Privacy Policy

Last updated: March 2026

AssessAI (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using AssessAI, you agree to the practices described here.

If you have questions, contact us at [email protected].

1. Information We Collect

Account Information

When you create an account, we collect your email address, full name, and company name. This is used to identify your account and communicate with you about the service.

Assessment Data

Recruiters who create assessments provide job description text, question configurations, and candidate email addresses. Candidates who take assessments provide written answers in structured sections (Requirements, High-Level Design, Low-Level Design, Tradeoffs, Scalability). We store all of this to deliver the service and generate AI scorecards.

Usage Data

We automatically collect technical information when you use AssessAI, including your IP address, browser type, operating system, pages visited, timestamps, and referring URLs. This helps us understand how the platform is used and improve it.

Communications

If you contact us by email or subscribe to updates, we retain those communications to respond to your inquiry and send relevant product updates. You can unsubscribe from marketing emails at any time.

Payment Information

We do not store your full payment card details. Payment is processed by Razorpay, which handles card data under PCI-DSS compliance. We receive only a transaction token and status confirmation.

2. How We Use Your Information

  • To create and manage your account and authenticate your sessions
  • To generate, deliver, and score product thinking assessments
  • To provide AI-powered evaluation of candidate responses through third-party AI providers (see Section 5)
  • To process billing and manage your subscription
  • To send transactional emails (assessment invitations, scorecards, account notifications)
  • To send product updates and hiring insights, where you have opted in
  • To diagnose technical issues, monitor service health, and improve the platform
  • To comply with legal obligations and enforce our Terms of Service

We do not sell your personal data to third parties. We do not use your data for advertising or share it with data brokers.

3. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Authentication cookies — necessary for keeping you signed in across sessions (set by Supabase Auth)
  • Analytics cookies — anonymous aggregate data to understand page views and feature usage. No personal identifiers are tied to analytics data.

We do not use third-party advertising cookies or behavioral tracking technologies. You can disable cookies in your browser settings, though this may affect your ability to use the authenticated portions of the platform.

4. Data Storage and Security

All data is stored in Supabase-managed PostgreSQL databases hosted on AWS infrastructure in the United States. Data is encrypted at rest and all data in transit is protected by TLS 1.2 or higher. Row-level security (RLS) policies ensure that each user can only access their own data.

Our application is hosted on Vercel's edge network. We follow security best practices including access control, dependency auditing, and regular security reviews. For more detail, see our Security page.

5. Third-Party Services

We share data with the following third-party services to operate AssessAI:

  • Supabase — database, authentication, and file storage. Data is stored in their managed infrastructure.
  • Vercel — frontend hosting and serverless functions. Request logs may be retained per their data processing agreement.
  • OpenAI / Google (Gemini) / Anthropic — AI providers used to evaluate candidate responses. Assessment answer text is sent to these providers for scoring purposes only. As of March 2026, all three providers state that API inputs are not used to train their models. We review provider terms regularly.
  • Razorpay — payment processing. Subject to Razorpay's privacy policy and PCI-DSS requirements.

We require that all third-party processors maintain reasonable security standards and process data only as instructed.

6. Data Retention

We retain your account data for as long as your account is active. Assessment data (questions, candidate answers, scorecards) is retained for the duration of your subscription plus 90 days after account closure, after which it is permanently deleted.

Email subscriber records are retained until you unsubscribe. Server logs are retained for up to 30 days. Anonymized, aggregated analytics data may be retained indefinitely.

7. Your Rights

You have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Ask us to correct inaccurate or incomplete data
  • Deletion — Request that we delete your account and associated personal data
  • Export — Request an export of your assessment data in a portable format
  • Opt-out — Unsubscribe from marketing emails at any time using the link in any email we send

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. For deletion requests, we may need to verify your identity before processing.

8. GDPR and International Users

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR and UK GDPR, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

Our lawful bases for processing personal data are: (a) performance of a contract, for delivering the assessment service; (b) legitimate interests, for analytics and service improvement; and (c) consent, for marketing communications.

Data transfers outside the EEA are covered by the standard contractual clauses or adequacy decisions applicable to our service providers.

9. Children's Privacy

AssessAI is intended for use by professionals and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and update the “Last updated” date at the top of this page. Continued use of AssessAI after such changes constitutes acceptance of the revised policy.

11. Contact

For privacy-related questions, requests, or complaints, contact us at: [email protected]