Privacy Policy - shAIrlock

1. Introduction

Welcome to shAIrlock ("we," "our," or "us"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you use our AI-powered interview facilitation platform and related services.

This policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws worldwide. By using our services, you agree to the collection and use of information in accordance with this policy.

Key Principles:

We only collect data necessary for providing our services
Your data is processed lawfully, fairly, and transparently
We implement strong security measures to protect your information
You have control over your personal data and can exercise your rights at any time

2. Information We Collect

We collect different types of information to provide and improve our services to you:

2.1 Information You Provide Directly

Account Information: Name, email address, job title, company name, and contact details
Candidate Information: Names, email addresses, phone numbers, and professional details of interview candidates
Interview Data: Job descriptions, interview questions, candidate responses, and feedback
Payment Information: Billing address and payment method details (processed securely by third-party payment processors)
Communication Data: Messages, support requests, and feedback you send to us

2.2 Information We Collect Automatically

Usage Data: Platform interactions, feature usage, session duration, and navigation patterns
Technical Data: IP address, browser type and version, device information, operating system
Performance Data: AI analysis results, interview assessments, and platform performance metrics
Cookies and Tracking: Essential cookies for functionality, analytics cookies for improvement (with your consent)

2.3 Information from Third Parties

Integration Data: Information from HR systems, applicant tracking systems, or other platforms you connect
Authentication Data: Information from single sign-on providers like Google or Microsoft

3. Legal Basis for Processing

Under GDPR and other data protection laws, we process your personal data based on the following legal grounds:

Contractual Necessity

Processing necessary to provide our interview services, manage your account, and fulfill our contractual obligations.

Legal Obligation

Processing required to comply with applicable laws, regulations, legal processes, or regulatory requirements.

Legitimate Interests

Processing for our legitimate business interests, such as improving services, fraud prevention, and security.

Consent

Processing based on your explicit consent for specific activities, such as marketing communications or analytics.

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Core Service Delivery

Generate AI-powered interview questions and assessments tailored to specific roles
Analyze candidate responses and provide real-time evaluation insights
Create detailed interview reports and candidate assessments
Facilitate interview scheduling and management
Provide customer support and technical assistance

4.2 Platform Improvement and AI Enhancement

Improve AI algorithms and assessment accuracy through machine learning
Develop new features and enhance existing functionality
Analyze usage patterns to optimize user experience

4.3 Business Operations

Process billing and payments for our services
Send important service updates and notifications
Comply with legal obligations and regulatory requirements
Protect against fraud, abuse, and security threats
Enforce our terms of service and other agreements

4.4 Communications (With Your Consent)

Send promotional emails about new features and updates
Share industry insights and best practices
Invite you to webinars, events, or product demonstrations
Request feedback and conduct user research surveys

5. International Data Transfers

As a global platform, we may transfer your personal data outside the European Economic Area (EEA) to provide our services. When we do so, we ensure appropriate safeguards are in place:

Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
Standard Contractual Clauses: EU-approved contractual protections for international transfers
Binding Corporate Rules: Internal data protection rules for transfers within our corporate group
Certification Schemes: Transfers under approved certification mechanisms

We regularly review and update our transfer mechanisms to ensure continued compliance with evolving data protection regulations.

6. Data Security

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

End-to-end encryption for data in transit and at rest
Multi-factor authentication and access controls
Regular security audits and penetration testing
Automated threat detection and response systems
Secure cloud infrastructure with industry-leading providers

Organizational Measures

Comprehensive staff training on data protection
Strict access controls based on need-to-know principles
Regular security awareness programs
Incident response and breach notification procedures
Third-party security assessments and audits

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, comply with legal obligations, and protect our legal interests:

Retention Periods by Data Type

Account Information Duration of account + 3 years

Interview Data 7 years (or as specified by customer)

Usage Analytics 2 years from collection

Marketing Data Until consent withdrawn + 1 year

Support Communications 3 years from last interaction

When determining retention periods, we consider the amount, nature, and sensitivity of the data, potential risks from unauthorized use, the purposes for processing, applicable legal requirements, and whether we can achieve those purposes through other means.

8. Your Data Protection Rights

Under GDPR and other applicable data protection laws, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you, including information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data under certain circumstances, such as when it's no longer necessary.

Right to Restrict Processing

Request limitation of how we process your data in specific situations, such as while we verify accuracy.

Right to Data Portability

Receive your personal data in a structured, machine-readable format for transfer to another service.

Right to Object

Object to processing of your personal data for certain purposes, including direct marketing.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within one month, though this may be extended in complex cases. We may need to verify your identity before processing certain requests.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze platform usage, and provide personalized features:

Types of Cookies We Use

Essential Cookies

Required for the platform to function properly. These include authentication, security, and basic functionality cookies.

Performance Cookies

Help us understand how users interact with our platform by collecting anonymous usage statistics.

Functional Cookies

Remember your preferences and settings to provide a more personalized experience.

Cookie Management

You can control cookie usage through your browser settings or our cookie preference center. Note that disabling certain cookies may limit platform functionality.

10. Data Sharing and Third-Party Services

We may share your personal data with trusted third parties under specific circumstances:

10.1 Service Providers

Cloud Infrastructure: AWS, Google Cloud for secure data hosting and processing
Payment Processing: Stripe, PayPal for secure payment transactions
Email Services: SendGrid, Mailchimp for transactional and marketing emails
Analytics: Google Analytics, Mixpanel for usage analytics and insights
Customer Support: Zendesk, Intercom for customer service and support

10.2 Business Partners

We may share anonymized, aggregated data with research partners or industry organizations to advance AI hiring technology and best practices.

10.3 Legal Requirements

We may disclose your information if required by law, legal process, or to protect the rights, property, or safety of shAIrlock, our users, or others.

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated policy on our website with a new "Last updated" date
Sending email notifications for significant changes
Providing in-platform notifications when you next access our services

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

9. Contact Us

If you have questions about this Privacy Policy, want to exercise your data protection rights, or need to contact our Data Protection Officer, please reach out to us:

General Privacy Inquiries

Email: support@shairlock.com
Subject Line: Privacy Policy Inquiry
Response Time: Within 48 hours

Data Protection Officer

Email: support@shairlock.com
Subject Line: DPO - Data Rights Request
Response Time: Within 30 days