EARLY ACCESS

Privacy Policy

Last Updated: December 7, 2025

1. Introduction

TestReviewer.ai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered technical assessment platform ("Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We are committed to transparency about how we handle your personal data.

2. Data Controller

The data controller responsible for your personal information is:

7om Tech
Product: TestReviewer.ai
Email: sales@testreviewer.ai
Location: France

For questions about this Privacy Policy or to exercise your privacy rights, please contact us at sales@testreviewer.ai.

3. Information We Collect

3.1 Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password (hashed), company name, and account usage details
  • Payment Information: Billing address, payment method details (processed securely through Paddle, our payment processor)
  • Test Content: Test instructions, questions, and assessment criteria you create
  • Candidate Information: Candidate names, email addresses, and test submissions
  • Communication Data: Messages, support requests, and feedback you send to us

3.2 Information Automatically Collected

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, error logs, and system performance data
  • Cookies and Tracking: See Section 11 for details on our use of cookies

3.3 Information from Third Parties

We may receive information from third-party services, including:

  • Authentication Providers: If you sign in using third-party authentication services
  • Paddle: Transaction and billing information from our payment processor
  • Analytics Services: Aggregated usage statistics and performance metrics

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Provision

  • Create and manage your account
  • Process and analyze candidate test submissions
  • Generate AI-powered assessment reports and scores
  • Provide dashboard and reporting features
  • Send email notifications and updates

4.2 Business Operations

  • Process payments and manage billing
  • Provide customer support and respond to inquiries
  • Send service-related communications (notifications, updates, security alerts)
  • Enforce our Terms of Service and prevent fraud

4.3 Service Improvement

  • Analyze usage patterns to improve our Service
  • Develop new features and functionality
  • Conduct research and analytics (using aggregated, anonymized data)
  • Monitor and maintain Service performance and security

4.4 Legal Compliance

  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and protect our rights
  • Maintain records as required by law (e.g., invoices for 10 years under French law)

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: To provide the Service you have subscribed to and fulfill our contractual obligations
  • Legitimate Interests: To improve our Service, ensure security, prevent fraud, and conduct business operations
  • Consent: When you have given explicit consent for specific processing activities (e.g., marketing communications)
  • Legal Obligation: To comply with legal requirements, such as tax and accounting obligations

You have the right to withdraw consent at any time where consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Data Sharing and Sub-processors

We do not sell, rent, or trade your personal information. We may share your data with trusted third-party service providers (sub-processors) who assist us in operating our Service:

6.1 Sub-processors

  • Supabase: Database hosting and backend infrastructure (EU-based)
  • AI Processing Services: Third-party AI analysis and code review processing (US-based, with appropriate safeguards and data processing agreements)
  • Resend: Email delivery service (US-based, with appropriate safeguards)
  • Paddle: Payment processing and billing management (UK-based, GDPR compliant, PCI DSS certified)

All sub-processors are contractually bound to protect your data and use it only for the purposes we specify. We regularly review our sub-processors to ensure they meet our privacy and security standards.

6.2 Other Disclosures

We may disclose your information in the following circumstances:

  • Legal Requirements: When required by law, court order, or government regulation
  • Protection of Rights: To protect our rights, property, or safety, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • With Your Consent: When you have explicitly authorized the disclosure

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

7.1 Retention Periods

  • Active Accounts: Data is retained as long as your account is active and you use our Service
  • After Cancellation: Account data is retained for 30 days after cancellation to allow account reactivation, then permanently deleted
  • Legal Records: Invoices and payment records are retained for 10 years as required by French law
  • Technical Backups: Backups are retained for a maximum of 90 days before deletion
  • Candidate Submissions: Retained for the duration of your account plus 30 days after cancellation

7.2 Deletion

Upon request or after the retention period expires, we will securely delete or anonymize your personal data. Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention).

You may request immediate deletion of your data by contacting us at sales@testreviewer.ai, subject to legal and contractual obligations.

8. Your Privacy Rights (GDPR)

Under GDPR and other applicable privacy laws, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you, including information about how it is being processed.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. You can also update most information directly through your account dashboard.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis for processing
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Note: We may retain certain data if required by law or for legitimate business purposes.

8.4 Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transferred directly to another service provider where technically feasible.

8.5 Right to Object

You can object to processing of your personal data based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

8.6 Right to Restriction

You can request restriction of processing when:

  • You contest the accuracy of the data
  • The processing is unlawful and you oppose erasure
  • We no longer need the data, but you require it for legal claims
  • You have objected to processing pending verification of legitimate grounds

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL).

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at sales@testreviewer.ai. We will respond to your request within 30 days as required by GDPR. We may ask you to verify your identity before processing your request.

9. Data Security

We implement industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data in transit is encrypted using TLS/SSL, and sensitive data at rest is encrypted
  • Access Controls: Strict access controls and authentication mechanisms limit data access to authorized personnel
  • Security Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular Updates: Keeping systems and software up to date with security patches
  • Secure Infrastructure: Hosting on secure, compliant cloud infrastructure
  • Employee Training: Regular security and privacy training for our team

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining high security standards.

If we become aware of a data breach that may affect your personal data, we will notify you and relevant authorities as required by law (within 72 hours under GDPR).

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our sub-processors operate.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses: We use EU-approved standard contractual clauses with our sub-processors
  • Adequacy Decisions: We rely on adequacy decisions where applicable
  • Privacy Shield (where applicable): For US-based processors, we ensure they maintain appropriate safeguards

By using our Service, you consent to the transfer of your data to these countries. If you have concerns about international data transfers, please contact us.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and improve our Service.

11.1 Types of Cookies

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with our Service (aggregated, anonymized data)

11.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Service. Most browsers allow you to:

  • View and delete cookies
  • Block cookies from specific sites
  • Block all cookies
  • Set preferences for cookie handling

We do not use cookies for advertising or tracking across third-party websites.

12. Children's Privacy

Our Service is not intended for individuals under the age of 16 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child, please contact us immediately at support@testreviewer.ai, and we will take steps to delete such information.

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a notice on our Service

Your continued use of our Service after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: 7omTech (SASU)
Product: TestReviewer.ai
Email: sales@testreviewer.ai
Location: France

For GDPR-related requests, please include "GDPR Request" in your subject line and specify which right you wish to exercise. We will respond within 30 days as required by GDPR.

Note: Full company registration details (SIRET number and registered address) are available upon request and will be included in your invoices as required by French law.