Privacy Policy

Last updated: January 10, 2026

1. Introduction

Vosqa is a pre-employment testing platform operated by The Future Of Accounting, Inc. ("we," "our," or "us"), a Delaware corporation located at 8 The Green, Suite B, Dover, DE 19901.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. It applies to both employers ("Organizations") who use our platform to administer assessments and individuals ("Candidates") who take those assessments.

By using Vosqa, you agree to the collection and use of information in accordance with this policy.

2. Our Role: Data Controller vs. Processor

Understanding our role helps you know who is responsible for your data:

For Organization/Employer Data

Vosqa acts as the data controller for employer account information, including administrator accounts, billing information, and platform usage data. We determine the purposes and means of processing this data.

For Candidate Data

The employer is the data controller for candidate assessment data. Vosqa acts as a data processor on behalf of employers. This means:

  • Employers determine why and how candidate data is collected
  • Employers are responsible for having a lawful basis to collect your data
  • For rights requests (access, deletion, etc.), candidates should contact the employer who invited them
  • Vosqa will assist employers in responding to valid rights requests

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, company name, and password when creating an employer account.
  • Candidate Information: Name and email address of candidates invited to take assessments.
  • Assessment Responses: Written answers, video recordings for video questions, and completion data.
  • Payment Information: For paid assessments, candidate payment details are processed through our payment provider (Ramp) and not stored directly by us.

3.2 Information Collected Automatically

  • Device Information: Browser type, operating system, and device identifiers.
  • Usage Data: Pages visited, time spent, and features used.
  • Assessment Integrity Data: Tab switching events, window focus changes, and browser activity during assessments.
  • Periodic Screenshots: Canvas-based screenshots of the test interface captured approximately every 30 seconds during assessments (not screen recordings of your entire desktop).
  • Identity Verification Photos: A single photo captured at the start of an assessment for identity verification.

4. Assessment Integrity Monitoring & Identity Verification

To ensure assessment integrity, we collect the following during proctored assessments:

4.1 What We Capture

Data TypeDescriptionFrequency
Identity PhotoSingle webcam photo for identity verificationOnce at test start
ScreenshotsCanvas capture of the test interface onlyEvery 30 seconds
Tab/Focus EventsWhen you switch tabs or the window loses focusEach occurrence
Fullscreen EventsWhen you exit or enter fullscreen modeEach occurrence

4.2 What We Do NOT Do

  • No Facial Recognition: We do not use facial recognition technology or create biometric templates from your photos.
  • No Biometric Analysis: Photos are reviewed manually by authorized employer administrators only.
  • No Screen Recording: We capture periodic screenshots of the test interface, not continuous video of your screen.
  • No Desktop Monitoring: We cannot see other applications or windows on your computer.

4.3 Who Can View This Data

Proctoring data (photos, screenshots, event logs) is accessible only to:

  • Authorized administrators at the employer organization who invited you
  • Vosqa support staff under strict access controls (only when necessary for technical support)

5. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under the following legal bases:

PurposeLegal Basis
Service delivery and assessment administrationContract performance
Integrity monitoring and fraud preventionLegitimate interests
Identity verificationLegitimate interests
Payment processing recordsLegal obligation
Error monitoring (Sentry)Consent

6. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our assessment platform
  • Process and score candidate assessments (manual scoring by employers, no automated hiring decisions)
  • Detect and prevent cheating or fraudulent activity
  • Process payments for paid assessments
  • Send notifications about assessments and results
  • Respond to support requests and inquiries
  • Comply with legal obligations

No Automated Decision-Making: Assessment scores and hiring decisions are made by human reviewers at the employer organization, not by automated systems.

7. Information Sharing

We may share your information with:

  • Employers: Assessment results, responses, proctoring data, and candidate information are shared with the organization that invited the candidate.
  • Service Providers (Subprocessors): Third-party services that help us operate our platform (see Section 8).
  • Legal Requirements: When required by law or to protect our rights.

We do not sell or share your personal information for targeted advertising.

8. Subprocessors

We use the following third-party service providers to operate our platform:

ProviderPurposeLocation
Amazon Web Services (AWS)Cloud hosting, file storage, databaseUnited States
Amazon SESTransactional email deliveryUnited States
RampPayment processing for candidate payoutsUnited States
SentryError monitoring (consent required)United States

Enterprise customers may request our complete subprocessor list and subscribe to updates.

9. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in Transit: All data transmitted using TLS/HTTPS
  • Encryption at Rest: Sensitive data encrypted using AWS KMS
  • Authentication: Secure authentication with session management and automatic timeouts
  • Access Controls: Role-based permissions limiting data access
  • Audit Logging: Data deletion and access events are logged

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. Data Retention

We retain information based on the following schedule. Employers may configure shorter retention periods:

Data TypeDefault RetentionConfigurable Range
Employer Account DataWhile account active + 30 days after deletionN/A
Assessment Responses & Scores2 years90 days - 2 years
Identity Photos & Screenshots90 days30 days - 90 days
Proctoring Event Logs90 days30 days - 90 days
Payment Records7 years (legal requirement)N/A

Data is automatically deleted after the retention period expires. Deletion events are logged for audit purposes.

11. Your Rights

11.1 For All Users

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a portable format
  • Restriction: Request restriction of processing
  • Objection: Object to processing based on legitimate interests

11.2 For Candidates

Since employers are the data controllers for candidate assessment data:

  • Contact the employer who invited you to exercise your rights
  • The employer will work with Vosqa to fulfill valid requests
  • You may also contact us directly and we will forward your request to the relevant employer

11.3 How to Exercise Your Rights

To exercise your rights, contact us at privacy@vosqa.com. We will respond within 30 days (or sooner if required by law). We may need to verify your identity before processing your request.

12. US State Privacy Disclosures

California (CPRA)

If you are a California resident, you have specific rights under the California Privacy Rights Act:

Categories of Personal Information Collected:

  • Identifiers (name, email)
  • Professional information (job application context)
  • Internet activity (usage data, assessment interactions)
  • Geolocation (inferred from IP)
  • Audio/visual (identity photos, video responses)

Purposes:

  • Providing assessment services
  • Fraud prevention and security
  • Service improvement

Disclosure:

  • We do NOT sell personal information
  • We do NOT share personal information for cross-context behavioral advertising
  • We disclose information to employers and service providers as described above

Your California Rights: Right to know, delete, correct, opt-out of sale/sharing (not applicable), limit use of sensitive information, and non-discrimination. To exercise these rights, email privacy@vosqa.com with subject "California Privacy Request".

13. Cookies & Similar Technologies

13.1 Cookie Categories

  • Essential Cookies: Required for authentication and security. Cannot be disabled.
  • Functional Cookies: Enable error monitoring. Require your consent.

13.2 Cookies We Use

NamePurposeDurationType
authjs.session-tokenAuthentication session24 hoursEssential
csrf-tokenSecurity (CSRF protection)24 hoursEssential

13.3 Local Storage

KeyPurposeType
vosqa_cookie_consentRemember your cookie preferenceEssential
vosqa_session_startSession timeout managementEssential
vosqa_last_activityIdle timeout detectionEssential

13.4 Third-Party Services (Consent Required)

Sentry: Error monitoring and session replay for debugging. Only loaded after you accept cookies. Session replays mask all text and block media for privacy.

13.5 Managing Your Preferences

  • Use our cookie consent banner when you first visit
  • Change your preference anytime in your browser's settings
  • Note: Blocking essential cookies will prevent the platform from functioning

14. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. For transfers from the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms with our service providers
  • Data Processing Agreements: Contracts ensuring GDPR-compliant handling

To request a copy of applicable transfer safeguards, contact privacy@vosqa.com.

15. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email. Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

17. Contact Us

If you have questions about this Privacy Policy or our data practices: