Back to Home

Privacy Policy

Legal Document Last updated: December 23, 2025

Privacy Policy

This Privacy Policy explains how Coffee Tap Studio SRL ("Niju," "we," "us," or "our") collects, uses, and protects your information when you use the Niju platform (niju.dev) (collectively, the "Service").

Our company is registered in Romania with company number 49753478.

This policy applies to:

  • Company Users: Our direct customers (Organizations/Agencies).
  • Candidate Users: Individuals invited by Company Users to take an interview.
  • Authorized Viewers: Third-party individuals (e.g., clients of an Agency) invited to view interview reports.

By using Niju, you agree to the collection and use of information in accordance with this policy.

1. Our Role: Controller vs. Processor

Our role under data protection law (like GDPR) depends on who you are:

  • For Company Users: When you create an account, we act as the Data Controller for your personal account information (e.g., your name, email, company name).
  • For Candidate Users: The Company (or Agency) that invited you to the interview is the Data Controller of your personal data. We act as the Data Processor, processing your data on their behalf and according to their instructions. Our processing of your data is governed by the Data Processing Agreement (DPA) with that Company.
  • For Authorized Viewers: We act as a Processor on behalf of the Agency that granted you access.

2. Information We Collect

We collect several types of information to provide and improve our Service.

A. From Company Users (as Controller):

  • Account Data: Name, email address, password hash, and Account Type selection ("Teams" vs. "Agencies").
  • Billing Data: We do not collect your payment card information. This is collected directly by our Merchant of Record, Dodopayments. We receive only transaction metadata (e.g., success status, subscription dates) to manage your access.

B. From Candidate Users (as Processor):

  • Authentication Data: To secure the interview session, we create a limited account on your behalf using PropelAuth, a third-party authentication provider. We collect your name, email address, and authentication metadata.
  • Candidate Data: During the 20-minute session, we collect:
    • Sensitive Data: Audio recording (microphone), video recording (if applicable), and screen recording (entire screen).
    • Work Product: All code written in our editor.
  • Technical Data: We automatically collect your IP address and browser/OS user-agent data.

C. From Authorized Viewers (as Processor):

  • Access Data: We collect your email address when an Agency invites you to view a report, and we log your access to ensure security and compliance with the Agency's sharing settings.

3. How We Use Your Information

Your information is used for the following specific purposes:

  • To Provide and Maintain our Service:
    • We use Company account data to manage specific feature access based on your "Teams" or "Agencies" selection.
    • We use Candidate Data to record the session, generate the AI transcript and analysis, and deliver the complete report to the Company.
  • To Facilitate Agency Sharing:
    • If a Candidate is invited by an Agency, we use the data to generate secure share links for Authorized Viewers.
  • To Ensure Integrity and Security:
    • We use Technical Data (IP address) and PropelAuth authentication data to prevent fraud, ensure the candidate is who they say they are, and prevent multiple attempts at the same interview.
  • To Improve Our Service:
    • We may use Anonymized Data (e.g., anonymized transcripts, code, or AI reviews that cannot be linked back to you) to improve our service and for internal analytics. We will not use your raw video or audio recordings to train AI models without explicit permission.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

  • With the Company (Data Controller): All Candidate Data and the resulting AI report are shared with the Company that invited the Candidate.
  • With Authorized Viewers (Agency Clients): If the Controller is an Agency, they may share the Interview Report (including recordings and code) with their third-party clients via secure share links. This sharing is controlled entirely by the Agency.
  • With Service Providers (Sub-processors): We employ third-party organizations to facilitate our Service:
    • PropelAuth: For secure user authentication (Candidates and Companies).
    • AI Providers: To generate transcripts and analysis.
    • Cloud Hosting: For secure storage of large media files (video/audio).
  • With Our Merchant of Record: We share necessary Company information with Dodopayments to process payments.
  • To Comply with Laws: We may disclose your information if required to do so by law.

5. Data Retention Schedule

We retain personal data only for as long as necessary. The specific retention period for Sensitive Data (audio, video, screen recordings, and transcripts) depends on the Account Type of the Company that invited the Candidate.

A. Retention for "Niju for Teams" Accounts:

  • Sensitive Data: Retained for 30 days after the interview is processed. After this period, it is permanently deleted.
  • AI Report & Code: Retained indefinitely for the life of the Company's account.

B. Retention for "Niju for Agencies" Accounts:

  • Sensitive Data: Retained for 90 days after the interview is processed. After this period, it is permanently deleted.
  • AI Report & Code: Retained indefinitely for the life of the Company's account. Note: External share links for this data expire after 90 days.

C. General Retention:

  • Company Account Data: Retained as long as the account is active.
  • Anonymized Data: We may retain anonymized, non-identifiable derived data for statistical purposes after the raw data is deleted.

6. Security

We take reasonable technical and organizational measures to protect your information, including:

  • Encryption of all data in transit (HTTPS/TLS) and at rest.
  • Tokenized access for Authorized Viewers.
  • Strict internal access controls.
    However, no method of transmission or storage is 100% secure.

7. User Rights

  • Company Users: As we are the Controller for your account data, you have rights under GDPR (access, rectify, delete). You can exercise these by contacting us directly at [email protected].
  • Candidate Users: The Company is your Data Controller. To exercise your rights (e.g., to access your data or request its deletion), please contact the Company that invited you. We are a Processor and will act on their instructions to fulfill your request.

8. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Romania.

9. Contact Us

If you have any questions about this Privacy Policy, please contact our privacy team:

Coffee Tap Studio SRL
Company Number: 49753478
Email: [email protected]

Return to Home