Privacy Policy — Assess4Me bv
Version 1.0 — date: 11 April 2026
Introduction
This privacy policy ("Policy") explains how Assess4Me bv ("Assess4Me", "we", "us", "our"), established in Belgium, collects, processes, stores and protects personal data when you use our website, platform and services. We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Belgian law.
By using our platform or services you consent to the processing of your personal data as described in this Policy. Please read it carefully.
1. Data Controller
Assess4Me bv is the data controller for the processing of personal data we collect for our own purposes (e.g. account management, billing, marketing).
When an Organisation uses our services to assess candidates, Assess4Me acts as a data processor on behalf of that Organisation. In that case the Organisation is the data controller for the candidate data.
Contact details:
Assess4Me bv
E-mail: michiel@assess4me.com
2. What personal data do we collect?
2.1 Account data
- E-mail address
- Password (stored hashed)
- Display name
- Company name
- Profile picture (avatar URL)
- Google OAuth data (when signing in with Google): name, e-mail address, profile picture
2.2 Organisation data
- Organisation name and settings
- Membership relationships between users and organisations
- Role (admin, recruiter, candidate)
2.3 Candidate and assessment data
- E-mail address (via invitation link)
- Game results, scores, reaction times, number of attempts
- AI-generated evaluations and skill scores
- Category results and vacancy reports
2.4 Billing data
- Stripe customer ID and subscription ID
- Payment status and invoice data (processed by Stripe; we do not store full credit-card numbers)
- VAT number (if provided)
2.5 Technical and usage data
- IP address (anonymised in analytics)
- Browser type and device
- Page visits and interactions (only with analytics consent)
- Cookie preferences and consent status
2.6 Communication data
- Contact form: name, e-mail address, message
- Newsletter subscription: e-mail address, source, consent status
2.7 Audit data
- User actions on the platform (logins, changes, deletions) for security and compliance purposes
3. What do we use your data for?
| Purpose | Legal basis (GDPR) |
|---|---|
| Create and manage accounts | Performance of a contract (Art. 6(1)(b)) |
| Run assessments and process results | Performance of a contract / legitimate interest |
| Generate AI evaluations based on game results | Performance of a contract |
| Billing and subscription management via Stripe | Performance of a contract |
| E-mail verification and password reset | Performance of a contract |
| Maintain security audit logs | Legitimate interest (Art. 6(1)(f)) |
| Web analytics and performance measurement (GA4, PostHog) | Consent (Art. 6(1)(a)) |
| Newsletters and marketing | Consent (Art. 6(1)(a)) |
| Customer support | Performance of a contract / legitimate interest |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. AI processing and automated decision-making
Assess4Me uses AI (via OpenAI) to analyse candidate game results and generate evaluations. The following applies:
- No fully automated decision-making: AI evaluations are tools for recruiters and are never used as the sole basis for a hiring decision. The final decision always rests with the recruiter or hiring manager.
- What data is sent to the AI: game names, scores, reaction times, skill scores and category names. No direct personal identifiers (name, e-mail address) are sent to the AI.
- Caching: AI evaluation results are cached based on a hash of the input data so that identical game results produce the same evaluation without repeated AI calls.
- Storage: AI output is stored in our database. This data is retained as long as the associated vacancy or candidate record is active.
You have the right to request a human review of any AI evaluation. Please contact us at michiel@assess4me.com.
5. Who do we share data with?
We do not sell your personal data. We share data only with the following categories of recipients:
5.1 Sub-processors
| Service | Purpose | Location |
|---|---|---|
| OpenAI | AI evaluation of game results | US (EU-US Data Privacy Framework) |
| Stripe | Payment processing and subscription management | US (EU-US DPF) |
| OAuth authentication (optional) | US (EU-US DPF) | |
| PostHog | Web analytics (only with consent) | US/EU (configurable) |
| Google Analytics 4 | Web analytics (only with consent) | US (EU-US DPF) |
| Hosting provider | Server infrastructure and database | EU |
An up-to-date sub-processor list is available on request at michiel@assess4me.com.
5.2 Organisations (clients)
When you complete an assessment for an Organisation as a candidate, your results and evaluations are shared with that Organisation in accordance with their instructions.
5.3 Legal obligations
We may share data where required by law, for example at the request of a competent authority.
6. International data transfers
Some of our sub-processors are located outside the European Economic Area (EEA), notably in the United States. We base these transfers on:
- The EU-US Data Privacy Framework (where applicable to the sub-processor)
- Standard Contractual Clauses (SCCs) issued by the European Commission
- Additional technical and organisational measures where necessary
7. How long do we retain data?
| Data category | Retention period |
|---|---|
| Account data | As long as the account is active + 30 days after deletion |
| Candidate assessment results | As long as the vacancy is active, or until deleted by the Organisation |
| AI evaluation cache | Up to 12 months after creation |
| Audit logs | 365 days |
| Billing data | 7 years (statutory retention obligation) |
| Newsletter subscriptions | Until unsubscription or 24 months of inactivity |
| Contact form messages | 12 months |
| Analytics data | As per the analytics provider's settings (default 14 months) |
8. Your rights
Under the GDPR you have the following rights:
- Right of access: you may request what data we process about you.
- Right to rectification: you may have inaccurate data corrected.
- Right to erasure ("right to be forgotten"): you may request that we erase your data.
- Right to restriction of processing: you may ask us to temporarily restrict processing.
- Right to data portability: you may request your data in a structured, commonly used format.
- Right to object: you may object to processing based on legitimate interest.
- Right to withdraw consent: you may withdraw previously given consent (e.g. for cookies or newsletters) at any time.
- Right to human intervention: you may request a human review of AI evaluations.
How to exercise your rights
- Delete account: via your account settings in the platform.
- Export data: via your account settings.
- Change cookie preferences: via the cookie banner or the cookie preferences link at the bottom of the page.
- Other requests: send an e-mail to michiel@assess4me.com. We will respond within 30 days.
Filing a complaint
You have the right to file a complaint with the Belgian Data Protection Authority (GBA):
Drukpersstraat 35, 1000 Brussels
Website: gegevensbeschermingsautoriteit.be
9. Cookies and tracking
We use cookies and similar technologies. Details can be found in our Cookie Policy.
Summary:
- Necessary cookies: always active; required for authentication and sessions.
- Analytics cookies: only with your consent; Google Analytics 4 and/or PostHog.
- Preference cookies: remember your settings.
- Marketing cookies: only with your consent.
You can change your consent at any time via the cookie banner.
10. Security
We take appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS)
- Hashed passwords
- HttpOnly and Secure cookies for session tokens
- Role-based access control and organisation membership
- Audit logs of sensitive actions
- Secrets management for API keys and tokens
11. Children
Our services are not aimed at persons under the age of 16. We do not knowingly collect personal data from children. If we discover that we have collected data from a child, we will delete it as soon as possible.
12. Changes to this policy
We may update this privacy policy from time to time. In the event of material changes we will inform you by e-mail or via a notification on the platform. The version date at the top indicates when the policy was last updated.
13. Contact
For questions about this privacy policy or your personal data:
- Assess4Me bv
- E-mail: michiel@assess4me.com
- Address: Maarschalk Gérardstraat 23/101, 2000 Antwerpen, Belgium