Back to Home

Privacy Policy

Last updated: February 27, 2026

1. Introduction

Infyva LLC ("Infyva", "we", "us", or "our") operates an AI-powered interview assessment platform at infyva.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information when you use our Service — whether as a candidate taking an interview, a recruiter managing assessments, an organization administering a hiring pipeline, or a visitor browsing our website.

Data Controller vs. Data Processor: When a recruiter or organization invites a candidate to take an assessment, the recruiting organization acts as the data controller for that candidate's personal data, and Infyva acts as the data processor on behalf of the organization. When you create an account directly or use practice interviews, Infyva acts as the data controller. This distinction is important for understanding who is responsible for your data in different contexts.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Full name, email address, phone number, password, and professional role when you register.
  • Profile information: Resume/CV data, work history, education, skills, and career preferences that you submit.
  • Interview responses: Your spoken answers (audio), text-based responses, and any code or written material you provide during an assessment.
  • Payment information: Billing details and payment method information processed through our payment provider (Stripe). We do not store your full credit card number on our servers.

2.2 Audio and Video Recording Data

During interviews and assessments, we collect the following recording data:

  • Voice recordings: Audio of your spoken responses during interviews. These recordings are processed by AI to generate text transcriptions and evaluate your answers.
  • Video frames: If webcam proctoring is enabled, we capture video frames during the assessment for identity verification and integrity monitoring.
  • Transcriptions: AI-generated text transcriptions of your spoken responses.

Biometric data notice: Voice recordings may constitute biometric identifiers or biometric information under certain laws, including the Illinois Biometric Information Privacy Act (BIPA) and the Texas Capture or Use of Biometric Identifier Act (CUBI). We treat all voice and video recording data with heightened security protections regardless of your jurisdiction. See Section 8 for our complete biometric data policy.

2.3 Information Collected Automatically

  • Device and browser data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Usage data: Pages visited, features used, time spent on the platform, and referral sources.
  • Assessment integrity data: Browser tab focus changes, copy-paste activity, and other behavioral signals used to maintain assessment fairness.
  • Cookies and similar technologies: We use cookies, local storage, and similar technologies as described in our Cookie Policy.

2.4 Information from Third Parties

  • Recruiters: When a recruiter invites you to an assessment, they may provide your name, email, and the role you are being assessed for.
  • Authentication providers: If you sign in using a third-party service (such as Google), we receive your name and email address from that provider.

3. Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR) and similar data protection laws, we are required to have a legal basis for processing your personal data. The following table sets out the legal bases we rely on for each processing purpose:

Processing PurposeLegal BasisDetails
Service delivery (account management, interviews, reports)Performance of ContractNecessary to provide the Service you signed up for
Audio and video recordingExplicit ConsentConsent obtained before each recording session begins
AI evaluation of responsesPerformance of Contract / ConsentCore service functionality, with consent for underlying recording
Resume screening and scoringPerformance of ContractPart of the assessment service provided to recruiters
Fraud and integrity detectionLegitimate InterestMaintaining assessment fairness and platform security
Analytics and service improvementLegitimate InterestImproving the Service using aggregated, anonymized data
Payment processingPerformance of ContractProcessing transactions you have initiated
Legal complianceLegal ObligationComplying with applicable laws, regulations, and legal processes
Marketing communicationsConsentOnly sent with your opt-in consent; you may unsubscribe at any time

4. How We Use Your Information

We use personal information for the following purposes:

  • Provide and operate the Service: Administering interviews, generating AI-driven questions, processing and transcribing responses, and producing assessment reports.
  • Assessment scoring and reporting: Analyzing interview responses using AI to generate performance scores, skill evaluations, and assessment reports for recruiters.
  • Resume screening: Analyzing uploaded resumes using AI to generate relevance scores and qualification assessments for hiring pipelines.
  • Share results with recruiters: When you take a recruiter-initiated assessment, your responses and resulting report are shared with the recruiting organization that invited you.
  • Fraud prevention: Detecting and preventing cheating, impersonation, or other dishonest behavior during assessments.
  • Account management: Managing your account, processing payments, communicating about your account, and providing customer support.
  • Improve the Service: Analyzing aggregated, anonymized usage patterns, diagnosing technical issues, and developing new features.
  • Legal compliance: Complying with applicable laws, regulations, and legal processes.

We do NOT use your personal data or identifiable information to train general-purpose AI models. Only aggregated, de-identified data may be used for product analytics and benchmarking.

5. AI and Automated Decision-Making

5.1 AI Systems We Use

The Service uses the following AI technologies provided by OpenAI:

  • Question generation: AI generates interview questions tailored to the job role, industry, and candidate's background.
  • Speech-to-text (Whisper): Your spoken audio responses are transcribed into text for evaluation.
  • Text-to-speech (TTS): Interview questions are read aloud using AI-generated voice synthesis.
  • Response evaluation (GPT): Your transcribed answers are evaluated by AI for relevance, technical accuracy, completeness, and depth.
  • Resume screening: AI analyzes resumes for skills, experience, education, and relevance to the target role.

5.2 What AI Evaluates — and What It Does Not

Our AI evaluates the following aspects of your responses:

  • Verbal content and substance of your answers
  • Relevance to the question and job role
  • Technical accuracy (for technical roles)
  • Completeness and depth of response

Our AI does NOT evaluate:

  • Facial expressions or physical appearance
  • Emotions, psychological state, or sentiment
  • Tone of voice, accent, or speech patterns
  • Race, gender, age, disability, or any protected characteristic

5.3 How AI Scores Are Used

AI-generated scores, evaluations, and reports are provided to recruiters as advisory tools only. They are not binding recommendations and do not constitute employment decisions. Final hiring decisions are made by the recruiting organization's human decision-makers, not by our AI systems. AI outputs are not guaranteed to be accurate, complete, or free from bias.

5.4 Your Rights Regarding AI Decisions

You have the following rights regarding AI-generated assessments:

  • Right to human review: You may request that a human reviews any AI-generated assessment of your interview performance.
  • Right to contest: You may contest or challenge the results of an AI-generated assessment if you believe it is inaccurate.
  • Right to explanation: You may request a general explanation of the AI scoring methodology used to evaluate your responses.
  • Right to alternative assessment: Where applicable law requires it, you may request an assessment that does not use AI evaluation (subject to the recruiter's ability to provide an alternative).

To exercise any of these rights, contact us at privacy@infyva.ai.

5.5 AI Training

We do not use identifiable candidate data, interview recordings, transcriptions, or personal information to train or fine-tune general-purpose AI models. Data submitted to OpenAI through their API is not used by OpenAI to train their models under their enterprise data usage policies. Only aggregated, anonymized data may be used internally for product improvement and benchmarking.

6. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

  • With recruiting organizations: When you complete a recruiter-initiated interview, your assessment report (including scores, feedback, transcriptions, and integrity analysis) is shared with the organization that invited you. The organization is the data controller for this data.
  • Service providers and sub-processors: We use third-party providers who process data on our behalf under contractual obligations and data processing agreements. See Section 7 for our complete sub-processor list.
  • Legal requirements: We may disclose information if required by law, court order, subpoena, or similar legal process, or if we believe disclosure is reasonably necessary to protect our rights, your safety, or the safety of others, or to prevent fraud.
  • Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify affected users by email at least 30 days before any such transfer and provide an opportunity to delete your data.

7. Sub-Processors and Third Parties

We use the following third-party service providers (sub-processors) to operate the Service. All sub-processors operate under data processing agreements that require them to protect your data:

ProviderPurposeData Processed
OpenAIQuestion generation, speech-to-text, text-to-speech, response evaluationInterview text, audio transcriptions
StripePayment processingBilling details, transaction data
Cloud hosting providerInfrastructure, data storage, application hostingAll service data (encrypted at rest)
Google AnalyticsWebsite usage analyticsAnonymized usage and traffic data
Email service providerTransactional and notification emailsName, email address, notification content

We will notify registered users at least 30 days before adding a new sub-processor that handles personal data, giving you the opportunity to object or delete your account.

8. Biometric and Recording Data

This section provides specific information about how we handle audio recordings, video data, and data that may constitute biometric information under applicable laws.

8.1 What We Collect

  • Voice recordings: Audio of your spoken responses during interview assessments.
  • Video frames: If webcam proctoring is enabled, video frames captured during the assessment session.
  • AI-generated transcriptions: Text transcripts produced by AI processing of your audio recordings.

8.2 Biometric Data Notice

Voice recordings and, where applicable, video frames may be considered biometric identifiers or biometric information under certain laws, including but not limited to:

  • Illinois Biometric Information Privacy Act (BIPA)
  • Texas Capture or Use of Biometric Identifier Act (CUBI)
  • Washington Biometric Identifiers law (RCW 19.375)
  • EU General Data Protection Regulation (GDPR) — special category data under Article 9

Regardless of your jurisdiction, we treat all voice and video recording data with the highest level of protection as described in this section.

8.3 Consent

We obtain explicit, informed consent before any audio or video recording begins. Consent is presented clearly at the start of each assessment session and must be affirmatively granted before recording commences. You may decline to provide consent; however, the Service requires audio input to function and you will be unable to complete an assessment without providing audio responses.

8.4 Purpose Limitation

Audio and video recordings are used solely for the following purposes:

  • Generating text transcriptions of your spoken responses
  • AI evaluation and scoring of your interview answers
  • Fraud and assessment integrity detection
  • Producing assessment reports for the recruiting organization
  • Identity verification (video frames only, where proctoring is enabled)

Recordings are never used for advertising, profiling, surveillance, emotion recognition, or any purpose not listed above.

8.5 Retention and Destruction Schedule

  • Audio recordings: Retained for a maximum of 2 years from the date of the assessment, then automatically and permanently deleted.
  • Video frames: Retained for a maximum of 6 months from the date of the assessment, then automatically and permanently deleted.
  • Transcriptions: Retained alongside assessment data for a maximum of 2 years, then permanently deleted.

You may request early deletion of your recordings at any time by contacting privacy@infyva.ai.

8.6 No Sale of Biometric Data

We never sell, lease, trade, or otherwise profit from biometric data or recording data. This data is shared only with the recruiting organization that initiated the assessment (as reports) and with sub-processors necessary to provide the Service (as described in Section 7).

8.7 Destruction Certification

Upon request, we will provide written confirmation that your biometric and recording data has been permanently destroyed in accordance with our retention schedule. Contact privacy@infyva.ai to request a destruction certification.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. The following table details our retention periods:

Data TypeRetention PeriodAfter Expiration
Account data (name, email, profile)Duration of account + 30 daysPermanently deleted
Assessment reports and scoresUp to 2 years from assessment datePermanently deleted
Audio recordingsUp to 2 years from assessment datePermanently deleted
Video/webcam framesUp to 6 months from assessment datePermanently deleted
TranscriptionsUp to 2 years from assessment datePermanently deleted
Resume dataDuration of account + 30 daysPermanently deleted
Payment and billing records7 years (legal/tax requirement)Permanently deleted
Anonymized analytics dataIndefiniteN/A (non-identifiable)

You may request deletion of your data at any time by contacting privacy@infyva.ai or by deleting your account through the account settings. Deletion requests are fulfilled within 30 days, except where retention is required by law.

10. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data, including:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Stored data, including recordings and personal information, is encrypted using AES-256 encryption.
  • Access controls: Role-based access controls limit data access to authorized personnel only.
  • Security assessments: Regular security reviews and vulnerability assessments of our infrastructure and code.
  • Incident response: Documented incident response procedures for identifying, containing, and remediating security events.

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify affected individuals without undue delay and no later than 72 hours after becoming aware of the breach (in accordance with GDPR Article 33).
  • Notify the relevant supervisory authority where required by applicable law.
  • Provide details including: the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures we have taken or propose to take to address the breach and mitigate its effects.

Where the breach is unlikely to result in a risk to your rights and freedoms, we will document the breach internally and take appropriate remedial action.

12. International Data Transfers

Your information may be transferred to and processed in the United States and other countries that may have data protection laws different from those in your country of residence. Specifically:

  • Our servers and primary infrastructure are hosted in the United States.
  • Our AI processing sub-processor (OpenAI) operates in the United States.
  • Our payment processor (Stripe) may process data in multiple jurisdictions.

Where required by applicable law, we use the following safeguards for international data transfers:

  • EU Standard Contractual Clauses (SCCs): For transfers of data from the EEA to countries without an adequacy decision.
  • EU-US Data Privacy Framework: Where applicable and certified.
  • UK International Data Transfer Agreement: For transfers from the United Kingdom.

Users in the EEA or UK may request a copy of the safeguards we use for international transfers by contacting privacy@infyva.ai.

13. Your Rights — GDPR (EEA/UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR:

  1. Right of Access (Article 15): Request a copy of the personal data we hold about you.
  2. Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  3. Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  4. Right to Restriction of Processing (Article 18): Request that we limit the processing of your data in certain circumstances (e.g., while verifying accuracy).
  5. Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV), and transmit it to another controller.
  6. Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.
  7. Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. You may request human intervention in the review of any AI-generated assessment.
  8. Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

How to exercise your rights: Contact us at privacy@infyva.ai. We will respond to your request within 30 days. We may request verification of your identity before fulfilling your request.

Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns.

14. Your Rights — CCPA and US State Privacy Laws

If you are a resident of California or another US state with applicable privacy legislation, you have the following rights:

14.1 California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes of collection, and the categories of third parties with whom we share your data.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: You have the right to request that we correct inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months.
  • Right to Limit Use of Sensitive Personal Information: You may direct us to limit the use of sensitive personal information to purposes necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, a different quality of service, or be denied service for exercising your rights.

14.2 Exercising Your Rights

You or your authorized agent may submit a request by emailing privacy@infyva.ai or through your account settings. If you use an authorized agent, we may require written proof of the agent's authorization and verification of your identity.

We will respond to verifiable consumer requests within 45 days of receipt. If we need additional time (up to 45 more days), we will inform you of the reason and extension period in writing.

14.3 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers (name, email, phone number, IP address)
  • Professional or employment-related information (resume data, work history)
  • Education information
  • Audio, electronic, and visual information (voice recordings, video frames)
  • Internet or electronic network activity information (browsing data, usage data)
  • Inferences drawn from the above (AI-generated assessment scores and evaluations)

15. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@infyva.ai.

16. Changes to This Policy and Contact Information

16.1 Policy Updates

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a prominent notice on our website at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

16.2 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

© 2026 Infyva. All rights reserved.
Terms of ServiceCookie Policy