Privacy policy

Last updated: January 3, 2026

The privacy of your data—and it is your data, not ours!—is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.

This policy applies to products and services built and maintained by Vibescreen (together, "Vibescreen", "we", "us", or "our"), including our website, application, and related services (together, the "Services").

This policy applies to our handling of information about:

  • site visitors,
  • prospective customers,
  • customers and their authorized users (recruiters, hiring managers, interviewers, and administrators), and
  • candidates who participate in Vibescreen-powered screening or interviews

(collectively, "you", depending on context).

What this policy does not cover

When a company uses Vibescreen to recruit, that company is typically the data controller (or "business") for candidate data, and Vibescreen acts as a data processor (or "service provider") on that company's behalf. In that scenario, we process candidate information under the instructions of the customer and pursuant to our agreement with them (including any data processing addendum).

If you are a candidate and you have questions about how your information is collected or used in a particular hiring process (including how long it's retained), please contact the company you applied to. You may also contact us (see Changes and questions), and we'll route your request where appropriate.

What we collect and why

Our guiding principle is to collect only what we need. Here's what that means in practice:

Identity and access

When you create an account (or when a customer creates an account for you), we collect information such as your name, work email address, role/title, password credentials (or SSO identifiers), and basic account settings. This is so you can sign in, manage the Services, and we can send essential messages (like security notices, billing notices, and product updates).

If you sign in using single sign-on (SSO), we receive identifiers from your identity provider (like a user ID and email address) to authenticate you.

We may also send optional surveys to help us improve the Services. With your consent, we may send newsletters or marketing updates.

We'll never sell your personal information to third parties, and we won't use your name, company, or logo in marketing statements without your permission.

Customer account and workspace information

For customer workspaces, we may collect:

  • company name and size (as provided),
  • workspace configuration,
  • hiring workflow settings (e.g., stages, scorecards, role requirements),
  • team calibration profiles (what "success" looks like for a role at your company), and
  • integration settings (e.g., connected ATS details).

We collect this to provide the Services as configured by the customer.

Candidate information processed in recruiting workflows

Depending on how a customer uses Vibescreen, we may process candidate information such as:

  • contact details (e.g., name, email, phone number if provided),
  • application context (role applied for, requisition ID, source, stage),
  • candidate-provided materials (e.g., answers to screening questions, work samples, links, portfolios, or resumes if the customer uploads them),
  • interview responses and artifacts generated during interviews or screenings (for example: transcripts, summaries, rubric coverage, open questions, evidence-backed notes, and follow-up prompts),
  • evaluation inputs (e.g., reviewer ratings, rubrics, comments), and
  • scheduling and communications metadata (e.g., invitation timestamps, reminders sent).

We process this to run structured screening and interviews earlier in the funnel, generate review artifacts, and help customers evaluate candidates consistently and efficiently.

Sensitive information: We do not require candidates to provide sensitive personal data (like government IDs, health data, precise geolocation, or biometric identifiers). Customers should not request it through Vibescreen unless they have a lawful basis and an appropriate process. If sensitive information is submitted, we will process it only as instructed by the customer and consistent with applicable law.

Audio, video, and transcription data

Depending on the interview format enabled by a customer, Vibescreen may process:

  • audio and/or video streams,
  • real-time or post-session transcription,
  • timestamps and turn-taking metadata, and
  • derived outputs like summaries, rubrics, or follow-up prompts.

We process this to provide the interview experience and produce the artifacts customers use to make hiring decisions.

Product interactions and usage data

We collect activity and usage information such as:

  • pages and features used,
  • clicks and actions taken (e.g., creating roles, reviewing candidates, exporting artifacts),
  • performance logs and error reports, and
  • device and browser information.

We collect this to provide, maintain, and improve the Services, troubleshoot issues, and make the product work reliably.

General geolocation data

We may log IP addresses used to access the Services for:

  • security and fraud prevention,
  • abuse prevention (e.g., bot detection),
  • account access logging, and
  • compliance and auditability.

Website interactions

On our marketing site(s), we may collect browsing activity for analytics and statistical purposes, such as conversion rate testing and experimenting with new product designs. This can include browser and OS versions, IP address, pages visited, referrer URLs, and page load times.

If you have an account and are signed in, some analytics may be associated with your account for as long as your account is active, unless restricted by your settings or applicable law.

Anti-bot assessments

We may use CAPTCHA or similar anti-abuse measures to mitigate brute-force logins and prevent spam. These services typically evaluate signals such as IP address and behavior patterns to detect automated activity. We receive the result (e.g., a score or pass/fail) but generally do not receive the underlying signals.

Advertising and Cookies

We may run contextual ads on third-party platforms. Where permitted by law, clicking an ad may result in cookies or similar technologies being set by advertising partners so they can measure ad performance (e.g., which ad was clicked and whether a signup occurred).

We also use cookies to:

  • keep you signed in,
  • remember preferences,
  • support core application features,
  • perform A/B testing, and
  • run analytics.

You can manage cookies in your browser settings. Note: if you disable cookies, parts of the Services may not function properly.

Integrations (ATS and other tools)

If a customer connects Vibescreen to an ATS or HR tool (e.g., Workable, Greenhouse, Lever, Ashby, Teamtailor, SAP SuccessFactors, Recruitee) or other integrations, we will process the data needed to sync records and events (for example: candidate IDs, stage changes, interview artifacts, scores, and timestamps), as configured by the customer.

The customer controls what is synced and when. Integration providers may separately process data under their own policies.

Voluntary correspondence

When you contact us (e.g., support, sales, or privacy inquiries), we keep that correspondence, including your contact information and the content of your request, so we can respond and maintain a support history.

When we access or disclose your information

To provide the Services you've requested

We use trusted third-party subprocessors (such as cloud hosting, email delivery, error monitoring, and analytics providers) to help operate the Services. We share information with them only as needed for them to perform services for us, and we require appropriate confidentiality and security obligations.

If you integrate a third-party service (like an ATS), we may disclose information at your direction to enable that integration.

To help you troubleshoot or fix a bug, with your permission

If we need to access customer content (including candidate artifacts) to help resolve a support issue, we will ask for authorization first unless we must access it to address an urgent security incident, prevent abuse, or comply with law.

Limited human access to candidate content

Vibescreen is designed so that interview content and artifacts are primarily processed by automated systems. We do not routinely review candidate content. Human access, if any, is limited to:

  • support requests authorized by the customer,
  • investigating abuse, fraud, or security incidents,
  • responding to valid legal process, or
  • maintaining and improving system reliability (using minimal access principles).

To investigate, prevent, or take action regarding abuse

We may access or review information as necessary to investigate, prevent, or take action regarding abuse, violations of our terms, or threats to the safety and integrity of our Services.

Aggregated and de-identified data

We may aggregate and/or de-identify information collected through the Services. We may use de-identified or aggregated data for product improvement, analytics, and business insights. We do not attempt to re-identify de-identified data except as permitted by law.

To exclude you from seeing our ads

Where permitted by law, we may share a one-way hash of business contact information (such as an email address) with advertising partners to suppress ads to existing customers or prospects who have opted out.

When required under applicable law

We may disclose information if we believe in good faith that disclosure is required by law, regulation, or legal process.

  • Government requests for data: Our policy is to respond only when we are legally compelled (e.g., a valid subpoena, court order, or warrant), or in limited emergency circumstances as permitted by law.
  • Notice: When legally allowed, we will attempt to notify affected customers (and where appropriate, candidates) before disclosing data.
  • Business transfers: If Vibescreen is acquired by or merges with another company, we'll notify you before your information is transferred and becomes subject to a different privacy policy.

Your rights with respect to your information

We strive to apply strong privacy rights to all users, regardless of location. Depending on where you live and the context (customer user vs. candidate), your rights may include:

  • Right to know / be informed: What personal information is collected and how it's used.
  • Right of access: Request a copy of personal information we hold about you.
  • Right to correction: Request correction of inaccurate or incomplete information.
  • Right to deletion: Request deletion of personal information, subject to legal exceptions and legitimate business needs.
  • Right to restrict processing: Request we limit certain processing.
  • Right to object: Object to certain processing (for example, marketing).
  • Right to portability: Request your information in a portable format where applicable.
  • Right to non-discrimination: You won't be treated unfairly for exercising your privacy rights.

A note for candidates in customer hiring processes

If you are a candidate in a hiring process run by a Vibescreen customer, that customer controls the hiring workflow and typically controls retention and decision-making. The fastest way to exercise your rights is usually to contact the hiring company directly.

How to exercise your rights

You can often exercise rights by signing in and updating your settings, or by contacting us at:

  • Email: privacy@vibescreen.com
  • Mail: Vibes Global FZ-LLC, FOAM2715, Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates

We may need to verify your identity before responding. If an authorized agent is making a request on your behalf, we may require proof of authorization.

How we secure your data

We use administrative, technical, and organizational measures designed to protect your information, including:

  • encryption in transit (TLS),
  • access controls and least-privilege principles,
  • logging and monitoring,
  • secure development practices, and
  • vendor risk management for subprocessors.

No method of transmission or storage is 100% secure, but we work hard to protect your data and continuously improve our security posture.

What happens when you delete content in your product accounts

Customers can delete candidate records or artifacts, and candidates may request deletion through the relevant customer (as controller) or through us (where applicable).

  • Within an active customer workspace: Deleted content may become inaccessible immediately or after a short "trash" period, depending on configuration.
  • Backups: Deleted content may remain in encrypted backups for a limited time before being purged on our normal backup rotation.
  • Account cancellation: If a customer cancels, customer content becomes inaccessible and is scheduled for deletion according to our retention practices (see below), unless we're required to retain it for legal reasons.

Because Vibescreen often syncs data to/from an ATS, deleting data in Vibescreen may not delete data stored in third-party systems controlled by the customer (or vice versa).

Data retention

We retain information for as long as necessary to provide the Services and for legitimate business purposes such as security, compliance, dispute resolution, and enforcing our agreements.

Typical retention depends on context:

  • Customer account data: retained while the account is active and for a reasonable period afterward to allow account recovery, comply with obligations, or complete billing and audit needs.
  • Candidate data processed for a customer: retained according to the customer's configuration and instructions, and our agreements with that customer.
  • Security logs: retained for a period appropriate for security, fraud prevention, and audit needs.

If you want specific retention periods reflected here (e.g., "X days after account deletion"), add them to match your actual operational practices.

Location of site and data

Vibescreen may process and store information in the United States and other locations where we or our subprocessors operate. If you are located outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions, which may have different data protection laws than your jurisdiction.

When transferring personal data from the EU/UK

When we transfer personal data from the European Economic Area (EEA), Switzerland, or the UK to countries that may not provide an equivalent level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (and the UK addendum where applicable), and we apply additional technical and organizational measures as appropriate.

If you want a copy of our data processing addendum (DPA) or details on our transfer safeguards, contact us at privacy@vibescreen.com.

Changes and questions

We may update this policy as needed to comply with relevant regulations and reflect new practices. Whenever we make a significant change, we will update the "Last updated" date at the top and take other appropriate steps to notify users.

Have questions, comments, or concerns about this privacy policy or your data? Contact us at:

  • Email: privacy@vibescreen.com
  • Mail: Vibes Global FZ-LLC, FOAM2715, Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates