This Privacy Policy explains how Trueyy (“we”, “us”) collects, uses, shares, and protects information when you use our website and our interview-integrity product. We built Trueyy consent-first: candidates are told exactly what is observed before a session begins, and the live meeting video feed stays inside your conferencing tool.
Who this applies to
This policy covers two groups: customers (recruiters, interviewers, and admins who use the Trueyy dashboard) and candidates whose interviews are monitored with Trueyy by one of our customers. For candidate data, the hiring organisation is the data controller and Trueyy acts as a processor on their behalf.
What we collect
- Account data (customers): name, work email, company, and authentication details.
- Interview integrity signals (candidates): during a monitored session — application/window focus events, paste activity, keystroke timing, and process scans, plus periodic screen context (screenshots) and interview audio, which is transcribed for analysis.
- Usage & technical data: log data, device/browser info, and cookies needed to run and secure the service.
The live meeting video feed stays inside your meeting platform (Zoom, Google Meet, Microsoft Teams) — we don’t record it. To analyse integrity, Trueyy does capture interview audio (transcribed) and periodic screenshots, which are encrypted and deleted on the retention window you set.
How we use it
- To provide interview-integrity scoring and the customer dashboard.
- To authenticate users, secure the service, and prevent abuse.
- To support, improve, and troubleshoot the product.
- To meet legal and regulatory obligations.
We do not sell personal data, and we do not use candidate integrity signals for advertising.
Legal bases (GDPR)
Where the GDPR applies, processing relies on one or more lawful bases: performance of a contract, legitimate interests (running and securing the service), legal obligation, and — where appropriate — consent. Candidates are informed before monitoring begins.
Sharing & sub-processors
We share data with vetted sub-processors strictly to operate the service (e.g. cloud hosting, storage, email delivery, and the meeting platforms you connect). Each is bound by data-protection terms. A current list of sub-processors is available on request.
Retention
Retention of session signal data is configurable per organisation. Account data is kept for the life of the account and a limited period afterwards as required for legal, security, and accounting purposes.
Security
Data is encrypted in transit and at rest. Access is role-based and logged. Our security posture is designed to support GDPR and SOC 2 requirements; see our Security & Privacy overview.
Your rights
Depending on your location, you may have the right to access, correct, delete, or port your data, and to object to or restrict certain processing. Candidates should direct requests to the hiring organisation (the controller); we support customers in fulfilling them. To exercise rights or ask a question, use our contact form.
International transfers
Where data is transferred across borders, we use appropriate safeguards such as Standard Contractual Clauses.
Changes
We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.
Contact
Questions about this policy or your data? Reach us via our contact form.