Privacy & Data Policy

Conversation Logs

We retain conversation transcripts for assessment purposes. These logs include your messages and the AI's responses during the assessment session.

Assessment Report

Scores, evidence quotes, and evaluation reasoning are stored separately from raw transcripts. This structured data is used to generate your assessment report and may be shared with employers who have invited you to take the assessment.

Session Metadata

We track session timing, persona selection, and technical metrics (such as response latency) to ensure assessment quality and detect potential issues.

Data Accessed

• Email address — used to create and identify your AISA account
• Display name — used to personalise your experience and appear on your assessment report
• Profile picture URL — referenced for display purposes only; not downloaded or stored separately

Data Usage

Google user data is used solely for authentication and account creation. Your email address serves as your account identifier and is used to send assessment results and transactional emails (such as report delivery and account notifications). Your display name appears on your profile and assessment reports. We do not use Google user data for advertising, profiling, or any purpose beyond operating your AISA account.

Data Storage & Sharing

Google account data is stored securely in our authentication database (hosted by Supabase) and is subject to the same retention and security policies as all other account data described in this policy. We do not share your Google user data with third parties except our infrastructure providers (Supabase for authentication, Resend for transactional email delivery), who are contractually obligated to protect your data. We do not sell, transfer, or use Google user data for purposes unrelated to the core functionality of AISA.

Scope of Access

AISA requests only basic profile and email scopes from Google. We do not access your Google Drive, Calendar, Contacts, Gmail, or any other Google services. You can revoke AISA's access to your Google account at any time via your Google Account permissions.

Right to Access

You can view your assessment results and request a copy of your conversation logs at any time.

Right to Deletion

You may request deletion of your data at any time. We will delete your conversation logs, assessment results, and associated metadata within 30 days of your request. Note that if your assessment was shared with an employer, we may retain anonymized aggregate data for analytics.

Right to Correction

If you believe any information in your assessment is incorrect, you can request a review or retake the assessment.

With Employers

If you were invited to take an assessment by an employer, your assessment results (scores, evidence, and report) will be shared with that employer. Raw conversation logs are not shared unless explicitly requested and authorized by you.

Service Providers

We use the following third-party services to operate the platform. Each provider is contractually obligated to protect your data and use it only for service delivery:

• Supabase — authentication, database hosting, and user account management
• Google — optional sign-in authentication (see Google Sign-In section above)
• Anthropic — AI model provider for assessment conversations and scoring
• Vercel — application hosting and delivery
• Resend — transactional email delivery (report results, notifications)
• Stripe — payment processing (we do not store card details)

Legal Requirements

We may disclose your data if required by law, court order, or to protect our rights and the safety of our users.