1. Overview
Litmus ("we", "us", or "our") is committed to protecting the personal information of everyone who uses our platform — both employers and candidates. This Privacy Policy explains what data we collect, how we use it, and your rights regarding it.
2. Information We Collect
Employer accounts
- Name and email address provided at registration
- Authentication credentials (passwords are stored as one-way bcrypt hashes — we never store plaintext passwords)
- Assessment plans, job descriptions, and configuration you create
- Billing information (processed by our payment provider; we do not store raw card data)
Candidates
- Name (if provided at assessment start)
- Code written during the assessment session
- Chat messages exchanged with the AI assistant during the assessment
- Submitted deliverables and written notes
- AI-generated scores and evaluation data
Automatically collected
- IP address and browser/device metadata for security and abuse prevention
- Session timestamps and interaction logs
3. How We Use Your Information
- To operate and provide the Litmus platform
- To process and score candidate assessments using AI models
- To display assessment results to the employer who initiated the assessment
- To authenticate users and maintain account security
- To send transactional emails (e.g., account confirmation, assessment invites)
- To detect and prevent fraud, abuse, and security incidents
- To improve the accuracy of our AI scoring models (in aggregate and anonymized form only)
We do not sell personal data to third parties. We do not use candidate assessment data for advertising purposes.
4. AI Processing
Candidate code, chat messages, and submissions are sent to third-party AI providers (including Anthropic) for scoring and analysis. These providers process data on our behalf under data processing agreements that restrict secondary use. We recommend employers not include sensitive personal data in assessment briefs.
5. Data Sharing
We share data only in the following circumstances:
- With the inviting employer: All candidate assessment data (code, scores, insights) is visible to the employer who created the assessment
- With AI providers: Assessment content is processed by AI models for scoring (see Section 4)
- With infrastructure providers: We use cloud services (database hosting, CDN) who process data under strict contractual controls
- As required by law: We may disclose data if required by valid legal process
6. Data Retention
Employer accounts and their associated data are retained for as long as the account is active, plus 90 days after closure to allow for disputes. Candidate assessment data is retained for 2 years from the date of completion unless the employer requests earlier deletion. You may request deletion at any time (see Section 8).
7. Security
We take reasonable technical and organizational measures to protect personal data, including:
- Passwords hashed with bcrypt (cost factor 10)
- HTTPS enforced across all endpoints
- JWT sessions with expiry
- Database access restricted to application infrastructure
No system is perfectly secure. If you believe your account has been compromised, contact us immediately.
8. Your Rights
Depending on your location, you may have rights including:
- Access: Request a copy of personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal obligations)
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing activities
To exercise any of these rights, email [email protected]. We will respond within 30 days.
9. Cookies
We use strictly necessary session cookies to keep you logged in. We do not use tracking or advertising cookies. You can disable cookies in your browser, but this will prevent you from staying authenticated.
10. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal data from minors. If we become aware of such collection, we will delete the data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify account holders of material changes by email. The "last updated" date at the top reflects the most recent revision.