Privacy Notice

1. Scope

This Notice explains how Paritt handles personal data for the waitlist, account creation, and benchmark sessions across Paritt Arena and Paritt Analytics. The Telemetry & Capture Consent describes session capture in more detail and should be read alongside this Notice.

2. What we collect

• Waitlist and account data: the email address, name, company, stated use case, requested access scopes, and region and birth year you provide.
• Authentication data: a salted password hash, session and CSRF tokens, and, if you enable it, two-factor authentication settings and recovery codes.
• Session telemetry: behavioral signals captured while you complete a benchmark task, described in the Telemetry & Capture Consent.
• Work products: the files and outputs you produce in a session.
• Operational logs: request metadata, audit-log entries for actions taken on the platform, and limited diagnostic information such as approximate IP address used for rate limiting and abuse prevention.

We do not capture data from your own computer outside the browser tab — there is no host-side capture. Telemetry is collected only inside the Paritt-provisioned session environment.

3. Why we use it

• To operate the platform: create and approve accounts, run sessions, review and score submissions, and produce reports.
• To keep benchmarks valid and the platform secure: detect abuse, enforce conduct rules, and maintain audit trails.
• To produce benchmark reports and, in anonymized or aggregated form, datasets — and to train, evaluate, and develop AI models and benchmarking methods, as described in the Terms of Service.
• To communicate with you about your account, application status, and sessions.

4. When data is shared

We do not sell personal data. We share data with infrastructure providers that host and process it on our behalf under contract (for example, cloud hosting and object storage). Published benchmark reports and any licensed datasets contain anonymized or aggregated data, not your account-identifying fields, unless you have separately and explicitly agreed to attribution. For Analytics projects, task materials and work products are tenant-scoped to the commissioning organization. We may disclose data where required by law or to protect the platform.

5. Storage and retention

Account and waitlist data is kept while your account is active. Session telemetry and work products are kept as long as needed for review, scoring, and the benchmark and research purposes described in the Terms. Customer-confidential Analytics data is stored in a customer-scoped, encrypted location and retained per the customer contract, with a default of 90 days after a project closes unless the contract says otherwise. Anonymized data that has already been incorporated into a published report or dataset cannot be withdrawn from that report or dataset after release.

6. Your choices and requests

You can ask us to access, correct, or delete your personal data, or to close your account. Deleting your account stops future collection and removes your account-identifying data; it does not retract anonymized data already published in a report or dataset, as explained above. Depending on where you live you may have additional rights under local law. To make a request, email [email protected].

7. Security

We use technical and organizational measures appropriate to a platform at this stage, including encrypted transport, encrypted backups, scoped and expiring session tokens, object-level authorization, and audit logging. No system is perfectly secure. This Notice does not claim any formal security certification.

8. Contact and changes

We may update this Notice; material changes will be notified and, where they affect what you consented to, will require fresh consent. Questions and privacy requests: [email protected].