Generating questions for this page…
We handle candidate and client data with the same rigour we apply to our assessments. Here's exactly how.
All data is hosted on EU-based servers (Hetzner, Germany). We do not transfer personal data outside the EU/EEA.
All data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed using Argon2id. Sensitive candidate data is encrypted at the field level.
We never store card details. All payments are processed via Stripe Checkout — a PCI DSS Level 1 certified provider. Card data never touches our servers.
Candidate results are accessible only to the inviting client account. No other client can access your data. Admin access is logged to an immutable audit trail.
Candidate results are retained for 24 months from the test date, then permanently deleted. Clients can request early deletion via email.
Candidate data is never shared with, sold to, or accessible by third parties. We do not use candidate data for advertising or AI training without explicit consent.
In the event of a data breach, affected clients and candidates are notified within 72 hours in accordance with GDPR Article 33.
Questions about data handling? Contact us
— HR Director, International Law Firm