Privacy Policy
Last Updated: January 2026
Spottable AI, Inc., doing business as Sherlock AI (“Sherlock,” “we,” “us,” or “our”), with its registered office at 7, 28 Geary St STE 650, San Francisco, CA 94108, United States, is committed to protecting your privacy and being transparent about how we collect, use, and disclose personal data.
This Privacy Policy describes how we handle personal data when you access our website (“Website”) or use our services and applications (“Services”), including our interview integrity software that supports trust and reliability in remote interviews and evaluations.
If you do not agree with this Privacy Policy, please do not access or use our Website or Services.
1. Scope of This Privacy Policy
You may interact with Sherlock in several ways, and the data we collect depends on your relationship with us. This Privacy Policy applies if you are a:
Website Visitor
User accessing the Services through an organization that has subscribed to Sherlock (an “Employer”)
Candidate invited by an Employer to participate in interviews or evaluations supported by the Services
In most cases, Employers control how the Services are configured and how Candidate data is used.
2. How We Collect Personal Data
We collect personal data in the following ways:
Automatically
We collect certain technical and usage information when you access the Website or Services, such as IP address, browser type, device information, pages viewed, and interactions with features.
Provided by You
We collect data you choose to provide, such as when you create an account, complete forms, communicate with us, or participate in interviews or evaluations enabled by an Employer.
Provided by Employers
If you are a User or Candidate, Employers may provide information about you in connection with their use of the Services.
From Third Parties
We may receive data from third parties that support our operations, such as analytics providers, security vendors, payment processors, or business partners.
3. Categories of Data We Process
3.1 Automatically Collected Data
IP address and device identifiers
Browser and operating system information
Usage and interaction data related to the Website or Services
3.2 Data You or Employers Provide
Identifiers: name, email address, username, contact details
Professional or employment information: job title, work history, skills
Education information: degrees, certifications, institutions
Interaction data: responses, results, or content generated during use of the Services
3.3 Visual and Interaction Data (Candidates Only)
Certain integrity-related features may involve the collection of visual or interaction signals during an interview or evaluation session, such as camera presence or behavioral indicators.
These features:
Are enabled at the discretion of the Employer
Require notice and consent where required by law
Are used solely to support integrity and reliability checks
Are not used for biometric identification or unique identification
3.4 Data from Third Parties
This may include professional profile data or contact information obtained from authorized sources.
4. How We Use Personal Data
We use personal data for legitimate business purposes, including:
Providing, operating, and improving the Services
Supporting Employers in conducting fair and reliable interviews
Detecting errors, fraud, abuse, or security issues
Communicating with Users about the Services
Understanding usage patterns to improve performance and usability
Complying with legal obligations
Enforcing agreements and protecting our rights
We do not use personal data to make final hiring or employment decisions.
5. Disclosure of Personal Data
We may disclose personal data to:
Employers who invited you to use the Services
Service providers that support hosting, security, analytics, payments, or operations
Integration partners, where enabled by the Employer
Legal authorities, when required by law
Affiliates or successors, in connection with a corporate transaction
We do not sell personal data.
Google user data obtained via Google APIs is not shared with third-party artificial intelligence or machine learning service providers.
6. Automated Processing and AI Features
6.1 General AI Use
Some features of the Services use artificial intelligence or automated processing (“AI Features”) to analyze interaction patterns and generate integrity-related insights.
AI Features do not process, receive, or use any data obtained via Google APIs, including Google Calendar data.
Employers determine whether AI Features are enabled
Outputs are advisory and subject to Employer interpretation
We do not train AI models on personal data
6.2 Candidate Integrity Features
AI Features may analyze interaction signals during interviews to identify anomalies or patterns that may affect integrity. Such interaction signals do not include data obtained from Google APIs or Google Calendar.
These features:
Do not perform biometric identification
Do not uniquely identify individuals
Are designed to support, not replace, human judgment
7. Cookies and Similar Technologies
We use cookies and similar technologies to operate the Website, understand usage, and improve performance.
You can control cookies through your browser settings. Our Website may not respond to “Do Not Track” signals.
8. Your Privacy Rights
8.1 European Economic Area (GDPR)
If you are located in the EEA, you may have rights to access, correct, delete, restrict, or object to processing of your personal data.
Depending on the context, Sherlock may act as a data controller or data processor.
8.2 California and Other U.S. States
If you are a California resident, you may have rights under the CCPA/CPRA, including the right to access, delete, or correct personal information.
We do not sell or share personal information for cross-context behavioral advertising.
8.3 Exercising Your Rights
Requests can be submitted by email to team@withsherlock.ai with “Privacy Request” in the subject line.
9. Data Retention and Deletion
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.
9.1 General Retention Practices
Personal data is retained only for the duration required to provide the Services or as instructed by the Employer.
Data may be deleted or anonymized when it is no longer required for legitimate business or legal purposes.
Employers may control retention periods for Candidate data depending on their contractual relationship with Sherlock.
9.2 Google API Data
Sherlock does not store Google user data obtained through Google APIs.
Google user data is accessed only transiently and used in real time solely to provide the requested functionality.
We retain only OAuth authorization information, such as access tokens or refresh tokens, as necessary to maintain an authenticated session and provide access to Google APIs.
OAuth tokens are stored securely and are deleted or invalidated when:
Access is revoked
An account is disconnected
A user submits a deletion request
Google user data obtained via Google APIs is not persisted, logged, or retained after the completion of the requested operation.
Google API data is never sent to any artificial intelligence or machine learning service, whether internal or external, and is not used for model training or inference.
9.3 User Control and Deletion Requests
Users may revoke Google API access at any time through their Google Account settings.
Users may also request deletion or revocation of access by contacting us at team@withsherlock.ai with “Privacy Request” in the subject line.
10. Data Security
We use industry-standard safeguards, including:
Encryption in transit and at rest
Role-based access controls
Security monitoring and incident response procedures
Vendor security due diligence
11. Children
The Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes become effective upon posting, and the “Last Updated” date reflects the latest version.