GDPR Compliance

AI Interview Analyzer is designed with privacy by design and privacy by default principles. We are fully committed to complying with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and all applicable national data protection laws. Data protection is not an afterthought — it is built into every aspect of our platform.

We adhere to all GDPR data processing principles: (1) Lawfulness, fairness, and transparency — we process data lawfully and are transparent about how; (2) Purpose limitation — data is collected for specific, explicit purposes only; (3) Data minimization — we collect only what is necessary; (4) Accuracy — we take steps to keep data accurate and up to date; (5) Storage limitation — data is kept only as long as needed; (6) Integrity and confidentiality — we implement appropriate security measures; (7) Accountability — we can demonstrate compliance with all principles.

Interview candidates receive special protection: (1) Explicit consent is required before any recording or AI analysis — candidates receive an email explaining exactly what will happen with their data; (2) Candidates can decline consent, and the interview proceeds without AI analysis; (3) Candidates can withdraw consent at any time and request deletion of all their data; (4) The mandatory consent flow records timestamp, IP address, and privacy policy version for audit purposes; (5) No recording can start without verified consent.

We support all GDPR data subject rights: (1) Right to Access (Art. 15) — request a copy of all your personal data; (2) Right to Rectification (Art. 16) — correct inaccurate data; (3) Right to Erasure (Art. 17) — 'right to be forgotten'; (4) Right to Restriction (Art. 18) — limit processing of your data; (5) Right to Portability (Art. 20) — receive data in machine-readable format; (6) Right to Object (Art. 21) — object to certain processing; (7) Right not to be subject to automated decision-making (Art. 22) — our AI is a support tool, final decisions are always made by humans.

We have conducted a Data Protection Impact Assessment (DPIA) for our interview analysis processing, as required by GDPR Art. 35 for high-risk processing. The DPIA covers: the nature and purpose of processing, assessment of necessity and proportionality, risk identification and mitigation measures, and safeguards to protect data subjects' rights.

In the event of a personal data breach: (1) We will notify the relevant Data Protection Authority within 72 hours of becoming aware (Art. 33 GDPR); (2) If the breach poses a high risk to individuals, we will notify affected data subjects without undue delay (Art. 34 GDPR); (3) We maintain a breach register documenting all incidents; (4) We have incident response procedures in place to contain, assess, and remediate breaches.

All data processing occurs within the European Union (Azure West Europe region). We do not transfer personal data outside the EU/EEA. Our sub-processors (Microsoft Azure, Stripe) maintain EU data residency for our data. In the event that future business needs require transfers outside the EU, we will ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

For GDPR-related inquiries, data access requests, or to exercise any of your rights, contact AI Interview Analyzer sp. z o.o., ul. Kaliny Jędrusik 6/53, 01-748 Warszawa, Poland, at contact@aiinterviewanalyzer.com. We will respond to all requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your national Data Protection Authority.