Legal
Privacy Policy & Terms
Effective 2026-05-25. For the binding contract version, a Data Processing Addendum, or jurisdiction-specific guidance, contact [email protected].
1. Candidate rights
Informed participation
- Candidates know they are being assessed before they begin.
- The assessment process is not hidden behind a "conversation" or disguised as something else.
- Candidates choose to participate. There is no passive or background screening.
Transparency
- Candidates can see which dimensions are being evaluated.
- The assessment is structured and predictable — candidates are not tricked into revealing information.
- Results are used as decision-support evidence for recruiters, not as automated gatekeeping.
No hidden screening
- CQAR does not scrape, monitor, or analyse candidate activity outside the assessment session.
- No social-media analysis, browsing-behaviour tracking, or ambient data collection.
- Assessment data comes exclusively from what the candidate explicitly provides: their interview responses, submitted resume (with PII redacted), and any materials they choose to share.
2. What CQAR measures (and what it does not)
We measure
- Communication patterns — clarity, structure, coherence, depth of response.
- Response consistency — whether claims hold up under follow-up probing.
- Technical competence signals — topic coverage, knowledge depth, accuracy.
- Criteria alignment — how well the candidate matches the defined role requirements.
We do not measure
- Accents or dialects. Voice analysis is language-independent. How someone sounds is not a signal.
- Personality disorders or clinical traits. CQAR is not a psychological-assessment tool.
- Physical characteristics. No facial analysis, body-language reading, or biometric identification is used in assessment scoring.
- Protected characteristics. Race, gender, age, disability status, religion, and national origin are not inputs, signals, or factors in any scoring.
A soft-skill trait is only surfaced on the report when at least two of three independent signal sources — voice analysis, transcript NLP, and LLM reasoning — agree. If the signals disagree, the trait is withheld rather than guessed.
3. Data we collect
From recruiters
- Account: name, work email, hashed password, organisation, IP address at signup, session token.
- Role definitions, evaluation criteria, scoring weights, candidate-share links.
- Pipeline actions: stage transitions, decisions, comments, candidate invitations.
From candidates
- Name and contact information (if provided).
- Voice recordings of each interview answer.
- Transcript of each answer (generated automatically from the audio).
- Submitted resume and any supporting materials the candidate chooses to share.
- Per-answer behavioural signals (pace, clarity, sentiment, completeness, etc.).
Session data
- Timestamps, completion status, system-generated scores and reports.
PII handling: identifying fields are redacted from candidate data before any model evaluates a response. PII is not used as an assessment input.
4. Retention & deletion
- Audio. Voice recordings are deleted as soon as the assessment session ends; only the transcript and scores are retained.
- All other assessment data. Retained for a default of 14 days, configurable per organisation. Within that window the recruiter can download or export the data; after the window expires it is purged. Custom retention can be agreed in a written contract.
- Audit-trail records (anonymised). Retained indefinitely to support compliance reviews and defensible hiring practices.
- Preview & demo sessions. Not retained permanently. Demo sessions are for evaluation only.
- Candidate deletion requests. Candidates can request data deletion in accordance with applicable data-protection regulations.
No third-party data sharing
- Candidate assessment data is not sold, shared with third parties, or used to train external models.
- Data stays within the organisation's CQAR instance.
5. Security & storage
- All data is hosted on Microsoft Azure with enterprise-grade security controls.
- Data is encrypted in transit and at rest.
- Role-based access control governs every recruiter-facing feature. Recruiters see only their own organisation's candidates.
- No candidate data is accessible across organisation boundaries.
6. Compliance posture
Regulatory alignment
CQAR is designed to support compliance with:
- GDPR — data minimisation, right to access, right to deletion, lawful basis for processing.
- NYC Local Law 144 — automated employment decision tool requirements (bias-audit summary on request, notice to candidates).
- EU AI Act — high-risk AI-system requirements for employment-related tools.
- EEOC guidelines — non-discriminatory assessment practices.
For jurisdiction-specific compliance details, the Aecho compliance team provides documentation and guidance on request.
Audit trail
Every candidate interaction is logged: when the candidate was assessed and by what criteria, what scores were produced and what evidence supports them, what pipeline actions were taken by recruiters, and when and by whom any data was accessed or exported. The trail supports compliance reviews, internal audits, and defensible hiring practices.
Bias mitigation
- Candidates are evaluated against role criteria and their own response consistency, not against demographic baselines or population norms.
- The system is language-independent — accent, dialect, and native language are not assessment factors.
- Analysis is withheld when signal sources conflict, preventing speculative assessments.
7. Terms of Service
7.1 Acceptable use
You agree not to use CQAR to:
- Make any final hiring decision solely on the platform's output. CQAR augments human judgment; it does not replace it.
- Discriminate against candidates on protected attributes.
- Reverse-engineer, scrape, or attempt to extract candidate data outside your own organisation.
- Send unsolicited bulk invitations.
7.2 Account & security
You are responsible for keeping your credentials secure. Session tokens expire on a short interval and refresh transparently while you are active; sign in again if you have been idle.
7.3 Intellectual property
Role configurations, candidate data, and any reports generated by CQAR remain owned by the recruiting organisation. Aecho retains ownership of the platform, models, and aggregated, de-identified product analytics.
7.4 Termination
You may close your account at any time from Settings, or by writing to support. We may suspend an account that violates the acceptable-use terms above, with notice where reasonably possible.
7.5 Disclaimers
CQAR is provided "as is" without warranty of fitness for any specific hiring outcome. The product is one input into your hiring process; the responsibility for the final decision rests with the recruiting organisation. To the maximum extent permitted by law, our liability is capped at the fees you paid for the platform in the prior 12 months.
7.6 Governing law
This agreement is governed by the laws of the Republic of India unless a separate Data Processing Addendum or master services agreement specifies otherwise.
8. Hire reporting & anti-fraud safeguards
CQAR is priced as a flat platform fee plus a per-hire success fee. So that the success-fee model stays fair and workable for both sides, every recruiting organisation using CQAR agrees to the following safeguards. These are contractual obligations, not aspirations.
8.1 Truthful hire reporting
You will notify Aecho within seven (7) business days of extending a written offer to — or hiring, contracting, or engaging in any paid capacity — any candidate who was sourced, screened, interviewed, shortlisted, or otherwise evaluated through CQAR. Notification is made via the Mark as Hired action in the dashboard or by writing to [email protected], and must include the candidate identifier, offer date, role, and a hire type (full-time, contract, consulting, internship, or other paid arrangement). The per-hire fee is invoiced on the offer date; subsequent declines or withdrawals do not reverse the fee unless the offer is rescinded by your organisation within 14 days.
8.2 Twelve-month attribution window
Any candidate first contacted, screened, interviewed, or evaluated through CQAR who is hired (or contracted, or engaged in any paid capacity) by your organisation or any subsidiary, affiliate, or commonly-controlled entity within twelve (12) months of that first CQAR interaction is a CQAR hire and the per-hire fee applies — even if the final offer was extended off-platform, through a different ATS, or under a different role title. Routing a CQAR-evaluated candidate through a parallel channel to avoid the per-hire fee is treated as a breach of this clause.
8.3 Right to verify
On reasonable notice, Aecho may request — and you will provide within ten (10) business days — verification of hire counts. Acceptable verification includes a redacted offer letter (compensation and personal details may be redacted; the candidate name, role, and offer date must remain legible), a signed attestation from the hiring manager or an officer of the company, or a payroll/HRIS confirmation showing the candidate's start date. Aecho may also engage an independent auditor under reasonable confidentiality terms once per twelve-month period at its own cost; if the audit shows under-reporting in excess of 5%, the audit cost is reimbursable by you.
8.4 Anti-circumvention
You agree not to: share candidate apply-links, individual reports, or comparison exports with any party outside your organisation; operate the platform as a proxy, reseller, or staffing-agency intermediary on behalf of a third party that does not hold its own CQAR licence; bulk-export candidate records to perform off-platform screening that the per-hire model is intended to cover; or instruct candidates to apply or interview through any channel other than the one provided by CQAR for the purpose of avoiding attribution. Misrepresentation of a hire, failure to report a hire within the windows above, or any breach of this Section 8 entitles Aecho to invoice the unreported fees retroactively with interest at 1.5% per month, suspend the account, and recover reasonable costs of collection — including legal fees — incurred to enforce these terms.
9. Contact & complaints
Questions about this policy, data-subject requests, or to flag a compliance concern: [email protected].
For binding contract language, custom retention windows, or a Data Processing Addendum, contact the same address and a member of the team will respond within two business days.
Updates to this policy are posted on this page with a new effective date. Material changes are also emailed to the primary contact on each account.