Privacy at UniView.

UniView is a technical-assessment platform. We collect the minimum data we need to score an assessment and let companies evaluate it · nothing for marketing, nothing sold or shared with third-party data brokers.

Engineers control distribution of their own profile. Companies pay credits to unlock a profile only when the engineer has shared it.

Account data — name, email, country, optional avatar, optional resume. Authentication data lives in our identity provider (Cognito); we never store passwords directly.

Assessment data — code submissions, written answers, dropdown selections, voice transcripts of the Reason Out Loud phase, screen + camera captures during phases that require them.

Operational data — IP, user-agent, session identifiers, and event timestamps used to investigate abuse and integrity flags.

Phases that require captures take discrete still frames at low cadence — never video. Camera frames are compared client-side against a face-api.js embedding; the raw frame stays in our S3 bucket only long enough to satisfy the 30-day retention.

Captures are KMS-encrypted at rest and lifecycle-deleted after 30 days. You can opt out before starting any capture-required phase, but the assessment cannot complete without consent.

Captures: 30 days (lifecycle-enforced in S3). Assessment results and report artifacts: kept while your account is active. Audit events: 90 days. Account data: deleted on request, or 12 months after the last sign-in if the account is dormant.

Right to access · download a copy of everything we hold on you. Right to deletion · request hard-deletion (subject to fraud / legal-hold exceptions). Right to portability · we export your profile + report data as JSON.

Issue these requests from Settings · Privacy or by emailing help@uniview.dev. We respond within 30 days (GDPR SLA).

We rely on a small set of vendors to operate the service: AWS (compute, storage, KMS, Bedrock for AI scoring), Cognito (identity), Stripe (payments — for company-side purchases), Sentry (error monitoring), PostHog (product analytics, EU-hosted).

A current sub-processor list is maintained alongside this policy. Updates publish here at least 30 days before they take effect.

Privacy questions, security disclosures, and everything else go to help@uniview.dev. We route internally — you don't need to know which team gets it.