SERVBG Tools ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit servbg.com, whether you use the site as an anonymous visitor, a tool user, or a registered account holder.
This policy applies to all users of the platform including anonymous tool users and registered accounts who use IT-knowledge assessments, survival quizzes, and related features.
2. Data Controller
The data controller responsible for your personal data is:
When a company registered on servbg.com (an Employer) invites a candidate to
complete an IT assessment, a co-controller arrangement applies under GDPR Article 26:
The Employer (inviting company) is a co-controller for the
candidate's personal data (name, email address, assessment scores, and archetype). The Employer
determines the purpose of processing — evaluating the candidate for a specific role — and is
responsible for its own data-handling obligations, including notifying candidates of its privacy
practices.
servbg.com acts as a processor for assessment-engine data
(question delivery, answer recording, score computation) on behalf of the Employer, and
retains limited aggregate scores under its own legitimate interest in platform integrity.
Candidate right to erasure: If a candidate exercises their right to erasure
(GDPR Article 17), servbg.com will anonymise the candidate's name and email address in all
invitation records (candidate_email replaced with [deleted],
candidate_name set to NULL, magic link invalidated). Aggregate assessment
scores (IT accuracy, archetype, AI-risk percentage) are retained in the
Employer's hiring records under the Employer's legitimate interest — these scores contain
no personally identifying information after anonymisation.
Candidates who have not consented will never have an assessment row created on their behalf.
Consent is recorded explicitly (candidate_consented = 1,
consented_at timestamp) before any assessment data is collected.
For questions about data held by a specific Employer, candidates should contact that Employer
directly. For questions about data held by servbg.com, contact
claudebackup@servbg.com.
3. Information We Collect
Anonymous / Tool Users:
IP address (for tool functionality, geolocation country checks, and abuse prevention)
Browser type and version
Operating system
Pages visited and time spent
Referral source
Domain names, IP addresses, or other data you input into our tools
Files you upload to our secure upload service (encrypted at rest)
Registered Accounts:
E-mail address (used solely for magic-link authentication)
Nickname (chosen at registration)
IT-knowledge assessment answers and computed scores
Personality assessment responses and computed axis scores
AI-risk telemetry (aggregate timing and behavioural signals — no message content is sent to any AI provider)
Survival-quiz answer history and leaderboard scores
To provide and operate our network diagnostic and IT tools
To authenticate registered users via magic-link e-mail
To run and score IT-knowledge assessments and survival quizzes
To compute AI-risk scores from anonymised behavioural telemetry
To prevent abuse and enforce rate limits
To enforce geographic access restrictions where required
To display aggregated, anonymous statistics on the platform
5. Data Retention
Data type
Retention period
Tool query logs
24 hours
Magic-link tokens (magic_links)
24 hours (automatic cleanup event)
Authenticated sessions (user_sessions)
30 days sliding window (automatic cleanup event on last activity)
Assessments & assessment answers
Indefinite while account is active; deleted on account erasure request
Survival-quiz answer history
Indefinite while account is active; deleted on account erasure request
Uploaded files
Until download limit reached or 30 days maximum
Employer invitations (pending/active)
14 days (link expires); invitation row retained until candidate erasure request
Candidate name/email in invitations (after erasure)
Anonymised on erasure request; aggregate scores retained under Employer's legitimate interest
Aggregated statistics
Indefinite (no personal data)
6. Data Security
We implement industry-standard security measures including:
AES-256 encryption for uploaded files
HTTPS encryption for all connections
CSRF token protection on all state-changing requests
Rate limiting and abuse prevention
Regular security audits
7. Third-Party Data Processors
We use the following third-party services to operate the platform. Each processor receives only the minimum data necessary for its function.
MaxMind GeoLite2 (local) — Geolocation lookups (country, city, ISP/AS organisation) are performed against locally hosted MaxMind GeoLite2 database files. Your IP address is not transmitted to any third party for geolocation. Database files are downloaded from MaxMind under the GeoLite2 End User Licence Agreement and refreshed weekly.
Anthropic (Claude API) — Used to compute AI-risk scores for IT-knowledge assessments. Only anonymised behavioural telemetry (timing signals, interaction counts) is transmitted. No personal data, no assessment question text, and no e-mail addresses are sent to Anthropic. See their privacy policy at https://www.anthropic.com/privacy.
4EMX (eu.4emx.com) — Transactional e-mail provider used to deliver magic-link authentication e-mails. Your e-mail address is transmitted to 4EMX solely to deliver the authentication message.
We do not use Google Fonts or any other external font CDN. All typefaces are self-hosted on servbg.com.
8. Cookies and Local Storage
Cookies set by this site:
servbg_consent — Stores your cookie-consent choice (accepted / essential only). Expires after 1 year. Essential.
csrf_token (sent as servbg_csrf HTTP cookie) — CSRF protection token tied to your PHP session. Expires when the browser session ends. Essential.
PHPSESSID — PHP session identifier for server-side security state. Expires when the browser session ends. Essential.
Browser localStorage keys set by this site (registered accounts only):
sessionToken — Bearer token used to authenticate API requests without repeated page loads. Cleared on logout.
userEmail — Cached e-mail address for UI display. Cleared on logout.
userNickname — Cached nickname for UI display. Cleared on logout.
claimDismissed_<email> — Records that you have dismissed the leaderboard-claim prompt. Stored locally; not transmitted to the server.
We do not use advertising cookies, third-party tracking cookies, social-media cookies, or analytics cookies that identify you personally.
9. Your Rights (GDPR)
Under the General Data Protection Regulation (EU) 2016/679, you have the following rights:
Article 15 — Right of access: You may request a copy of all personal data we hold about you.
Article 16 — Right to rectification: You may request correction of inaccurate personal data.
Article 17 — Right to erasure ("right to be forgotten"): You may request deletion of your account and all associated personal data. An account-deletion endpoint is available via your profile settings. This feature is being rolled out in a forthcoming release; until then, submit a request to claudebackup@servbg.com and we will process it within 30 days.
Article 18 — Right to restriction of processing: You may request that we restrict processing of your data in certain circumstances.
Article 20 — Right to data portability: You may request an export of your personal data in a structured, machine-readable format. A data-export endpoint is available via your profile settings. This feature is being rolled out in a forthcoming release; until then, submit a request to claudebackup@servbg.com.
Article 21 — Right to object: You may object to processing based on legitimate interests.
Article 77 — Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority (see section 10).
10. Supervisory Authority
As servbg.com is operated from Bulgaria, the competent supervisory authority is:
Commission for Personal Data Protection (CPDP / КЗЛД)
Website: https://www.cpdp.bg/
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
You also retain the right to lodge a complaint with the supervisory authority of your EU member state of habitual residence.
11. Contact Us
For privacy-related inquiries or to exercise any of the rights described above, contact us at: claudebackup@servbg.com