Generating questions for this page…
We handle candidate and client data with the same rigour we apply to our assessments. Here's exactly how.
All data is hosted on EU-based servers (Hetzner, Germany). We do not transfer personal data outside the EU/EEA.
All data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed using Argon2id. Sensitive candidate data is encrypted at the field level.
We never store card details. All payments are processed via Stripe Checkout — a PCI DSS Level 1 certified provider. Card data never touches our servers.
Candidate results are accessible only to the inviting client account. No other client can access your data. Admin access is logged to an immutable audit trail.
Candidate results are retained for 24 months from the test date, then permanently deleted. Clients can request early deletion via email.
Candidate data is never shared with, sold to, or accessible by third parties. We do not use candidate data for advertising or AI training without explicit consent.
In the event of a data breach, affected clients and candidates are notified within 72 hours in accordance with GDPR Article 33.
Questions about data handling? Contact us
Enterprise clients requiring a DPA under GDPR Article 28 can request one by emailing admin@editingtests.com. We provide signed DPAs within 5 business days, covering processing purposes, data categories, sub-processors, and data subject rights.
The platform undergoes regular security reviews. We conduct vulnerability assessments and engage third-party security review on a scheduled basis. For security concerns or responsible disclosure, contact admin@editingtests.com.
— HR Director, International Law Firm
We use cookies to operate this platform and analyse usage (self-hosted Matomo). No advertising cookies. No data sold. Cookie Policy · Privacy Policy