Privacy Policy

Last updated: March 22, 2026

1. Introduction

dyBIdxAI.com ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our AI-powered interview platform. This policy applies to all users, including organization administrators, team members, and interview candidates.

2. Data We Collect

Account Information

  • Name, email address, organization name
  • Authentication credentials (hashed passwords, OAuth tokens)
  • Role and permission settings within your organization

Interview Data

  • Audio recordings captured during interviews
  • Video frames captured during interviews (for visual analysis)
  • Speech-to-text transcripts generated from audio
  • Thinking time, response duration, and behavioral timing signals
  • AI-generated scores, analyses, and recommendations

Candidate Information

  • Name and email address (provided by the hiring organization)
  • Interview session history and scores

Technical Data

  • IP address, browser type, device information
  • Pages visited, features used, and interaction patterns
  • Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Data

  • Provide the Service: Process interviews, generate AI scores, deliver reports to organizations
  • Authentication: Manage user accounts, sessions, and access control
  • Communication: Send interview invitations, magic-link login emails, and service notifications
  • Improvement: Analyze aggregate usage patterns to improve the platform (no individual interview data is used for training without consent)
  • Security: Detect fraud, abuse, and unauthorized access
  • Legal compliance: Respond to legal requests and enforce our Terms

4. How We Store Your Data

Database: User accounts, interview sessions, transcripts, and scores are stored in PostgreSQL with encryption at rest.

API Keys: Organization AI provider keys (BYOK) are encrypted using AES-256-GCM before storage. We never store API keys in plaintext.

Passwords: User passwords are hashed using bcrypt. We never store plaintext passwords.

Sessions: Authentication sessions use signed JWT tokens with configurable expiration.

Infrastructure: All data is hosted on secure infrastructure with access controls, audit logging, and regular backups.

5. Who We Share Data With

Hiring Organizations: Interview scores, transcripts, behavioral analyses, and recommendations are shared with the organization that created the interview.

AI Providers: Interview transcripts are sent to AI providers (Anthropic, OpenAI, or Google) for scoring analysis. This is governed by the organization's chosen provider and API key. We use these providers' APIs only — your data is not used for their model training.

Service Providers: We may use third-party services for email delivery, hosting, and monitoring. These providers process data only on our behalf under data processing agreements.

Legal Requirements: We may disclose data if required by law, court order, or to protect our rights, safety, or property.

We do NOT sell your personal data to third parties.

6. Data Retention

Account data: Retained while your account is active. Deleted upon account deletion request (within 30 days).

Interview data: Retained for the duration of the organization's subscription. Organizations can delete individual sessions or candidate data at any time.

Trial data: Trial interview sessions are retained for 90 days, then automatically purged.

Soft-deleted data: Records marked as deleted are retained for 30 days for recovery purposes, then permanently removed.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request an export of your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request that we limit processing of your data
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract: Processing necessary to provide the Service you signed up for
  • Legitimate interest: Service improvement, security, and fraud prevention
  • Consent: Where we request your explicit opt-in (e.g., marketing emails)
  • Legal obligation: Compliance with applicable laws

Organizations using dyBIdxAI.com to interview candidates in the EEA act as data controllers. dyBIdxAI.com acts as a data processor on their behalf.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we learn we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a notice on the Service at least 14 days before taking effect. The "Last updated" date at the top reflects the latest revision.

11. Contact Us

For privacy-related inquiries:

Email: [email protected]