IntegrityLens AI — Privacy Policy

Introduction

IntegrityLens AI ("IntegrityLens", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and your rights in relation to that data when you interact with our candidate verification and technical screening services.

Scope & Roles

In most deployments employers and recruiters (our customers) act as the data controller and IntegrityLens acts as a data processor. Where IntegrityLens acts as a controller (for example, when we provide services directly to individuals), we will notify affected users and supply controller-specific information.

Information We Collect

We collect information directly from you, from customers (employers), and automatically during use:

Contact & profile: name, email, phone, company, job title.
Identity documents: ID images, OCR outputs, document authenticity signals.
Biometric data (sensitive): live selfies, 3D face maps, voice samples/templates used only for verification and liveness checks.
Assessment data: interview responses, recordings (if enabled), scores, and behavioral analytics.
Device & usage: IP address, device/OS, browser, logs, cookies, timestamps.
Aggregate/de-identified data: anonymized analytics used to improve the Service.

How We Use Your Information

To verify identity (document, facial, and voice matching) and to authenticate candidates.
To provide AI interviews, assessments, scoring, and reporting to our customers.
To detect and prevent fraud, spoofing, and abuse.
To operate, maintain, and improve the Service, and to provide support and billing.
To comply with legal obligations and respond to lawful requests from authorities.

Legal Basis for Processing (where applicable)

Where applicable (e.g., under GDPR), we rely on one or more legal bases for processing personal data including: performance of a contract with our customer, compliance with legal obligations, legitimate interests (fraud prevention, security), and consent where required by local law—particularly for biometric processing.

Biometric Data — Special Protections

Biometric data (facial and voice data) are treated as sensitive. We process such data only to the extent necessary to provide verification and liveness features, in accordance with customer instructions and applicable law.

Default retention policy: raw biometric captures and templates are processed in real-time and are not retained persistently by IntegrityLens unless the customer explicitly authorizes retention for a defined purpose and retention period. Any persistent storage of biometric data requires explicit customer consent/authorization and will be subject to additional safeguards.

Data Retention

We retain personal data only as long as necessary to provide the Service, fulfill contractual obligations, meet legal obligations, or resolve disputes. Retention periods for non-biometric data (e.g., audit logs, assessment results) are defined in customer agreements or the Data Processing Addendum (DPA). Customers may request export or deletion of their data in accordance with the DPA and applicable law.

Data Security

We implement industry-standard technical and organizational measures to protect data, including AES-256 encryption at rest, TLS for data in transit, role-based access controls, multi-factor authentication for administrative accounts, monitoring, and incident response. We align with SOC 2 and ISO 27001 security controls and perform regular security testing.

While we take strong measures to protect data, no system is impenetrable and we cannot guarantee absolute security. We will notify customers in accordance with the DPA and applicable law in the event of a security incident affecting their data.

Cookies & Tracking

We and our service providers use cookies and similar technologies for essential functionality, security, analytics, and performance. You can control non-essential cookies through browser settings or our cookie preferences UI (if available). See our Cookie Notice for more information.

Your Rights

Depending on your jurisdiction you may have rights including access to your personal data, correction, deletion, restriction of processing, portability, objection to processing, and the right to withdraw consent. To exercise rights, contact the employer (controller) who provided your data or contact us at privacy@getintegritylens.com. Where we are the processor we will assist the controller handling the request in accordance with the DPA and applicable law.

Children

Our Service is not directed to children under the age of 16 and we do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a child we will take steps to remove it.

Third-Party Services

The Service may integrate with third-party providers (e.g., video conferencing, code execution sandboxes, analytics). Those parties have their own policies; we encourage reviewing those. We are not responsible for third-party practices.

Data Processing Addendum (DPA)

We offer a DPA to customers that details controller/processor roles, subprocessors, security measures, breach notification timelines, transfer mechanisms, and data subject rights assistance. To request the full DPA or a subprocessors list contact legal@getintegritylens.com.

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. For material changes we will provide notice via email or through the Service. Continued use following posting constitutes acceptance of the updated policy.

Contact Us

For privacy inquiries, data subject requests, or to obtain the DPA, contact us:

Privacy:privacy@getintegritylens.com

Legal:legal@getintegritylens.com

Support:support@getintegritylens.com