Sign InSign Up

Privacy Policy

Our privacy policy and how we use your data

Effective date: 2026-05-24

This Privacy Policy explains how Intervyo (“Intervyo”, “we”, “us”) collects, uses, shares, and protects information when you and your organization use our AI interview platform, our website at https://www.intervyo.ai, our APIs, integrations (including connectors installed through MCP-compatible clients such as ChatGPT Apps), and any related services (collectively, the “Service”).

Intervyo is a recruiting tool. When recruiters use it to invite, interview, and evaluate participants (“Candidates”), the recruiter's organization is the controller of the Candidate's personal data and Intervyo acts as a processor. This Policy describes both roles.

1. Information we collect

1.1 Information you give us

  • Account information — name, email address, password (hashed), profile photo, and the organization you belong to, including your role on that organization.
  • Recruiter content — evaluation templates, job descriptions, evaluation stages, agent profiles, programs, knowledge-base files, and any other configuration you create on the platform.
  • Candidate content — participant records you upload or invite (name, email, phone, resume, profile data, tags), the rounds you schedule, and any notes you add.
  • Billing information — when you subscribe, we collect billing contact details. Payment instruments are handled by our payment processor and Intervyo does not store full card numbers.
  • Support communications — content of emails, chat messages, and any attachments you send us.

1.2 Information we collect automatically

  • Usage data — pages viewed, features used, tools invoked through the API or MCP, timestamps, IP address, browser type, device identifiers, and similar telemetry. Used for product analytics, billing meters, and abuse prevention.
  • Cookies and local storage — session cookies for sign-in, preference storage (theme, locale, sidebar state), and limited first-party analytics. See our Cookie Policy.
  • Operational logs — request and error logs that may incidentally contain user identifiers, retained for security, debugging, and compliance.

1.3 Information generated during an interview

  • Audio and (optionally) video from the live session.
  • Transcripts generated from the session audio.
  • Coding submissions and any other inputs the Candidate provides during a session.
  • AI-generated outputs — scores, evaluation breakdowns, summary reports, pass/fail decisions, and analytics metadata (token usage, durations, latency).

2. How we use information

  • To provide, operate, and improve the Service.
  • To generate AI evaluations of interviews on behalf of the recruiter.
  • To authenticate users, secure accounts, detect and prevent fraud or abuse.
  • To process billing and meter usage against your subscription plan.
  • To send transactional emails (interview invitations, reminders, account notifications, security alerts).
  • To respond to support requests and to comply with legal obligations.
  • To produce aggregated, de-identified analytics that help us understand product usage and improve features. These analytics do not identify individual users or Candidates.

3. Legal bases (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following lawful bases:

  • Contract — to provide the Service to recruiter accounts.
  • Legitimate interests — to secure the Service, prevent abuse, generate aggregate analytics, and communicate about product updates.
  • Consent — for non-essential cookies, marketing emails, and, where required, for processing of Candidate audio and AI evaluation. Consent for Candidate participation is obtained by the recruiter at the point of invitation.
  • Legal obligation — to meet tax, accounting, and other statutory requirements.

4. AI processing

Interview audio, video (if enabled), transcripts, and uploaded content are processed by third-party AI providers we engage as subprocessors to generate transcriptions, conduct the live conversation, and produce evaluations. These providers process content as instructed by Intervyo under data-processing agreements. We do not knowingly use Candidate content to train third-party general-purpose models, and our agreements with AI providers prohibit their use of Service data for model training unless you have separately opted in.

AI-generated scores and recommendations are advisory. The recruiter is solely responsible for the final hiring decision and for ensuring decisions comply with applicable employment and anti-discrimination law in the relevant jurisdiction.

5. How we share information

5.1 Within your organization

Recruiter content and interview outputs are visible to other members of your organization based on their role and permissions. Account owners and admins can see all team activity; members see what their permissions allow.

5.2 Subprocessors

We use the following categories of subprocessors to operate the Service:

  • Cloud database and authentication — to store account data and user credentials.
  • Real-time communications — to power the live interview audio/video sessions.
  • Object storage — to store interview recordings and uploaded files.
  • AI model providers — large language models, speech-to-text, and text-to-speech vendors used to conduct and evaluate interviews.
  • Email delivery — for transactional and notification emails.
  • Payment processing — for subscription billing.
  • Observability and analytics — for product telemetry and error monitoring.

A current list of named subprocessors is available on request to privacy@intervyo.ai.

5.3 Third-party integrations you authorize

When you connect a third-party application to your account (including connectors installed via the Model Context Protocol or ChatGPT Apps), that application gains access to the data covered by the scopes you grant during the OAuth consent flow, subject to your role-based permissions. You can revoke any connection at any time from your account settings.

5.4 Legal disclosures

We may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of Intervyo, our users, or others. Where permitted, we will notify the affected customer before disclosure.

5.5 Business transfers

In the event of a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

6. Data retention

  • Account data is retained for the lifetime of the account.
  • Interview recordings and transcripts are retained for the duration of your subscription unless you delete them earlier, and are removed within 90 days of subscription termination or upon a verified deletion request, whichever is earlier.
  • Operational logs are retained for up to 12 months for security and debugging.
  • Backups may retain copies for up to 30 days after deletion of the source data, after which they are overwritten.
  • Billing records are retained for the period required by applicable tax and accounting law.

7. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit (TLS) and at rest, hashed credentials, role-based access control, least-privilege service accounts, audit logging, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Your rights

Subject to applicable law (including the GDPR, UK GDPR, CCPA/CPRA, and the Indian Digital Personal Data Protection Act), you may have rights to:

  • access the personal data we hold about you;
  • request correction of inaccurate personal data;
  • request deletion (the “right to be forgotten”);
  • request restriction or object to certain processing;
  • data portability;
  • withdraw consent at any time where consent is the basis;
  • opt out of the sale or sharing of personal data — we do not sell personal data;
  • lodge a complaint with a supervisory authority.

To exercise these rights, contact privacy@intervyo.ai. If you are a Candidate, please direct requests to the recruiter organization that invited you; we will assist them in responding.

9. International transfers

Intervyo is headquartered in India and operates infrastructure in multiple regions. We transfer personal data across borders consistent with applicable law, using mechanisms such as Standard Contractual Clauses where required.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us and we will promptly delete it.

11. Changes to this Policy

We may update this Policy from time to time. The “Effective date” above will reflect the latest revision. Material changes will be notified to account administrators by email or via the Service.

12. Contact

Questions about this Policy or our privacy practices? Email privacy@intervyo.ai.