Privacy Policy

Last updated: October 1, 2025

1. Overview

Attesto Inc. (“Attesto,” “we,” “us,” or “our”) operates attesto.com, its AI-powered platform, APIs, and related enterprise services (collectively, the “Service”).

This Privacy Policy explains how Attesto collects, uses, and protects information from two types of users:

•

Customers (businesses that use Attesto to evaluate candidates), and

•

Candidates (individuals who participate in interviews, assessments, or AI-enabled interactions through Attesto).

We are committed to transparency, consent, and privacy-first design in all of our AI systems and data practices.

2. Scope and Roles

Attesto acts as:

•

A Data Processor when processing Candidate Data on behalf of Customers (employers), and

•

A Data Controller for its own business operations (e.g., platform analytics, customer support, marketing).

Customers are responsible for ensuring that Candidates are invited lawfully and for providing accurate consent mechanisms under applicable law.

3. Information We Collect

We collect and process information in the following ways:

A. Customer Data

From Customer company representatives and platform users, we may collect:

•

Name, company name, business title, and contact details

•

Billing, transaction, and usage information

•

Configuration and platform settings

•

Customer candidate data provided by the Customer

B. Candidate Data

When a Candidate consents to participate in an interview, assessment, or AI interaction, Attesto may collect:

•

Personal identifiers (name, email, phone, location)

•

Professional and employment information (resume, experience, education, skills)

•

Assessment responses, interview recordings, or written inputs

•

AI-generated metadata such as transcripts, communication analysis, or behavioral patterns

Consent: Candidate data is collected and stored only with explicit, opt-in consent.
If a Candidate does not opt in, no personal or interaction data is retained.

C. Automatically Collected Data

We collect limited technical information for platform operation and analytics, including:

•

Device and browser type

•

IP address and session identifiers

•

Access times and activity logs

4. How We Use Information

For Customers:

•

To deliver and manage enterprise hiring and assessment services

•

To authenticate users, maintain accounts, and process payments

•

To analyze platform performance and usage

•

To communicate updates, support, or training

For Candidates:

•

To conduct authorized assessments and interviews requested by the Customer

•

To generate insights and share assessment results with the Customer who initiated the process

•

To improve user experience and fairness in hiring workflows

AI Decision-Making: Personally identifying information (such as names, emails, phone numbers, or demographics) is not used by AI algorithms in any decision-making process.
Attesto’s AI models evaluate only skill-related or performance-based data that is de-identified and anonymized before analysis.

For All Users:

•

To ensure platform security, fraud detection, and compliance

•

To improve product features and performance using de-identified, aggregated data

5. AI Processing and Model Improvement

Attesto’s AI systems analyze candidate information and responses to produce structured insights (e.g., communication clarity, skill indicators, engagement level).

•

AI analysis is conducted solely for purposes communicated to the Customer, authorized by the Customer.

•

Any data used for improving AI models is fully de-identified and cannot be traced back to an individual.

•

Attesto does not use PII or sensitive attributes in model training, scoring, or recommendations.

6. Data Retention and Deletion

•

Candidates have the right to request deletion of their data at any time.

•

Upon verified request, all personal data—including recordings, transcripts, and associated metadata—will be permanently deleted from our systems and backups in accordance with applicable law.

•

De-identified and aggregated data may be retained for product analytics and improvement.

7. Data Sharing

We may share data as follows:

•

With Customers: Candidate data and insights are shared only with the Customer that initiated the interaction.

•

With Service Providers: We use trusted partners for hosting, analytics, and communications—each bound by strict data protection agreements.

•

With Affiliates or Successors: If Attesto undergoes a merger or acquisition, data may be transferred under the same protection standards.

•

To Comply with Law: When required by applicable law or legal process.

Attesto does not sell or trade personal data to third parties.

8. Security

We employ strong safeguards to protect personal data, including:

•

Encryption in transit and at rest

•

Role-based access controls and activity logging

•

Network and application security monitoring

•

Regular third-party security audits

However, no system is fully immune to risks. We encourage both Customers and Candidates to maintain good data hygiene and password security.

9. International Data Transfers

Data may be stored and processed in the United States or other countries where Attesto or its partners operate.
All international transfers comply with relevant data protection frameworks (e.g., GDPR Standard Contractual Clauses).

10. Candidate Rights

Depending on applicable law (e.g., GDPR, CCPA), Candidates have the right to:

•

Access their personal data

•

Correct or update inaccurate information

•

Request deletion of their data (“right to be forgotten”)

•

Withdraw consent at any time

•

Restrict or object to data processing

•

Request a copy of their data in portable format

To exercise these rights, Candidates may contact privacy@attesto.com.
Requests will be processed in coordination with the relevant Customer (employer) if the data was collected on their behalf.

11. Marketing and Communications

We may send business users (Customers) service updates, feature releases, and marketing materials.
Customers can opt out at any time.
Attesto does not send marketing communications to Candidates unless they have directly registered for our own services.

12. Updates to This Policy

We may revise this Privacy Policy periodically to reflect new regulations, features, or practices.
All updates will be posted on this page with an updated effective date.
If significant changes are made, we will notify affected users via email or in-app notice.

13. Contact Us

If you have questions about this Privacy Policy or your data, please contact us: privacy@attesto.com