Privacy Policy

1. Who we are

Geteroom is operated from Nairobi, Kenya. We are registered as a data controller under the Kenya Data Protection Act (2019) and aim to align our practices with guidance from the Office of the Data Protection Commissioner (ODPC).

2. Information we collect

• Account details (name, work email, organization).
• Profile and capability submissions, simulation responses, decision logs.
• Evaluation metadata produced by recruiters and reviewers.
• Operational telemetry needed to run the platform reliably and securely.

3. How we use information

We use information to operate verification workflows, generate capability signals, deliver simulations, secure the platform, and improve the product. We never sell personal data, and we do not use candidate work for advertising.

4. Lawful basis (Kenya DPA 2019)

We process personal data on the basis of consent, the legitimate interest of running a recruitment platform, performance of a service you have requested, and compliance with applicable Kenyan law.

5. AI processing

Capability analyses are produced by AI models acting on candidate submissions. Outputs are advisory and intended to support — not replace — human hiring judgement. Companies remain responsible for hiring decisions.

6. Sharing & processors

Candidate submissions are shared with the company workspaces evaluating them. A small set of vendors (hosting, email delivery, analytics) process data on our behalf under written agreements. See our Candidate Data Usage Policy for details on candidate-specific handling.

7. Retention

Account and evaluation data are retained while your account is active and for a reasonable archival period afterwards. Talent can request deletion of submissions or their account at any time.

8. Security

We apply standard safeguards including encryption in transit, row-level access policies and least-privilege internal access. Report suspected vulnerabilities to security@geteroom.com.

9. Your rights

You may request access, correction, export, restriction or deletion of your personal information. You may also lodge a complaint with the Office of the Data Protection Commissioner (Kenya). Send requests to privacy@geteroom.com.

10. Cross-border transfers

Some processors operate outside Kenya. Where this is the case we use providers with comparable data-protection safeguards and rely on the lawful transfer mechanisms permitted under the Kenya Data Protection Act.