Tenezet is in beta. These policies are interim and under legal review. For questions, contact privacy@tenezet.com.

Legal

Privacy Policy

Effective date: June 14, 2026

This Privacy Policy explains how Minas Solutions LLC ("Tenezet", "we", "us") collects, uses, shares, and protects personal data when candidates and employers use the Tenezet platform at tenezet.com. It covers the assessment interview, the live role-play, the AI-derived scores and narrative reports, and everything around them.

Two roles. When you take an assessment because an employer invited you, that employer is the data controller and Tenezet acts as a processor on their behalf. When you register with Tenezet directly, or for our own account and security data, Tenezet is the controller. To understand how the assessment itself works, see How the assessment works.

1. Introduction and scope

Tenezet is a structured assessment tool that helps employers evaluate candidates for transactional sales roles. This policy applies to all personal data we process in connection with the platform: candidate data collected during assessments, account data for employer (tenant) administrators, and technical data generated as you use the service.

Tenezet does not sell personal data. We do not use candidate assessment data to advertise to candidates or to make decisions about them outside the assessment the employer requested.

2. Definitions

  • Candidate — a person who takes an assessment, whether invited by an employer or self-registered.
  • Tenant / Employer — the company that uses Tenezet to assess candidates, and its authorised administrators. This is the "Customer" in our Terms of Service.
  • Assessment — the structured process: AI interview, situational tasks, and (optionally) a live role-play.
  • AI-derived data — competency scores, evidence snippets, confidence flags, and narrative reports generated by Tenezet's AI. This is the "Output" in our Terms of Service.
  • Biometric data — voice and video recordings and the transcripts derived from them, which are treated as biometric or special-category data in many places, including under Article 9 of the GDPR and the Illinois Biometric Information Privacy Act.
  • Automated decision-making (ADM) — a decision produced without meaningful human involvement. As explained in Section 5, Tenezet's scoring is advisory and reviewed by a human assessor.

3. Personal data we collect

We collect the following categories of personal data:

CategoryExamplesSource
Identity and contactName, email address, phone numberCandidate or employer
CV / resumeUploaded resume file and parsed fields such as work history and educationCandidate or employer
Assessment responsesText answers to interview questions and situational tasksCandidate
Voice and videoAudio of spoken answers, video of the live role-play, and transcriptsCandidate
AI-derived dataCompetency scores, evidence snippets, confidence flags, narrative reportGenerated by Tenezet AI
Account data (employer)Administrator name, company, role, billing contact, brandingEmployer
Technical and usageIP address, device and browser, pages viewed, masked session-replay eventsCollected automatically

4. How and why we use data (lawful basis)

We process personal data only for the purposes below, each with a lawful basis under the GDPR and equivalent laws:

DataPurposeLawful basis
Identity, CV, assessment responsesDeliver the assessment the employer requestedPerformance of a contract; legitimate interest of the employer
Voice and video recordings, transcriptsConduct and score the live role-play and spoken answersExplicit consent collected before recording (written consent in Illinois under BIPA)
AI-derived scores and narrativeProvide decision-support information to the human assessorPerformance of a contract (delivering the assessment); legitimate interest of the employer in making an informed hiring decision, subject to a balancing test
Account and billing dataOperate the employer's account and process paymentPerformance of a contract
Technical and usage dataSecurity, debugging, and product improvementLegitimate interest

Voice and video recordings used for the role-play may be biometric, special-category data under Article 9 of the GDPR. We process them only on the basis of your explicit consent, collected before any recording. You can complete the text-based part of the assessment without the recorded role-play.

Where we rely on legitimate interest, we have weighed the employer's interest in assessing candidates against your rights and freedoms; you may object to this processing (see Section 8). Where processing relies on consent, you may withdraw that consent at any time (see Section 8). Withdrawal does not affect processing that already took place.

5. Automated decision-making and AI transparency

Tenezet's assessment generates AI-derived scores, evidence snippets, and a narrative report. These outputs are advisory and are intended to inform a hiring decision made by a human assessor at the hiring company (your employer, or the company that invited you — not Tenezet staff). The platform is designed so that a decision is not based solely on automated processing within the meaning of Article 22 of the GDPR: it requires a human role-play scoring step and a human-led "Hire / On hold / Not a fit" verdict, the assessor has authority to override AI outputs, and this human review is documented for each candidate.

To the extent the EU AI Act applies, Tenezet is the provider of the AI system and the hiring company is the deployer that makes the hiring decision. We make the transparency information and instructions for use available to the employer (see How the assessment works).

You have the right at any time to:

  • request a fully manual review by a different human assessor;
  • obtain a clear and meaningful explanation of how an AI score was derived, including the competency rubric, the evidence used, any confidence flag, and the significance and likely consequences of the AI output for the assessment;
  • contest any AI output and submit additional information;
  • request that AI-derived data not be used in the final decision.

Where Tenezet is the processor, we will pass your request to the employer (the controller) and stop the AI-related processing under our control; the decision whether to exclude AI-derived data from the final hiring decision rests with the employer, whom you may also contact directly. To exercise these rights, contact privacy@tenezet.com or the employer that invited you. Tenezet does not make hiring decisions and does not guarantee that any score predicts a candidate's actual job performance.

6. Sub-processors and international transfers

To run the service we share personal data with the vetted providers below. We require each provider to enter a data-processing agreement and, where data leaves the EU/EEA, to provide appropriate safeguards such as Standard Contractual Clauses. This section is the public sub-processor list referred to in our Terms of Service.

ProviderRoleLocationSafeguards
Anthropic (Claude API)AI scoring, narrative, resume parsing, translationUnited StatesDPA + Standard Contractual Clauses
Google (Gemini API)Real-time speech-to-text, role-play assistanceUnited StatesDPA + Standard Contractual Clauses
RenderApplication and database hostingEuropean Union (Frankfurt)DPA + Standard Contractual Clauses
Cloudflare R2File storage for resumes and recordingsUnited States / global edgeDPA + Standard Contractual Clauses
LiveKit CloudLive video role-play infrastructureUnited StatesDPA + Standard Contractual Clauses
ResendTransactional email deliveryUnited StatesDPA + Standard Contractual Clauses
PostHogProduct analytics and masked session replayEuropean UnionDPA

We give at least 30 days' notice before adding or changing a sub-processor, through an in-product banner and an email to the employer's billing contact.

7. How long we keep data

We keep personal data only as long as needed for the purposes above. Defaults are below; employers may configure shorter periods, and applicable law may require longer ones.

Data typeDefaultMaximumTrigger
CV / resume file12 months24 monthsAfter the candidate is marked Hired / Not a fit / On hold
Interview transcripts (text)12 months24 monthsAfter the assessment is scored
Voice recording6 months12 monthsAfter scoring is complete
Video role-play recording6 months12 monthsAfter scoring is complete
AI scores and narrative report24 months36 monthsAfter the hiring decision
Anonymised aggregate scoresIndefiniteUsed to calibrate the battery; contains no personal data
Platform audit logs36 months36 monthsLegal and compliance
Account and billing data7 years after termination7 yearsTax and accounting law

8. Your rights

You have the following rights over your personal data. To exercise them, email privacy@tenezet.com with proof of identity. We respond within 30 days.

Because the employer is usually the controller of your assessment data, some requests — especially deletion — are decided by the employer. We will always forward your request and act on the employer's lawful instructions, and you may also contact the employer directly.

  • Access — receive a copy of your CV, transcripts, voice and video recordings, AI-derived scores, narrative report, and metadata in a structured, commonly used format.
  • Rectification — correct factual errors, for example in CV-parsed data.
  • Erasure — request deletion. We will delete from our systems and notify the employer, except data we must keep to meet a legal obligation (for example audit logs and billing records, as set out in Section 7), which we restrict from further use until that obligation ends. The employer may also have its own retention obligation.
  • Portability — receive your AI-derived scores and narrative as machine-readable data.
  • Restriction and objection — halt further processing, or object to processing based on legitimate interest.
  • Withdraw consent — for voice and video processing, at any time. We stop further recording and delete the recording; scores already finalised remain unless you also request erasure.
  • Opt out of automated decision-making — see Section 5.
  • Complain to a supervisory authority — such as the Armenia Personal Data Protection Agency, your EU member-state authority, the UK ICO, the California Privacy Protection Agency, or another applicable regulator.

9. Employer responsibilities

When an employer uses Tenezet to assess candidates, the employer is the controller of the candidate's data and is responsible for:

  • having a lawful basis to invite each candidate and to assess them;
  • providing any candidate notices required by local law — for example the at-least-10-business-days notice under New York City Local Law 144, and the notice, explanation, and consent required by the Illinois Artificial Intelligence Video Interview Act (AIVIA) where AI analyses a video interview;
  • making the final hiring decision through meaningful human review;
  • complying with anti-discrimination and equal-opportunity law in its jurisdiction.

These responsibilities are set out in our Terms of Service.

10. Cookies and tracking

Tenezet uses only strictly necessary cookies: authentication tokens (access and refresh), your language preference, and small interface-state flags. We do not use advertising cookies or cross-site trackers.

We use PostHog for product analytics and session replay. Session replay is configured to mask input fields and personal content by default, to reduce the risk that sensitive data is captured.

11. How we protect data

  • Encryption in transit (TLS) and at rest for stored files.
  • Resume and recording files are served through short-lived signed links (about one hour).
  • Authentication uses httpOnly, Secure, SameSite cookies with token rotation.
  • Access to production data is restricted and logged.
  • We maintain an incident-response process for suspected breaches.

12. Data breach notification

Where Tenezet is the controller, we notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a breach likely to affect your rights, and we inform affected individuals where the law requires it.

Where Tenezet is the processor for candidate data, we notify the affected employer (the controller) without undue delay so it can meet its own notification duties, and we assist its response.

13. Children's data

Tenezet is intended for adults (18+). We do not knowingly assess minors. Employers confirm that candidates they invite are of working age under applicable law.

14. Region-specific information

  • EU / EEA and UK — you have all GDPR / UK GDPR rights described above, including the right to lodge a complaint with your local authority. International transfers use Standard Contractual Clauses.
  • California — you have CCPA/CPRA rights to know, delete, correct, limit the use of sensitive personal information, and opt out of "sharing". We do not sell personal data. Specific obligations for automated decision-making technology phase in through 2027, and we are preparing for them.
  • Illinois — before any voice or video recording, candidates give a written release under the Biometric Information Privacy Act (BIPA), and we publish a retention and destruction schedule (see Section 7). Where an Illinois candidate is assessed by AI-analysed video, the employer is responsible for the notice, the explanation of how the AI evaluates the interview, the consent, and the 30-day deletion-on-request duties of the Artificial Intelligence Video Interview Act (AIVIA).
  • New York City — where an automated employment decision tool is used on an NYC-resident candidate, the employer is responsible for the required bias-audit publication and the at-least-10-business-days candidate notice.
  • Russia — Tenezet does not currently support employers whose primary operations are in the Russian Federation, because of data-localisation requirements we cannot meet. This does not restrict Russian-speaking candidates of employers based elsewhere.
  • Armenia — processing complies with the Law on Protection of Personal Data, including notification for biometric data.

15. Changes to this policy

We may update this Privacy Policy. For material changes affecting how we use your data, we give notice through an in-product banner and, for employers, an email to the billing contact, before the change takes effect. The effective date at the top of this page reflects the current version.

16. Contact and complaints

Data controller: Minas Solutions LLC, D. Demirchyan 40-94, 0002, Yerevan, Armenia.

Privacy and data-rights requests: privacy@tenezet.com. General enquiries: hello@tenezet.com. See also our Contact page.

If you are not satisfied with our response, you may complain to your local data-protection authority, including the Armenia Personal Data Protection Agency.