Legal

Privacy Policy

1. Introduction

CipherIQ is a recruitment intelligence platform developed and operated by Career Maker, headquartered in Manama, Kingdom of Bahrain. This Privacy Policy explains how candidate, recruiter, and customer data is handled when the platform is used for screening, interviewing, scoring, compliance logging, and related hiring workflows. Our objective is to provide employer clients with secure infrastructure while maintaining clear, enterprise-grade protections for the personal data entrusted to the platform.

2. Data Processor Role

Under the EU General Data Protection Regulation (GDPR) and the Bahraini Personal Data Protection Law (PDPL), the employer using CipherIQ is typically the Data Controller. The employer determines why data is collected, what hiring criteria are used, how long records are retained, and which candidates move forward or are rejected. CipherIQ acts as the Data Processor. Our role is to provide the secure application infrastructure, workflow automation, storage, interview tooling, and compliance controls that process data strictly on documented instructions from the employer.

3. Data Types

The categories of personal data we process may include the following:

  • CVs, resumes, application responses, and related candidate profile information.
  • Audio and video interview recordings, transcripts, and interview-generated scoring artifacts.
  • Technical identifiers such as IP addresses, browser metadata, and device-level diagnostic signals.
  • Immutable consent logs that record when a candidate was shown disclosures and provided consent.

4. The No-Biometrics Guarantee

Interview Integrity Indicators: CipherIQ uses standard computer-vision analysis strictly to monitor interview integrity (such as candidate presence and engagement). These functional indicators are used for behavioral context only; they are never used to identify individuals or to create biometric facial templates.

5. Candidate Rights

Candidates may have statutory rights under applicable law, including the EU GDPR and the Bahraini PDPL. These rights may include the ability to request access to personal data held about them and, where legally applicable, to request deletion of that data.

  • Right to Erasure: Candidates may request deletion of eligible records through the employer or through supported deletion workflows where applicable.
  • Right to Access: Candidates may request confirmation of whether their data is being processed and may request access to the relevant records, subject to employer control and legal limitations.

6. Third-Party Logic

CipherIQ relies on vetted service providers to deliver core platform functionality. These providers may process data only as needed to support the services we offer to employers.

  • Vercel: Platform and hosting services.
  • Supabase: Managed database and application data services.
  • Paddle: Payment processing, subscription billing, and merchant-of-record functions.