Privacy Policy

This Privacy Policy explains how Automated Recruiter LLC ("Automated Recruiter," "we," "us," or "our") collects, uses, stores, shares, and deletes personal information through our recruiting software platform and related website, billing, support, and communications workflows.

Automated Recruiter is a recruiting workflow and decision-support platform used by staffing agencies, internal talent teams, recruiters, and, in some cases, individual direct users. Depending on the context, we may process personal data both on behalf of customer organizations and directly for our own business purposes such as account administration, billing, security, and customer support.

Our Privacy Role

For recruiting and candidate data that customers upload or process through the platform, Automated Recruiter generally acts as a processor or service provider on behalf of the customer organization. For account, billing, support, website, and relationship-management data, and for some direct individual user interactions, Automated Recruiter generally acts as a controller or business. If a separate data processing agreement applies, that agreement governs to the extent of any conflict for processor obligations.

Information We Collect

We may collect the following categories of information.

Account and Organization Information

• Name
• Company or agency name
• Business email address
• User role and account settings
• Authentication and provisioning information
• Support and contact history

Billing and Commercial Information

• Trial status and trial usage
• Subscription status and plan selection
• Billing account identifiers
• Customer or company name, including legal entity name where provided
• Billing email address
• Billing country, state or region where relevant, and postal code
• Invoice and payment status
• Assessment usage, billing period, and overage metadata
• Customer portal and billing recovery activity
• Tax-related information such as tax IDs, tax calculation metadata, exemption status, and related support records where provided or generated in billing workflows

Payment card information is typically collected and processed by our payment processor, such as Stripe, rather than stored by Automated Recruiter directly.

Recruiting Workflow Data

• Job descriptions
• Recruiter notes and intake information
• Evaluation rubrics
• Workflow configuration and filtering rules
• Candidate-review outputs, summaries, and scores

Candidate Information

Candidate data contained in resumes, applications, profiles, or related records may include:

• Name
• Email address
• Phone number
• Location
• Employment history
• Education
• Licenses, certifications, and skills
• Work authorization information
• Interview notes, evaluation results, and related recruiting metadata
• Other information voluntarily included in resumes, applications, or related recruiting communications

Operational, Security, and Diagnostic Data

• Application timestamps and routing metadata
• Job alias email routing information
• Resume parsing and scoring status
• Device, browser, IP, and log data
• Audit events, error logs, and support diagnostics
• Cookie and consent preferences where applicable

How We Use Information

We may use personal information to:

• Provide, host, maintain, and secure the platform
• Process resumes, applications, and recruiting workflow data
• Generate candidate evaluations, summaries, and recruiter notifications
• Administer accounts, subscriptions, billing periods, invoices, and payment recovery
• Calculate included usage, overages, and billing reconciliation records
• Determine billing jurisdiction, calculate applicable taxes, and maintain tax, refund, credit, and invoice records
• Respond to support, legal, privacy, and commercial inquiries
• Detect fraud, abuse, misuse, security incidents, or policy violations
• Improve platform quality, observability, and reliability
• Comply with legal, tax, accounting, regulatory, and contractual obligations

Platform Improvement and Future Capabilities

We may use data processed through the platform to improve existing features and to develop new capabilities, including systems designed to support candidate rediscovery, matching, ranking, and future talent network functionality, subject to applicable law, contractual obligations, and required notice or consent where applicable.

We do not use candidate personal information to train machine learning or artificial intelligence models without first de-identifying or anonymizing that data such that it cannot reasonably be re-linked to an individual. We do not use customer recruiting data to train models for unrelated third-party purposes. AI processing is performed through Microsoft Azure OpenAI Service, which operates under Microsoft's Azure data privacy commitment: customer prompts and completions are not available to OpenAI and are not used to improve OpenAI or Microsoft models.

Legal Bases

Where required by applicable law, we process personal information based on one or more of the following: performance of a contract, legitimate interests, compliance with legal obligations, your consent, or another applicable lawful basis. Where we act as a processor or service provider, we process data on behalf of the relevant customer under their instructions and our contractual obligations.

How We Share Information

We may share personal information with:

• Service providers and subprocessors that help us operate the platform, such as hosting, identity, analytics, monitoring, AI, email, and payment-processing vendors
• Payment processors and related tax-calculation services, including Stripe and Stripe Tax or similar providers, to process billing, invoices, renewals, payment recovery, tax determination, refunds, credits, and related commercial workflows
• Customer organizations and authorized users acting within their recruiting workflows
• Professional advisors, auditors, insurers, lenders, or acquirers where reasonably necessary
• Government authorities, courts, regulators, or law enforcement where required by law or to protect rights, safety, and security

We do not sell personal information for money. We do not share customer recruiting data with unrelated third parties for their independent advertising purposes.

Data Processing and Subprocessors

We may engage subprocessors and service providers to support hosting, infrastructure, AI processing, authentication, billing, communications, and security operations. We implement contractual and organizational safeguards designed to ensure such providers process data in accordance with applicable legal requirements.

Where Data Is Stored

Platform data is hosted in Microsoft Azure, with primary infrastructure in East US 2. Certain data may also be processed through third-party service providers that support authentication, AI workflows, billing, communications, customer support, or security operations.

Where required, we implement contractual, organizational, and technical safeguards designed to protect personal data during international transfers.

Security Measures

Automated Recruiter implements administrative, technical, and organizational safeguards designed to protect data, including:

• Encryption in transit
• Encryption at rest where supported
• Managed Identity and access controls
• Role-based access control and least-privilege practices
• Infrastructure monitoring, structured logging, and audit events
• Restricted production access
• Operational safeguards around billing and entitlement changes

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain data based on operational needs, customer instructions, legal obligations, financial recordkeeping requirements, and legitimate business needs such as fraud prevention, billing reconciliation, dispute resolution, and security investigations.

Raw Inbound Email Artifacts

Examples include raw email messages and ingestion artifacts.

Typical retention period: 30 days

Use of Candidate Data

Retention of candidate data does not grant unrestricted rights to use such data for unrelated purposes. Any use of candidate data beyond providing the service to the relevant customer will be subject to applicable law, customer agreements, and any required notice or consent.

Where permitted by law and consistent with applicable agreements, Automated Recruiter may use candidate-related data to support platform functionality, system improvement, and future product capabilities, including candidate matching and rediscovery systems. We do not use candidate personal data for talent matching or rediscovery features that operate independently of the original hiring context without first providing notice and obtaining consent or another applicable legal basis.

Resumes, candidate attachments, and candidate records may be retained while the associated customer account remains active or while the candidate profile remains active within platform workflows. Working review threshold: up to 7 years after last meaningful candidate activity, unless earlier deletion is required by customer instruction, applicable law, a validated rights request, or a different written agreement.

Upon account cancellation or termination, we will delete or anonymize customer recruiting and candidate data within 60 days of the account closure date, except as required for legal compliance, billing record-keeping, fraud prevention, dispute resolution, or enforcement of agreements. Customers may request earlier deletion of specific candidate records at any time through Contact us.

Billing, Subscription, and Financial Records

Billing account records, invoices, payment status, tax information, tax determinations, refund and credit records, overage records, entitlement history, and related commercial records may be retained after cancellation or account closure as reasonably necessary for accounting, tax, audit, dispute resolution, collections, fraud prevention, and legal compliance.

Typical retention period: at least 7 years where reasonably necessary for financial, tax, audit, dispute, fraud, or enforcement purposes

Logs and Diagnostics

System logs, support diagnostics, and infrastructure records are generally retained for a limited period consistent with security, observability, and operational needs.

Typical retention period: about 30 days, unless longer preservation is reasonably necessary for incident investigation, abuse review, legal hold, or related operational needs.

Enterprise and Contract-Specific Retention

Enterprise or custom-contract customers may receive different retention or deletion terms where expressly agreed in writing.

Privacy Rights and Requests

Depending on where you are located, you may have rights under applicable privacy law with respect to personal information we process about you as a controller (such as account, billing, and support data). These may include the right to:

• Know what personal information we have collected about you and how it is used
• Access or obtain a copy of personal information we hold about you
• Correct inaccurate personal information
• Delete personal information, subject to applicable exceptions
• Restrict or object to certain processing
• Data portability where required by law
• Opt out of sale or sharing of personal information (we do not sell personal information for monetary consideration)

To submit a request, use the Contact form and choose Data rights request (access / deletion / correction). We will respond within the timeframe required by applicable law (typically 30–45 days). We may require identity verification before responding.

Where we process data on behalf of a customer organization (such as candidate and recruiting data), requests relating to that data may need to be directed to the relevant customer organization first, as they control the underlying hiring relationship. We may retain certain records despite a deletion request where necessary for legal compliance, billing reconciliation, fraud prevention, dispute resolution, or enforcement of agreements.

California Privacy Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) with respect to personal information we process about you as a business or controller:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, share, or sell.
• Right to Delete: Request deletion of personal information we have collected, subject to exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out: Opt out of the sale or sharing of personal information. We do not sell or share personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: Where we process sensitive personal information (as defined by CPRA) as a business, you may request that we limit its use to providing the service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise California rights, submit a request through Contact us and choose Data rights request (access / deletion / correction). We will respond within 45 days, extendable by an additional 45 days where reasonably necessary. For candidate and recruiting data processed on behalf of a customer organization, please direct your request to the relevant employer or staffing agency first.

Do Not Sell or Share: Automated Recruiter does not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

Other State Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, Texas, or another state with a comprehensive consumer privacy law, you may have similar rights to access, correct, delete, and opt out of certain uses of your personal information that we process as a controller. To submit a request, use the Contact form and choose Data rights request (access / deletion / correction). We will respond as required by applicable law. These rights generally apply to personal information we process about you directly (such as account, billing, and support data) rather than candidate or recruiting data processed on behalf of a customer organization.

Children's Privacy

The platform is intended for professional recruiting use and is not directed to children under 13. We do not knowingly collect personal information from children in violation of applicable law.

Policy Updates

We may update this Privacy Policy periodically. Updated versions become effective when posted or as otherwise stated. Continued use of the platform after an updated effective date is subject to the revised policy.

Privacy Contact

For privacy, billing-data, or data-rights questions, contact us.