Legal

Privacy Policy

Merit2Hire — a service of Pressatto-AI LLC · Last updated May 28, 2026

Thank you for choosing Merit2Hire, an AI-powered recruitment and candidate assessment platform provided by Pressatto-AI LLC ("we", "us", "our"). Protecting your privacy and safeguarding personal data is paramount to us.

This Privacy Policy explains how we collect, use, store, and protect information when you use Merit2Hire (the "Service"), and outlines your rights under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and other applicable data protection laws.

1. Who This Policy Applies To

Merit2Hire serves two types of users, and our role under data protection law differs for each:

  • Recruiters and recruiting agencies ("Customers") — organizations that use Merit2Hire to manage hiring. Each Customer operates an isolated account (a "Tenant").
  • Candidates — individuals who complete video interviews, build a profile, or are evaluated through the Service.

2. Our Role: Controller vs. Processor

Merit2Hire acts as a Processor when a Customer invites a candidate to an interview and evaluates them. The Customer is the Controller — they decide why and how the candidate's data is processed, and we process it on their behalf under a Data Processing Agreement.

Merit2Hire acts as a Controller for data we determine the purpose of ourselves — including Candidate Portal accounts, self-initiated capability interviews, the Global Talent Pool, Customer account administration, billing, and Service analytics.

3. Data Controller Contact

Where Pressatto-AI LLC is the Controller, the responsible entity is:

Pressatto-AI LLC
Miami, Florida, United States
Data Protection contact: info@pressatto-ai.com

4. Personal Data We Collect

Category Examples Purpose
Account InformationName, email, hashed password, organization, roleCreate and manage accounts; authenticate users.
Candidate Profile DataResume contents, work history, education, skills, certifications, languages, locationBuild candidate profiles; match candidates to roles; personalize interviews.
Interview RecordingsVideo and audio responses to interview questions, and their transcriptsDeliver asynchronous interviews and produce AI-based assessments of responses.
Assessment DataPer-question scores, skills maps, capability bands, feedback reportsProvide recruiters with evaluations and candidates with feedback.
Service Usage DataIP address, browser type, device identifiers, pages visited, timestamps, interaction logsOperate, secure, and improve the Service.
Payment & Subscription DataCard type, last 4 digits, billing records (via PCI-compliant processor)Process payments. We do not store full card details.
Consent RecordsConsent type, timestamp, IP address, consent versionMaintain an immutable record of consents for compliance.

Video Recordings and Biometric Data

Important: Merit2Hire records candidate video and audio responses in order to deliver interviews and transcribe answers. We assess candidates based on the content of their spoken answers against role-relevant criteria.

We do not perform facial recognition, facial analysis, emotion detection, or analysis of tone, pace, or other non-verbal physical characteristics. We do not use interview recordings to create biometric identifiers or templates. We do not knowingly collect special categories of data (Art. 9 GDPR) such as health, biometric, or genetic data.

5. Legal Bases for Processing

Where Pressatto-AI LLC is the Controller, we process Personal Data only when at least one legal basis under Article 6 GDPR applies:

  1. Contract (Art. 6(1)(b)) — to perform our agreement with you.
  2. Legitimate Interests (Art. 6(1)(f)) — for security, fraud prevention, product improvement, and analytics.
  3. Consent (Art. 6(1)(a)) — for optional features such as Talent Pool participation and marketing emails.
  4. Legal Obligation (Art. 6(1)(c)) — to comply with applicable laws.

6. Automated Evaluation and Human Oversight

  • AI assessments are decision-support tools. Hiring decisions are made by the recruiter or agency, not by Merit2Hire.
  • Our AI evaluates the substance of answers against role-relevant rubrics. It is designed to exclude protected attributes (such as gender, age, race, ethnicity, disability) from consideration.
  • Recruiters can review transcripts, adjust scores, and add their own assessment. Score overrides are logged.

Under Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. To exercise rights relating to automated evaluation of an interview you completed for a recruiter, contact that recruiter (the Controller). For Merit2Hire-controlled assessments, contact us at info@pressatto-ai.com.

7. No Sale or Sharing of Personal Data

We do not sell, rent, trade, or otherwise monetize your Personal Data. We disclose Personal Data only to sub-processors providing hosting, AI processing, analytics, support, or payment services, under written agreements compliant with Article 28 GDPR; to recruiters or agencies, where you are a candidate who has consented to be discoverable in the Talent Pool or who applied to their roles; or to authorities, when required by law.

8. International Transfers

Where Personal Data is transferred outside the European Economic Area (EEA), we rely on an adequacy decision (such as the EU-US Data Privacy Framework) or implement Standard Contractual Clauses adopted by the European Commission.

9. Data Retention

  • Where Merit2Hire is a Processor, retention periods for candidate data are configured by the Customer (the Controller).
  • Interview recordings and transcripts are retained for the configured period and then permanently deleted.
  • Interviews queued for AI analysis are retained up to 90 days pending processing.
  • Consent and audit records are retained for compliance purposes and are immutable.

10. Your GDPR Rights

Subject to conditions and limitations, you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and not to be subject to solely automated decision-making (Art. 22).

Where Merit2Hire is the Controller, contact us at info@pressatto-ai.com and we will respond within one month. Where Merit2Hire is a Processor, please direct requests to the recruiter or agency that controls your data; we will assist them in responding.

11. Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including:

  • Encryption in transit (TLS) and at rest
  • Strict tenant data isolation, so one Customer's data is never accessible to another
  • Role-based access controls
  • Immutable audit logging of significant actions
  • Web application security controls aligned with OWASP Top-10 mitigations
  • Secure software development practices and staff confidentiality obligations

See our Security overview for more detail.

12. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect Personal Data from children. If we learn that we have, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will post changes on this page and, where appropriate, notify you by email or in-app notice.

14. Contact Us

For questions about this Privacy Policy or our privacy practices, contact:

Pressatto-AI LLC
Attn: Data Protection
Miami, FL, United States
Email: info@pressatto-ai.com

Need the canonical legal text? Download the full Privacy Policy (PDF) or read the source markdown.