RiteVizor← Back to sign in

Privacy Policy

Last updated: 8 May 2026

1. Introduction

Interactive Digital Ltd (“Interactive Digital”, “Company”, “we”, “us”) operates RiteVizor, an internal performance appraisal platform used to manage the agency's annual and mid-year review cycles. This Privacy Policy explains how we collect, use, store and protect your personal information when you use the platform as an employee, contractor or authorised user of Interactive Digital.

RiteVizor is not a public service. Access is restricted to members of the Interactive Digital Google Workspace domain (verified via Google's hosted-domain check). The first time a Workspace member signs in, the platform creates an account for them at the lowest privilege level (a placeholder Trainee placement, view-only on their own self-assessment); an administrator subsequently confirms or adjusts their proper role assignment.

2. Information We Collect

2.1 Information about your employee record

Your employee record on the platform is initialised either by an administrator (HR import) or, on first Google sign-in, by the platform itself with placeholder values that the administrator subsequently corrects. The fields stored are:

  • Full name and work email (verified via Google)
  • Job title, function, band level, manager and reporting line
  • Hire date and active/inactive employment status
  • Platform role assignments (e.g. appraisee, rater, calibrator)

2.2 Information you provide while using the platform

  • Goals you set or are assigned for a cycle, with measures and targets
  • Self-assessment narratives, evidence links and supporting context
  • Ratings you give as a primary, secondary or function-head rater
  • Calibration adjustments, override reasons and finalisation decisions
  • Individual Development Plan (IDP) narratives, actions, comments and progress updates
  • Function-head sidebar inputs (Band 5 ratees only) and similar structured commentary

2.3 Information collected automatically

  • Sign-in events (timestamp, IP address, user agent)
  • Session and OAuth state cookies (essential)
  • Audit log entries for actions you take (e.g. submitting a self-assessment, locking a rating, advancing a cycle phase)

2.4 Information from Google Workspace

When you sign in with Google, we receive your verified email address, full name, profile picture URL and your Workspace hosted domain (the hd claim). We use these only to match you to your provisioned employee record and to confirm you belong to the Interactive Digital Workspace. We do not access your Gmail, Calendar, Drive or any other Google service.

3. How We Use Your Information

  • To authenticate you and authorise access to the platform
  • To operate the appraisal cycle: goal setting, self-assessment, rater assessment, calibration, finalisation and IDP planning
  • To present rating evidence and history to authorised raters, calibrators and leadership during a live cycle
  • To produce aggregate analytics for HR and leadership (e.g. distribution views, calibration heatmaps)
  • To export cycle outcomes for HR record-keeping and decisions on progression, compensation and development
  • To maintain audit logs that support governance, dispute handling and legal compliance

4. Who Sees What

Visibility is governed by your role and the cycle phase. In broad terms:

  • Appraisees see their own goals, self-assessment, final ratings (after the cycle closes) and their IDP.
  • Raters see the people they rate, including their goals, self-assessment and supporting evidence.
  • Calibrators see the cohorts they calibrate across the rater cohort or a function.
  • The COO and HR see agency-wide outcomes for administrative and reporting purposes.
  • The GCEO sees Band 5 rating sessions and function-head sidebars, plus the agency distribution view.

Function-head sidebars on Band 5 ratees are visible only to the GCEO during the cycle and become visible to the Band 5 ratee after the cycle closes. The platform does not expose your private ratings or evidence outside this role-based gating.

We do not sell, trade or rent personal information to anyone. We do not share data with third parties for advertising or marketing.

5. Third-Party Service Providers

We rely on a small number of vetted infrastructure providers to run the platform:

  • Google LLC — Google Workspace authentication (sign-in only; no other Google services accessed)
  • Vercel Inc. — application hosting
  • Neon Inc. — managed PostgreSQL database
  • Cloud object storage — for any uploaded evidence files, served via short-lived signed URLs

These providers act as data processors on our behalf under written terms that require equivalent protection of your personal data.

6. Data Storage and Security

Your data is encrypted in transit (TLS) and at rest. Access to production data is restricted to a small set of administrators on a need-to-know basis and is audit-logged. We use industry-standard security controls including signed authentication tokens, short-lived OAuth state tokens, role-based access control and principle-of-least-privilege database access.

You are responsible for safeguarding your Google Workspace account credentials. If you suspect your account has been compromised, report it immediately to IT and your line manager.

7. Data Retention

Performance records are retained for the duration of your employment with Interactive Digital and for the period required by applicable Ghanaian employment, tax and corporate-records law (typically up to seven years after the employment ends). Audit logs are retained for the same period.

Aggregate, de-identified analytics may be retained indefinitely for trend analysis.

8. Your Rights

Under the Ghana Data Protection Act, 2012 (Act 843) and any other applicable data-protection law, you have the following rights in respect of your personal data on RiteVizor:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to restrict processing — request that we limit how we use your data while a query is being resolved
  • Right to object — object to processing based on legitimate interests
  • Right to lodge a complaint — with the Ghana Data Protection Commission

The right to erasure is constrained by our legal obligation to retain employment records. We will explain in writing if we cannot fully comply with a deletion request and will tell you what data we have retained and why.

To exercise any of these rights, contact hr@interactivedigital.com.gh. We will respond within 30 days.

9. Cookies

RiteVizor uses only essential cookies needed for sign-in and session management:

  • Session cookie — keeps you signed in across pages
  • OAuth state cookie — short-lived (10 minutes) CSRF defence during the Google sign-in round-trip

We do not use analytics cookies, advertising cookies or any third-party tracking.

10. International Transfers

Our hosting and database providers operate globally. Personal data may be processed in regions outside Ghana, including the United States and the European Economic Area. We rely on the standard contractual terms offered by these providers to ensure equivalent protection.

11. Children's Privacy

RiteVizor is an employee tool and is not intended for, or available to, anyone under the age of 18.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active users via platform notification and email. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact

For privacy questions, requests or concerns about RiteVizor: