Data Policy

1. Overview

InTheQ is a Behavioral Intelligence Data Cloud that matches candidates to roles based on behavioral profiles, skills, experience, and organizational fit. This Data Policy explains how we handle the specific categories of data processed through our platform.

This policy supplements our Privacy Policy and provides additional transparency into data handling practices specific to our matching platform.

2. Candidate Data

We collect and process the following categories of candidate data:

Identity and Contact

• Full name, email address, and phone number.
• Profile photograph (if voluntarily provided).
• Geographic location (city and region level).

Professional Background

• Work history, including employer names, roles, durations, and descriptions.
• Education history, including institutions, degrees, and fields of study.
• Skills, certifications, and professional qualifications.
• Career preferences, including desired roles, industries, and work arrangements.

How Candidate Data Is Used

• To build behavioral intelligence profiles for matching.
• To surface relevant role opportunities based on profile fit.
• To provide candidates with insight into their behavioral strengths and work style patterns.

Candidate Data Visibility

Candidate profiles are not publicly visible. Employer access to candidate data is limited to information relevant to the matching process and is governed by the matching consent you provide. Raw behavioral assessment responses are never shared with employers.

3. Employer Data

We collect and process the following categories of employer data:

Organization Information

• Company name, industry, size, and location.
• Team structures and departmental organization.
• Organizational culture indicators and work environment descriptions.

Role Requirements

• Job descriptions, required skills, and experience levels.
• Team dynamics and behavioral preferences for role fit.
• Compensation ranges and benefits information.

How Employer Data Is Used

• To match qualified candidates to open roles based on behavioral and skills alignment.
• To provide employers with match quality scores and fit explanations.
• To improve matching algorithm accuracy over time through aggregated outcomes.

4. Behavioral Intelligence Data

Behavioral data is at the core of InTheQ's matching platform. We take special care with this category of information.

What We Collect

• Responses to structured behavioral assessments designed to evaluate work style, communication preferences, problem-solving approaches, and team dynamics.
• Self-reported behavioral preferences and work environment priorities.
• Interaction patterns within the platform (with consent) to refine behavioral models.

How Behavioral Data Is Processed

• Behavioral responses are processed through our matching engine to generate behavioral intelligence profiles.
• Profiles capture patterns such as collaboration style, decision-making approach, communication preferences, and adaptability indicators.
• Individual responses are never exposed directly. Only derived behavioral insights are used in matching.

Behavioral Data Protections

• Raw assessment responses are stored separately from derived profiles and are accessible only to the candidate.
• Behavioral profiles are not sold or shared outside the matching context.
• Candidates may request deletion of behavioral data at any time (see Data Deletion below).
• Behavioral data is never used to make automated decisions with legal or similarly significant effects without human review.

5. Salary and Compensation Data

What We Collect

• Candidate salary expectations and desired compensation ranges.
• Employer compensation ranges for open roles.
• We do not collect historical salary information or require disclosure of current compensation.

How Salary Data Is Used

• To ensure candidate-role matches are within mutually acceptable compensation ranges.
• To provide aggregated, anonymized compensation benchmarks (where sufficient data volume exists to prevent re-identification).

Salary Data Protections

• Individual salary expectations are never disclosed to employers without explicit candidate consent.
• Compensation data is not used for discriminatory purposes and is subject to applicable pay equity regulations.
• Aggregated compensation analytics require a minimum cohort size to prevent re-identification of individuals.

6. Matching Algorithm Transparency

We believe candidates and employers deserve to understand how matches are generated.

How Matching Works

• Our matching engine evaluates candidates against roles across multiple dimensions: behavioral fit, skills alignment, experience relevance, cultural compatibility, and compensation range overlap.
• Each dimension is weighted based on the specific requirements of the role and the preferences of the candidate.
• Match scores are generated on a relative basis, indicating the strength of alignment rather than an absolute qualification judgment.

What Matching Does Not Do

• Matching does not consider protected characteristics including race, gender, age, religion, disability, sexual orientation, or national origin.
• Matching does not make hiring decisions. All matches are recommendations presented to employers and candidates for their own evaluation.
• Matching does not use social media activity, personal browsing history, or data purchased from data brokers.

Match Explanations

When a match is generated, both the candidate and employer receive an explanation of the factors that contributed to the match score. These explanations are designed to be understandable and actionable, not opaque numeric outputs.

Bias Monitoring

We regularly audit matching outcomes for disparate impact across protected categories. If bias patterns are detected, we adjust the matching model to mitigate them. Audit results are reviewed as part of our compliance program.

7. Data Processing and AI

Use of Artificial Intelligence

• InTheQ uses large language models and machine learning systems to analyze behavioral assessment responses, generate match scores, and produce match explanations.
• AI processing is applied to derive insights from structured inputs. No fully autonomous decisions with material consequences are made without human oversight.

AI Data Handling

• Data sent to third-party AI providers for processing is governed by data processing agreements that prohibit use of our data for model training.
• We minimize the personal information included in AI processing requests, using anonymized or pseudonymized inputs where feasible.
• AI-generated outputs (behavioral profiles, match explanations) are stored on our infrastructure, not on third-party AI provider systems.

8. Data Retention

We retain different categories of data for different periods, based on purpose and legal requirements:

• Active Accounts: All profile data, behavioral data, and match history are retained for the duration of account activity.
• Inactive Accounts: Accounts with no login activity for 24 months are flagged for review. We will notify the account holder before taking any action.
• Deleted Accounts: Upon account deletion, personal data is removed within 30 days. Certain records may be retained in anonymized form for aggregate analytics or as required by law.
• Match Records: Match history is retained for 12 months after account deletion to support dispute resolution, after which it is permanently deleted.
• Audit Logs: System access and processing logs are retained for 12 months for security and compliance purposes, then purged.

9. Data Deletion

You may request deletion of your data at any time by contacting us at hello@intheq.polsia.app.

What Deletion Covers

• Your profile information, behavioral assessment data, and derived behavioral profiles.
• Match history and match explanation records.
• Communication history within the platform.
• All associated account credentials and session data.

What Deletion Does Not Cover

• Aggregated, anonymized data that has already been incorporated into statistical models and cannot reasonably be attributed to you.
• Records we are legally required to retain (e.g., financial transaction records for tax compliance).
• Backup copies, which are purged on a rolling schedule within 90 days of deletion.

Deletion Timeline

We will process deletion requests within 30 days of verification. You will receive confirmation when deletion is complete.

10. Data Portability

You have the right to request a portable copy of your data. Upon request, we will provide:

• Your profile data in structured JSON format.
• Your behavioral assessment responses and derived profile summary.
• Your match history and associated explanations.

Portability requests are fulfilled within 30 days. Contact hello@intheq.polsia.app to submit a request.

11. Compliance Frameworks

Our data handling practices are structured to align with the following regulatory and industry frameworks:

SOC 2 Type II

Our infrastructure and operational controls are designed to meet SOC 2 Type II trust service criteria for security, availability, processing integrity, confidentiality, and privacy. This includes continuous monitoring, access controls, change management, and incident response procedures.

ISO 27001

Our information security management practices are aligned with ISO 27001 standards, including risk assessment, security policy management, asset classification, access control, cryptography, and supplier relationship management.

FedRAMP

Our data handling controls are structured to align with FedRAMP control baselines, including access control (AC), audit and accountability (AU), identification and authentication (IA), system and communications protection (SC), and system and information integrity (SI) control families.

CCPA and GDPR

Our privacy practices comply with the California Consumer Privacy Act (CCPA) and the European General Data Protection Regulation (GDPR). See our Privacy Policy for detailed information about your rights under these frameworks.

12. Contact Us

For questions about this Data Policy or to exercise your data rights, contact us at:

InTheQ
Email: hello@intheq.polsia.app

We respond to all data-related inquiries within 30 days.