Privacy Policy

Last updated: February 28, 2026

1. Introduction

Performs360 ("we", "our", "us") is a 360-degree performance evaluation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to protecting the privacy and security of your data.

2. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, company name, and role when you register or are invited to the platform.
  • Evaluation data: Responses submitted through evaluation forms. This data is end-to-end encrypted with your company's encryption key — we cannot read it.
  • Usage data: Log data, device information, and analytics to improve the service (no evaluation content is included).
  • Communication data: Emails sent through the platform (invitation links, OTP codes, reminders).

3. How We Use Your Information

  • To provide and maintain the Performs360 service
  • To authenticate users via magic links and OTP verification
  • To send evaluation invitations, reminders, and system notifications
  • To generate aggregated, anonymized analytics for platform improvement
  • To comply with legal obligations

4. Data Encryption & Access

All evaluation responses are encrypted at rest using AES-256-GCM with company-owned encryption keys. The Performs360 platform operator (including super admins) has zero access to decrypted evaluation data. Only your company's authorized administrators can decrypt and view evaluation responses.

If your company's encryption passphrase and recovery codes are lost, the evaluation data is permanently unrecoverable. There is no backdoor, escrow, or platform-level recovery mechanism by design.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these circumstances:

  • With infrastructure providers (hosting, email delivery) who process data on our behalf under strict agreements
  • When required by law, regulation, or valid legal process
  • To protect the rights, safety, or property of Performs360, our users, or the public

6. Data Retention

Account data is retained while your account is active. Evaluation data is retained according to your company administrator's settings. When a company account is deleted, all associated data — including encrypted evaluation responses — is permanently removed within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact your company administrator or reach out to us at privacy@performs360.com.

8. Cookies

We use essential cookies for authentication (session tokens, OTP session cookies). We do not use third-party advertising or tracking cookies. Analytics cookies, if used, are anonymized and do not track individual users across sites.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For questions about this Privacy Policy, contact us at privacy@performs360.com.