Data Processing Addendum

This Data Processing Addendum ("DPA") is incorporated into the Thinqr Terms of Service where the customer is a Controller or Processor subject to the GDPR, UK GDPR, or CCPA.

This is a placeholder summary. The full signable DPA is available on request. Contact legal@thinqr.io.

Roles

Thinqr acts as a Processor on behalf of the Customer (Controller) when processing candidate data submitted through the platform.

Subject matter and duration

Thinqr processes personal data for the purpose of providing technical interview services, for the duration of the customer's subscription plus a 30-day deletion window.

Categories of data subjects

• Customer employees (interviewers, admins)
• Job candidates invited to interviews by the Customer

Categories of personal data

• Names, email addresses, job titles
• Interview responses, code submissions, chat transcripts
• Workspace telemetry and replay data

Sub-processors

The current list of Thinqr sub-processors is available at thinqr.io/legal/sub-processors. We will notify customers in advance of any additions.

Security measures

Thinqr implements the technical and organizational measures described in our security overview, including tenant isolation, encryption in transit and at rest, least-privilege access, and SOC 2 audit (in progress).

International transfers

Thinqr uses the EU Standard Contractual Clauses and the UK International Data Transfer Addendum where required.