PRIVACY POLICY
(Version 2.0)
1. Introduction & Scope
This Privacy Policy is provided in connection with the interview and candidate evaluation platform ("Platform") accessible at https://jobmojito.com/ (the "Website").
JobMojito ("we", "us", "our"), operated by FreshMint ai OÜ, an Estonian entity with registered address at Sepapaja tn 6, 15551, Tallinn, Estonia, provides a structured, AI-assisted interview and candidate evaluation platform for recruitment and hiring workflows.
This Privacy Policy explains how personal data is processed through the Platform:
The Customer acts as Data Controller, determining what candidate data is collected and for what purpose.
JobMojito acts as Data Processor, operating the platform infrastructure and processing data on documented instructions from the Customer. For more information about JobMojito's security practices and compliance, please visit trust.jobmojito.com.
2. Data Processing by JobMojito (Processor)
JobMojito processes candidate interview data strictly on documented instructions from the Customer.
2.1 Categories of Candidate Data Processed
Depending on the Customer's configuration, this may include:
Candidate name and contact details
CV or application materials
Audio and/or video interview recordings
Interview transcripts
Structured rubric-based evaluation outputs
Limited behavioural/speech analytics (e.g., pronunciation, cadence, sentiment)
System-generated score breakdown
The Platform:
Does not autonomously accept or reject candidates.
Does not make automated employment decisions.
Requires human review by the Customer for all hiring outcomes.
2.2 AI Usage
The Platform uses AI-assisted tools to:
Generate structured summaries.
Apply the Customer-defined rubric scoring.
Analyse limited behavioural or speech characteristics where enabled by the Customer.
In EU employment deployments, behavioural scoring components are disabled by default unless explicitly configured by the Customer.
2.3 No Model Training on Identifiable Candidate Data
JobMojito does not use identifiable candidate interview data for:
Training AI foundation models;
Fine-tuning shared models across customers; or
Independent product development purposes.
Product improvement activities rely only on aggregated and anonymised statistical insights that cannot re-identify individuals.
3. Data Controller Responsibilities
the Customer, as Data Controller, is responsible for:
Ensuring a lawful basis exists for processing candidate data.
Providing appropriate transparency to candidates.
Conducting Data Protection Impact Assessments (DPIAs) where required.
Ensuring human oversight of all hiring decisions.
Responding to data subject rights requests.
3.1 Website Visitors
Data collected through the Website may include:
IP address
Browser/device data
Usage analytics
Cookie identifiers
Purpose:
Website functionality
Security
Analytics
Service improvement
Legal basis:
Legitimate interest
Consent (where required for cookies)
3.2 Account Registration
Data processed may include:
Name
Business email
Organisation details
Account credentials
Billing information (where applicable)
Purpose:
Account administration
Service provision
Customer support
Security
Legal compliance
Legal basis:
Contract performance
Legitimate interest
4. Retention of Personal Data
4.1 Candidate Data
Candidate interview data: 12 months default (configurable by the Customer)
Behavioural scoring data: aligned with interview data
AI scoring logs: retained 12 months
Security & access logs: retained 12 months
Infrastructure logs: retained 30-90 days
Data is deleted automatically at retention expiry or upon the Customer's instruction.
4.2 Trial Accounts
Recruiter accounts: deleted 30 days after expiry if inactive
Trial interview data: deleted 30-60 days after trial expiry unless converted to paid account
4.3 Backups
Encrypted system backups operate on a rolling cycle (maximum 30 days). Deleted data is purged automatically once backup cycles expire.
5. International Data Transfers
Primary processing occurs within EU-hosted cloud infrastructure operated by JobMojito.
Where personal data is transferred outside the European Economic Area or UK:
Standard Contractual Clauses (SCCs) or UK Addendum are implemented where required;
Appropriate technical and organisational safeguards are applied.
A current list of sub-processors is available at trust.jobmojito.com.
6. Data Subject Rights
6.1 Candidate Data
Candidates should direct rights requests (access, rectification, deletion, objection) to the Customer, the Data Controller.
JobMojito supports the Customer in fulfilling such requests in accordance with the Data Processing Agreement.
6.2 Website / Account Data
Individuals may request:
Access to personal data
Rectification
Erasure
Restriction of processing
Data portability (where applicable)
Objection to processing
Requests can be made via the contact details provided on the Website.
7. Security Measures
JobMojito implements technical and organisational safeguards including:
Encryption in transit and at rest
Role-based access control
Tenant-level data separation
Secure cloud infrastructure
Logging and audit controls
Incident response procedures
Security and access logs are retained for a minimum of 12 months.
For more details, please visit trust.jobmojito.com.
8. Human Oversight & Automated Decision-Making
The Platform does not make fully automated employment decisions.
AI-generated outputs are assistive only.
Final hiring decisions are made by the Customer's recruiters.
Behavioural and speech analytics are supplementary and cannot independently determine candidate outcomes.
9. Biometric Processing (If Activated)
Biometric voiceprint identification functionality is disabled by default.
Where enabled by the Customer:
Processing is subject to separate contractual terms;
Controller lawful basis and DPIA obligations apply;
Biometric data is retained only for limited periods.
Biometric processing is not part of the core AI scoring system.
10. Changes to This Policy
This Privacy Policy may be updated periodically. Material changes will be communicated through appropriate channels.
Last updated on March 2026
