AssessKitAssessKit
Last updated: January 15, 2025

Privacy Policy

AssessKit is an assessment builder for creating and deploying online assessments. This privacy policy explains how we collect, use, and protect your personal information and assessment data.

For all privacy inquiries, contact stephen@assesskit.com. We respond within 30 days.

Information We Collect

Account Data: Name, email address, organization affiliation, profile photo (optional).

Assessment Design Data: Task configurations, assessment structures, timelines, templates, node connections, and assessment metadata.

Participant Assessment Data: Survey responses, reaction times, task performance data, and any information collected through your assessments.

Collaboration Data: Team member information, organization membership, real-time editing sessions, assessment sharing permissions.

Technical Data: IP address, browser type, device information, usage analytics, error logs.

Payment Information: Billing details processed through Stripe. We do not store credit card numbers.

How We Use Your Data

Service Provision: Hosting assessments, generating executable code, data storage and analysis, team collaboration features.

Platform Operations: Authentication, billing, security monitoring, fraud prevention.

Platform Improvement: Usage analytics, feature development, performance optimization.

Communications: Support responses, security alerts, platform updates, service announcements.

Marketing (Optional): With your consent, we may send promotional materials. You can opt out anytime.

Legal Basis for Processing (GDPR)

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Platform security, fraud prevention, service improvement
  • Consent: Marketing communications, AI feature improvement
  • Legal Obligations: Compliance with applicable laws and regulations

Data Sharing & Third Parties

Infrastructure Providers:

  • Vercel (Hosting) - SOC 2 Type II certified
  • Supabase (Database) - SOC 2 Type II certified
  • AWS (Underlying infrastructure) - Multiple certifications

Service Providers:

  • Stripe (Payment processing) - PCI DSS Level 1 certified
  • Resend (Email delivery)
  • OpenAI (AI features - optional)
  • PartyKit (Real-time collaboration)

Collaborators: When you share assessments with team members or collaborators, they gain access to that shared content based on permissions you set.

Legal Requirements: We may disclose information when required by law, with user notification where legally permitted.

We never sell your personal information to third parties.

Your Rights

  • Access: Request a copy of all personal data we have about you
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Data Portability: Export your assessments and data in JSON format
  • Object: Object to processing for direct marketing or legitimate interests
  • Withdraw Consent: Withdraw consent for marketing or optional features

To exercise any of these rights, contact stephen@assesskit.com. We respond within 30 days.

Assessment Data & Compliance

Your Responsibilities: As an assessment creator using AssessKit, you are responsible for ensuring compliance with applicable data protection regulations (GDPR, CCPA, industry-specific requirements), obtaining appropriate consent from participants, and ensuring assessments comply with relevant standards and ethical guidelines in your domain.

AssessKit's Role: We act as a data processor, providing secure infrastructure to host your assessments and store participant data. You remain the data controller for all participant data collected through your assessments.

Participant Rights: Participant data subject rights (access, deletion, etc.) are managed by you according to your compliance requirements and applicable regulations.

Data Retention

Active Accounts: Data is retained while your account is active.

Deleted Accounts: Upon account deletion, data is removed within 30 days. Backup copies are purged within 90 days.

Assessment Data: You control retention of participant data according to your compliance requirements. We provide tools to export and delete data.

Legal Retention: Some data may be retained longer to comply with legal or regulatory requirements.

Data Security

  • AES-256 encryption for data at rest (via Supabase)
  • TLS 1.3 encryption for data in transit
  • Row-Level Security (RLS) policies on all database tables
  • Rate limiting and bot protection
  • Multi-factor authentication available

For comprehensive security details, see our Security page.

Cookies & Tracking

Essential Cookies: Required for authentication, CSRF protection, and basic functionality. Cannot be disabled.

Analytics Cookies: Help us understand usage patterns and improve the platform (optional).

Preference Cookies: Remember your settings like theme, language, and layout preferences.

You can control non-essential cookies through your browser settings.

International Data Transfers

Your data is primarily stored in the United States via our hosting providers (Vercel and Supabase). We ensure appropriate safeguards through Standard Contractual Clauses approved by the European Commission and Data Processing Agreements (DPAs) with all data processors.

Children's Privacy

AssessKit is designed for organizations and professionals creating assessments, not for children. We do not knowingly collect personal information from individuals under 13. If you create assessments for minors, you are responsible for obtaining appropriate parental consent and complying with applicable regulations (COPPA, GDPR-K, etc.).

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of material changes by email or through the platform at least 30 days before they take effect. Your continued use of AssessKit after changes take effect constitutes acceptance of the updated policy.

Contact

Privacy Inquiries: stephen@assesskit.com

Response Time: We aim to respond to all privacy requests within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.