Privacy Policy

Last Updated: [DATE]

⚠️ IMPORTANT NOTICE

This is a template document. Please have this reviewed and customized by a qualified attorney before use. Fill in all bracketed placeholders and ensure compliance with GDPR, CCPA, and other applicable laws.

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. Data Processing and Legal Basis
  6. Data Retention
  7. Your Privacy Rights
  8. California Privacy Rights (CCPA/CPRA)
  9. International Data Transfers
  10. Security
  11. Children's Privacy
  12. Third-Party Links and Services
  13. Cookies and Tracking Technologies
  14. AI and Automated Processing
  15. Changes to This Privacy Policy
  16. Data Protection Officer
  17. Contact Us
  18. Specific Provisions

1. Introduction

Outsurge ("we", "us", "our", or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Account Information

  • Name, email address, password
  • Company information (name, website, description)
  • Payment and billing information
  • Profile information

Candidate Information (when you use our Service)

  • Candidate names, email addresses, phone numbers
  • Resume/CV information
  • Challenge responses and interview data
  • Evaluation scores and feedback

Content You Submit

  • Job postings and descriptions
  • Codebase information (when connecting integrations)
  • Challenge scenarios and rubrics
  • Other content you upload or create

2.2 Information Automatically Collected

Usage Data

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Clickstream data
  • Access times and dates

Cookies and Tracking Technologies

  • Session cookies
  • Authentication tokens
  • Analytics cookies
  • Preference cookies

2.3 Information from Third-Party Services

Integration Data

  • GitHub/GitLab repository information
  • Jira/Linear project data
  • Other third-party service data you authorize us to access

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • To provide, maintain, and improve the Service
  • To process transactions and manage subscriptions
  • To authenticate users and manage accounts
  • To generate challenges and conduct evaluations
  • To provide AI-powered interview and scoring services

3.2 Communication

  • To send service-related communications
  • To respond to your inquiries and support requests
  • To send administrative information (updates, security alerts)
  • To send marketing communications (with your consent, where required)

3.3 Analytics and Improvement

  • To analyze usage patterns and improve the Service
  • To develop new features and functionality
  • To conduct research and analytics

3.4 Legal and Compliance

  • To comply with legal obligations
  • To enforce our Terms of Service
  • To protect our rights and prevent fraud
  • To respond to legal requests

3.5 AI and Machine Learning

  • To train and improve our AI models (with appropriate safeguards)
  • To generate challenges and evaluations
  • To provide personalized experiences

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

  • With third-party service providers who perform services on our behalf
  • Examples: hosting, payment processing, analytics, email services
  • These providers are contractually obligated to protect your information

4.2 Business Transfers

  • In connection with a merger, acquisition, or sale of assets
  • Your information may be transferred to the acquiring entity

4.3 Legal Requirements

  • When required by law, court order, or government regulation
  • To respond to legal process or government requests
  • To protect our rights, property, or safety

4.4 With Your Consent

  • When you explicitly authorize us to share information
  • When you choose to integrate with third-party services

4.5 Aggregated Data

  • We may share aggregated, anonymized data that cannot identify individuals
  • Used for analytics, research, and business purposes

5. Data Processing and Legal Basis

5.1 Legal Basis (GDPR)

If you are in the European Economic Area (EEA), we process your data based on:

  • Contract Performance: To provide the Service you requested
  • Legitimate Interests: For service improvement, security, and fraud prevention
  • Consent: Where you have provided explicit consent
  • Legal Obligation: To comply with applicable laws

5.2 Data Controller vs. Processor

  • For Company Users: We are the data controller
  • For Candidate Data: We act as a data processor on behalf of our customers (who are the data controllers)
  • Candidates should contact the company that invited them for questions about their data

6. Data Retention

6.1 Retention Periods

  • Account Data: Retained while your account is active and for a reasonable period after closure
  • Candidate Data: Retained as necessary to provide the Service and as required by law
  • Usage Data: Retained for analytics and service improvement purposes
  • Legal Requirements: Some data may be retained longer for legal compliance

6.2 Deletion

  • You may request deletion of your data at any time
  • We will delete data in accordance with applicable law and our retention policies
  • Some data may be retained for legal, regulatory, or legitimate business purposes

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Access and Portability

  • Right to access your personal information
  • Right to receive your data in a portable format

7.2 Correction and Deletion

  • Right to correct inaccurate information
  • Right to request deletion of your data ("right to be forgotten")

7.3 Objection and Restriction

  • Right to object to processing of your data
  • Right to restrict processing in certain circumstances

7.4 Withdraw Consent

  • Right to withdraw consent where processing is based on consent

7.5 Opt-Out

  • Right to opt-out of marketing communications
  • Right to opt-out of certain data sharing (where applicable)

7.6 Non-Discrimination

  • We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us at [YOUR EMAIL]

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

8.1 Right to Know

  • Right to know what personal information we collect, use, and disclose
  • Right to know the categories of sources and purposes

8.2 Right to Delete

  • Right to request deletion of personal information (subject to exceptions)

8.3 Right to Correct

  • Right to correct inaccurate personal information

8.4 Right to Opt-Out

  • Right to opt-out of sale or sharing of personal information (we do not sell data)
  • Right to opt-out of targeted advertising

8.5 Right to Non-Discrimination

  • We will not discriminate for exercising privacy rights

California residents can exercise these rights by contacting us at [YOUR EMAIL]

9. International Data Transfers

9.1 Data Location

  • Your data may be stored and processed in countries other than your own
  • We use appropriate safeguards for international transfers

9.2 Transfer Mechanisms

  • We use Standard Contractual Clauses (SCCs) for transfers from the EEA
  • We comply with applicable data transfer regulations

10. Security

10.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Secure infrastructure and hosting

10.2 No Guarantee

  • While we implement security measures, no method of transmission over the Internet is 100% secure
  • We cannot guarantee absolute security

10.3 Breach Notification

  • We will notify you and relevant authorities of data breaches as required by law
  • Notification will be provided without undue delay

11. Children's Privacy

  • Our Service is not intended for individuals under 18 years of age
  • We do not knowingly collect information from children
  • If we learn we have collected information from a child, we will delete it promptly

12. Third-Party Links and Services

  • Our Service may contain links to third-party websites or services
  • We are not responsible for the privacy practices of third parties
  • We encourage you to review their privacy policies

13. Cookies and Tracking Technologies

13.1 Types of Cookies

  • Essential Cookies: Required for the Service to function
  • Analytics Cookies: Help us understand how the Service is used
  • Functional Cookies: Remember your preferences
  • Marketing Cookies: Used for advertising (with consent)

13.2 Cookie Management

  • You can control cookies through your browser settings
  • Note: Disabling cookies may affect Service functionality

14. AI and Automated Processing

14.1 AI Processing

  • We use AI and machine learning to provide our services
  • This includes automated decision-making in evaluations
  • You have the right to human review of significant automated decisions (where applicable)

14.2 Algorithmic Transparency

  • We provide information about how our AI systems work
  • We are committed to fairness and non-discrimination in our AI systems

15. Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time
  • Material changes will be notified via email or through the Service
  • The "Last Updated" date will be revised
  • Continued use after changes constitutes acceptance

16. Data Protection Officer

If required by law, we have appointed a Data Protection Officer (DPO). Contact:

  • Email: [DPO EMAIL]
  • Address: [DPO ADDRESS]

17. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us:

Outsurge
Email: [YOUR EMAIL]
Address: [YOUR ADDRESS]
Phone: [YOUR PHONE]

For EU/EEA Residents:
You may also contact your local data protection authority

18. Specific Provisions

18.1 Candidate Data

  • When you use our Service to evaluate candidates, you are the data controller
  • Candidates should contact the company that invited them for questions about their data
  • We process candidate data on your behalf as a data processor

18.2 Integration Data

  • When you connect third-party services (GitHub, GitLab, etc.), we access data as authorized
  • We use this data only to provide the Service
  • You can revoke access at any time through the integration settings

Important Notes

⚠️ This is a template document. Before using, you must:

  1. Fill in all bracketed placeholders ([DATE], [YOUR EMAIL], [YOUR ADDRESS], [DPO EMAIL], etc.)
  2. Have this reviewed by a qualified attorney
  3. Customize based on your specific data practices
  4. Ensure compliance with GDPR, CCPA, and other applicable laws
  5. Add specific details about your data processing activities
  6. Consider additional disclosures based on your jurisdiction
  7. Implement the technical and organizational measures described
  8. Set up processes to handle data subject requests