Privacy Policy

1. Introduction

InTheQ ("we," "us," or "our") operates the Behavioral Intelligence Data Cloud platform accessible at intheq.polsia.app (the "Service"). This Privacy Policy describes how we collect, use, store, disclose, and protect personal information when you use our Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

Information You Provide Directly

• Account Information: Name, email address, phone number, and authentication credentials when you create an account.
• Profile Data: Professional background, work history, education, skills, and other information you provide to build your candidate or employer profile.
• Behavioral Assessment Data: Responses to behavioral assessments, personality indicators, and work style preferences used for matching.
• Communications: Messages, feedback, and correspondence you send to us or through the platform.

Information Collected Automatically

• Usage Data: Pages visited, features used, interaction patterns, timestamps, and session duration.
• Device Information: Browser type, operating system, device identifiers, screen resolution, and language preferences.
• Network Information: IP address, approximate geographic location (city/region level), and referring URLs.

Information From Third Parties

• OAuth Providers: If you authenticate via a third-party service (e.g., LinkedIn, Google), we receive profile information as authorized by that provider and your privacy settings.
• Employer-Provided Data: Employers using the platform may provide information about roles, team structures, and organizational culture for matching purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the matching platform, including generating behavioral intelligence profiles and candidate-role matches.
• Personalization: To tailor your experience, improve match quality, and surface relevant opportunities.
• Communication: To send service-related notifications, respond to inquiries, and provide customer support.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
• Analytics: To understand how the Service is used, measure performance, and improve our platform.
• Compliance: To comply with legal obligations, enforce our terms of service, and protect our rights.

4. Data Storage and Security

We implement technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data is encrypted in transit using TLS 1.2 or higher. Sensitive data fields, including OAuth tokens, are encrypted at rest using AES-256-GCM.
• Access Controls: Role-based access controls limit data access to authorized personnel on a need-to-know basis.
• Infrastructure: Our systems are hosted on SOC 2 Type II certified infrastructure with continuous monitoring, automated vulnerability scanning, and regular security assessments.
• Parameterized Queries: All database operations use parameterized statements to prevent injection attacks.
• Incident Response: We maintain an incident response plan aligned with ISO 27001 and SOC 2 requirements. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security.

5. Third-Party Data Sharing

We do not sell your personal information. We do not rent, trade, or otherwise provide your personal data to third parties for their marketing purposes.

We may share information in the following limited circumstances:

• Matching Partners: When you opt into the matching process, relevant profile information (excluding raw behavioral assessment responses) may be shared with employers or candidates as necessary to facilitate matches. You control what information is visible through your profile settings.
• Service Providers: We work with third-party vendors who perform services on our behalf, including hosting infrastructure, analytics, email delivery, and payment processing. These providers are contractually obligated to protect your information and may only use it to deliver services to us.
• Legal Requirements: We may disclose information when required by law, court order, subpoena, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

Third-Party Services We Use

• Authentication: OAuth providers (LinkedIn, Google) for secure sign-in.
• Infrastructure: Cloud hosting and database services with SOC 2 certification.
• Payment Processing: Stripe for payment handling. We do not store credit card numbers on our servers.
• Analytics: Anonymized usage analytics for service improvement.
• AI Processing: Large language model APIs for behavioral analysis and matching. Data sent to AI providers is processed according to their data processing agreements and is not used to train their models.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain session state, remember preferences, and understand usage patterns.

Essential Cookies

Required for the Service to function. These include authentication tokens and session identifiers. You cannot opt out of essential cookies while using the Service.

Analytics Cookies

Help us understand how visitors interact with the Service. These cookies collect information in an aggregated form to help us improve functionality and user experience.

Managing Cookies

Most browsers allow you to control cookies through settings. Disabling cookies may limit your ability to use certain features of the Service. For more information about cookies and how to manage them, visit allaboutcookies.org.

7. Analytics

We collect anonymized and aggregated analytics data to improve the Service. This includes page view statistics, feature usage metrics, and performance data. Analytics data is used internally and is not shared with third parties in a form that identifies individual users.

We do not use analytics data for behavioral advertising or sell analytics data to third parties.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to legal retention requirements.
• Export: Request a portable copy of your data in a structured, commonly used, machine-readable format.
• Restriction: Request that we limit how we process your information in certain circumstances.
• Objection: Object to processing of your information for specific purposes.
• Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@intheq.polsia.app. We will respond to verified requests within 30 days (or within the timeframe required by applicable law).

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purpose, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary, but you may still submit a request for confirmation.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at hello@intheq.polsia.app with the subject line "CCPA Request."

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides additional protections:

• Legal Basis: We process personal data on the basis of contractual necessity (to provide the Service), legitimate interest (to improve and secure the Service), consent (where explicitly provided), and legal obligation (to comply with applicable law).
• International Transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
• Data Protection Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

11. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. When you request account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law, necessary to resolve disputes, or needed to enforce our agreements.

Aggregated, anonymized data that cannot reasonably be used to identify you may be retained indefinitely for analytics and service improvement purposes.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at hello@intheq.polsia.app.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where required by law, providing notice through the Service or by email.

Your continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

InTheQ
Email: hello@intheq.polsia.app

We aim to respond to all privacy-related inquiries within 30 days.