Privacy

The public quiz is anonymous — we don’t collect any data that identifies you. The recruiter side stores recruiter accounts (email only, via Supabase Auth) and the candidate links they generate. Quiz results auto-expire after 90 days. We don’t sell anything to anyone.

When you take the quiz at score.orosa.io/quiz, your answers are sent to our server, scored, and stored as an anonymous row in our database. The row contains:

• Your score (0–100) and tier (T0–T3)
• Which option you picked for each question
• The candidate-link id, if you arrived via a recruiter-issued link
• A timestamp

The row has no name, no email, no IP address, no cookies, no fingerprint. The URL you receive (/result?id=<uuid>) is the only handle that maps back to your result, and anyone with that URL can view the result page — by design, so you can share it on LinkedIn or wherever you like.

Result rows are deleted automatically after 90 days. Shared LinkedIn links continue to work during that window; after that, the page shows “this result has expired.”

If you sign in at /recruiter/login, we create an account associated with your email. We store:

• Your email (via Supabase Auth)
• An optional display name and company you may provide later
• The candidate links you create, with the optional labels you give them
• The anonymous result rows that come back from candidates who took the quiz via your links

We use the email to send you the OTP sign-in code and to notify you when a candidate completes a quiz tied to one of your links. We never share your email with anyone else.

When you take the quiz via a link from a recruiter (i.e. a URL with ?ref=...), your result is tied to that link in our database. The recruiter who issued the link can see:

• That a candidate started the quiz at a particular time
• Your final tier and score, once you submit

The recruiter does notsee your email, your name, or any other identifying information from us. They only know “the person I sent this link to finished and scored T2.” If you want them to know it was you who took it, you tell them directly.

• Supabase — Postgres database + email-OTP authentication for recruiters
• Resend — sends recruiter sign-in OTPs and candidate-completion notifications
• Vercel — hosts the application; access logs are retained per Vercel’s default policy
• Vercel Speed Insights — anonymous Core Web Vitals (page load timings, interaction latency) so we can spot slow pages. No cookies, no user identification, no cross-site tracking
• Cloudflare — DNS for the orosa.io domain
• feedback-hub — only on /recruiter/* pages, lets signed-in recruiters file bug reports with us

We don’t use Google Analytics, PostHog, Hotjar, Sentry, or any third-party analytics or session-replay product. There are no advertising cookies anywhere on this site. Vercel Speed Insights (above) is performance-only — it measures how fast the page renders, not who you are or what you do.

On the public quiz and result pages: none. Quiz progress is held in sessionStorage on your device and erased when you close the tab.

On the recruiter pages: a session cookie from Supabase Auth so you stay signed in, and a localStorage entry remembering your theme preference. Both are first-party and required for the application to function.

You can delete a candidate link (and the result attached to it) from the recruiter dashboard at any time. You can also email us at [email protected] to request deletion of your recruiter account and all associated data.

Anonymous quiz results have no owner — there’s no way for us to identify which result is yours and selectively delete it. They expire automatically after 90 days.

If we materially change how we handle data, we’ll update this page and adjust the “last updated” date at the top. Material changes affecting recruiters with active accounts will also be emailed.

[email protected]