Skip to main content
DawnStep

Privacy

Privacy Policy

Last updated: 2026-04-22

Interim draft under legal review. This policy is in final counsel review ahead of general availability. For data-protection or legal queries, contact legal@dawnstep.ai.

This Privacy Policy describes how AT Dawn Technologies (“AT Dawn”, “we”, “us”) collects, uses, and shares personal data in connection with DawnStep, our applicant tracking and AI interviewing product.

1. Who we are

DawnStep is operated by AT Dawn Technologies. If you have any questions about this policy or about how your data is handled, please contact us at legal@dawnstep.ai.

2. Information we collect

From our customers (hiring teams)

  • Account profile: name, work email, company, role.
  • Authentication data from your SSO identity provider (Microsoft Entra, Google Workspace, or OIDC).
  • Content you upload: job descriptions, rubrics, hiring-team notes.
  • Product usage logs, audit events, and error telemetry.

From candidates

  • Application data submitted through your hiring team.
  • Resume, cover letter, and structured form responses.
  • AI interview transcript, audio/video recording (if enabled), proctoring telemetry (gaze, tab-switch events), and the integrity score derived from them.
  • Technical metadata: IP address, browser type, timestamps.

3. How we use personal data

  • To provide the DawnStep service to the customer who collected the data.
  • To generate evaluation outputs (rubric scores, competency breakdowns, debrief summaries) requested by the customer.
  • To send transactional email (interview invites, feedback, rejections) through AWS SES.
  • To maintain security, prevent abuse, and comply with legal obligations.

4. Legal bases (GDPR)

Where GDPR applies, we rely on the following legal bases: performance of a contract (providing the service), legitimate interests (security, product improvement), consent (where required — e.g., audio/video recording beyond interview proctoring), and legal obligations.

5. Data sharing

We do not sell personal data. We share personal data only with sub-processors necessary to deliver the service. A current list is available on request to security@dawnstep.ai. Today this includes:

  • Amazon Web Services (primary hosting, SES email).
  • OpenAI (transcript scoring and analysis).
  • Microsoft (for Teams meetings and transcripts, when the customer opts in).

6. Retention

Customer data is retained for the duration of the customer contract. Candidate data is subject to the hiring customer's own retention policy. On contract termination, customer data is deleted or returned within 30 days. Audit logs are retained for up to 12 months.

7. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, or port your personal data. To exercise any of these rights, write to legal@dawnstep.ai. For candidate data, direct your request to the hiring team that received your application; we will support them in fulfilling it.

8. Security

We encrypt data at rest and in transit, enforce SSO-only authentication, maintain per-tenant data isolation, and record every administrative action in an audit log. See our security page for detail.

9. Contact

Questions, complaints, or requests: legal@dawnstep.ai.