Privacy Policy
Last updated: 4 July 2026
Volores ("we", "us", "our") operates the interview platform at volores.io. This policy explains what data we collect, why, and your rights under GDPR and applicable privacy law.
1. Who this covers
This policy applies to two types of users:
- Recruiters — organisations or individuals who create interview links and review results.
- Candidates — people who take an interview via a link or demo.
2. Data we collect
Recruiters
- Name and email address (from Google or LinkedIn OAuth).
- Interview configurations you create (role descriptions, evaluation criteria).
- Usage events (e.g. interview sessions started, completed).
Candidates
- Name and email address (from Google or LinkedIn OAuth, or entered manually).
- CV / résumé file, if you choose to upload one.
- Voice audio and transcript generated during an interview session.
- AI-generated summary and fit score produced after the interview.
3. Why we process it
- To provide the service — conducting and scoring voice interviews (contract / legitimate interest).
- To improve quality — aggregate, anonymised analytics only (legitimate interest).
- To send result notifications — email summaries to recruiters after a session completes (legitimate interest).
We do not sell, rent, or trade personal data.
4. Third-party processors
- OpenAI — voice transcription and the real-time AI interviewer. Audio and text are sent to OpenAI's API and subject to OpenAI's privacy policy.
- Anthropic — AI scoring and criterion suggestions. Text is sent to Anthropic's API and subject to Anthropic's privacy policy.
- Render — cloud hosting and PostgreSQL database, located in the EU (Frankfurt region).
- Resend — transactional email delivery.
- Google / LinkedIn — OAuth sign-in only. We do not receive or store your social-network password.
- Sentry — error monitoring. Error events may contain partial request data; no interview audio is sent.
5. Data retention
- Recruiter accounts and their interview configs: retained while the account is active.
- Interview transcripts and scores: retained for 12 months from the date of the interview, then deleted.
- CV files: retained until you delete your data or 12 months after the most recent interview, whichever is sooner.
- Usage events: aggregated and anonymised after 6 months.
6. Your rights (GDPR)
If you are in the EEA, UK, or Switzerland you have the right to:
- Access — request a copy of the personal data we hold about you.
- Erasure — ask us to delete your data. Candidates can trigger instant deletion via the account page. Recruiters can contact us by email.
- Rectification — ask us to correct inaccurate data.
- Portability — request your data in a machine-readable format.
- Object — object to processing based on legitimate interest.
To exercise any right, email snirofek@gmail.com. We will respond within 30 days.
7. Cookies
We use one session cookie (candidate_session or access_token) to keep you signed in. No third-party tracking or advertising cookies are used.
8. Security
All data is transmitted over HTTPS. Database credentials are stored as environment variables, never in source code. CV files are stored as encrypted blobs in PostgreSQL on EU-hosted infrastructure with daily backups.
9. Changes to this policy
We may update this policy. Material changes will be posted here with a revised date.
10. Contact
Data controller: Ofek Snir
Email: snirofek@gmail.com