DayOne

Privacy Policy

Last updated: May 1, 2026

1. Who We Are

DayOne Inc. operates the DayOne platform — an anti-cheat hiring assessment service. This Privacy Policy explains how we collect, use, and protect information about Employers (HR users) and Candidates who use our Service. Contact us at privacy@dayone.kz.

2. Data We Collect

Account Data

Name, email address, password hash, role, company affiliation, registration date.

Assessment Data (Candidates)

  • Test answers, essay responses, video module completion status
  • L1: Paste count, tab switch count and duration, fullscreen exit count, right-click count, IP address, browser user-agent, screen resolution, timezone
  • L2: AI-content likelihood score for essay responses
  • L3: Keystroke timing patterns (WPM, burst detection, pause duration) — not the actual keystrokes
  • L4: Webcam and microphone recording — only with explicit prior consent

Usage & Analytics

Page views, feature interactions, session data via PostHog (privacy-friendly analytics). Error reports via Sentry.

Billing Data

Subscription plan, payment history. Payment processing is handled by Stripe — we do not store card numbers.

3. How We Use Your Data

  • Providing and improving the assessment platform
  • Calculating integrity scores (Trust Score) to assist Employers in hiring decisions
  • Sending transactional emails (verification, reminders, status updates)
  • Processing payments and managing subscriptions
  • Fraud prevention and platform security
  • Complying with legal obligations

We do not sell your personal data to third parties. We do not use Candidate assessment data to train AI models.

4. Legal Basis (GDPR)

For users in the EU/EEA, our legal basis for processing is:

  • Contract performance: Account management, service delivery
  • Legitimate interest: Fraud prevention, platform security, analytics
  • Consent: Webcam proctoring (L4), optional email marketing
  • Legal obligation: Tax records, data requests from authorities

5. Data Sharing

We share data with:

  • Employers: Candidate assessment results and Trust Score
  • Stripe: Payment processing
  • Resend: Email delivery
  • Neon / PostgreSQL: Database hosting
  • Vercel: Application hosting
  • Cloudflare R2: Webcam recording storage (L4 only)
  • PostHog: Analytics (anonymized)
  • Sentry: Error monitoring

All processors are bound by Data Processing Agreements and operate under adequate data protection standards.

6. Data Retention

  • Account data: Until account deletion or 3 years after last activity
  • Assessment data: Until the Company deletes the vacancy or Candidate requests deletion, maximum 2 years
  • Webcam recordings: 30–180 days as configured by the Employer
  • Billing records: 7 years as required by tax law

7. Your Rights

Depending on your location, you may have the right to:

  • Access — obtain a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data (right to be forgotten)
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request restriction of processing

To exercise your rights, email privacy@dayone.kz or use the in-app data deletion feature in Account Settings. We respond within 30 days.

8. Cookies

We use strictly necessary cookies for authentication (session tokens). We use PostHog for analytics which may set cookies. We do not use advertising or third-party tracking cookies. You can control cookies via your browser settings.

9. Security

We use industry-standard security measures: bcrypt password hashing, TLS encryption in transit, encrypted database connections, JWT session tokens, and rate limiting. No system is 100% secure — please report vulnerabilities to security@dayone.kz.

10. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us at privacy@dayone.kz.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated by email 14 days before taking effect. Continued use after changes constitutes acceptance.

12. Contact & DPA

Privacy questions: privacy@dayone.kz
EU Data Protection Officer: dpo@dayone.kz
Data Processing Agreement for Employers: available on request at legal@dayone.kz