Privacy Policy

Last updated: 04 February 2026

1. Information We Collect

We collect information in the following categories:

Account Information

When you create an account, we collect your email address, display name, and a hashed version of your password. Passwords are stored using industry-standard one-way hashing and are never stored in plain text.

Candidate Data

When CVs are uploaded to the platform, we extract and store structured information including:

• Personal details (name, email address, phone number)
• Employment history (job titles, employers, dates, responsibilities)
• Educational qualifications
• Skills and competencies
• Professional certifications

Interview Data

During voice interviews, we collect audio data which is processed in real time to generate text transcriptions. Interview transcripts and AI-generated assessment summaries are stored against the relevant session.

Usage Data

We collect basic usage data including login timestamps, actions performed within the platform, and audit logs of scoring runs and configuration changes.

2. How We Use Your Information

We use collected information to:

• Provide and operate the recruitment platform
• Parse and score CVs against configured rubrics
• Conduct and transcribe voice interviews
• Generate AI-powered assessment summaries
• Maintain audit trails of scoring decisions and configuration changes
• Administer user accounts and access permissions
• Improve the Service through aggregated, anonymised analytics

3. Data Storage and Security

All data is stored in a PostgreSQL database hosted on infrastructure controlled by the Service operator. We implement appropriate technical and organisational measures to protect personal data, including:

• Password hashing using Werkzeug security utilities
• Session-based authentication with secure cookies
• Role-based access controls (admin and standard user roles)
• Audit logging of significant platform actions

4. Third-Party Services

The Service uses the following third-party providers to deliver its functionality:

OpenAI

We use OpenAI's APIs for the following purposes:

• Realtime API — Powers voice interviews via WebRTC. Audio is processed by OpenAI in real time and is not stored by OpenAI after the session ends (per OpenAI's API data usage policy).
• Whisper — Provides speech-to-text transcription during interviews.
• GPT-4o — Generates interview assessment summaries, parses CV documents into structured data, and generates rubrics from job descriptions.

Data sent to OpenAI via the API is processed in accordance with OpenAI's API data usage policies and is not used to train OpenAI's models.

5. CV Data Processing

CV documents uploaded to the platform are processed as follows:

1. The document (PDF or DOCX) is parsed locally to extract raw text
2. The text is sent to OpenAI's GPT-4o API to extract structured fields (personal details, experience, qualifications, skills)
3. Structured data is stored in the database for scoring and display
4. Original uploaded files are stored in the application's file system

As the data controller, you are responsible for ensuring you have a lawful basis for processing candidate CVs, and for informing candidates that their data will be processed using AI tools.

6. Cookies

The Service uses session cookies to maintain your authenticated session. These are essential cookies required for the platform to function and do not track you across other websites. No third-party tracking cookies or analytics cookies are used.

7. Data Retention

Account data, candidate records, interview transcripts, and scoring results are retained for as long as your account is active. Upon account deletion, your personal data will be removed. Candidate data associated with your organisation's jobs and scoring runs may be retained by other administrators in your organisation.

You may request deletion of specific candidate records at any time through the platform interface or by contacting us directly.

8. Your Rights

Under applicable data protection legislation, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate personal data
• Erasure — Request deletion of your personal data
• Restriction — Request restriction of processing of your personal data
• Portability — Request transfer of your data in a structured, machine-readable format
• Object — Object to processing of your personal data in certain circumstances

To exercise any of these rights, contact us at bryan@ai-regenesis.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

For questions about this Privacy Policy or our data practices, contact us at bryan@ai-regenesis.com.