This privacy notice applies to personal information collected when you:

• Interact with our products, including our “chrome extension” and our “web app”; and any of our computer or mobile software applications (collectively, “Apps”);
• Visit or use our website (the “Website”)
• Participate in our business relationships as a client or supplier contact of ours (“Business Relationships”);
• Interact with our social media accounts and pages (“Social Media Pages” including Instagram, Facebook and Youtube);
• Access any services accessible through the Website, Apps or ChatGPT (collectively, the “Services”);
• Participate in offline sales and marketing activities.

This Privacy Notice, together with our Data Processing Agreement (DPA) , outlines how RecruitPilot collects, uses, and protects personal information. The DPA provides further detail on the specific terms under which we process personal data on behalf of our clients and users. For the purposes of this privacy notice, all references to the Website shall include a reference to the Apps.

The type of information we collect depends on your interaction with us. This includes:

• Interactions: Your usage details, interaction data, and feedback.
• Apps: Your full name, email address, telephone number, transaction details, usage details, interaction data, and feedback.
• Business Relationships: Your full name, email address, postal address, telephone number, and transaction details.
• Forms and Accounts: Information provided by completing forms on our Apps or Website, such as signing up for communications or events, searching for products or services, and creating accounts (log-in and password details).
• Social Media: Information from messages or posts on our Social Media Pages.
• Communications: Information in communications sent to us, such as reporting problems or submitting queries.
• Surveys: Data from surveys conducted for research purposes if you choose to participate.
• Automatic Collection: Information collected automatically when you use our Apps and Website, such as usage details, geo-location data, IP addresses, and information through cookies and other tracking technologies.

Users may manage their consent preferences, including opting out of marketing communications, via their account settings or by contacting us directly at privacy@recruitpilot.ai

RecruitPilot AI includes features powered by artificial intelligence, including large language models orchestrated through structured frameworks (e.g., LangGraph). These features may involve open-ended prompts, automated workflows, and AI-generated outputs such as screening questions, outreach drafts, and analytics insights.

These tools are designed to assist users in recruitment tasks and do not replace human judgment or decision-making. Users are solely responsible for how they apply AI-generated outputs. RecruitPilot AI does not make, control, or dictate hiring decisions.

By using our AI-powered features, you acknowledge that outputs may not always be entirely accurate, complete, or totally free of all bias. You agree to validate any AI-generated content before acting on it, particularly in employment or compliance-sensitive contexts.

We rely on the following legal bases:

• Where you have given consent for specific purposes.
• Where processing is necessary for a contract with you or to take steps before entering into a contract.
• Where processing is necessary to comply with legal obligations.
• Where processing is in our legitimate interests or those of a third party, provided your interests or rights do not override them.

RecruitPilot is committed to adhering to global data protection regulations, including but not limited to:

• General Data Protection Regulation (GDPR): We comply with the GDPR ((EU) 2016/679) for users in the European Economic Area (EEA).
• California Consumer Privacy Act (CCPA): We comply with the CCPA for users in California, USA, granting additional rights regarding their personal information.
• AI Act: We are actively preparing for compliance with the EU AI Act and other emerging regulations governing artificial intelligence technologies. Our practices are aligned with current transparency and fairness expectations and will evolve with regulatory updates.
• SOC 2: We adhere to SOC 2 standards for the security, availability, processing integrity, confidentiality, and privacy of customer data.

We may share personal information with:

• Other companies within our group involved in providing products and services to you or your employer or potential employer and who may use personal information in accordance with this notice.
• Third-party service providers who assist us with running our business, including customer support, payment processing, contractors, and IT services. These providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• Companies that assist with improving and optimising our Apps and Website, including analysing user behaviour and trends.
• Lawyers, accountants, tax advisors, and auditors who need access to personal information to provide their services.
• Law enforcement bodies, courts of law, or as otherwise required or authorised by law, for compliance with legal obligations or to protect our rights, property, or safety, or that of our users, clients, or others.

We may also disclose personal information:

• In the event that we sell or buy any business or assets, in which case we may disclose personal information to the prospective seller or buyer of such business or assets.
• If we are acquired by a third party, in which case personal information held by us about our users will be one of the transferred assets.
• To comply with legal obligations or to enforce or apply our terms of use or other agreements, or to protect the rights, property, or safety of RecruitPilot, our customers, or others.

All sharing of personal information with third parties, including service providers and group companies, is governed by the terms specified in our Data Processing Agreement (DPA). This agreement details the roles and responsibilities of third parties in handling and protecting your personal information.

Before sharing personal information with third parties, we take steps to ensure that the third party will protect the personal information in accordance with applicable privacy laws and in a manner consistent with this notice. Third parties are required to restrict their use of this information to the purpose for which the information was provided. RecruitPilot AI strictly disclaims liability for any hiring decisions, outcomes, or practices implemented by users of our Services. Users are solely responsible for how they use AI-generated outputs or insights. Our Data Processing Agreement and Terms of Use further clarify liability and indemnification provisions, including obligations related to legal compliance and responsible data handling.

For international data transfers, we implement safeguards such as standard contractual clauses, adequacy decisions, or other lawful mechanisms to ensure the protection of personal data.

RecruitPilot AI is committed to ensuring fair and equitable outcomes in recruitment. We actively monitor and refine our tools to reduce bias in AI-driven processes. This includes prompt engineering safeguards, dataset quality reviews, and human oversight mechanisms where appropriate. We encourage users to apply RecruitPilot's recommendations ethically, in a way that supports diversity, fairness, and inclusive hiring practices.

Some of our tools may involve the automated analysis of candidate data to generate insights, rankings, or screening questions based on predefined criteria. These features are intended to assist recruiters in evaluating candidates more efficiently. However, these tools do not make final hiring decisions and are not designed to replace human judgment.

If you are a candidate, you have the right to:

• Obtain meaningful information about the logic involved in the automated processing;
• Request human intervention;
• Express your point of view and contest decisions that significantly affect you.

To exercise these rights, please contact privacy@recruitpilot.ai

RecruitPilot AI uses artificial intelligence, including large language models orchestrated through frameworks such as LangGraph, to power features like outreach automation, screening assistance, and hiring analytics. These tools operate within tightly defined workflows that are designed to be auditable, safe, and aligned with responsible AI principles. These tools may accept open-ended user prompts to allow flexible interaction. However, all AI features operate within controlled environments that enforce structured workflows, input validation, and auditability.

In our web app and chrome extension, open-ended prompts are supported within predefined agent boundaries. This design ensures that generative AI is used safely, responsibly, and in accordance with applicable privacy and fairness obligations.

Separately, we offer a limited number of Custom GPTs through the ChatGPT platform, clearly branded under RecruitPilot. These are subject to the respective platform's usage and privacy terms.

Users are always informed when interacting with AI-powered tools. RecruitPilot does not impersonate individuals or make final hiring decisions. All outputs are intended to assist, not replace, human judgment. We are committed to transparent, fair, and ethical use of AI technologies and continue to align our practices with the EU AI Act and other relevant regulatory standards.

All fees are exclusive of taxes, levies, or duties imposed by taxing authorities. You are responsible for paying any applicable taxes related to your use of the Services.

If you are required by law to withhold any taxes from your payments to RecruitPilot AI Limited, you must provide us with an official tax receipt or other appropriate documentation to support such payments.

You agree not to use the Services in any manner that:

• Violates any local, state, national, or international law or regulation.
• Engages in any fraudulent activity, including impersonating any person or entity, or falsely stating or otherwise misrepresenting your affiliation with a person or entity.
• Engages in any activity that is harmful to others, including but not limited to harassment, abuse, defamation, libel, or invasion of privacy.
• Attempts to gain unauthorised access to any portion of the Services, other accounts, computer systems, or networks connected to the Services, through hacking, password mining, or any other means.
• Uses AI-generated content from the Services in a discriminatory, misleading, or unlawful manner, including to make automated employment decisions without appropriate human oversight.
• Interferes with or disrupts the Services or the servers or networks connected to the Services, or disobeys any requirements, procedures, policies, or regulations of networks connected to the Services.
• Uploads, posts, emails, transmits, or otherwise makes available any content that contains viruses, worms, Trojan horses, spyware, or any other computer code, files, or programs designed to interrupt, destroy, or limit the functionality of any computer software or hardware or telecommunications equipment.
• Uploads, posts, emails, transmits, or otherwise makes available any content that infringes any patent, trademark, trade secret, copyright, or other proprietary rights of any party.
• Engages in the transmission of “junk mail,” “chain letters,” or unsolicited mass mailing, instant messaging, “spimming,” or “spamming.”
• Uses any data mining, robots, scraping, or similar data gathering or extraction methods.
• Circumvents or manipulates credit limits, quotas, or feature restrictions through automation or unauthorised account activity.
• Uploads, posts, emails, transmits, or otherwise makes available any content in an incorrect format or that is not supported by the Services, which can disrupt the functionality or accessibility of the Services.
• Engages in any form of harassment, abuse, or bullying of any other user.
• Posts or transmits any content that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, or racially, ethnically, or otherwise objectionable.
• Impersonates any person or entity, including, but not limited to, a RecruitPilot AI Limited employee, or falsely states or otherwise misrepresents your affiliation with a person or entity.
• Interferes with or disrupts the integrity or performance of the Services or the data contained therein.
• Uses manual or automated software, devices, or other processes to “crawl,” “spider,” or “scrape” any page of the Services.
• Creates multiple accounts for the same individual or entity without prior written consent from RecruitPilot AI Limited.
• Sells, resells, rents, or leases the Services or any part thereof without prior written consent from RecruitPilot AI Limited.
• Uses the Services in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage, or otherwise negatively impacts the performance of the Services.
• Violates any other policy or terms related to the use of the Services.

By uploading or submitting any content through our Services, you grant RecruitPilot AI a non-exclusive, worldwide, royalty-free license to use, modify, reproduce, and distribute your content in connection with the operation of the Services.

You are solely responsible for any content you upload, post, or otherwise make available through the Services. RecruitPilot AI does not endorse any user content and is not responsible for its accuracy or legality.

RecruitPilot AI reserves the right to remove any content that violates these Terms or is otherwise deemed inappropriate.

RecruitPilot AI Limited is committed to protecting the privacy and security of your personal information. This section outlines how we collect, use, share, and protect your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and relevant AI regulations. These Terms are intended to be read in conjunction with our Privacy Notice and Data Processing Agreement (DPA) which together outline how we collect, process, store, and protect personal data across our services.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Request access to your personal information and obtain a copy.
• Request correction of any inaccurate or incomplete personal information.
• Request deletion of your personal information, subject to certain legal exceptions.
• Request restriction of processing your personal information under certain conditions.
• Object to the processing of your personal information for direct marketing purposes.
• Request the transfer of your personal information to another organisation, where feasible.

To exercise your rights, please contact us at support@recruitpilot.ai. We will respond to your request in accordance with applicable data protection laws.

We may update this Data Protection and Privacy section from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and we encourage you to review this section periodically.

If you have any questions or concerns about our data protection and privacy practices, please contact us at: support@recruitpilot.ai.

We use various measures to protect your personal information including:

• Encryption: Information in transit is encrypted using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) and stored using 256-bit AES encryption.
• Access Controls: Access to personal information is restricted to authorised personnel who need it for their duties.
• Regular Audits: We conduct regular audits of our information security practices.
• Employee Training: Employees receive training on data protection best practices.

In case of a data breach, we have procedures to take necessary actions promptly and notify affected individuals as required by law.

We retain personal information only as long as necessary for the purposes for which it was collected, including legal, regulatory, tax, accounting, or reporting requirements. Retention periods are determined based on the nature and sensitivity of the information and potential risk of harm from unauthorised use or disclosure.

The Services are provided on an “as is” and “as available” basis. RecruitPilot AI makes no representations or warranties of any kind, express or implied, about the operation of the Services or the information, content, materials, or products included on the Services.

You expressly agree that your use of the Services is at your sole risk.

While we strive to provide accurate and up-to-date information, we do not warrant that any information provided through the Services is accurate, complete, reliable, current, or error-free.

Our Services may include content provided by third parties. All statements and opinions expressed in such content, other than the content provided by RecruitPilot AI, are solely the responsibility of the person or entity providing those materials. Such materials do not necessarily reflect the opinion of RecruitPilot AI.

To the fullest extent permitted by law, RecruitPilot AI disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose. RecruitPilot AI does not warrant that the Services, its servers, or emails sent from RecruitPilot AI are free of viruses or other harmful components.

RecruitPilot AI will not be liable for any damages of any kind arising from the use of the Services, including, but not limited to, direct, indirect, incidental, punitive, and consequential damages.

Any advice or information provided by RecruitPilot AI through the Services is for general informational purposes only and should not be construed as professional advice. Users should consult appropriate professionals for specific advice tailored to their situation.

RecruitPilot AI does not warrant or make any representations regarding the use or the results of the use of the Services in terms of their correctness, accuracy, reliability, or otherwise. No advice or information, whether oral or written, obtained by you from RecruitPilot AI or through the Services shall create any warranty not expressly stated herein.

RecruitPilot AI will not be liable for any failure or delay in performance due to causes beyond our reasonable control, including but not limited to acts of God, war, terrorism, strikes, supply shortages, or interruptions in telecommunications or internet services.

These Terms shall be governed by and construed in accordance with the laws of England and Wales. Any disputes arising under or in connection with these Terms, including matters related to data processing as detailed in our Data Processing Agreement (DPA) , , shall be subject to the exclusive jurisdiction of the courts of England and Wales.