Privacy Policy & Terms

1. Candidate rights

Informed participation

• Candidates know they are being assessed before they begin.
• The assessment process is not hidden behind a "conversation" or disguised as something else.
• Candidates choose to participate. There is no passive or background screening.

Transparency

• Candidates can see which dimensions are being evaluated.
• The assessment is structured and predictable — candidates are not tricked into revealing information.
• Results are used as decision-support evidence for recruiters, not as automated gatekeeping.

No hidden screening

• CQAR does not scrape, monitor, or analyse candidate activity outside the assessment session.
• No social-media analysis, browsing-behaviour tracking, or ambient data collection.
• Assessment data comes exclusively from what the candidate explicitly provides: their interview responses, submitted resume (with PII redacted), and any materials they choose to share.

2. What CQAR measures (and what it does not)

We measure

• Communication patterns — clarity, structure, coherence, depth of response.
• Response consistency — whether claims hold up under follow-up probing.
• Technical competence signals — topic coverage, knowledge depth, accuracy.
• Criteria alignment — how well the candidate matches the defined role requirements.

We do not measure

• Accents or dialects. Voice analysis is language-independent. How someone sounds is not a signal.
• Personality disorders or clinical traits. CQAR is not a psychological-assessment tool.
• Physical characteristics. No facial analysis, body-language reading, or biometric identification is used in assessment scoring.
• Protected characteristics. Race, gender, age, disability status, religion, and national origin are not inputs, signals, or factors in any scoring.

A soft-skill trait is only surfaced on the report when at least two of three independent signal sources — voice analysis, transcript NLP, and LLM reasoning — agree. If the signals disagree, the trait is withheld rather than guessed.

3. Data we collect

From recruiters

• Account: name, work email, hashed password, organisation, IP address at signup, session token.
• Role definitions, evaluation criteria, scoring weights, candidate-share links.
• Pipeline actions: stage transitions, decisions, comments, candidate invitations.

From candidates

• Name and contact information (if provided).
• Voice recordings of each interview answer.
• Transcript of each answer (generated automatically from the audio).
• Submitted resume and any supporting materials the candidate chooses to share.
• Per-answer behavioural signals (pace, clarity, sentiment, completeness, etc.).

Session data

• Timestamps, completion status, system-generated scores and reports.

PII handling: identifying fields are redacted from candidate data before any model evaluates a response. PII is not used as an assessment input.

4. Retention & deletion

• Audio. Voice recordings are deleted as soon as the assessment session ends. A confirmation email is sent to the candidate when the audio has been removed.
• All other assessment data. Retained for a default of 14 days, configurable per organisation. Within that window the recruiter can download or export the data; after the window expires it is purged. Custom retention can be agreed in a written contract.
• Audit-trail records (anonymised). Retained indefinitely to support compliance reviews and defensible hiring practices.
• Preview & demo sessions. Not retained permanently. Demo sessions are for evaluation only.
• Candidate deletion requests. Candidates can request data deletion in accordance with applicable data-protection regulations.

No third-party data sharing

• Candidate assessment data is not sold, shared with third parties, or used to train external models.
• Data stays within the organisation's CQAR instance.

5. Security & storage

• All data is hosted on Microsoft Azure with enterprise-grade security controls.
• Data is encrypted in transit and at rest.
• Role-based access control governs every recruiter-facing feature. Recruiters see only their own organisation's candidates.
• No candidate data is accessible across organisation boundaries.

6. Compliance posture

Regulatory alignment

CQAR is designed to support compliance with:

• GDPR — data minimisation, right to access, right to deletion, lawful basis for processing.
• NYC Local Law 144 — automated employment decision tool requirements (bias-audit summary on request, notice to candidates).
• EU AI Act — high-risk AI-system requirements for employment-related tools.
• EEOC guidelines — non-discriminatory assessment practices.

For jurisdiction-specific compliance details, the Aecho compliance team provides documentation and guidance on request.

Audit trail

Every candidate interaction is logged: when the candidate was assessed and by what criteria, what scores were produced and what evidence supports them, what pipeline actions were taken by recruiters, and when and by whom any data was accessed or exported. The trail supports compliance reviews, internal audits, and defensible hiring practices.

Bias mitigation

• Candidates are evaluated against role criteria and their own response consistency, not against demographic baselines or population norms.
• The system is language-independent — accent, dialect, and native language are not assessment factors.
• Analysis is withheld when signal sources conflict, preventing speculative assessments.

7. Terms of Service

7.1 Acceptable use

You agree not to use CQAR to:

• Make any final hiring decision solely on the platform's output. CQAR augments human judgment; it does not replace it.
• Discriminate against candidates on protected attributes.
• Reverse-engineer, scrape, or attempt to extract candidate data outside your own organisation.
• Send unsolicited bulk invitations.

7.2 Account & security

You are responsible for keeping your credentials secure. Session tokens expire on a short interval and refresh transparently while you are active; sign in again if you have been idle.

7.3 Intellectual property

Role configurations, candidate data, and any reports generated by CQAR remain owned by the recruiting organisation. Aecho retains ownership of the platform, models, and aggregated, de-identified product analytics.

7.4 Termination

You may close your account at any time from Settings, or by writing to support. We may suspend an account that violates the acceptable-use terms above, with notice where reasonably possible.

7.5 Disclaimers

CQAR is provided "as is" without warranty of fitness for any specific hiring outcome. The product is one input into your hiring process; the responsibility for the final decision rests with the recruiting organisation. To the maximum extent permitted by law, our liability is capped at the fees you paid for the platform in the prior 12 months.

7.6 Governing law

This agreement is governed by the laws of the Republic of India unless a separate Data Processing Addendum or master services agreement specifies otherwise.

8. Contact & complaints

Questions about this policy, data-subject requests, or to flag a compliance concern: [email protected].

For binding contract language, custom retention windows, or a Data Processing Addendum, contact the same address and a member of the team will respond within two business days.