Privacy Policy
Zeswa is SOC 2 Type II and ISO 27001 certified. Candidate questionnaires, Team DNA models, and talent scientist notes are encrypted in transit and at rest with strict regional controls. This policy explains what data we collect, how we use it, and the rights you hold.
We collect information you provide directly — account credentials, billing details, workspace configuration, and support communications. We also automatically collect usage telemetry (page views, feature interactions, error logs), device metadata (browser type, OS, IP address), and cookies necessary for authentication and preference storage. When you connect third-party integrations such as an ATS or HRIS, we receive only the data you explicitly authorize.
Candidate questionnaires, Bell Method response sets, interviewer scorecards, and fit-score outputs are processed under your instructions as a data controller. Zeswa acts as a data processor for this information. Individual responses to questions in our intake questionnaires are held strictly confidential — they are used to build the work-style and compatibility profile that powers your team-fit insights, and are not shared with other candidates or employers in raw form. We do not use candidate responses to train third-party models, sell data to third parties, or profile individuals outside your workspace context. All assessment data is encrypted at rest (AES-256) and in transit (TLS 1.3).
To deliver compatibility insights, certain profile attributes you provide — such as first name, role, and high-level work-style summary — may be visible to other authorized users within your workspace (for example, hiring managers and existing teammates evaluating fit). Raw questionnaire answers and free-text responses are never shown. By providing this information you acknowledge that Zeswa may surface it to the specific users connected to your evaluation within your organization's workspace.
We use collected data to deliver and improve the Zeswa platform, generate Bell Method insights for your authorized users, process billing, provide customer support, send product and security notifications, and detect fraud or abuse. We do not sell personal information. We may use anonymized, aggregated usage patterns to improve our algorithms, but these datasets are never traceable to individuals or organizations.
Zeswa was founded on peer-reviewed team-composition research and we continue to advance that science. By using the platform, you agree that we may use information about your experience with the Services — in fully anonymized and aggregated form — to refine our compatibility methodology and to support published academic research conducted by organizational psychologists and behavioral scientists. No personally identifiable information is included in research outputs, and individual responses are never published.
We share data only with sub-processors required to run the platform (cloud infrastructure, payment processing, error monitoring, email delivery) — each bound by data processing agreements at least as protective as this policy. We disclose information when required by law, valid legal process, or to protect the rights and safety of Zeswa, our customers, or the public. We do not share personal data with advertisers or data brokers.
You may choose data residency in the United States, European Union (Frankfurt), or Asia-Pacific (Singapore) at workspace setup. Data remains in your selected region except where cross-region replication is required for disaster recovery, in which case the secondary region is geographically adjacent. International transfers from the EU rely on Standard Contractual Clauses (SCCs) approved by the European Commission. UK transfers are governed by the UK International Data Transfer Addendum.
Active workspace data is retained for the duration of your subscription. Assessment records can be configured with custom retention windows (30 days to 7 years) from your workspace settings. On subscription termination, we retain data for 60 days to allow export, after which it is permanently deleted from all systems including backups within 90 days. You may request deletion of specific records at any time via the settings panel or a written request to privacy@zeswa.com.
Depending on your location, you may have the right to access, correct, export, restrict processing of, or delete your personal data. EU and UK residents have additional rights under GDPR/UK GDPR including the right to object to processing and the right to lodge a complaint with a supervisory authority. California residents have rights under the CCPA including disclosure of data sold or shared. To exercise your rights we may need to verify your identity using government-issued ID or equivalent. Submit requests to privacy@zeswa.com — we respond within 30 days.
Zeswa maintains SOC 2 Type II and ISO 27001 certifications. Our security program includes annual penetration testing, continuous vulnerability scanning, role-based access controls, multi-factor authentication enforcement, and a formal incident response plan. In the event of a breach affecting your data, we will notify you within 72 hours as required by applicable law. You are responsible for keeping your account credentials confidential and for activity that occurs under your account; please notify us immediately if you suspect unauthorized access.
The Zeswa platform and our marketing site may contain links to third-party websites — including ATS providers, HRIS systems, and partner integrations. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policy of any third-party site you visit through a Zeswa link.
We will post changes to this page and update the effective date below. For material changes, we will notify workspace administrators by email at least 14 days before the change takes effect. Continued use of the platform after the effective date constitutes acceptance of the revised policy.
Privacy questions?
Reach our team at privacy@zeswa.com or write to Zeswa, Inc., 340 Pine Street, Suite 800, San Francisco, CA 94104.