ThoughtDockSign In

Privacy Policy

Last Updated: January 1, 2026

1. Introduction

ThoughtDock ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cognitive assessment platform and services.

2. Data Controller vs. Data Processor

Important: ThoughtDock acts as a Data Processor when handling candidate assessment data on behalf of recruitment agencies (our "Customers"). The recruitment agency that sends assessments to candidates is the Data Controller responsible for the lawful collection and use of candidate personal data.

As a Data Processor, we only process candidate data according to the instructions of our Customers and in compliance with applicable data protection laws (including GDPR, CCPA, and Australian Privacy Principles).

3. Information We Collect

3.1 Customer Account Information

When recruitment agencies register for ThoughtDock, we collect:

  • Name, email address, company name
  • Billing information (processed securely through third-party payment processors)
  • Account credentials and preferences

3.2 Candidate Assessment Data

When candidates complete assessments, we collect:

  • Email address (provided by the recruiting agency)
  • Assessment results (reaction times, accuracy scores, cognitive performance metrics)
  • Technical data (browser type, device information, IP address for fraud prevention)

3.3 Usage and Analytics Data

We collect anonymized usage data to improve our platform, including page views, feature usage, and error logs.

4. How We Use Your Information

  • Service Delivery: To provide cognitive assessments and generate reports for our Customers
  • Communication: To send account notifications, support responses, and service updates
  • Billing: To process subscription payments and manage invoices
  • Platform Improvement: To analyze usage patterns and improve our services
  • Legal Compliance: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell candidate data. Period.

We only share data in the following limited circumstances:

  • With Our Customers: Assessment results are shared with the recruitment agency that commissioned the test
  • Service Providers: We use trusted third-party providers for hosting (e.g., AWS, Vercel), payment processing (e.g., Stripe), and analytics (e.g., PostHog)
  • Legal Obligations: When required by law, court order, or to protect our rights

6. Data Retention

We retain candidate assessment data for as long as our Customer maintains an active account or as required for legal compliance. Customers can request deletion of specific candidate records at any time through their account dashboard or by contacting support.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Secure database hosting with automated backups

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request corrections to inaccurate data
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Data Portability: Request your data in a machine-readable format
  • Objection: Object to certain types of data processing

For Candidates: If you took an assessment and wish to exercise these rights, please contact the recruitment agency that sent you the assessment link, as they are the Data Controller.

For Customers: Contact us at privacy@thoughtdock.com to exercise your rights.

9. Cookies and Tracking

We use essential cookies to maintain session security and preferences. We also use analytics cookies (with your consent) to understand how users interact with our platform. You can manage cookie preferences through your browser settings.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by law.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@thoughtdock.com
Address: Brisbane, Australia