This Privacy Policy explains how Zobo Jobs ("Zobo", "we", "our") collects, uses, stores, and protects personal data when you use our AI-driven interview automation platform.
We act as:
Data We Collect
1.1 Candidate Data
- Video recordings
- Audio recordings
- Interview transcripts
- AI-generated summaries
- Scoring and ranking information
- Interview answers
- Name and email (if provided by the employer)
1.2 Employer / Recruiter Data
- Name, email, and company information
- Job descriptions and interview scripts
- Billing and subscription data (via Stripe)
1.3 Technical Data
- IP address
- Device info
- User activity logs
- Cookies / analytics (if enabled)
How We Use the Data
Candidate Data is used to:
- Conduct AI-driven interviews
- Score, rank, and summarise responses
- Provide insights to employers
We do NOT: use candidate data for marketing, sell data, or train AI models unless explicit consent is obtained.
Employer Data is used to:
- Create and maintain accounts
- Send notifications
- Process payments
- Deliver analytics and interview results
Legal Basis for Processing (GDPR)
We process data under the following legal bases:
- Contractual necessity — providing the Service
- Legitimate interests — security, fraud prevention
- Consent — when required, e.g. AI training opt-in
Third-Party Data Processors
We use GDPR-compliant subprocessors, including:
AI Providers
- OpenAI (LLM processing)
- Eleven Labs (speech synthesis)
Payments
- Stripe (PCI-DSS compliant)
Hosting
- AWS / GCP / Azure (UK/EU data centres where possible)
We ensure all processors sign Data Processing Agreements (DPAs).
Data Retention
- Interview data is kept only as long as necessary for hiring evaluations
- Employers may delete candidate data at any time from their dashboard
- We delete data within 90 days of account termination unless required legally
Data Rights (UK GDPR)
Candidates and users have the right to:
- Access their data
- Rectify inaccurate information
- Request deletion ("right to be forgotten")
- Restrict processing
- Object to automated decision making
- Request data portability
To exercise any of these rights, contact us at:
We will respond within 30 days.
Security
We implement:
- Encrypted data storage
- HTTPS for all data transfer
- Access control and audit logging
- Regular penetration testing
- ISO-aligned best practices
Cross-Border Transfers
Data may be processed outside the UK/EU only when:
- Appropriate safeguards (Standard Contractual Clauses) are in place
- Processors meet GDPR equivalency standards
Changes to This Policy
We may update this policy periodically. Continued use of the Service indicates acceptance of the updated version.
Contact Us
For privacy-related requests: