services, maintain security, comply with law, and as otherwise instructed by Customer.
Provider implements the following technical and organizational measures: