Privacy Policy

This Privacy Policy describes how we collect, use, store, and protect your personal information when you access or use our AI Skill Assessment platform, including all associated services, features, and applications. By using our platform, you acknowledge that you have read and understood this policy. We are committed to safeguarding your privacy and ensuring full transparency about how your data is handled.

1. Information We Collect

We collect several categories of information to provide, maintain, and improve our services. The types of data we collect depend on how you interact with our platform.

• Account Information — When you create an account, we collect your name, email address, professional title, organization name (if applicable), and login credentials.
• Assessment Data — When you complete challenges, we collect your prompt submissions, AI interaction logs, response iterations, timestamps, and evaluation scores across all five assessment dimensions (Prompt Clarity, Reasoning Strategy, AI Output Evaluation, Iteration Quality, and Resource Efficiency).
• Usage Data — We automatically collect information about how you interact with the platform, including pages visited, features used, session duration, device type, browser type, operating system, and IP address.
• Enterprise Data — For organizations using our team analytics features, we collect team structure information, department assignments, budget configurations, and aggregated performance data.
• Payment Information — If you purchase a subscription or enterprise plan, payment processing is handled by trusted third-party payment processors. We do not store your full credit card details on our servers.
• Communication Data — When you contact our support team or respond to surveys, we collect the content of those communications to improve our services.

2. How We Use Your Information

We use the information we collect for the following purposes, and we do not process your data in ways that are incompatible with these purposes.

• To provide and operate the platform, including delivering assessments, calculating AI Skill Scores, generating certification credentials, and producing analytics reports.
• To evaluate assessment submissions through our multi-layered evaluation pipeline, which includes LLM-based analysis, rule-based checks, and challenge-specific validation.
• To generate percentile rankings and comparative benchmarks that allow individuals and organizations to understand performance relative to peers.
• To detect and prevent cheating, fraud, and abuse through submission pattern detection, behavioral analysis, and dynamic challenge generation.
• To improve our evaluation models, challenge library, and platform features based on aggregated and anonymized usage patterns.
• To communicate with you about your account, assessment results, certification status, product updates, and relevant service announcements.
• To comply with applicable legal obligations and respond to lawful requests from public authorities.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information only in the following limited circumstances.

• With your organization — If you are using the platform through an enterprise account, your assessment scores, skill levels, and performance analytics may be visible to authorized administrators within your organization.
• With service providers — We work with trusted third-party providers for hosting, payment processing, email delivery, and analytics. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.
• For legal compliance — We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, and property of our company, our users, or the public.
• In business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is encrypted in transit using TLS and at rest using AES-256 encryption. Access to personal data is restricted to authorized personnel on a need-to-know basis. We conduct regular security audits and vulnerability assessments to maintain the integrity of our systems.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. Assessment data and certification records are retained to maintain the validity and verifiability of issued credentials. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or necessary to resolve disputes. Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for research and platform improvement purposes.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information.

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete personal data.
• Deletion — Request deletion of your personal data, subject to legal retention requirements.
• Portability — Request a machine-readable copy of your data for transfer to another service.
• Objection — Object to the processing of your personal data for specific purposes.
• Withdrawal of Consent — Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days.

7. International Data Transfers

Our platform operates globally, and your information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and compliance with applicable data protection frameworks.

8. Children's Privacy

Our platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16 without verified parental consent, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our platform and updating the effective date. We encourage you to review this policy periodically to stay informed about how we protect your data.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@evaloha.com. We are committed to resolving any concerns you may have about our collection and use of your personal information.