shortlistd.io Privacy Policy | AI Recruitment Platform

Last Updated: December 2, 2025

About This Policy

We are Shortlistd, Inc., a Delaware corporation operating shortlistd.io. We provide AI-powered recruitment and hiring services that help companies discover, evaluate, and hire talent.

This Privacy Policy explains:

What personal information we collect
How we collect it (including from public sources and third-party enrichment)
How we use and share it
Your privacy rights and how to exercise them
Our data protection practices

Contact Information:

Email: info@shortlistd.io
Address: 221 W 9th St, Wilmington, DE 19801
Privacy inquiries: info@shortlistd.io (Subject: "Privacy Request")

Scope: This policy applies to:

Platform Users (recruiters, hiring managers, HR professionals who use our Services)
Candidates (job seekers whose information appears in or is processed through our platform)
Website Visitors (anyone who visits shortlistd.io)

1. Information We Collect

We collect personal information through multiple channels. The information we collect depends on how you interact with our Services.

1.1 Information You Provide Directly

Account Registration (Platform Users):

Name, email address, phone number
Company name and details
Job title and role
Password and authentication credentials

Profile Information (Both Users and Candidates):

Professional experience and work history
Skills, certifications, and qualifications
Education background
Career preferences and job interests
Resume/CV documents
Portfolio links and professional websites

Communications:

Messages sent through our platform
Support inquiries and feedback
Survey responses
Email correspondence

Payment Information (Platform Users):

Billing name and address
Payment details (processed securely by Stripe; we do not store credit card numbers)

1.2 Information Collected Automatically

Usage Data:

Pages viewed and features used
Time spent on platform
Click patterns and navigation paths
Search queries and filters applied
Actions taken (e.g., saving candidates, sending messages)
Performance metrics and error logs

Device and Technical Information:

IP address and approximate location (city/region level)
Device type, operating system, browser type
Screen resolution and device identifiers
Referring URLs and exit pages
Date and time of access

Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies for:

Authentication and session management
User preferences and settings
Analytics and performance monitoring
Security and fraud prevention

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

1.3 Information Obtained from Public Sources and Third-Party Enrichment

IMPORTANT FOR CANDIDATES: This section explains how we may collect your information even if you did not directly provide it to us.

Sources of Candidate Information:

When clients use our Services to source and discover candidates, we may retrieve publicly available professional information from:

Professional Networking Sites: Public profiles on LinkedIn, GitHub, Stack Overflow, and similar platforms where you have made information publicly accessible
Company Websites: Staff pages, team directories, author pages, and other publicly listed information
Professional Portfolios: Personal websites, blogs, publications, research papers, and public portfolios
Job Boards and Career Sites: Publicly posted resumes and profiles on job search platforms
Public Business Directories: Corporate email patterns, business phone numbers listed in public directories
Public Social Media: Professional information shared publicly on social platforms
News and Publications: Quotes, articles, speaking engagements, and other public appearances
Third-Party Data Enrichment Services: We use providers to discover and enrich candidate data

Categories of Data Retrieved:

From these sources, we may collect:

Professional Information: Current and past job titles, employers, work experience, skills, education
Contact Information: Business email addresses, corporate email patterns, business phone numbers
Public Content: Professional achievements, publications, presentations, projects
Social Profiles: Links to public professional profiles and portfolios
Company Information: Current employer details and publicly listed roles

Important Limitations:

We do NOT scrape or access information behind login walls or paywalls
We do NOT use data from unauthorized breaches or hacked databases
We do NOT deliberately collect personal (non-business) contact information
We respect robots.txt and technical access restrictions
We comply with platform terms of service for public data access

Your Rights Regarding This Data:

If we have collected your information from public sources, you have the right to:

Be informed about this collection (see Section 9.1 for Article 14 notices)
Access the information we hold about you
Request correction of inaccurate information
Request deletion of your information
Object to processing of your information
Restrict how your information is used

See Section 8 for how to exercise these rights.

1.4 Information from Third Parties

Client-Provided Data:

Candidates referred by clients
Applicant information submitted through job postings
Notes and feedback from client interviews

Authentication Services:

Profile information if you sign in via Google, Microsoft, or LinkedIn SSO
We receive only the information you authorize them to share

Analytics and Service Providers:

Aggregated usage statistics
Performance metrics
Security intelligence

2. How We Use Your Information

We process personal information for specific purposes with clear lawful bases under GDPR and other data protection laws.

2.1 Platform Users (Recruiters/HR Professionals)

Purpose: Provide and manage your account and access to Services Lawful Basis: Contract (necessary to provide the service you signed up for) Data Used: Account information, usage data, payment information

Purpose: Improve and personalize our Services Lawful Basis: Legitimate interest (improving our product for users) Data Used: Usage data, feedback, feature engagement

Purpose: Communicate with you about your account and Services Lawful Basis: Contract and legitimate interest Data Used: Contact information, account status, usage patterns

Purpose: Provide customer support Lawful Basis: Contract and legitimate interest Data Used: Support communications, account details, relevant usage data

Purpose: Send marketing and product updates Lawful Basis: Consent (you can opt out anytime) Data Used: Email address, company information, usage patterns

Purpose: Detect fraud and maintain security Lawful Basis: Legitimate interest (protecting our platform and users) Data Used: Login activity, IP addresses, usage patterns, device information

Purpose: Comply with legal obligations Lawful Basis: Legal obligation Data Used: All relevant data as required by law

2.2 Candidates (Job Seekers)

Purpose: Enable client recruitment and candidate sourcing Lawful Basis: Legitimate interest (recruitment and talent acquisition) OR the client's lawful basis when they control the processing Data Used: Professional information, contact details, skills and experience

Important Note: When clients use our platform to process your data, they are typically the "data controller" and determine the purposes of processing. We act as their "data processor" and process your information according to their instructions. However, we ensure our systems and practices support lawful processing.

Purpose: Match candidates with relevant job opportunities Lawful Basis: Legitimate interest (connecting talent with opportunities) Data Used: Skills, experience, preferences, job history

Purpose: Facilitate communication between candidates and clients Lawful Basis: Legitimate interest (enabling recruitment communication) OR consent when explicitly obtained Data Used: Contact information, communication history

Purpose: Improve our candidate discovery and matching algorithms Lawful Basis: Legitimate interest (improving our services) Data Used: Aggregated and anonymized usage patterns (we do NOT use individual candidate data to train AI models without consent)

Purpose: Provide candidates with job recommendations (if you have an account) Lawful Basis: Contract (if you signed up) OR consent Data Used: Profile information, preferences, search history

Purpose: Comply with legal obligations Lawful Basis: Legal obligation Data Used: All relevant data as required by law

2.3 Legitimate Interest Assessment

Where we rely on "legitimate interest" as our lawful basis, we have assessed that:

We have a genuine and legitimate business reason for processing (recruitment, service improvement, security)
The processing is necessary and proportionate to achieve that purpose
The processing is expected in the context of our services
The impact on your privacy rights is minimal and reasonable
Your rights and freedoms do not override our legitimate interests
You have the right to object at any time (see Section 8)

3. How We Share Your Information

We share personal information only as described below. We do NOT sell your personal information to third parties.

3.1 Sharing with Platform Clients (For Candidate Data)

Who: Companies and recruiters using our Services to find and hire candidates

What: Candidate professional profiles, contact information, skills, experience, and related recruitment data

Why: This is the core purpose of our Services - connecting candidates with hiring opportunities

Your Rights: You can request deletion or object to this processing (see Section 8)

3.2 Service Providers and Sub-Processors

We engage third-party companies to provide services on our behalf. These providers have access to personal information only as needed to perform their functions and are contractually obligated to protect it.

Categories of Service Providers:

Hosting and Infrastructure:

Cloud storage and computing (e.g., AWS, Google Cloud)
Content delivery networks
Database management

Data Enrichment and Discovery (FOR CANDIDATE DATA):

Pearch.ai - contact discovery and professional data enrichment
Exa.ai - public data search and retrieval
Similar professional data intelligence providers

Communications:

Email delivery services (e.g., SendGrid, AWS SES)
SMS/phone services
In-app messaging infrastructure

Payment Processing:

Stripe - payment processing (see their privacy policy at stripe.com/privacy)

Analytics and Performance:

Website and platform analytics
Error tracking and monitoring
Performance optimization tools

Security and Fraud Prevention:

Security monitoring services
Fraud detection tools
Authentication providers

Customer Support:

Help desk and ticketing systems
CRM platforms

Current Sub-Processor List: A detailed, up-to-date list of all sub-processors is available upon request by emailing info@shortlistd.io with "Sub-Processor List" in the subject.

Sub-Processor Changes: We will notify clients of any material changes to our sub-processors as outlined in our Data Processing Agreement.

3.3 Legal and Safety Disclosures

We may disclose personal information when required by law or to protect rights and safety:

In response to lawful requests from courts, law enforcement, or government authorities
To enforce our Terms of Service or other agreements
To protect our rights, property, or safety, or that of users or the public
In connection with investigation of fraud, security issues, or illegal activity
To comply with legal obligations (e.g., tax reporting, employment verification)

3.4 Business Transfers

If Shortlistd is involved in a merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Services before your information is transferred and becomes subject to a different privacy policy.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

3.6 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, such as:

Industry benchmarking reports
Usage statistics
Market research insights
Platform performance metrics

4. Data Retention: How Long We Keep Your Information

We retain personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law.

4.1 Platform Users (Recruiters/HR Professionals)

Active Accounts:

Account and profile information: Duration of active account
Usage logs: 12 months
Communications: Duration of account or as needed for support
Payment records: 7 years (for tax and accounting purposes)

Deleted Accounts:

Most account data: Deleted within 90 days of account closure
Financial records: Retained for 7 years (legal requirement)
Anonymized analytics: May be retained indefinitely

4.2 Candidates

Candidate profiles created by clients:

Active recruitment data: Retained while client account is active or as directed by client
After client deletion request: Removed within 30 days
After direct candidate deletion request: Removed within 30 days and added to suppression list

Suppression Lists:

Candidates who request deletion: Hashed identifiers retained indefinitely to prevent re-discovery
This ensures we honor "do not process" requests permanently

Publicly sourced data cache:

Temporarily cached search results: 90 days
After deletion request: Immediate removal from active systems + suppression

4.3 General Retention Criteria

We determine retention periods based on:

Purpose for which data was collected
Legal and regulatory requirements
Legitimate business needs (support, security, fraud prevention)
User expectations and requests
Industry best practices

Early Deletion: Data is deleted sooner if:

It's no longer needed for its original purpose
You exercise your deletion rights
We determine retention is no longer justified

5. International Data Transfers

5.1 Where We Store and Process Data

Our Services are operated from the United States, and personal information is primarily stored and processed in the U.S.

Implications:

U.S. data protection laws may differ from those in your country
Your data may be accessible to U.S. law enforcement under certain circumstances
We implement appropriate safeguards for international transfers (see below)

5.2 European Economic Area (EEA), UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, we transfer your personal data to the United States based on the following mechanisms:

Standard Contractual Clauses (SCCs):

We use EU-approved Standard Contractual Clauses for data transfers
These provide contractual guarantees for data protection
Available upon request

Adequacy Decisions:

Where applicable, we rely on adequacy decisions by the European Commission

Additional Safeguards:

Technical and organizational security measures (encryption, access controls, etc.)
Data Processing Agreements with all sub-processors
Regular security audits and compliance reviews
Transparent privacy practices and rights fulfillment

5.3 Your Rights for International Transfers

You have the right to:

Request information about safeguards for your data transfers
Object to transfers if you believe adequate safeguards are lacking
Obtain a copy of the transfer mechanisms we use (e.g., SCCs)

Contact info@shortlistd.io with "Data Transfer Information" in the subject line.

6. Data Security

6.1 Security Measures

We implement industry-standard technical and organizational measures to protect personal information:

Technical Security:

Encryption in transit (TLS/SSL) and at rest
Secure authentication and access controls
Regular security patching and updates
Intrusion detection and prevention systems
Firewall and network security
Secure development practices
Regular penetration testing and vulnerability assessments

Organizational Security:

Role-based access controls (least privilege principle)
Employee training on data protection and security
Background checks for personnel with data access
Confidentiality agreements with employees and contractors
Incident response and breach notification procedures
Regular security audits and compliance reviews
Vendor security assessments

6.2 Your Security Responsibilities

You play a crucial role in protecting your account:

Use strong, unique passwords
Enable two-factor authentication (if available)
Do not share your login credentials
Log out when using shared devices
Keep your contact information current for security alerts
Report suspicious activity immediately

6.3 Security Limitations

Important: No security system is perfect. While we take security seriously and invest significantly in protection, we cannot guarantee absolute security.

If a Security Breach Occurs:

We will investigate promptly
We will notify affected users as required by law (typically within 72 hours for GDPR)
We will take steps to mitigate harm
We will report to relevant authorities as required
We will provide you with information about the breach and protective actions you can take

Report Security Concerns: If you discover a security vulnerability or suspect unauthorized access, contact info@shortlistd.io immediately with "Security Issue" in the subject line.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit websites. They help websites remember information about your visit.

7.2 How We Use Cookies

Essential Cookies (Necessary):

Authentication and session management
Security and fraud prevention
Load balancing and performance
User preferences

Functional Cookies (Convenience):

Language preferences
Interface customization
Feature preferences
Remember login information

Analytics Cookies (Performance):

Usage statistics
Error tracking
Feature engagement metrics
A/B testing and optimization

Advertising Cookies (Marketing):

We currently do NOT use advertising or remarketing cookies
If this changes, we will update this policy and obtain your consent where required

7.3 Managing Cookies

Browser Controls: You can control or delete cookies through your browser settings. Most browsers:

Let you view, delete, and block cookies
Allow you to set preferences for different websites
Offer "Do Not Track" (DNT) or privacy mode features

Note: Disabling essential cookies may affect platform functionality.

Our Cookie Settings: You can manage your cookie preferences in our platform settings (where available).

Third-Party Cookies: Some cookies are placed by third-party services we use (e.g., analytics). These services have their own privacy policies, and we do not control their cookies.

8. Your Privacy Rights

The rights available to you depend on where you live. Below are rights under major privacy laws (GDPR, CCPA, UK GDPR, and similar).

8.1 Rights Available to Most Users

Right to Access:

Request a copy of the personal information we hold about you
Learn about how we collect, use, and share your information
Receive information in a commonly used electronic format

Right to Rectification/Correction:

Request correction of inaccurate or incomplete personal information
Update your profile and account information directly in your account settings

Right to Deletion/Erasure ("Right to Be Forgotten"):

Request deletion of your personal information
We will comply unless we have a legal reason to retain it
For candidate data, we will add you to our suppression list to prevent re-discovery

Right to Restriction:

Request temporary restriction of how we process your information
Applies in specific circumstances (e.g., while we verify accuracy)

Right to Object:

Object to processing based on legitimate interests
Object to direct marketing (we will stop immediately)
For candidate data, object to being contacted for recruitment purposes

Right to Data Portability:

Receive your personal information in a structured, machine-readable format
Request transmission of this data to another service provider (where technically feasible)

Right to Withdraw Consent:

If we process your data based on consent, you can withdraw it anytime
Withdrawal does not affect the lawfulness of processing before withdrawal

Right to Lodge a Complaint:

You can complain to a data protection authority about our privacy practices
For EU residents: Your local Data Protection Authority
For UK residents: Information Commissioner's Office (ICO)
For California residents: California Attorney General

8.2 Additional Rights for EEA/UK Users (GDPR)

Right to Know Data Sources:

Request information about the sources from which we obtained your data

Right to Know Sub-Processors:

Request a list of sub-processors and third parties we use

Right to Human Review:

Request human intervention in automated decision-making
Note: We don't make automated hiring decisions; all decisions involve human review

Right to Not Be Subject to Automated Decision-Making:

You have the right not to be subject to decisions based solely on automated processing
Our Services do not make fully automated hiring decisions

8.3 Additional Rights for California Residents (CCPA/CPRA)

Under California law, you also have:

Right to Know (detailed):

Categories of personal information collected
Sources from which we collected it
Business purposes for collection
Third parties with whom we share it

Right to Opt-Out of Sale:

We do NOT sell personal information as defined by CCPA
If this changes, we will provide an opt-out mechanism

Right to Non-Discrimination:

We will not discriminate against you for exercising your privacy rights
We will not deny service, charge different prices, or provide different quality based on your privacy choices

Authorized Agents:

You may designate an authorized agent to make requests on your behalf
We may require verification to process agent requests

8.4 How to Exercise Your Rights

For Platform Users:

Access and update: Sign in to your account and edit your profile/settings
Delete account: Go to account settings and select "Delete Account"
Other requests: Email info@shortlistd.io with "Privacy Rights Request" in subject line

For Candidates (whose data was sourced by clients):

Email info@shortlistd.io with "Candidate Privacy Request" in subject line
Include your name, email address (if known to us), and specific request
We may ask for verification to ensure we're responding to the correct person

What We Need to Process Your Request:

Sufficient information to locate your data in our systems
Verification of your identity (to prevent unauthorized access)
Clear description of your request

Response Timeframe:

GDPR: Typically within 30 days (may extend to 60 days for complex requests)
CCPA: Within 45 days (may extend to 90 days)
We will acknowledge your request within 10 business days

No Fees:

We do not charge fees for privacy requests unless they are manifestly unfounded or excessive

Limitations: We may deny or limit requests if:

We cannot verify your identity
The request is manifestly unfounded or excessive
We have a legal obligation to retain the data
The data is necessary for legal claims or defense
Other exemptions under applicable law apply

9. Special Notices

9.1 Notice to Candidates Whose Data Was Collected Indirectly (GDPR Article 14)

If you are a candidate and we obtained your information from public sources or through client use of our Services (not directly from you), this notice applies to you:

Who We Are:

Company: Shortlistd, Inc.
Contact: info@shortlistd.io
Address: 221 W 9th St, Wilmington, DE 19801

What Information We Collected About You:

Professional work history and experience
Skills, qualifications, and education
Contact information (business email, business phone)
Public profiles and portfolio links
Other publicly available professional information

Sources of Your Information:

Public professional networking sites (LinkedIn, GitHub, etc.)
Company websites and staff directories
Professional portfolios and personal websites
Job boards where you made your profile public
Business directories and contact databases
Third-party data enrichment services (Pearch.ai, Exa.ai)

Why We Processed Your Information:

To help employers discover qualified candidates for job opportunities
To match your skills and experience with relevant positions
To facilitate recruitment communication between you and potential employers
To provide clients with recruitment intelligence services

Legal Basis for Processing:

Legitimate interest in recruitment and talent acquisition (our clients' legitimate interest in finding suitable candidates)
Or the specific legal basis established by the client who is the data controller

Who We Shared It With:

Clients (recruiters, hiring managers) seeking candidates for specific roles
Service providers who help us operate our platform (see Section 3.2)

How Long We Keep It:

While actively being used for recruitment purposes
Until you request deletion (then we suppress your data to prevent re-discovery)
See Section 4 for detailed retention periods

Your Rights: You have the right to:

Access the information we hold about you
Request correction of inaccurate information
Request deletion of your information
Object to processing of your information
Restrict how we process your information
Lodge a complaint with a data protection authority

How to Exercise Your Rights: Email info@shortlistd.io with "Candidate Privacy Request" in the subject line, including your name and any email addresses you believe we may have.

Timing of This Notice: Under GDPR, we must provide this notice within 30 days of collecting your data or upon first communication with you, whichever is sooner. In practice:

For passively sourced profiles: We provide this information on our website and upon first contact
For candidates contacted by clients: Clients using our Services are required to provide notice when they contact you

Questions? If you have questions about how we obtained or processed your information, please contact info@shortlistd.io.

9.2 Notice About Automated Decision-Making and Profiling

GDPR Article 22 Notice:

Our Services use AI to assist with candidate discovery, matching, and assessment. However:

We Do NOT Make Automated Hiring Decisions:

Our AI provides recommendations, suggestions, and insights only
All hiring decisions require human review and judgment
Clients (employers) make final decisions about candidates
You have the right to request human review of any AI-generated assessment

How Our AI Works:

Analyzes professional information to match candidates with job requirements
Generates competency scores based on demonstrated skills and experience
Provides structured interview assistance and evaluation
Surfaces relevant candidates from large datasets

Transparency:

We can explain the logic behind AI recommendations
You can request information about how your profile was evaluated
You can challenge AI-generated information or scores

Your Rights:

Right to human intervention in any process that affects you
Right to express your point of view
Right to contest any AI-assisted decision
Right to request manual review

Contact info@shortlistd.io with "AI Processing Inquiry" to learn more or exercise these rights.

9.3 Children's Privacy

Age Restriction: Our Services are not intended for individuals under 18 years of age.

No Knowing Collection: We do not knowingly collect, maintain, or use personal information from children under 18.

If You're a Parent: If you believe we have inadvertently collected information from a child under 18, please contact us immediately at info@shortlistd.io with "Child Privacy Issue" in the subject, and we will promptly delete such information.

9.4 Notice for Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information to third parties.

We Do Not Sell Your Information: Shortlistd does not sell your personal information as defined by Nevada law.

If you are a Nevada resident and have questions, email info@shortlistd.io with "Nevada Privacy Inquiry" in the subject.

10. Changes to This Privacy Policy

10.1 How We Update This Policy

We may update this Privacy Policy from time to time to reflect:

Changes to our Services or business practices
Changes in applicable laws or regulations
Feedback from users or regulators
Implementation of new technologies or features

Notice of Changes:

We will update the "Last Updated" date at the top of this policy
For material changes, we will notify you by:
- Email to your registered address (for platform users)
- Prominent notice on our Services
- In-app notification
Your continued use after notice constitutes acceptance

Reviewing Changes: We encourage you to review this policy periodically. Material changes will be clearly indicated.

10.2 Previous Versions

Previous versions of this Privacy Policy are available upon request by emailing info@shortlistd.io with "Privacy Policy History" in the subject.

11. Third-Party Services and Links

11.1 Third-Party Websites and Services

Our Services may contain links to third-party websites, services, or applications that are not controlled by Shortlistd.

We Are Not Responsible For:

Third-party privacy practices
Content of third-party sites
Security of third-party services

Your Responsibility:

Review the privacy policies of any third-party service you use
Exercise caution when providing information to external sites

11.2 Integrated Third-Party Services

Payment Processing - Stripe:

We use Stripe for payment processing
Stripe's privacy policy: https://stripe.com/privacy
We do not store your full credit card information

Authentication Services:

You may sign in using Google, Microsoft, or LinkedIn accounts
These services have their own privacy policies
We receive only the information you authorize them to share

Data Enrichment Services:

Pearch.ai - professional data enrichment (see their privacy policy)
Exa.ai - public data search (see their privacy policy)
These services are bound by our Data Processing Agreements

12. Contact Us and Data Protection Officer

12.1 General Privacy Questions

For any privacy-related questions, concerns, or requests:

Email: info@shortlistd.io Subject Lines for Specific Requests:

"Privacy Rights Request" - for access, deletion, correction, etc.
"Candidate Privacy Request" - if your data was sourced by clients
"Data Transfer Information" - for transfer mechanism details
"Sub-Processor List" - for current provider list
"AI Processing Inquiry" - for automated processing questions

Mail: Shortlistd, Inc. Attn: Privacy Team 221 W 9th St Wilmington, DE 19801 USA

12.2 Data Protection Officer (DPO)

For EEA/UK-related data protection matters, you may contact our Data Protection Officer:

Email: info@shortlistd.io (Subject: "DPO - [Your Topic]")

12.3 Supervisory Authority Contact

If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority:

For EU Residents: Find your Data Protection Authority: https://edpb.europa.eu/about-edpb/board/members_en

For UK Residents: Information Commissioner's Office (ICO) Website: https://ico.org.uk/make-a-complaint/

For California Residents: California Attorney General Website: https://oag.ca.gov/privacy/ccpa

13. Effective Date and Acceptance

Effective Date: This Privacy Policy is effective as of the "Last Updated" date shown at the top of this document.

Acceptance:

Platform Users: By creating an account or using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.
Candidates: By allowing your information to remain in our systems or by not objecting to processing, you acknowledge this policy. You may exercise your rights at any time as described in Section 8.
Website Visitors: By visiting our site, you consent to the collection and use of information as described for website visitors.

THIS PRIVACY POLICY IS PART OF OUR TERMS OF SERVICE

This Privacy Policy should be read in conjunction with our Terms of Service, Data Processing Agreement (for clients), and other applicable agreements. In case of conflict, the more specific agreement (e.g., DPA) generally prevails.

IMPORTANT REMINDER FOR CLIENTS:

If you process candidate data through our Services, you must:

Execute our Data Processing Agreement (DPA)
Establish your own lawful basis for processing
Provide Article 14 notices to candidates when required
Honor candidate privacy rights and deletion requests

Contact info@shortlistd.io with "DPA Request" to get started.