RecruitPilot AI Privacy Notice

1. Scope of this Privacy Notice

This privacy notice applies to personal information collected when you:

• Interact with our products, including our “chrome extension” and our “web app”; and any of our computer or mobile software applications (collectively, “Apps”);
• Visit or use our website (the “Website”) https://recruitpilot.ai.
• Participate in our business relationships as a client or supplier contact of ours (“Business Relationships”);
• Interact with our social media accounts and pages (“Social Media Pages” including Instagram, Facebook and Youtube);
• Access any services accessible through the Website, Apps or ChatGPT (collectively, the “Services”);
• Participate in offline sales and marketing activities.

This Privacy Notice, together with our Data Processing Agreement (DPA), outlines how RecruitPilot collects, uses, and protects personal information. The DPA provides further detail on the specific terms under which we process personal data on behalf of our clients and users. For the purposes of this privacy notice, all references to the Website shall include a reference to the Apps.

2. What Personal Information Do We Collect?

The type of information we collect depends on your interaction with us. This includes:

• Interactions: Your usage details, interaction data, and feedback.
• Apps: Your full name, email address, telephone number, transaction details, usage details, interaction data, and feedback.
• Business Relationships: Your full name, email address, postal address, telephone number, and transaction details.
• Forms and Accounts: Information provided by completing forms on our Apps or Website, such as signing up for communications or events, searching for products or services, and creating accounts (log-in and password details).
• Social Media: Information from messages or posts on our Social Media Pages.
• Communications: Information in communications sent to us, such as reporting problems or submitting queries.
• Surveys: Data from surveys conducted for research purposes if you choose to participate.
• Automatic Collection: Information collected automatically when you use our Apps and Website, such as usage details, geo-location data, IP addresses, and information through cookies and other tracking technologies.

Users may manage their consent preferences, including opting out of marketing communications, via their account settings or by contacting us directly at privacy@recruitpilot.ai.

3. How Do We Use Personal Information Relating to You?

RecruitPilot AI provides users with AI-powered tools and recommendations to support recruitment workflows. These tools may generate suggestions, draft screening questions, or offer insights based on data inputs. However, RecruitPilot AI does not make or dictate employment decisions, automatically remove or reject candidates from the hiring pipeline, or replace human judgment. Responsibility for recruitment decisions, candidate selection, and hiring outcomes lies solely with the user or their organisation.

We use personal information for the following purposes:

• To improve and personalise our Services, including the development of AI features, in accordance with applicable legal bases and user permissions.
• To fulfil our contractual obligations and provide requested information, products, and services.
• To provide information about products and services that may interest you, with your consent.
• To ensure content from our Apps and Website is presented effectively.
• For internal operations including troubleshooting, data analysis, testing, research, statistical, and survey purposes.
• To provide and improve our services, including delivering our products and services to your employer or potential employer.
• To keep our Apps and Website safe and secure.
• To measure and understand the effectiveness of advertising and deliver relevant ads to you.
• To conduct our internal business processes, such as accounting and auditing.
• For any other purposes required by law.

RecruitPilot AI is progressively introducing agent-based features to automate certain recruitment workflows, such as outreach, anonymisation, and analytics. These agents operate under controlled conditions, in accordance with user permissions and our broader privacy, bias, and security safeguards. Where such agents handle personal data, the same protections and limitations described in this notice apply.

4. Legal Basis for Processing Personal Information

We rely on the following legal bases:

• Where you have given consent for specific purposes.
• Where processing is necessary for a contract with you or to take steps before entering into a contract.
• Where processing is necessary to comply with legal obligations.
• Where processing is in our legitimate interests or those of a third party, provided your interests or rights do not override them.

5. Compliance with Global Data Protection Regulations

RecruitPilot is committed to adhering to global data protection regulations, including but not limited to:

• General Data Protection Regulation (GDPR): We comply with the GDPR ((EU) 2016/679) for users in the European Economic Area (EEA).
• California Consumer Privacy Act (CCPA): We comply with the CCPA for users in California, USA, granting additional rights regarding their personal information.
• AI Act: We are actively preparing for compliance with the EU AI Act and other emerging regulations governing artificial intelligence technologies. Our practices are aligned with current transparency and fairness expectations and will evolve with regulatory updates.
• SOC 2: We adhere to SOC 2 standards for the security, availability, processing integrity, confidentiality, and privacy of customer data.

RecruitPilot complies with the Brazilian General Data Protection Law (LGPD), the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and other applicable data protection laws. We ensure that personal data is processed in accordance with the highest standards of data protection across all jurisdictions.

For a detailed understanding of our data processing practices and compliance with these regulations, please refer to our Data Processing Agreement (DPA). The DPA outlines the specific measures we take to ensure compliance, including our obligations and those of our users.

6. Do We Share Your Personal Information with Any Third Parties?

We may share personal information with:

• Other companies within our group involved in providing products and services to you or your employer or potential employer and who may use personal information in accordance with this notice.
• Third-party service providers who assist us with running our business, including customer support, payment processing, contractors, and IT services. These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• Companies that assist with improving and optimising our Apps and Website, including analysing user behaviour and trends.
• Lawyers, accountants, tax advisors, and auditors who need access to personal information to provide their services.
• Law enforcement bodies, courts of law, or as otherwise required or authorised by law, for compliance with legal obligations or to protect our rights, property, or safety, or that of our users, clients, or others.

We may also disclose personal information:

• In the event that we sell or buy any business or assets, in which case we may disclose personal information to the prospective seller or buyer of such business or assets.
• If we are acquired by a third party, in which case personal information held by us about our users will be one of the transferred assets.
• To comply with legal obligations or to enforce or apply our terms of use or other agreements, or to protect the rights, property, or safety of RecruitPilot, our customers, or others.

All sharing of personal information with third parties, including service providers and group companies, is governed by the terms specified in our Data Processing Agreement (DPA). This agreement details the roles and responsibilities of third parties in handling and protecting your personal information.

Before sharing personal information with third parties, we take steps to ensure that the third party will protect the personal information in accordance with applicable privacy laws and in a manner consistent with this notice. Third parties are required to restrict their use of this information to the purpose for which the information was provided. RecruitPilot AI strictly disclaims liability for any hiring decisions, outcomes, or practices implemented by users of our Services. Users are solely responsible for how they use AI-generated outputs or insights. Our Data Processing Agreement and Terms of Use further clarify liability and indemnification provisions, including obligations related to legal compliance and responsible data handling.

For international data transfers, we implement safeguards such as standard contractual clauses, adequacy decisions, or other lawful mechanisms to ensure the protection of personal data.

7. Bias Mitigation and Ethical Use of AI

RecruitPilot AI is committed to ensuring fair and equitable outcomes in recruitment. We actively monitor and refine our tools to reduce bias in AI-driven processes. This includes prompt engineering safeguards, dataset quality reviews, and human oversight mechanisms where appropriate. We encourage users to apply RecruitPilot's recommendations ethically, in a way that supports diversity, fairness, and inclusive hiring practices.

8. Automated Decision-Making and Candidate Profiling

Some of our tools may involve the automated analysis of candidate data to generate insights, rankings, or screening questions based on predefined criteria. These features are intended to assist recruiters in evaluating candidates more efficiently. However, these tools do not make final hiring decisions and are not designed to replace human judgment.

If you are a candidate, you have the right to:

• Obtain meaningful information about the logic involved in the automated processing;
• Request human intervention;
• Express your point of view and contest decisions that significantly affect you.

To exercise these rights, please contact privacy@recruitpilot.ai.

9. AI Transparency and Use of Generative Technologies

RecruitPilot AI uses artificial intelligence, including large language models orchestrated through frameworks such as LangGraph, to power features like outreach automation, screening assistance, and hiring analytics. These tools operate within tightly defined workflows that are designed to be auditable, safe, and aligned with responsible AI principles. These tools may accept open-ended user prompts to allow flexible interaction. However, all AI features operate within controlled environments that enforce structured workflows, input validation, and auditability.

In our web app and chrome extension, open-ended prompts are supported within predefined agent boundaries. This design ensures that generative AI is used safely, responsibly, and in accordance with applicable privacy and fairness obligations.

Separately, we offer a limited number of Custom GPTs through the ChatGPT platform, clearly branded under RecruitPilot. These are subject to the respective platform's usage and privacy terms.

Users are always informed when interacting with AI-powered tools. RecruitPilot does not impersonate individuals or make final hiring decisions. All outputs are intended to assist, not replace, human judgment. We are committed to transparent, fair, and ethical use of AI technologies and continue to align our practices with the EU AI Act and other relevant regulatory standards.

10. Third-Party Policies

Our services are integrated with third-party platforms and services, and we adhere to their privacy and usage policies:

• Google: Our React web app uses Firebase for user authentication, and our services comply with Google's privacy, security, and usage policies. This includes data handling as specified by Google API Services User Data Policy, including the Limited Use requirements.
• Apple: Our Apps available on Apple platforms comply with Apple's privacy policies and guidelines.
• OpenAI: Our products, including Custom GPTs, WebApp and Chrome extension, comply with OpenAI's privacy and usage policies. This includes adhering to OpenAI's standards for data handling, security, and user privacy.

11. LinkedIn API Data Integration

RecruitPilot integrates with LinkedIn APIs to facilitate recruitment, employer branding, job advertising, and platform functionality. As part of this integration, RecruitPilot may automatically access and process certain LinkedIn data related to users' organizational activities and publicly available LinkedIn content.

Types of LinkedIn data we may collect include, but are not limited to:

• Organization (Company) data (such as name, industry, size, logo, description, website URL)
• Job posting data (such as titles, descriptions, locations, application methods)
• Recruitment-related metadata (such as posting status updates or application events)
• Public LinkedIn profile attributes as authorized by LinkedIn policies

RecruitPilot uses LinkedIn data to:

• Enable job posting, job management, and candidate engagement features
• Enhance job listings with accurate company branding and organizational context
• Facilitate content sharing and platform interactions with LinkedIn

RecruitPilot processes LinkedIn data based on legitimate interest (for recruitment service provision) and contractual necessity (to provide services requested by our users or organizational clients), in compliance with applicable data protection laws including the GDPR and CCPA.

RecruitPilot processes LinkedIn data in accordance with LinkedIn's API Terms of Use, Developer Policies, and relevant data protection regulations. Individuals have the right to:

• Access the personal data RecruitPilot holds about them
• Request correction of inaccurate data
• Request deletion of their personal data
• Object to certain processing activities
• Request data portability where applicable

Requests regarding LinkedIn-sourced data can be submitted by contacting us at privacy@recruitpilot.ai.

We only retain LinkedIn data for as long as necessary to fulfil the purposes outlined above or as required by applicable law. Users may revoke RecruitPilot's access to LinkedIn data at any time via LinkedIn settings or by contacting us directly.

For further information about LinkedIn's own data processing practices, please refer to the LinkedIn Privacy Policy.

12. How Do We Protect Your Personal Information?

We use various measures to protect your personal information:

• Information in transit is encrypted using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) and stored using 256-bit AES encryption.
• Access to personal information is restricted to authorised personnel who need it for their duties.
• We conduct regular audits of our information security practices.
• Employees receive training on data protection best practices.

For comprehensive details on our security measures, including how we manage data breaches and safeguard personal data, please consult our Data Processing Agreement (DPA). The DPA provides a complete overview of our information security practices and the protocols we follow to protect your data.

In case of a data breach, we have procedures to take necessary actions promptly and notify affected individuals as required by law.

13. Where Do We Store Personal Information?

RecruitPilot AI may store and process personal information in countries outside of the European Economic Area (EEA), including the United States. Where such transfers occur, we ensure that your data is protected to a standard that meets or exceeds the requirements of applicable data protection laws.

Specifically, we implement:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Adequacy decisions where applicable; and
• Contractual safeguards with our subprocessors to ensure your rights are upheld.

We only transfer personal information when it is necessary for service delivery or support and only to partners who have entered into binding data processing agreements with RecruitPilot AI.

14. Cookies and Tracking Technologies

Our Apps and Website use cookies and similar tracking technologies to improve your experience and understand how our services are used. These technologies help us:

• Ensure the proper functioning of our platform;
• Analyse user behaviour and improve performance;
• Remember user preferences and personalise content;
• Track your interests to deliver relevant ads (with consent);
• Identify potential misuse or abuse.

Some data collected through cookies may also be used to improve our AI features - for example, to understand common usage patterns or identify product improvement opportunities. We do not use cookie data to train large language models or create behavioural profiles for hiring decisions.

In jurisdictions such as the UK and EEA, we seek your explicit consent before setting non-essential cookies. You can manage your preferences at any time using our cookie banner or through your browser settings.

15. Your Rights

We're committed to handling all personal data responsibly and transparently because trust is at the heart of every great recruitment experience. We believe every candidate and user deserves clarity, control, and fairness when it comes to their personal data. That's why we make it easy for you to exercise your rights at any time.

You have the following rights regarding your personal information:

• Request access to personal information we hold about you;
• Request correction of inaccurate or incomplete personal information;
• Request deletion of your personal information, subject to certain exceptions;
• Request restriction of processing in certain circumstances;
• Object to processing where we rely on legitimate interests;
• Request the transfer of your personal information to another organisation or directly to you in a structured, commonly used format;
• Withdraw your consent at any time, where consent is the legal basis for processing.

To exercise these rights, please contact us at privacy@recruitpilot.ai.

We will respond to your request within 7 days, in accordance with applicable data protection laws. In certain circumstances, we may request additional information to verify your identity before processing your request.

If you have a concern about the way we are collecting or using your personal information, we request that you raise your concern with us first. You can also contact the Information Commissioner's Office (ICO) at https://ico.org.uk/concerns/.

16. Third-Party Links

RecruitPilot's Apps and Website may contain links to other external sites. We are not responsible for the privacy policies of these external sites. Please review their policies before submitting personal information.

17. Social Media Platforms

Engagement on social media platforms with RecruitPilot's pages, posts or comments is subject to the terms and privacy policies of those platforms. We are not responsible for their policies. Review these policies before submitting personal information.

18. Data Retention

We retain personal information only as long as necessary for the purposes for which it was collected, including legal, regulatory, tax, accounting, or reporting requirements. Retention periods are determined based on the nature and sensitivity of the information and potential risk of harm from unauthorised use or disclosure.

For example, we may retain contact details for marketing purposes until consent is withdrawn. Specific retention periods are determined based on the type of data and the purpose for which it was collected.

Our data retention practices, including the methods used for data deletion or return at the end of the retention period, are fully outlined in our Data Processing Agreement (DPA). The DPA specifies the conditions under which personal data is retained and the procedures for securely disposing of it.

19. Fair Usage Policy

To ensure fair use of our services, including our chrome extension and web app, we implement token limits and monitor for abuse. Usage beyond specified limits specifically, excessive use of generative AI features, unnecessary repeated automated interactions, use contrary to fair hiring practices and/or abusive behaviour may result in suspension or termination of access.

20. Relationship to other terms and policies

This Privacy Notice is intended to be read alongside our other core legal and compliance documents:

• Our Terms of Use
• Our Data Processing Agreement (DPA)
• Our Security Policy

These documents provide additional detail on how we process personal data, the responsibilities of users, and how we secure information.

For most of our Services, RecruitPilot AI acts as a data processor, processing personal data on behalf of our customers (typically recruitment agencies or employers). In certain situations - such as direct interactions with our marketing or website - RecruitPilot AI may act as a data controller. Please refer to our DPA for more detail on roles and responsibilities.

21. Changes to this Notice, Version Control and Document History

We review and update this privacy notice regularly. Changes will be posted on this page, and significant updates may be communicated via email. Please review this page periodically for updates.

We also maintain version control to ensure the most current version of our Terms is always available to our users. Each update to the Privacy Notice will include a new version number and date to indicate when the changes took effect. Users are responsible for reviewing the Privacy Notice periodically to stay informed about any changes. Continued use of the Services following the posting of a new version indicates your acceptance of the modified Privacy Notice.

• Version 1.0: Initial version published on [17/03/2024].
• Version 1.1: Updated on [03/05/2024] to include legal basis for processing, data portability, and additional security measures.
• Version 1.2: Updated on [22/07/2024] to enhance cookie policy and information on automated decision-making.
• Version 1.3: Updated on [06/08/2024] to enhance scope and personal information we collect.
• Version 1.4: Updated on [26/11/2024] to clarify AI usage, add liability disclaimers, reinforce bias mitigation, and strengthen the Fair Usage Policy.
• Version 1.5: Updated on [07/02/2025] to add AI decision and profiling transparency, clarify use of open-ended prompts, define structured workflows, and accurately reflect use of Custom GPTs and generative technologies.
• Version 1.6: Updated on [12/03/2025] to strengthen international data transfer safeguards, enhance candidate privacy rights language, and clarify the use of cookies, tracking, and AI-related behavioural data.
• Version 1.7: Updated on [03/06/2025] to include LinkedIn API integration details, document cross-references, clarification of controller/processor roles, and preparation for future agent-based automation features.

22. Contacting Us

If you have any questions regarding this privacy notice, please contact us at: