Data Use Agreement

Part A — If you are taking an assessment

A1. What is recorded

Only while the assessment runs: your entire screen (5 frames per second, no audio), your webcam (video only, no audio), in-page activity (tab and window switches, copy/paste, fullscreen changes, multi-monitor presence, clicks, and per-task timings), and short snippets of what you type in the assessment fields (up to 600 characters at a time). Snippets are scrubbed in your browser before storage — emails, phone numbers, API keys, and tokens are replaced with [redacted] — and a SHA-256 hash of the original keeps the record tamper-evident. All of this is disclosed on the consent screen, and nothing is recorded before you agree.

A2. Eye tracking

Disabled. If we ever turn it on, you will be asked for explicit opt-in consent first, and only a derived attention-on-screen ratio would be stored — never raw gaze coordinates, never facial-recognition data.

A3. Encryption & upload

Everything in A1 is encrypted on your device with AES-256-GCM before being stored locally; the key is generated in your browser and never transmitted. Uploads use short-lived signed URLs over TLS. The local encrypted copy exists so you can recover from a crash or dropped connection; it is purged after a successful submission, and you can discard it yourself from the assessment screen.

A4. AI processing

Your recording is transcribed and scored against task rubrics by Google's Gemini models, producing transcripts, derived features, scores, percentiles, and identified skill gaps. Human review may be applied to integrity flags and disputed results.

A5. Retention

Raw screen and webcam recordings are deleted automatically 30 days after upload (an employer may configure a different audit window of 1–365 days — see B5; the default is 30 days with extended retention off). Scores and derived results are kept for the life of your account.

A6. Who sees your result

• If you take it as a job seeker: the score, report, and skill breakdown are yours alone, unless you choose to share them (for example by opting in to a candidate profile that vetted employers can view — off by default).
• If you take it through your employer's invitation: your employer receives your name, work email, score, percentile, and skill gaps. You do not see a numeric score yourself. This is told to you before you start.
• In both cases: raw screen and webcam recordings are never shared with employers. They exist for scoring and integrity review by 40X.

A7. Withdrawing

You can stop an assessment at any time before submitting. If you stop and discard, the locally stored encrypted data is purged; anything already uploaded is covered by the retention rules in A5 and your deletion rights in A8.

A8. Your rights

Access, correction, deletion, and export — email hello@40x.aiwith “Privacy request” in the subject. If your assessment was run at an employer's direction, we may coordinate with them as the data controller (Part B).

Part B — If you are an employer organization

B1. Roles

For personal data about the employees you invite — their identities, recordings, and results — you are the controller and 40X is your processor: we process that data only to provide the service described in B2. Separately, 40X is an independent controller of de-identified, aggregated benchmark statistics derived from assessments.

B2. Scope of processing

On your documented instructions (your use of the product), we: deliver invitations; run assessments and collect the data in Part A1; produce per-person scores, percentiles, and skill gaps; produce organization and department aggregates; and present these in your admin dashboards.

B3. Sub-processors

Google Cloud / Firebase (hosting, storage, database, authentication — US), Google Gemini API (recording transcription and scoring — US), Google Analytics 4 (public site only), and the WebGazer CDN (only if eye tracking is ever enabled, with consent). We will give 30 days' notice before adding a sub-processor that touches your team's data, with a right to object.

B4. Security measures

TLS in transit; encryption at rest; client-side AES-256-GCM encryption of assessment data before upload; short-lived signed URLs; role-based, server-enforced visibility; audit logging of administrative actions.

B5. Retention controls

• Raw recordings: deleted 30 days after upload by default.
• Extended raw-telemetry retention: off by default; you may opt in per organization with a window of 1–365 days where your audit obligations require it. Outside the window, only derived data remains.
• Derived results: retained for the account lifecycle.

B6. What you see — and what you never see

You see, per invited employee who completed an assessment: name, work email, score, percentile (against your organization and the global benchmark), and identified skill gaps — plus department and organization aggregates. You never receive raw screen or webcam recordings, unscored transcripts, or any data about people who did not take the assessment through your invitation.

B7. Use limitations

You agree to:

• tell your employees, before they take the assessment, that organization admins will see their individual results;
• use individual results only for legitimate, lawful, employment-related purposes;
• own your compliance with laws governing automated or AI-assisted employment decisions in your jurisdictions — 40X provides measurements, not employment decisions.

B8. Data subject requests

If a data subject request about your team's data reaches us, we forward it to you and assist as reasonably needed. Employees retain their rights against 40X for their own artifacts under Part A8; for deletions that affect your dashboards, we will coordinate with you.

B9. Transfers

Processing happens in the United States. For EU/UK personal data, transfers rely on standard contractual clauses with our sub-processors and, where required, between you and 40X.

B10. Termination & deletion

On termination of your organization's use, raw data is deleted at the later of termination and the end of your configured retention window; derived, de-identified aggregates may be retained for benchmark integrity. Contractual questions: hello@40x.ai(subject “Legal”).