Legal
Privacy Policy
Effective date: June 14, 2026
This Privacy Policy explains how Minas Solutions LLC ("Tenezet", "we", "us") collects, uses, shares, and protects personal data when candidates and employers use the Tenezet platform at tenezet.com. It covers the assessment interview, the live role-play, the AI-derived scores and narrative reports, and everything around them.
1. Introduction and scope
Tenezet is a structured assessment tool that helps employers evaluate candidates for transactional sales roles. This policy applies to all personal data we process in connection with the platform: candidate data collected during assessments, account data for employer (tenant) administrators, and technical data generated as you use the service.
Tenezet does not sell personal data. We do not use candidate assessment data to advertise to candidates or to make decisions about them outside the assessment the employer requested.
2. Definitions
- Candidate — a person who takes an assessment, whether invited by an employer or self-registered.
- Tenant / Employer — the company that uses Tenezet to assess candidates, and its authorised administrators. This is the "Customer" in our Terms of Service.
- Assessment — the structured process: AI interview, situational tasks, and (optionally) a live role-play.
- AI-derived data — competency scores, evidence snippets, confidence flags, and narrative reports generated by Tenezet's AI. This is the "Output" in our Terms of Service.
- Biometric data — voice and video recordings and the transcripts derived from them, which are treated as biometric or special-category data in many places, including under Article 9 of the GDPR and the Illinois Biometric Information Privacy Act.
- Automated decision-making (ADM) — a decision produced without meaningful human involvement. As explained in Section 5, Tenezet's scoring is advisory and reviewed by a human assessor.
3. Personal data we collect
We collect the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Identity and contact | Name, email address, phone number | Candidate or employer |
| CV / resume | Uploaded resume file and parsed fields such as work history and education | Candidate or employer |
| Assessment responses | Text answers to interview questions and situational tasks | Candidate |
| Voice and video | Audio of spoken answers, video of the live role-play, and transcripts | Candidate |
| AI-derived data | Competency scores, evidence snippets, confidence flags, narrative report | Generated by Tenezet AI |
| Account data (employer) | Administrator name, company, role, billing contact, branding | Employer |
| Technical and usage | IP address, device and browser, pages viewed, masked session-replay events | Collected automatically |
4. How and why we use data (lawful basis)
We process personal data only for the purposes below, each with a lawful basis under the GDPR and equivalent laws:
| Data | Purpose | Lawful basis |
|---|---|---|
| Identity, CV, assessment responses | Deliver the assessment the employer requested | Performance of a contract; legitimate interest of the employer |
| Voice and video recordings, transcripts | Conduct and score the live role-play and spoken answers | Explicit consent collected before recording (written consent in Illinois under BIPA) |
| AI-derived scores and narrative | Provide decision-support information to the human assessor | Performance of a contract (delivering the assessment); legitimate interest of the employer in making an informed hiring decision, subject to a balancing test |
| Account and billing data | Operate the employer's account and process payment | Performance of a contract |
| Technical and usage data | Security, debugging, and product improvement | Legitimate interest |
Voice and video recordings used for the role-play may be biometric, special-category data under Article 9 of the GDPR. We process them only on the basis of your explicit consent, collected before any recording. You can complete the text-based part of the assessment without the recorded role-play.
Where we rely on legitimate interest, we have weighed the employer's interest in assessing candidates against your rights and freedoms; you may object to this processing (see Section 8). Where processing relies on consent, you may withdraw that consent at any time (see Section 8). Withdrawal does not affect processing that already took place.
5. Automated decision-making and AI transparency
Tenezet's assessment generates AI-derived scores, evidence snippets, and a narrative report. These outputs are advisory and are intended to inform a hiring decision made by a human assessor at the hiring company (your employer, or the company that invited you — not Tenezet staff). The platform is designed so that a decision is not based solely on automated processing within the meaning of Article 22 of the GDPR: it requires a human role-play scoring step and a human-led "Hire / On hold / Not a fit" verdict, the assessor has authority to override AI outputs, and this human review is documented for each candidate.
To the extent the EU AI Act applies, Tenezet is the provider of the AI system and the hiring company is the deployer that makes the hiring decision. We make the transparency information and instructions for use available to the employer (see How the assessment works).
You have the right at any time to:
- request a fully manual review by a different human assessor;
- obtain a clear and meaningful explanation of how an AI score was derived, including the competency rubric, the evidence used, any confidence flag, and the significance and likely consequences of the AI output for the assessment;
- contest any AI output and submit additional information;
- request that AI-derived data not be used in the final decision.
Where Tenezet is the processor, we will pass your request to the employer (the controller) and stop the AI-related processing under our control; the decision whether to exclude AI-derived data from the final hiring decision rests with the employer, whom you may also contact directly. To exercise these rights, contact privacy@tenezet.com or the employer that invited you. Tenezet does not make hiring decisions and does not guarantee that any score predicts a candidate's actual job performance.
6. Sub-processors and international transfers
To run the service we share personal data with the vetted providers below. We require each provider to enter a data-processing agreement and, where data leaves the EU/EEA, to provide appropriate safeguards such as Standard Contractual Clauses. This section is the public sub-processor list referred to in our Terms of Service.
| Provider | Role | Location | Safeguards |
|---|---|---|---|
| Anthropic (Claude API) | AI scoring, narrative, resume parsing, translation | United States | DPA + Standard Contractual Clauses |
| Google (Gemini API) | Real-time speech-to-text, role-play assistance | United States | DPA + Standard Contractual Clauses |
| Render | Application and database hosting | European Union (Frankfurt) | DPA + Standard Contractual Clauses |
| Cloudflare R2 | File storage for resumes and recordings | United States / global edge | DPA + Standard Contractual Clauses |
| LiveKit Cloud | Live video role-play infrastructure | United States | DPA + Standard Contractual Clauses |
| Resend | Transactional email delivery | United States | DPA + Standard Contractual Clauses |
| PostHog | Product analytics and masked session replay | European Union | DPA |
We give at least 30 days' notice before adding or changing a sub-processor, through an in-product banner and an email to the employer's billing contact.
7. How long we keep data
We keep personal data only as long as needed for the purposes above. Defaults are below; employers may configure shorter periods, and applicable law may require longer ones.
| Data type | Default | Maximum | Trigger |
|---|---|---|---|
| CV / resume file | 12 months | 24 months | After the candidate is marked Hired / Not a fit / On hold |
| Interview transcripts (text) | 12 months | 24 months | After the assessment is scored |
| Voice recording | 6 months | 12 months | After scoring is complete |
| Video role-play recording | 6 months | 12 months | After scoring is complete |
| AI scores and narrative report | 24 months | 36 months | After the hiring decision |
| Anonymised aggregate scores | Indefinite | — | Used to calibrate the battery; contains no personal data |
| Platform audit logs | 36 months | 36 months | Legal and compliance |
| Account and billing data | 7 years after termination | 7 years | Tax and accounting law |
8. Your rights
You have the following rights over your personal data. To exercise them, email privacy@tenezet.com with proof of identity. We respond within 30 days.
Because the employer is usually the controller of your assessment data, some requests — especially deletion — are decided by the employer. We will always forward your request and act on the employer's lawful instructions, and you may also contact the employer directly.
- Access — receive a copy of your CV, transcripts, voice and video recordings, AI-derived scores, narrative report, and metadata in a structured, commonly used format.
- Rectification — correct factual errors, for example in CV-parsed data.
- Erasure — request deletion. We will delete from our systems and notify the employer, except data we must keep to meet a legal obligation (for example audit logs and billing records, as set out in Section 7), which we restrict from further use until that obligation ends. The employer may also have its own retention obligation.
- Portability — receive your AI-derived scores and narrative as machine-readable data.
- Restriction and objection — halt further processing, or object to processing based on legitimate interest.
- Withdraw consent — for voice and video processing, at any time. We stop further recording and delete the recording; scores already finalised remain unless you also request erasure.
- Opt out of automated decision-making — see Section 5.
- Complain to a supervisory authority — such as the Armenia Personal Data Protection Agency, your EU member-state authority, the UK ICO, the California Privacy Protection Agency, or another applicable regulator.
9. Employer responsibilities
When an employer uses Tenezet to assess candidates, the employer is the controller of the candidate's data and is responsible for:
- having a lawful basis to invite each candidate and to assess them;
- providing any candidate notices required by local law — for example the at-least-10-business-days notice under New York City Local Law 144, and the notice, explanation, and consent required by the Illinois Artificial Intelligence Video Interview Act (AIVIA) where AI analyses a video interview;
- making the final hiring decision through meaningful human review;
- complying with anti-discrimination and equal-opportunity law in its jurisdiction.
These responsibilities are set out in our Terms of Service.
11. How we protect data
- Encryption in transit (TLS) and at rest for stored files.
- Resume and recording files are served through short-lived signed links (about one hour).
- Authentication uses httpOnly, Secure, SameSite cookies with token rotation.
- Access to production data is restricted and logged.
- We maintain an incident-response process for suspected breaches.
12. Data breach notification
Where Tenezet is the controller, we notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a breach likely to affect your rights, and we inform affected individuals where the law requires it.
Where Tenezet is the processor for candidate data, we notify the affected employer (the controller) without undue delay so it can meet its own notification duties, and we assist its response.
13. Children's data
Tenezet is intended for adults (18+). We do not knowingly assess minors. Employers confirm that candidates they invite are of working age under applicable law.
14. Region-specific information
- EU / EEA and UK — you have all GDPR / UK GDPR rights described above, including the right to lodge a complaint with your local authority. International transfers use Standard Contractual Clauses.
- California — you have CCPA/CPRA rights to know, delete, correct, limit the use of sensitive personal information, and opt out of "sharing". We do not sell personal data. Specific obligations for automated decision-making technology phase in through 2027, and we are preparing for them.
- Illinois — before any voice or video recording, candidates give a written release under the Biometric Information Privacy Act (BIPA), and we publish a retention and destruction schedule (see Section 7). Where an Illinois candidate is assessed by AI-analysed video, the employer is responsible for the notice, the explanation of how the AI evaluates the interview, the consent, and the 30-day deletion-on-request duties of the Artificial Intelligence Video Interview Act (AIVIA).
- New York City — where an automated employment decision tool is used on an NYC-resident candidate, the employer is responsible for the required bias-audit publication and the at-least-10-business-days candidate notice.
- Russia — Tenezet does not currently support employers whose primary operations are in the Russian Federation, because of data-localisation requirements we cannot meet. This does not restrict Russian-speaking candidates of employers based elsewhere.
- Armenia — processing complies with the Law on Protection of Personal Data, including notification for biometric data.
15. Changes to this policy
We may update this Privacy Policy. For material changes affecting how we use your data, we give notice through an in-product banner and, for employers, an email to the billing contact, before the change takes effect. The effective date at the top of this page reflects the current version.
16. Contact and complaints
Data controller: Minas Solutions LLC, D. Demirchyan 40-94, 0002, Yerevan, Armenia.
Privacy and data-rights requests: privacy@tenezet.com. General enquiries: hello@tenezet.com. See also our Contact page.
If you are not satisfied with our response, you may complain to your local data-protection authority, including the Armenia Personal Data Protection Agency.