Privacy Policy

The Service is primarily offered to businesses and organizations (“Customers”) that use it to administer assessments, conduct interviews, and manage candidates (“Candidates”).

• When Customers submit, upload, or otherwise make available data about Candidates or other individuals, the Customer is the “controller,” “business,” or equivalent under applicable law, and ClarityHire acts as the Customer’s “processor” or “service provider.” In that case, the Customer is solely responsible for the lawfulness of the collection and use of such data, for establishing a lawful basis, for providing required notices, and for obtaining any necessary consents. Individuals seeking to exercise rights with respect to such data should direct their requests to the Customer; we will assist the Customer in responding as required under our agreement with the Customer and applicable law.
• When we collect information directly from you through our public website, marketing pages, trial sign-up, billing, or support channels, we act as a controller with respect to that information, and this Policy describes our practices.

Nothing in this Policy creates rights in favor of any third party, expands the scope of our obligations under a Customer agreement or data processing agreement, or waives any limitation of liability set out in our Terms of Service.

We may collect the following categories of Personal Information:

• Identifiers & Account Data: name, email address, organization, job title, user role, username, password (hashed), authentication tokens, and IP address.
• Candidate & Assessment Data: resumes, cover letters, application responses, assessment answers (including code, essays, multiple-choice), uploaded files, notes, scorecards, tags, and metadata submitted by or about Candidates.
• Interview Content: audio and video recordings of live interviews, automated transcripts, chat messages, shared documents, and related metadata.
• Integrity & Biometric Data: face embeddings (mathematical vectors derived from video frames), keystroke dynamics, device and browser signals, environmental indicators, and behavioral patterns generated during assessments or interviews.
• Usage & Technical Data: device identifiers, operating system, browser type, referring URLs, pages viewed, actions taken, timestamps, diagnostic logs, and performance telemetry.
• Billing Data: billing address, tax identifiers, and subscription information. Payment card data is processed directly by our payment processor; we do not store full card numbers.
• Communications: support requests, correspondence, survey responses, and feedback.

We do not intentionally solicit sensitive or special-category data (such as race, religion, health, or trade-union membership) and request that you do not submit such data through the Service except where we or the Customer have an appropriate legal basis to process it.

We use Personal Information for the following purposes:

• To provide, operate, secure, and maintain the Service;
• To authenticate users, provision accounts, and manage subscriptions and billing;
• To administer assessments, conduct interviews, generate reports, and perform integrity analysis;
• To monitor, debug, and improve performance, reliability, and security;
• To communicate about the Service, including service announcements and transactional messages;
• To provide customer support and respond to inquiries;
• To develop, train, evaluate, and improve our products, algorithms, and models, including through aggregation, de-identification, and anonymization (we do not use Customer Data or Candidate content to train third-party foundation models without the Customer’s written instruction);
• To comply with law, enforce our agreements, and protect our rights, property, and safety;
• For any other purpose disclosed at the time of collection or for which you consent.

Where the EU/UK General Data Protection Regulation applies, we rely on the following legal bases:

• Performance of a contract to provide the Service to you or our Customer;
• Legitimate interests in operating, securing, and improving the Service, provided they are not overridden by your rights;
• Compliance with legal obligations to which we are subject;
• Consent, where required (for example, for biometric processing or optional communications), which you may withdraw at any time without affecting prior processing;
• Vital interests or public interest, in limited circumstances.

Where enabled by our Customer, the Service may generate or process biometric identifiers and biometric information (collectively, “Biometric Data”) solely for the purpose of verifying identity and detecting potential integrity issues during assessments and interviews.

• Face embeddings are mathematical representations derived from video frames. We do not retain raw facial images for biometric purposes longer than necessary to derive or re-derive embeddings, and not past the retention period below.
• Keystroke and behavioral patterns are analyzed to produce anomaly signals. These signals are indicators only and are not determinative of identity or intent.
• Consent: Candidates are presented with a notice and consent prompt before any Biometric Data is collected. If a Candidate does not consent, biometric integrity features will not be applied to that session. The Customer is solely responsible for configuring the Service in a manner consistent with applicable law, including obtaining any additional written releases required by BIPA and analogous statutes.
• Retention & destruction: Biometric Data is retained only as long as necessary for the stated purpose and is destroyed within the time required by law, when the stated purpose is satisfied, or upon verified request, whichever occurs first.
• No sale or lease: We do not sell, lease, trade, or otherwise profit from Biometric Data.

ClarityHire does not make hiring decisions. Integrity signals and scores are informational tools and are not warranties, determinations, or conclusions of fact. Decisions based on such signals are the sole responsibility of the Customer.

The Service uses automated processing, machine learning, and large language models to, among other things, score assessments, generate summaries, extract structured information from candidate responses, and flag potential integrity anomalies.

• Outputs generated by AI features may contain errors, omissions, biases, or inaccuracies and should not be relied upon as the sole basis for any consequential decision, including any decision regarding employment, promotion, compensation, or discipline.
• Customers are responsible for implementing meaningful human review of AI outputs and for complying with automated-decision-making laws applicable to their hiring process, including but not limited to the EU GDPR Article 22, the EU AI Act, the Colorado AI Act, the New York City Automated Employment Decision Tool Law (Local Law 144), the Illinois Artificial Intelligence Video Interview Act, and relevant state and local laws.
• Where required by law, Customers must notify Candidates of the use of automated tools, provide required disclosures, conduct bias audits, and offer alternatives or appeals. ClarityHire will reasonably cooperate with the Customer’s compliance efforts but does not assume the Customer’s legal obligations.

We retain Personal Information only as long as necessary for the purposes for which it was collected, to comply with legal, tax, accounting, and regulatory obligations, to resolve disputes, and to enforce our agreements. Indicative retention periods (which may be shorter or longer based on Customer configuration or applicable law) are:

Following account termination, we may retain aggregated, de-identified, or anonymized data indefinitely for analytics and product improvement purposes, in each case in a manner that cannot reasonably be used to identify any individual.

We share Personal Information only as described below:

• With our Customers and their authorized users, who access Candidate data they collect through the Service.
• With service providers and sub-processors that perform services on our behalf under written confidentiality and data protection obligations, including cloud hosting, database hosting, CDN and media storage, email delivery, payment processing, real-time video infrastructure, speech-to-text, AI model providers, logging, analytics, and customer support. A current list is available on request.
• With professional advisors (lawyers, accountants, auditors, insurers) subject to confidentiality.
• In connection with a business transaction such as a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, in which case Personal Information may be transferred to the counterparty, subject to this Policy or a successor policy with equivalent protections.
• For legal reasons, including to comply with laws, respond to lawful requests and legal process, enforce our agreements, and protect the rights, property, or safety of ClarityHire, our users, or the public.
• With your consent or at your direction.

We do not sell Personal Information for monetary consideration, and we do not “share” Personal Information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended (“CCPA/CPRA”).

ClarityHire is headquartered in the United States and processes Personal Information in the United States and other jurisdictions in which our service providers operate. Where Personal Information is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or other valid transfer mechanisms, together with supplementary measures where necessary.

Depending on your jurisdiction, you may have the following rights with respect to your Personal Information: to access, correct, delete, restrict, or object to processing; to data portability; to withdraw consent; to opt out of certain disclosures or of processing for automated decision-making with legal or similarly significant effects; to non-discrimination for exercising rights; and to lodge a complaint with a supervisory authority.

If you are a Candidate or other individual whose data was submitted by a Customer, please direct your request in the first instance to the relevant Customer. We will cooperate with the Customer as required under our agreement with them and applicable law. You may also contact us at [email protected]; we will route requests appropriately. We will verify requests as required by law and respond within the timeframes prescribed by applicable law.

California residents: you may designate an authorized agent to submit requests on your behalf. We will require verification. EEA/UK residents: our designated representative (where appointed) and the contact details of your supervisory authority are available upon request.

We maintain technical, administrative, and physical safeguards designed to protect Personal Information, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, audit logging, vulnerability management, employee training, and vendor risk management.

We use essential cookies and equivalent technologies that are strictly necessary for authentication, security, and the basic functioning of the Service. We may also use a limited number of first-party analytics identifiers to measure aggregate usage. We do not use advertising cookies and do not participate in cross-site tracking. Where required, we will seek your consent before placing non-essential cookies. You can control cookies through your browser settings; blocking essential cookies may prevent the Service from functioning.

The Service is intended for business use and is not directed to children. We do not knowingly collect Personal Information from individuals under the age of 16 (or the applicable minimum age in your jurisdiction). If we learn that we have collected Personal Information from a child without required parental or guardian consent, we will delete it. Please contact us if you believe a child has provided us with Personal Information.

The Service may contain links to, or integrate with, third-party websites, applications, or services that are not owned or controlled by ClarityHire. This Policy does not apply to such third parties, and we are not responsible for their content, privacy practices, security, or availability. Your interactions with third parties are governed by their own terms and policies, and you are solely responsible for reviewing and accepting them.

California (CCPA/CPRA). In the preceding twelve (12) months we collected the categories of Personal Information described in Section 2, for the purposes described in Section 3, from the sources described in Sections 2 and 8, and disclosed them to the categories of recipients described in Section 8. We do not sell or share Personal Information as those terms are defined under the CCPA/CPRA. California residents have the rights described in Section 10.

Nevada, Virginia, Colorado, Connecticut, Utah, Texas & other U.S. states.Residents may have rights analogous to those in Section 10 under applicable state privacy laws. Requests may be submitted to the contact below.

EEA, UK & Switzerland. You have the rights described in Section 10 under the GDPR and UK GDPR. Our lawful bases are described in Section 4.

We may update this Policy from time to time to reflect changes to our practices, technology, legal requirements, or for other operational reasons. The “Last updated” date above indicates when this Policy was last revised. We will provide notice of material changes as required by applicable law. Your continued use of the Service after an updated Policy becomes effective constitutes your acceptance of the updated Policy.

If you have questions about this Policy or our privacy practices, or wish to exercise any rights, please contact us: