Goodfit

Legal

Privacy Policy

Last updated: May 17, 2026

This Privacy Policy describes how Goodfit collects, uses, and shares personal information when you use our website or platform.

1. Information we collect

  • Account information: name, work email, organization name
  • Candidate information: contact details, resume, interview recordings, assessment responses - collected on behalf of the Customer
  • Usage data: pages visited, features used, device and browser information

2. How we use information

  • Provide, maintain, and improve the platform
  • Generate AI-assisted assessments and scorecards
  • Communicate with you about your account
  • Detect and prevent abuse

3. AI model training

We do not train AI models on candidate-identifiable data. Aggregate, de-identified usage statistics may be used to improve product performance.

4. Sharing

We share information with:

  • Sub-processors listed in the DPA (hosting, email, analytics)
  • The Customer that invited you (if you are a Candidate) - they control your assessment data
  • Law enforcement when legally required

5. Candidate rights

Candidates can request access, correction, or deletion of their data by contacting the Customer that invited them, or by emailing privacy@goodfit.so.

6. Retention

Account data is retained while the account is active and for 30 days after termination. Candidate data is retained as instructed by the Customer.

7. Security

Data is encrypted at rest and in transit. Goodfit is SOC 2 Type II certified. See the Security page for details.

8. International transfers

Data is primarily stored in India. Where transfers to other jurisdictions occur, they are protected by standard contractual clauses.

9. Google user data

Goodfit requests access to your Google Calendar (the calendar.events scope) only when you explicitly connect your calendar to schedule candidate interviews. We use this access solely to (a) create interview events with Google Meet links on your own calendar and invite the candidate, and (b) read back only the events Goodfit created in order to detect reschedules or cancellations and reflect them in your dashboard. We do not access events Goodfit did not create, and we do not sell or share Google user data with third parties.

Goodfit's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. You can revoke this access at any time from your Google Account permissions.

10. Contact

Privacy questions can be sent to privacy@goodfit.so.

Book a demo