Privacy Policy

1. Information We Collect

Information You Provide

• Account Information: Name, email address when you create an account or accept an invitation
• Conversation Data: Your responses and interactions during AI-powered conversations
• Profile Information: Any additional information you choose to provide during conversations

Information We Collect Automatically

• Technical Information: Browser type, operating system, IP address
• Usage Data: How you interact with our platform, including conversation duration and completion status
• Authentication Data: OAuth tokens from Google or Microsoft for secure sign-in

2. How We Use Your Information

• Provide Services: Enable conversational interviews and candidate assessment
• Improve Platform: Analyze usage patterns to enhance our AI and user experience
• Communication: Send service-related notifications and support communications
• Security: Protect our platform and users from security threats
• Legal Compliance: Meet legal obligations and enforce our terms

3. Information Sharing

We may share your information only in these limited circumstances:

• With the employer(s) that invited you to use Longwalk: Your conversation data is shared with the organization(s) that invited you to participate
• Service Providers: Trusted third-party services that help us operate our platform (OpenAI and Google for AI processing, Supabase for data storage)
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) through our secure cloud infrastructure
• Authentication: Enterprise-grade SSO through Google and Microsoft OAuth
• Access Controls: Strict row-level security and tenant isolation in our database
• Server-Side Security: All API keys and sensitive operations are server-side only
• Regular Updates: Continuous security monitoring and updates
• Request Protection: Advanced rate limiting prevents abuse while ensuring service availability for legitimate users
• Content Security Policy: Browser-level protections prevent cross-site scripting and injection attacks
• Session Management: Enterprise users have automatic session timeout after 8 hours of inactivity with advance warning
• Information Protection: Production systems implement strict information disclosure controls to prevent data leakage

5. Your Rights and Choices

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Portability: Request transfer of your data in a structured format
• Withdrawal: Withdraw consent for processing where applicable

6. Data Retention

• Conversation Data: Retained for the duration of the hiring process and as required by the hiring organization
• Account Information: Retained while your account is active and for legitimate business purposes
• Security Logs: Retained for security and compliance purposes as required by law

7. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze platform usage and performance
• Ensure security and prevent fraud
• Manage automatic session timeout and security warnings for enterprise users
• Implement security controls and fraud prevention measures

You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.

8. International Data Transfers

Your information may be processed and stored in the United States and other countries where our service providers operate, including our AI processing partners and cloud infrastructure providers. For data transfers subject to international data protection requirements, we rely on our service providers' compliance frameworks and appropriate safeguards as required by applicable privacy laws.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by email or through our platform. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

10. Contact Information