Privacy Policy

Last updated: October 1, 2025

1. Overview

Attesto Inc. (“Attesto,” “we,” “us,” or “our”) operates attesto.com, its AI-powered platform, APIs, and related enterprise services (collectively, the “Service”).

This Privacy Policy explains how Attesto collects, uses, and protects information from two types of users:

Customers (businesses that use Attesto to evaluate candidates), and

Candidates (individuals who participate in interviews, assessments, or AI-enabled interactions through Attesto).

We are committed to transparency, consent, and privacy-first design in all of our AI systems and data practices.

2. Scope and Roles

Attesto acts as:

A Data Processor when processing Candidate Data on behalf of Customers (employers), and

A Data Controller for its own business operations (e.g., platform analytics, customer support, marketing).

Customers are responsible for ensuring that Candidates are invited lawfully and for providing accurate consent mechanisms under applicable law.

3. Information We Collect

We collect and process information in the following ways:

A. Customer Data

From Customer company representatives and platform users, we may collect:

Name, company name, business title, and contact details

Login credentials and account activity

Billing, transaction, and usage information

Configuration and platform settings

Customer candidate data provided by the Customer

B. Candidate Data

When a Candidate consents to participate in an interview, assessment, or AI interaction, Attesto may collect:

Personal identifiers (name, email, phone, location)

Professional and employment information (resume, experience, education, skills)

Assessment responses, interview recordings, or written inputs

AI-generated metadata such as transcripts, communication analysis, or behavioral patterns

Consent: Candidate data is collected and stored only with explicit, opt-in consent.
If a Candidate does not opt in, no personal or interaction data is retained.

C. Automatically Collected Data

We collect limited technical information for platform operation and analytics, including:

Device and browser type

IP address and session identifiers

Access times and activity logs

4. How We Use Information

For Customers:

To deliver and manage enterprise hiring and assessment services

To authenticate users, maintain accounts, and process payments

To analyze platform performance and usage

To communicate updates, support, or training

For Candidates:

To conduct authorized assessments and interviews requested by the Customer

To generate insights and share assessment results with the Customer who initiated the process

To improve user experience and fairness in hiring workflows

AI Decision-Making: Personally identifying information (such as names, emails, phone numbers, or demographics) is not used by AI algorithms in any decision-making process.
Attesto’s AI models evaluate only skill-related or performance-based data that is de-identified and anonymized before analysis.

For All Users:

To ensure platform security, fraud detection, and compliance

To improve product features and performance using de-identified, aggregated data

5. AI Processing and Model Improvement

Attesto’s AI systems analyze candidate information and responses to produce structured insights (e.g., communication clarity, skill indicators, engagement level).

AI analysis is conducted solely for purposes communicated to the Customer, authorized by the Customer.

Any data used for improving AI models is fully de-identified and cannot be traced back to an individual.

Attesto does not use PII or sensitive attributes in model training, scoring, or recommendations.

6. Data Retention and Deletion

Candidates have the right to request deletion of their data at any time.

Upon verified request, all personal data—including recordings, transcripts, and associated metadata—will be permanently deleted from our systems and backups in accordance with applicable law.

De-identified and aggregated data may be retained for product analytics and improvement.

7. Data Sharing

We may share data as follows:

With Customers: Candidate data and insights are shared only with the Customer that initiated the interaction.

With Service Providers: We use trusted partners for hosting, analytics, and communications—each bound by strict data protection agreements.

With Affiliates or Successors: If Attesto undergoes a merger or acquisition, data may be transferred under the same protection standards.

To Comply with Law: When required by applicable law or legal process.

Attesto does not sell or trade personal data to third parties.

8. Security

We employ strong safeguards to protect personal data, including:

Encryption in transit and at rest

Role-based access controls and activity logging

Network and application security monitoring

Regular third-party security audits

However, no system is fully immune to risks. We encourage both Customers and Candidates to maintain good data hygiene and password security.

9. International Data Transfers

Data may be stored and processed in the United States or other countries where Attesto or its partners operate.
All international transfers comply with relevant data protection frameworks (e.g., GDPR Standard Contractual Clauses).

10. Candidate Rights

Depending on applicable law (e.g., GDPR, CCPA), Candidates have the right to:

Access their personal data

Correct or update inaccurate information

Request deletion of their data (“right to be forgotten”)

Withdraw consent at any time

Restrict or object to data processing

Request a copy of their data in portable format

To exercise these rights, Candidates may contact privacy@attesto.com.
Requests will be processed in coordination with the relevant Customer (employer) if the data was collected on their behalf.

11. Marketing and Communications

We may send business users (Customers) service updates, feature releases, and marketing materials.
Customers can opt out at any time.
Attesto does not send marketing communications to Candidates unless they have directly registered for our own services.

12. Updates to This Policy

We may revise this Privacy Policy periodically to reflect new regulations, features, or practices.
All updates will be posted on this page with an updated effective date.
If significant changes are made, we will notify affected users via email or in-app notice.

13. Contact Us

If you have questions about this Privacy Policy or your data, please contact us: privacy@attesto.com

Cookie Policy for Attesto

Effective Date: 1/1/2026

This Cookie Policy explains how Attesto Inc. (“Attesto,” “we,” “us,” or “our”) uses cookies and similar technologies on our website, attesto.com (“Website”). It describes what these technologies are, why we use them, and your rights to control their use.

1. What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, or mobile) when you visit a website. Cookies help websites function properly, improve user experience, and provide information to website owners.
Cookies can be:

  • First-party cookies (set by Attesto)

  • Third-party cookies (set by external services)

They may also be:

  • Session cookies (expire when you close your browser)

  • Persistent cookies (remain on your device for a set period)

2. Why We Use Cookies

We use cookies for several purposes:
a. Strictly Necessary Cookies
These cookies are essential for the Website to function and cannot be switched off. They include:

  • Security and authentication

  • Network management

  • Accessibility features

b. Performance and Analytics Cookies
These cookies help us understand how visitors interact with our Website by collecting information such as:

  • Pages visited

  • Time spent on pages

  • Error messages

This data helps us improve functionality and user experience.
c. Functionality Cookies
These cookies enable enhanced functionality and personalization, such as:

  • Remembering your preferences

  • Saving login details

  • Customizing content

d. Targeting and Advertising Cookies
These cookies may be used to:

  • Deliver relevant ads

  • Measure campaign effectiveness

  • Track browsing habits across websites

3. Third-Party Cookies

We may allow third-party service providers (e.g., analytics or advertising partners) to place cookies on your device. These providers may include:

  • Analytics providers (e.g., Google Analytics)

  • Marketing and advertising platforms

  • Security and fraud prevention tools

These third parties may use cookies in accordance with their own privacy policies.

4. How You Can Control Cookies

You have the right to accept or reject cookies.
a. Cookie Consent Banner
When you first visit our Website, you may be presented with a cookie banner allowing you to:

  • Accept all cookies

  • Reject non-essential cookies

  • Customize your preferences

b. Browser Settings
You can control cookies through your browser settings:

  • Block all cookies

  • Delete existing cookies

  • Receive alerts before cookies are stored

Note: Disabling certain cookies may impact Website functionality.
c. Opt-Out Tools
You can opt out of certain tracking tools, such as:

  • Google Analytics (via browser add-ons)

  • Advertising cookies through industry opt-out platforms

5. Data Collected Through Cookies

Cookies may collect information such as:

  • IP address

  • Browser type and version

  • Device information

  • Pages visited and time spent

  • Referral sources

This information may be combined with other data in accordance with our Privacy Policy.

6. Updates to This Policy

We may update this Cookie Policy from time to time to reflect:

  • Changes in legal requirements

  • Updates to our practices

  • New technologies

Any changes will be posted on this page with an updated “Effective Date.”

7. Contact Us

If you have any questions about this Cookie Policy or our use of cookies, please contact us:
Attesto Inc.
Email: [Insert Email Address]
Address: [Insert Business Address]

Optional Add-On (Recommended for Compliance)
If you operate in jurisdictions like the EU/UK or California, consider adding:

  • GDPR/UK GDPR language (lawful basis, consent)

CCPA/CPRA “Do Not Sell or Share” section

  • A cookie table listing specific cookies used



If you want, I can tailor this specifically for:

  • GDPR + ePrivacy compliance (EU/UK)

  • California (CCPA/CPRA)

  • Or align it tightly with Attesto’s AI/data practices for consistency with your earlier compliance messaging.

align it with both GDPR + ePrivacy compliance (EU/UK) California (CCPA/CPRA). Make it as short as possible while being compliant and professional. Use privacy@atesto.com for contact

Here’s a concise, compliant Cookie Policy aligned with GDPR/ePrivacy (EU/UK) and CCPA/CPRA (California):

Cookie Policy for Attesto
Effective Date: [Insert Date]
Attesto Inc. (“Attesto,” “we,” “us,” or “our”) uses cookies and similar technologies on attesto.com (the “Website”) to ensure functionality, analyze usage, and improve our services. This policy explains how we use cookies and your rights under applicable laws, including the GDPR, UK GDPR, ePrivacy Directive, and CCPA/CPRA.

1. What Are Cookies
Cookies are small text files placed on your device when you visit a website. They may be first-party (set by us) or third-party (set by service providers), and can be session-based or persistent.

2. Types of Cookies We Use
Strictly Necessary Cookies
Required for the Website to function (e.g., security, authentication). These cannot be disabled.
Analytics Cookies
Help us understand Website usage and improve performance.
Functional Cookies
Enable enhanced features and personalization.
Advertising / Targeting Cookies
Used to deliver relevant content and measure effectiveness of marketing.

3. Legal Basis for Processing (EU/UK)

  • Strictly Necessary Cookies: Legitimate interest (essential operation of the Website)

  • All Other Cookies: Your consent (via cookie banner)

We only place non-essential cookies after you provide consent, in accordance with the ePrivacy Directive and GDPR.

4. Your Rights and Choices
EU/UK Users
You have the right to:

  • Withdraw or modify consent at any time

  • Access, erase, or restrict processing of your personal data

You can manage cookie preferences through our cookie banner or browser settings.

California Users (CCPA/CPRA)
We may collect information through cookies that may be considered “personal information,” including identifiers and internet activity.
You have the right to:

  • Know what personal information is collected

  • Request deletion of your personal information

  • Opt out of the “sale” or “sharing” of personal information (including for cross-context behavioral advertising)

To exercise your rights, use the “Do Not Sell or Share My Personal Information” link (if applicable) or contact us below.

5. Third-Party Cookies
We may use third-party providers (e.g., analytics or advertising partners) who set cookies on our Website. These providers process data in accordance with their own privacy policies.

6. Updates
We may update this policy from time to time. Changes will be posted with an updated effective date.

7. Contact
For questions or to exercise your rights, contact:
Attesto Inc.
Email: privacy@atesto.com