Legal
Privacy Policy
Last updated: 19 May 2026
This Privacy Policy explains how Calibr AB ("Calibr", "we", "us", "our") collects, uses, shares, and protects personal data when you visit our website, take an assessment, or otherwise use the Calibr platform (the "Service").
We aim to be transparent: Calibr is, by design, a data- and AI-heavy product. To deliver useful hiring signals we collect a wide range of interaction and behavioural data during assessments, and we use that data to operate the Service, generate scores and benchmarks, detect fraud, and continuously improve our models.
Controller and contact: Calibr AB, Sweden. For privacy questions or to exercise your rights, email privacy@calibr.se.
1. The data we collect
We collect the following categories of data:
1.1 Account and identity data
- Name, email address, employer, role, and other information you provide when creating an account or being invited to an assessment.
- Authentication identifiers (e.g. login provider IDs).
- Profile information you add voluntarily.
1.2 Assessment data
- Written and uploaded responses, code, documents, and other deliverables.
- Prompts, edits, and conversations exchanged with AI tools inside the assessment.
- Files you open, copy, paste, and reference during the task.
- Time spent per task, per step, and per field.
1.3 Behavioural and interaction telemetry
While you take an assessment we may capture:
- Keystrokes, typing rhythm, mouse movements, clicks, scroll, focus and blur events, window resizes, and tab visibility changes.
- Copy/paste activity and clipboard interaction with the assessment workspace.
- Voice and audio (where the task involves spoken responses or you have explicitly enabled voice features).
- Screen recordings or screenshots of the assessment workspace (where the assessment format calls for them and you have been informed).
- Camera/eye-tracking data only where you have explicitly opted in and the assessment requires it.
1.4 Device, network, and technical data
- IP address, approximate location derived from IP, device type, operating system, browser, language settings, time zone, and screen resolution.
- Cookie and similar identifiers.
- Diagnostic and crash logs.
1.5 Customer and usage data
- Information about how Customers configure and use the Service: roles tested, assessment templates, invites sent, results viewed, integrations enabled.
- Communications with our team (support tickets, sales conversations, feedback).
1.6 Cookies and similar technologies
We use cookies and similar technologies for authentication, security, analytics, and product improvement. Where required by law, we will ask for your consent before using non-essential cookies.
2. How we use your data
We use personal data for the following purposes:
| Purpose | Examples |
|---|---|
| Providing the Service | Running assessments, scoring responses, generating reports, sharing results with the inviting Customer. |
| Scoring & analytics | Producing the five-dimension scorecard, behavioural insights, benchmarks, and comparative analytics. |
| AI model training & improvement | Training, fine-tuning, evaluating, and improving Calibr's scoring models, rubrics, and assessment designs using assessment content and behavioural telemetry. |
| Research & product development | Understanding what predicts strong AI use, building new assessment formats, validating scoring quality. |
| Aggregated benchmarks | Creating anonymised or aggregated datasets that we share with Customers or publish, such as industry-level AI proficiency benchmarks. |
| Fraud and integrity | Detecting impersonation, plagiarism, abnormal patterns, automation/bot activity, and abuse of the platform. |
| Security & operations | Authentication, rate limiting, abuse prevention, debugging, backups, and disaster recovery. |
| Communications | Service emails, security notices, product updates, and (with consent or as permitted) marketing. |
| Legal compliance | Complying with applicable laws and responding to lawful requests. |
3. AI and automated processing
The Service uses AI and automated processing to score assessments and generate insights. Where required by applicable law (including GDPR Article 22), decisions with legal or similarly significant effects on a candidate will not be made solely on the basis of automated processing without appropriate safeguards. Calibr's role is to provide signals; Customers remain responsible for hiring decisions and for ensuring meaningful human review.
You have the right to request information about the logic of automated processing that significantly affects you, to express your point of view, and to contest a decision.
4. Legal bases (EEA / UK)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Contract - to provide the Service to Customers and to administer assessments candidates have agreed to take.
- Legitimate interests - to operate, secure, improve, and develop the Service, including model training on appropriately safeguarded data, fraud detection, analytics, and aggregated benchmarks. We balance these interests against your rights and provide opt-outs where required.
- Consent - for non-essential cookies, certain marketing, and optional features such as camera or voice capture.
- Legal obligation - to comply with laws applicable to us.
You may withdraw consent at any time without affecting the lawfulness of processing already carried out.
5. How we share data
We share personal data with:
- The inviting Customer - if you are a candidate, your assessment results and supporting evidence are shared with the Customer that invited you. The Customer is an independent controller for its own use of those results.
- Service providers (processors) - hosting and cloud infrastructure (e.g. EU/EEA-region cloud providers), analytics, error monitoring, email delivery, payment processing, customer support, and similar vendors acting under written data-processing agreements.
- AI/LLM providers - to score responses and run AI-tool interactions. We select providers that offer appropriate confidentiality and security commitments, and where possible we use processing modes that exclude content from being used to train those providers' general-purpose models.
- ATS and HR integrations - where a Customer has enabled them.
- Professional advisers - lawyers, auditors, and accountants under confidentiality.
- Authorities - where required by law, court order, or to protect rights, property, or safety.
- Successors - in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
We do not sell personal data.
6. International transfers
Calibr is based in Sweden and primarily processes data in the EU/EEA. Where data is transferred outside the EEA (for example, to a sub-processor in the United States), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and supplementary measures where needed.
7. Retention
We retain personal data for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Typical retention windows:
- Account data: for the life of the account and a reasonable period afterwards.
- Candidate assessment results: as instructed by the inviting Customer, subject to a maximum default of 24 months from the assessment date unless a longer retention is required by law or specifically agreed.
- Anonymised or aggregated data: indefinitely, as it no longer identifies any individual.
- Logs and security data: typically 12-24 months.
8. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Restrict or object to certain processing, including profiling and direct marketing.
- Receive your data in a portable format.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local data-protection authority (in Sweden, the Integritetsskyddsmyndigheten / IMY).
To exercise any of these rights, email privacy@calibr.se. If you took an assessment, please tell us which Customer invited you so we can locate your record. We may need to verify your identity before responding.
9. Security
We use industry-standard technical and organisational measures to protect personal data, including encryption in transit, access controls, audit logging, least-privilege provisioning, and regular reviews. No system is perfectly secure; if a personal-data breach occurs, we will notify affected parties and authorities as required by law.
10. Children
The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe we have, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be notified through the Service or by email.
12. Contact
Questions, requests, or complaints can be sent to privacy@calibr.se.
See also our Terms of Service.