Privacy
pace● processes sensitive personal data in the context of employment decisions. We treat every piece of candidate information with the care and intentionality that responsibility demands.
Data Processing
pace● operates on the principle of data minimisation. We collect and process only the information required to deliver structured interview intelligence — and we're transparent about exactly what that includes.
Interview transcripts and notes, competency-based scoring and evidence, interviewer observations and assessments, and aggregated panel evaluation data. All processing is purpose-limited to supporting structured, evidence-based hiring decisions.
Processing is grounded in legitimate interest (Article 6(1)(f) GDPR) for the employer's need to make informed hiring decisions, and contractual necessity (Article 6(1)(b)) for delivering the service to our customers. Where required, we support explicit consent mechanisms for specific processing activities.
Google API Services
pace● integrates with Google Calendar so interviewers can schedule and join interviews without leaving the product. This section discloses exactly what we access, why, and how to revoke it — as required by the Google API Services User Data Policy.
Scopes We Request
When you connect your Google account from Settings → Integrations, pace● requests three scopes: auth/calendar.events (read and write interview events you create through pace), auth/calendar.freebusy (check interviewer availability when scheduling), and userinfo.email (identify the connected account). We never request access to your wider mailbox, Drive, contacts, or any other Google data.
How We Use It
Calendar data is used solely to (a) place interview events on the calendars you specify, (b) display free/busy windows when you are picking a time, and (c) keep event details in sync if you reschedule from within pace. We do not use Google user data to train, fine-tune, or evaluate any AI model.
Limited Use
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell Google user data, do not use it for advertising, and only allow humans to read it where you have given explicit consent, for security investigations, or where required by law.
Revocation
You can revoke pace's access to your Google account at any time from Settings → Integrations inside the app, or directly at myaccount.google.com/permissions. When you disconnect, we delete the associated OAuth refresh token immediately and stop accessing your calendar.
Data Subject Rights
Under the GDPR, candidates whose data is processed through pace● have clearly defined rights. We are committed to honouring all of them and are building the technical infrastructure to do so efficiently. Some rights are currently fulfilled through manual processes as we develop self-service tooling.
Candidates can request a copy of all personal data we process about them. We are committed to responding to subject access requests within 30 days. Self-service data export is on our roadmap — currently, requests are handled manually.
If any personal data is inaccurate or incomplete, candidates have the right to request correction. We process rectification requests through our support channel and propagate changes to relevant systems.
Candidates can request deletion of their personal data. We are committed to honouring erasure requests. Automated self-service erasure workflows are under development — currently, deletion is handled manually upon verified request.
Candidates may object to processing of their data at any time. Our human-in-the-loop design ensures that no automated decision is made without human oversight, and candidates can request human review of any AI-assisted evaluation.
Candidates can request their data in a portable format. We are building self-service data export capabilities — currently, portability requests are fulfilled manually through our support process.
When the accuracy of data is contested, or processing is potentially unlawful, candidates can request restriction. We will flag restricted data and cease processing until the matter is resolved.
Data Retention
Interview data is retained for the duration of the active hiring process. We encourage employers to define retention periods appropriate to their needs. We are developing configurable retention policies — currently, data persists until manually deleted by the customer or upon request.
Data can be deleted upon request through our support process. Automated retention-based deletion and self-service purging workflows are on our roadmap. We do not currently generate deletion certificates, but plan to add this capability as our compliance tooling matures.
We are developing audit logging capabilities to track data processing activities. Comprehensive, immutable audit trails for data lifecycle events — creation, access, modification, and deletion — are an area of active development.
Sub-Processors
Below is our current list of sub-processors who may process personal data on our behalf. We are transparent about the services we use and will notify customers of any significant changes.
AI-powered interview analysis and competency evaluation
United StatesTransactional email delivery (invitations, notifications)
United StatesFile and object storage for uploaded documents
United StatesOptional: read/write calendar events and free/busy data on behalf of users who connect their Google account
United StatesApplication hosting and infrastructure
United StatesQuestions about our sub-processors or data processing?
Frequently Asked
Yes. On request to our privacy team, we will export the data your organisation has put into the platform — candidate records, interview transcripts, scorecards, competency evaluations, panel notes, and audit-trail entries — in a machine-readable format (JSON, with related media as separate files). Self-service export from the admin settings is on the roadmap; today the request goes through a verified support channel and is fulfilled within 30 days, in line with GDPR Articles 15 and 20.
When you confirm a deletion through our support process, the record is removed from the live application database within one business day. Encrypted database backups have a rolling retention window of up to 35 days; deleted data ages out of those backups as the window rolls forward, and we will not restore it from backup outside a confirmed disaster-recovery scenario. We also signal the deletion to the relevant sub-processors so derived artifacts (transactional email logs at Resend) are removed in line with each provider's deletion timing. We will tell you when each step is complete rather than just when the request was received.
Backups live in the same managed infrastructure as the primary database (currently Replit and Google Cloud Storage, both US regions). They are encrypted at rest by the underlying platform and accessible only to the small set of engineers with production credentials. They are never copied to local laptops, personal cloud drives, or unmanaged storage. We do not currently offer customer-managed backup encryption keys; that capability is on our roadmap as we mature our key-management posture.
No. Customer interview data is not used to train, fine-tune, or improve any model — ours or our LLM provider's (Anthropic). We use these providers under their zero-retention or no-training enterprise terms: prompts are processed to return a result, and the providers do not retain the content for model training. Aggregated, fully anonymised metrics (latency, model error rates, feature usage) may be used to improve the product itself, never the model weights.
Your Data, Protected
See how pace● handles candidate data with care and transparency. Start your free trial or reach out with questions about our data practices.