FeaturesHow It WorksPricingEnterprise
Log InStart Free Trial

Privacy Policy

EvalX Technologies Inc. — eval-x.com

Last Updated: February 25, 2026  ·  Effective Date: February 25, 2026

1. Introduction & Scope

EvalX Technologies Inc. (“EvalX,” “we,” “us,” or “our”) operates an AI-powered technical interview platform available at eval-x.com and app.eval-x.com (the “Platform”). This Privacy Policy explains how we collect, use, disclose, and protect information when you interact with our Platform, whether as an Operator (hiring manager/recruiter), a Candidate (interviewee), or a Reviewer.

This Privacy Policy applies to all users worldwide and addresses requirements under applicable laws, including United States federal and state laws (including the California Consumer Privacy Act, as amended by the CPRA), the Israeli Privacy Protection Law, 5741-1981 and its regulations, and the European Union General Data Protection Regulation (GDPR) where applicable to individuals in the European Economic Area.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

2. Definitions

  • “Operator” means a business entity or individual who creates an account on the Platform to manage technical interview sessions. Operators are the customers of EvalX and act as Data Controllers with respect to Candidate data.
  • “Candidate” means a software engineer or other individual who participates in an interview session via a unique link provided by an Operator. Candidates do not create accounts on the Platform.
  • “Reviewer” means any individual authorized by an Operator to view evaluation reports generated by the Platform.
  • “Session Data” means all data captured during an interview session, including code written, git diffs, AI prompts and responses, test results, written explanations, timing data, behavioral patterns, and screen recordings (where applicable).
  • “Personal Data” means any information that identifies or can be used to identify a natural person, as defined under applicable data protection laws.
  • “Evaluation Output” means the AI-generated reports, scores, and analyses produced by the Platform based on Session Data.

3. Information We Collect

3.1 Information from Operators (Account Holders)

When you register for and use the Platform as an Operator, we collect:

  • Registration Information: First name, last name, business email address, company name, job title, and password (stored as a bcrypt hash — we never store plaintext passwords).
  • Profile Information: Phone number (optional), avatar/profile image (optional), account preferences.
  • Billing Information: Payment details processed through our third-party payment processor. We do not store credit card numbers directly.
  • Usage Data: Number of interviews created, sessions completed, token consumption, template usage, login history, and feature interactions.
  • Support Communications: Messages, bug reports, and screenshots submitted through our support widget.
  • Terms of Service Acceptance: Timestamp and version of Terms accepted at registration.

3.2 Information from Candidates (Interview Participants)

When a Candidate participates in an interview session, the Platform captures:

  • Session Data: All code written during the session, captured as git diffs at each checkpoint.
  • AI Interaction Data: All prompts submitted to the AI assistant and all AI responses, logged in a structured timeline.
  • Test Results: Output from automated test suites executed during the session.
  • Written Explanations: Candidate's written plans, assumptions, and rationale for checkpoint submissions.
  • Behavioral Metadata: Timing patterns, iteration sequences, decision-making patterns, and AI collaboration quality signals.
  • Screen Recording: Where this feature is enabled and the Candidate provides explicit consent, screen activity during the session may be recorded via browser-based capture.

Important: Candidates do not create accounts on the Platform. Session participation is initiated by the Operator via a unique interview link. The Operator is responsible for informing the Candidate about the data collection practices described herein and for obtaining any necessary consents prior to the session.

3.3 Automatically Collected Information

When you access the Platform, we may automatically collect:

  • Device information (browser type, operating system, device identifiers)
  • IP address and approximate geographic location
  • Access times, pages viewed, and referring URLs
  • Cookies and similar tracking technologies (see Section 12)

4. How We Use Information

4.1 Purposes of Processing

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, and maintain the Platform, including running interview sessions, generating evaluation reports, and managing Operator accounts.
  • AI-Powered Evaluation: To analyze Session Data across six evaluation dimensions (Problem Framing, AI Usage Quality, System Design, Code Quality, Adaptability, and Explanation & Ownership) and generate Evaluation Outputs.
  • Account Management: To manage registration, authentication, email verification, password resets, and session security.
  • Billing & Payments: To process subscription payments and manage plan tiers.
  • Communication: To send transactional emails (verification, password resets), respond to support requests, and provide service-related notices.
  • Security & Fraud Prevention: To detect and prevent unauthorized access, abuse, and fraudulent activity, including rate limiting and single-session enforcement.
  • Product Improvement: To analyze aggregated, anonymized usage patterns to improve Platform functionality, evaluation accuracy, and user experience. Individual Session Data is never used for this purpose in identifiable form.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

4.2 Legal Bases for Processing (GDPR)

Where the GDPR applies, we process Personal Data on the following legal bases:

  • Performance of Contract: Processing necessary to provide the Platform to Operators under our Terms of Service.
  • Legitimate Interest: Processing for security, fraud prevention, and product improvement, balanced against individual rights.
  • Legal Obligation: Processing required by applicable law or regulation.
  • Consent: Where required (e.g., screen recording of Candidates, optional cookies), we obtain explicit consent.

5. AI Processing & Automated Decision-Making

The Platform uses artificial intelligence to evaluate Candidate performance during interview sessions. This section explains how AI processing works and its limitations.

5.1 How AI Evaluation Works

During an interview session, the Platform captures Session Data (code, AI interactions, test results, written explanations) and submits it to AI models for analysis. Multiple specialized AI evaluators assess the Candidate across six defined dimensions, producing numerical scores and written reasoning.

5.2 AI as Decision-Support, Not Decision-Making

EvalX's AI-generated evaluations are advisory tools designed to support — not replace — human hiring decisions. Evaluation Outputs provide structured, evidence-based assessments, but the ultimate hiring decision remains with the Operator. EvalX does not make employment decisions, and Operators are responsible for applying their own judgment and ensuring compliance with applicable employment laws.

5.3 No AI Training on Session Data

We do not use Candidate Session Data, code, AI interactions, or behavioral data to train, fine-tune, or improve any AI or machine learning models. Session Data is processed solely for the purpose of generating the specific Evaluation Output for that interview session. Third-party AI providers (Anthropic, OpenAI, Google) process prompts and responses in real-time to power the in-session AI assistant; these interactions are subject to the respective provider's data processing terms, and we select provider configurations that do not permit training on customer data.

5.4 Your Rights Regarding Automated Processing

Under GDPR Article 22, individuals have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Because EvalX's evaluations are advisory and require human review by the Operator before any employment decision is made, they do not constitute solely automated decision-making under Article 22. Nevertheless, Candidates may contact us or their prospective employer (the Operator) to request human review of any Evaluation Output.

6. Information Sharing & Sub-Processors

6.1 Sharing with Operators

Session Data and Evaluation Outputs for a Candidate are shared with the Operator who initiated the interview session and any Reviewers authorized by that Operator. This is the core function of the Platform.

6.2 Third-Party Sub-Processors

We use the following third-party service providers to operate the Platform:

ProviderPurposeData ProcessedLocation
Google Cloud PlatformInfrastructure, database, file storageAll Platform dataUSA
Anthropic (Claude)AI assistant during sessions; AI evaluationSession prompts & codeUSA
OpenAI (GPT-4o)AI assistant during sessions (optional model)Session prompts & codeUSA
Google (Gemini)AI assistant during sessions (default model)Session prompts & codeUSA
Gmail APITransactional emailsEmail addresses, namesUSA
Google SheetsSupport ticket recordingSupport messagesUSA
RenderApplication hosting & computeAll Platform dataUSA
Stripe (planned)Payment processingBilling informationUSA

6.3 Other Disclosures

We may also disclose information:

  • To comply with applicable law, regulation, legal process, or governmental request.
  • To enforce our Terms of Service or protect the rights, property, or safety of EvalX, our users, or others.
  • In connection with a merger, acquisition, reorganization, or sale of assets, in which case the acquiring entity will be bound by this Privacy Policy.
  • With your explicit consent.

6.4 No Sale of Personal Information

EvalX does not sell, rent, or trade Personal Data to third parties for monetary or other valuable consideration. This applies to all users under all applicable laws, including the CCPA/CPRA. We do not share Personal Data for cross-context behavioral advertising.

7. Data Retention & Deletion

7.1 Retention Periods

  • Operator Accounts: Account data is retained for the duration of the active subscription and for 90 days following account termination, after which it is deleted unless retention is required by law.
  • Session Data: Interview session data (code, AI interactions, recordings) is retained for 12 months from the session date, unless the Operator requests earlier deletion or a different retention period is agreed upon under an Enterprise contract.
  • Evaluation Outputs: Reports and scores are retained for the same period as Session Data.
  • Support Communications: Retained for 24 months for quality assurance and legal purposes.
  • Logs & Security Data: System logs are retained for up to 12 months for security and debugging purposes.

7.2 Deletion Requests

Operators may request deletion of their account and all associated data by contacting privacy@eval-x.com. Candidates may request deletion of their Session Data by contacting us directly or through the Operator who initiated the session. We will process deletion requests within 30 days, subject to any legal retention obligations.

8. Data Security

We implement commercially reasonable technical and organizational measures to protect Personal Data, including:

  • Encryption in transit (TLS/HTTPS for all communications)
  • Encryption at rest (AES-256 for stored data)
  • Password hashing with bcrypt (cost factor 12)
  • Single-session enforcement and session token rotation
  • Progressive login delay on failed authentication attempts
  • Role-based access controls and multi-tenant data isolation
  • Secure token generation for interview links, password resets, and email verification (384-bit entropy)
  • Regular security assessments and monitoring

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected users of any data breach in accordance with applicable law.

9. International Data Transfers

EvalX is incorporated in both the United States and Israel. Our infrastructure is primarily hosted in the United States. Your data may be transferred to and processed in countries other than your own, including the United States and Israel.

For transfers of Personal Data from the European Economic Area (EEA), we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The European Commission's adequacy decision for Israel (where applicable)
  • Any other lawful transfer mechanism under GDPR Chapter V

For transfers from Israel, we comply with the Israeli Privacy Protection Regulations (Transfer of Data to Databases Abroad), 5761-2001, relying on the fact that the receiving countries provide an adequate level of protection or that appropriate safeguards are in place.

10. Your Rights

10.1 Rights Under GDPR (EEA Residents)

If you are located in the European Economic Area, you have the right to:

  • Access: Request a copy of the Personal Data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your Personal Data (“right to be forgotten”).
  • Restriction: Request that we limit the processing of your data.
  • Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Object: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, withdraw at any time.
  • Lodge a Complaint: File a complaint with your local data protection authority.

10.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the right to:

  • Know: Request disclosure of the categories and specific pieces of Personal Information we have collected.
  • Delete: Request deletion of your Personal Information.
  • Correct: Request correction of inaccurate Personal Information.
  • Opt-Out of Sale/Sharing: We do not sell or share your Personal Information for cross-context behavioral advertising.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise CCPA rights, contact us at privacy@eval-x.com. We will verify your identity before processing requests.

10.3 Rights Under Israeli Privacy Protection Law

If you are an Israeli resident, you have the right to:

  • Access and review your Personal Data held in our databases.
  • Request correction or deletion of inaccurate data.
  • Object to the use of your data for direct marketing purposes.
  • Request information about the purposes and recipients of data transfers.

Requests may be submitted to privacy@eval-x.com. You may also file complaints with the Israeli Privacy Protection Authority (PPA).

10.4 Exercising Your Rights

To exercise any of the rights described above, contact us at privacy@eval-x.com. We will respond within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA). We may request verification of your identity before processing requests.

11. Children's Privacy

The Platform is designed for professional use in hiring processes and is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children under 18 (or under 16 where required by GDPR). If we become aware that we have collected data from a child, we will promptly delete it. If you believe a child has provided us with Personal Data, please contact us at privacy@eval-x.com.

12. Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for Platform functionality, including authentication session cookies (httponly, samesite=lax, 24-hour expiry). These cannot be disabled.
  • Analytics Cookies: Used to understand Platform usage patterns and improve our services. These are collected in aggregated form.

We do not use third-party advertising cookies or cross-site tracking technologies. You can manage cookie preferences through your browser settings. Note that disabling essential cookies will prevent you from using the Platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify Operators of material changes by email and/or by posting a prominent notice on the Platform at least 30 days before the changes take effect. The “Last Updated” date at the top of this policy indicates when it was last revised. Continued use of the Platform after changes become effective constitutes acceptance of the revised policy.

14. Data Processing Relationship

14.1 EvalX as Data Processor

With respect to Candidate data, EvalX acts as a Data Processor on behalf of the Operator (who is the Data Controller). Operators determine the purposes and means of processing Candidate data by initiating interview sessions. EvalX processes Candidate data solely as instructed by the Operator and as described in this Privacy Policy.

14.2 Data Processing Agreements

Enterprise customers may enter into a Data Processing Agreement (DPA) with EvalX that provides additional terms governing the processing of Personal Data, including details on security measures, sub-processor management, data breach notification, and international transfer mechanisms. Contact enterprise@eval-x.com for DPA inquiries.

15. Data Breach Notification

In the event of a data breach that poses a risk to the rights and freedoms of individuals:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33).
  • We will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
  • We will notify affected Operators so they can fulfil their own notification obligations to Candidates.
  • Under Israeli law, we will comply with applicable breach notification requirements as directed by the Privacy Protection Authority.
  • Under CCPA, we will notify California residents as required by California Civil Code § 1798.82.

16. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

EvalX Technologies Inc.

Email: privacy@eval-x.com

Website: https://eval-x.com

For GDPR-related inquiries, you may also contact our designated representative in the EEA (details available upon request at privacy@eval-x.com).

For Israeli privacy inquiries, you may file complaints with the Israeli Privacy Protection Authority at https://www.gov.il/en/departments/the_privacy_protection_authority.