Privacy policy
Effective date
30th November 2023
Evidenced is a company registered in England and Wales under company number 12753827. Evidenced has privacy and transparency at its core.
This privacy policy will explain how our organisation uses the personal data we collect from you when you use our website (https://www.evidenced.app/) or our application (https://platform.evidenced.app/).
What data we collect
Users
Evidenced collects and stores the following data on users:
Name
Email address
Any data entered into the application, including job roles they are hiring for, the names of interviews they conduct, interview questions they ask, guidance for interviews and interview timings
Any interactions performed within the application, e.g. entering text, clicking a link or navigating between sections of the application
Signing up for an Evidenced account and accepting this Privacy Policy means users consent to their interviews being recorded and transcribed. When users take part in an interview with a candidate that has also consented to recording, Evidenced will collect and store:
A recording of the video call between interviewer/s and a candidate.
A transcript of the conversation between interviewer/s and a candidate.
The data are obtained when a user signs up to Evidenced and throughout their use of the application.
Candidates
Evidenced collects and stores the following data on candidates:
Name (provided by the company the candidate is interviewing with)
Email address (provided by the company the candidate is interviewing with)
Your CV/Resume (when provided by the company the candidate is interviewing with)
The role a candidate is interviewing for
The times at which a candidate is scheduled for an interview with one of our users
When explicitly consented to:
A recording of the video call between interviewer/s and a candidate.
A transcript of the conversation between interviewer/s and a candidate.
Candidate data is only visible to the company they are interviewing with and Evidenced staff, who may encounter the data when providing customer support. No data is shared between companies on Evidenced.
How we use your data
Users
Evidenced collects data so that we can schedule interviews and provide interviewing functionality for our users and their prospective candidates. We also use this data to generate reports for our users and to help us improve our product by understanding how our users use the application.
Candidates
When a call recording or transcript is made with your consent (as a candidate), users from the company you have interviewed with can review the recording for the purposes of ensuring fairness and accountability in the hiring process, and to support training interviewers. This forms our legitimate interest lawful basis for processing your data. If you wish for us to not use your data in this way, simply withdraw your consent when joining the interview.
How we store your data
Evidenced securely stores data in AWS’s eu-west-2 region (London), and via Twilio's US1 region per Twilio's Cross Border Data Transfer Policy.
All data is transmitted between devices and the Evidenced app over HTTPS.
Twilio is certified under ISO/IEC 27001, secures data between customer applications, and supports TLS 1.2 encryption. Twilio Customer Data is encrypted at rest utilising industry standard encryption algorithms. They maintain strict governance and protection standards to ensure data is appropriately stored, processed, and handled by their people, systems and technology. More information can be found in their Privacy Policy.
Data is stored on Amazon RDS and is encrypted at rest. Amazon RDS encryption uses the industry standard AES-256 encryption algorithm to encrypt data on the server that hosts the Amazon RDS instance.
Evidenced is a multi-tenant SaaS application so all customers exist within the same environment and database instance, however industry standard authentication and authorization practices are in place using Auth0 to ensure that a customer’s data is not accessible by other customers. More information can be found on Auth0 Security, Privacy & Compliance.
How long we store your data for
Users
Evidenced keeps user data until they request account deletion.
Candidates
Evidenced keeps candidate data until deletion is requested by the company they applied with, or when deletion is requested directly from a candidate by emailing privacy@evidenced.app
How your data is shared
Data we collect is shared with the following companies in order to achieve the functionality of our application and support our users if something goes wrong:
Your data protection rights
GDPR compliance and data privacy are front and center of all product decisions made at Evidenced.
Evidenced is GDPR compliant. GDPR compliance is shown through actions, not through certifications. Evidenced provides our users with the ability to access and control information Evidenced processes on their behalf, and is sympathetic and supportive of individual privacy choices.
Evidenced would like to make sure you are fully aware of all of your data protection rights under the General Data Protection Regulation (GDPR). These rights can be seen on the official website of the Information Commissioner's Office.
Right to erasure / the right to be forgotten
Under Article 17 of the UK GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’.
When Evidenced is connected to an Applicant Tracking System (ATS), and the system provides a relay mechanism for right to erasure requests (e.g. an API or Webhook for candidate deletion events), Evidenced is automatically notified of this request and will process it automatically.
When a mechanism for automatic handling a right to erasure request is not provided by the ATS, a request can be made manually via our in-app support chat, or by emailing privacy@evidenced.app.
All requests are handled within 28 days.
Right of access / subject access request
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully.
Applicant Tracking Systems do not typically provide a programmatic access mechanism for right of access requests. If a request is received, you can notify us of this via our in-app support chat, or by emailing privacy@evidenced.app.
We will reach out to you via email with a copy of the information held on the candidate. This will consist of:
The candidate’s name and email address.
Interview audio and video of the candidate only.
(N.b. You are not obliged to provide the audio and video of the interviewers who interviewed the candidate, as interviewers have their own right to privacy.)
All requests are handled within 28 days.
Candidate data deletion
Evidenced has a built-in mechanism for the automatic removal of a candidate’s Personally Identifiable Information (PII). When removal takes place, candidate PII is removed and the remaining information is held under an anonymized candidate identity.
When connected to an Applicant Tracking System (ATS), Evidenced will automatically perform deletion and anonymization for any candidate that is deleted or anonymized (when this is supported) from the ATS.
If Evidenced is used without an ATS, your account manager will establish a retention period in consultation with you during the onboarding process. Candidate data will be automatically deleted and anonymized at the end of their retention period.
Deletion & Anonymization
When a candidate deletion is processed, the following data is removed from Evidenced:
The candidate’s name
The candidate email address
Video and audio recordings of the candidate
Transcripts of conversations with the candidate
Question notes taken by the interviewer
Bookmark notes taken by the interviewer
Decision notes taken by the interviewer
The chat history between the candidate and the interviewer
Any documents associated with the candidate (such as CVs/resumes or cover letters)
The following data will continue to be held under an anonymous candidate identity:
Which interviews the anonymous candidate took part in
Dates and interviewer/s attendance for interviews
Question ratings left by the interviewers
Hiring decisions left by the interviewers
Speaker ratios for interviewers and the anonymous candidate
Jobs the anonymous candidate was interviewing for
Cookies
How we use cookies
Evidenced uses cookies to improve your experience on our website. These uses are:
Keeping you signed in
Understanding how you use our website
The types of cookies we use
A mix of first-party and third-party cookies are used to recognize you on our website and remember your previously selected preferences.
How to manage cookies
You can set your browser not to accept cookies. If you choose to do this some of our website features may not function.
Privacy policies of other websites
The Evidenced website and application contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Changes to our privacy policy
Evidenced keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 30th November 2023.
How to contact us
If you have any questions about Evidenced’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us via email at privacy@evidenced.app.
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that Evidenced has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.