Privacy Policy

This Privacy Policy describes how Nexprove (“we”, “us”, “Nexprove”) handles personal data when you interact with AI Recruiter, our voice-based screening product that conducts first-round interviews and generates AI-scored reports for hiring teams.

It applies to two distinct groups of people:

• Recruiters — the account holders who sign up, configure interview templates, and review the resulting transcripts and reports. Recruiters typically use AI Interviewer on behalf of an employer that is the data controller for candidate data.
• Candidates — the job applicants who speak to the AI voice agent during a screening interview. Candidates are normally invited by a recruiter through a shareable link.

This policy covers our marketing website, the recruiter dashboard, the candidate-facing interview experience, and the back-end services that store and process interview data. It does not cover third-party sites we link to, the integrated applicant-tracking systems a recruiter chooses to connect, or the internal hiring decisions an employer makes after receiving our reports — those are governed by the employer’s own policies.

Draft notice: this document is a working draft pending review by qualified legal counsel and should not be treated as final.

When a recruiter creates an account or uses the dashboard, we collect the data needed to provision, secure, and operate the service. Categories include:

• Identifiers and account details — full name, work email address, employer or team name, job title (if provided), profile photo, and the password hash or identity-provider token used to sign in.
• Workspace configuration — interview templates, role descriptions, scoring rubrics, branding assets, invite copy, and any internal notes a recruiter chooses to save.
• Commercial and billing information — plan tier, seat count, billing contact, VAT or tax identifier, invoice history, and a tokenised reference to the payment method held by our payment processor. We never store full card numbers on our own infrastructure.
• Device, network, and diagnostic data — IP address, browser user agent, operating system, device type, approximate location derived from IP, pages and dashboard views accessed, feature interactions, request timestamps, and error or crash reports.
• Cookies and similar technologies — strictly-necessary cookies for authentication and session management, plus a minimal set of first-party analytics cookies described in our cookie notice.
• Support and communications — the content of emails, in-app messages, and call notes exchanged with our team.

We do not sell recruiter data, and we do not use the contents of a workspace to advertise to anyone or to train third-party foundation models.

When a candidate joins an interview through a recruiter’s invite link, Nexprove acts as a processor on behalf of the recruiter or their employer, who is the controller of the candidate’s personal data. We collect only what is needed to run the interview and return a usable report:

• Identifiers provided by the candidate — name, email address, and the role or requisition the candidate is interviewing for. A candidate may also be asked to confirm time-zone or preferred language.
• Voice audio — the candidate’s spoken responses, streamed through our real-time voice infrastructure (LiveKit Cloud) to drive the conversation. Raw audio is not retained after the live interview by default, unless the recruiter has explicitly enabled recording for that role and the candidate has been notified.
• Transcripts — speech-to-text transcription of the interview, including speaker turns and timestamps, stored so the recruiter can review the conversation.
• AI-derived outputs — structured scores, competency ratings, summaries, and reviewer notes generated by our models from the transcript. These are treated as personal data about the candidate.
• Device, network, and connection metadata — browser and operating system, microphone-permission state, IP address, approximate IP-derived location, interview start and end timestamps, connection-quality signals, and reconnection events used to debug failed interviews.

We do not knowingly request government identifiers, financial details, biometric identifiers, health information, or any other “special category” or “sensitive personal information” from candidates. Candidates should avoid volunteering such information during an interview.

We use personal data only for a defined set of purposes:

• Running the interview — routing voice audio between the candidate and the AI agent, converting speech to text, generating the agent’s spoken replies, and handling reconnections.
• Producing transcripts and reports — storing the conversation as text, applying the recruiter’s scoring rubric, and generating a structured summary the recruiter can review.
• Delivering results — surfacing transcripts and reports in the dashboard, sending transactional notifications such as “your candidate has finished” emails, and exporting results to integrated systems on the recruiter’s instruction.
• Operating, securing, and supporting the service — authenticating users, preventing abuse and fraud, debugging failures, responding to support requests, and maintaining audit logs.
• Improving the product responsibly — analysing usage in aggregate and evaluating model quality on de-identified, sampled transcripts. We do not train any third-party foundation model on candidate transcripts, and we do not use identifiable candidate content to improve general model behaviour.
• Legal and compliance — meeting record-keeping obligations, responding to lawful requests, enforcing our terms, and surfacing the notices required by AI-hiring laws.

We will not use personal data for materially new purposes without first updating this policy and, where required, obtaining your consent.

Where the GDPR, UK GDPR, or similar laws apply, we rely on the following legal bases, depending on the data and the purpose:

• Performance of a contract — for recruiters, processing account, workspace, billing, and usage data is necessary to provide the service they have signed up for.
• Legitimate interests — for keeping the service secure, preventing abuse, debugging failures, and improving quality using aggregated or de-identified data. We balance these interests against the rights and freedoms of data subjects and document that balance internally.
• Consent — for candidates, we rely on the recruiter (acting as employer or its agent) to obtain the appropriate consent to record and assess a candidate using an automated voice system, supported by the candidate’s own acknowledgement before the interview starts. Consent can be withdrawn at any time without affecting the lawfulness of prior processing.
• Explicit consent and statutory notices — where AI-hiring laws require it, including New York City Local Law 144 on automated employment decision tools, the Illinois AI Video Interview Act, the Colorado AI Act, and the EU AI Act obligations on high-risk hiring systems, we surface notices and request explicit candidate consent before the interview begins.
• Legal obligation — when we must retain or disclose data to comply with applicable law, court order, or regulator request.

Recruiters remain responsible for ensuring they have a valid lawful basis to invite a candidate to an AI screening interview in the candidate’s jurisdiction, including any bias-audit publication or pre-interview notice duties imposed on the employer.

We do not sell personal data and we do not “share” it for cross-context behavioural advertising. We disclose personal data only to vendors that help us run AI Interviewer, each bound by a written data-processing agreement, and only to the extent each vendor needs to do its job. Current subprocessors include:

• LiveKit (United States / EU) — real-time voice transport for the live interview; also coordinates the Inference services below.
• Deepgram (via LiveKit Inference) — speech-to-text transcription of the candidate’s spoken responses.
• Google (Gemini, via LiveKit Inference) — large language model used to drive the interview agent and generate scoring reports. Content is not used to train general Google models.
• Cartesia (via LiveKit Inference) — text-to-speech that gives the AI agent its voice.
• Neon (United States / EU) — managed Postgres database where we store account data, transcripts, and reports.
• Vercel (United States / global edge) — hosting and edge delivery for the Next.js web application.
• Resend — sending transactional emails such as invites and result notifications.

We may also disclose data when required by law, to protect the safety of users or the public, or as part of a corporate transaction such as a merger or asset sale (with advance notice to affected customers where feasible). An up-to-date list of subprocessors, including hosting regions, is available from hello@nexprove.com.

AI Recruiter is built on cloud services that operate in multiple regions, including the United States and the European Union. Depending on where a recruiter and candidate are located, personal data may be processed in a country other than the candidate’s home country.

When we transfer personal data out of the European Economic Area, United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards under applicable law, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission (2021/914), incorporated into our customer and subprocessor agreements;
• the UK International Data Transfer Addendum (IDTA) or the UK Addendum to the EU SCCs, and the Swiss FDPIC amendments, where relevant;
• Adequacy decisions, including reliance on the EU–US Data Privacy Framework and the UK Extension where a subprocessor is self-certified;
• Transfer impact assessments and supplementary measures such as encryption in transit and at rest, access controls, and contractual restrictions on government-data-access requests;
• Region selection where available — for some workloads we prefer EU regions for EU-originating data.

You can request a copy of the relevant transfer mechanism by contacting hello@nexprove.com.

We retain personal data only as long as we need it for the purposes described in this policy, then delete or anonymise it. Where Nexprove acts as a processor, the recruiter’s retention instructions take precedence, subject to the maximums below.

• Transcripts and AI reports — kept in the recruiter’s workspace until the recruiter deletes the underlying interview, candidate, or workspace. Recruiters can delete an interview at any time from the dashboard.
• Voice audio — not retained after the live interview by default. When a recruiter explicitly enables recording for a role, audio follows the same retention as transcripts.
• Closed or inactive accounts — if a recruiter account is closed (or has been inactive for an extended period), we keep workspace data for up to 90 days to allow recovery and contractual hand-off, then permanently purge it from primary storage.
• Encrypted backups — rotated and overwritten within 30 days, so deleted data also disappears from backups within that window.
• Operational logs and security telemetry — retained for up to 90 days, except for security-incident records which we keep for as long as needed to investigate and remediate.
• Billing and tax records — retained for the period required by applicable tax, accounting, and anti-money-laundering law in the relevant jurisdiction (typically 6–10 years).

A recruiter, or a candidate via their recruiter, can request earlier deletion at any time by contacting hello@nexprove.com.

Depending on where you live, you have rights over the personal data we hold about you. Nexprove honours requests received directly and supports recruiters in responding to requests they receive from candidates.

Under the GDPR and UK GDPR, you may exercise the rights to:

• Access a copy of the personal data we hold about you;
• Rectification of inaccurate or incomplete data;
• Erasure (“right to be forgotten”), subject to limited legal exceptions;
• Restriction of processing in defined circumstances;
• Data portability in a structured, commonly-used, machine-readable format;
• Object to processing based on legitimate interests, and to withdraw consent at any time;
• Not be subject to a solely automated decision with legal or similarly significant effects, including profiling. AI Recruiter scores are intended as decision-support; the final hiring decision is made by the recruiter, and you may request human review of any outcome that materially relies on our output.
• Lodge a complaint with your local data-protection supervisory authority.

Under the CCPA, CPRA, and similar US state laws, California, Virginia, Colorado, Connecticut, Utah, Texas, and other state residents have the rights to:

• Know what categories of personal information we collect, the sources, the purposes, and the categories of recipients;
• Delete personal information we have collected from you;
• Correct inaccurate personal information;
• Opt out of “sale” or “sharing” for cross-context behavioural advertising — Nexprove does neither;
• Limit the use of sensitive personal information to what is necessary to provide the service;
• Non-discrimination for exercising any of these rights, including no denial of service and no different pricing.

Candidates should normally contact the recruiter or employer that invited them, since that organisation is the controller. You may also email us at hello@nexprove.com and we will route the request appropriately. We verify requests proportionate to their sensitivity, do not charge a fee, and will respond within the statutory timelines (generally 30 days under the GDPR and 45 days under the CCPA, extendable where the law allows). Authorised agents may submit requests with written proof of authority.

AI Recruiter is built for adult job applicants and the hiring teams who screen them. The service is not directed to children, we do not market to children, and we do not knowingly collect personal data from anyone under the age of 16 (or the higher minimum digital-consent age in the candidate’s jurisdiction).

Recruiters must not use AI Recruiter to invite, interview, or score anyone they know or reasonably suspect to be under 16. Where local law sets a higher minimum age for employment screening, recruiters are responsible for honouring that floor.

If we learn that we have collected personal data from a child without appropriate consent, we will delete it as soon as we reasonably can. If you are a parent or legal guardian and believe a child has used AI Recruiter, please contact hello@nexprove.com and we will investigate and remove the data promptly.

We use a layered set of technical and organisational measures, proportionate to the risk, to protect personal data against loss, misuse, and unauthorised access, alteration, or disclosure:

• Encryption in transit — all traffic between candidates, recruiters, our infrastructure, and our subprocessors is encrypted using TLS 1.2 or above. Live voice streams are encrypted between the candidate device and our voice infrastructure using WebRTC’s DTLS-SRTP.
• Encryption at rest — transcripts, reports, and backups are encrypted at rest in our managed database and storage providers.
• Access controls — production systems are restricted to a small number of authorised engineers under role-based access control, with multi-factor authentication required and just-in-time access for elevated operations. Workspace data is logically isolated per account.
• Audit logging and monitoring — administrative access to candidate data is logged and reviewed, and anomalies trigger alerts to our on-call rotation.
• Secure development — code review, dependency scanning, secret scanning, and periodic third-party penetration testing on production endpoints.
• Vendor due diligence — subprocessors are reviewed for security posture (SOC 2 or equivalent where available) before onboarding and are bound by contractual security commitments.

No system is perfectly secure. If we become aware of a personal-data breach that affects you, we will notify you and the relevant supervisory authorities within the timelines required by applicable law (generally 72 hours under the GDPR), and we will provide the information needed for you to assess any risk.

The data controller for the recruiter relationship is Nexprove. Where a recruiter uses AI Recruiter to screen candidates on behalf of an employer, that employer is normally the controller for the candidate’s personal data, and Nexprove acts as a processor under a data-processing agreement.

You can contact us with any privacy question, request, or complaint at:

• General privacy contact: hello@nexprove.com
• Data Protection Officer (interim): hello@nexprove.com (mark the subject line “DPO”)
• EU and UK representative: available on request while a permanent Article 27 / UK GDPR representative is being appointed.

If you are based in the European Economic Area, the United Kingdom, or Switzerland, you may lodge a complaint with your local data-protection supervisory authority. California residents may also contact the California Privacy Protection Agency. We would, however, appreciate the chance to address your concern directly first.

Changes to this policy. We may update this Privacy Policy as the product, our subprocessors, or applicable law evolves. When we make a material change, we will update the “Last updated” date at the top of this page and provide reasonable advance notice — typically at least 30 days before the change takes effect — by email to recruiter admins and through an in-product notice. For changes that materially expand how we use personal data, we will, where required, seek renewed consent before applying the change.