shortlistd.io Privacy Policy | AI Recruitment Platform

Last Updated: January 24, 2026

Introduction

Shortlistd, Inc. ("Shortlistd," "we," "us," or "our") provides AI-powered recruitment technology that helps employers find and connect with professional candidates.

This Privacy Policy explains how we collect, use, share, and protect personal information when you:

  • Visit our website (shortlistd.io)

  • Use our recruitment platform

  • Interact with us as a candidate, client, or visitor

Contact Information:

  • Email: privacy@shortlistd.io

  • Address: 221 W 9th St, Wilmington, DE 19801, United States

1. Information for Candidates

1.1 How We Obtain Your Information

If you appear as a candidate in our platform, your information may have been obtained from:

Public Professional Sources:

  • Publicly accessible professional networking platforms

  • Company websites and employee directories

  • Professional portfolios and published work

  • Job board profiles where you've made information public

  • Public business directories

Third-Party Data Providers: We obtain candidate information from third-party professional database providers and contact enrichment services. These providers:

  • Are independent companies with their own privacy policies

  • Source data from publicly available business information

  • Operate as independent data controllers

Specific provider names are available upon request for compliance purposes. Contact privacy@shortlistd.io if you need this information.

Application Direct to Platform: If you apply to jobs through our platform or create a candidate profile, we collect information you provide directly.

1.2 What Information We Collect

Professional Information:

  • Name and professional contact details (business email, work phone)

  • Work history and employment experience

  • Skills, qualifications, and certifications

  • Education and training

  • Professional portfolios and publications

  • LinkedIn profile and other professional links

Communication Data:

  • Messages exchanged about job opportunities

  • Interview responses and assessments

  • Application materials you submit

Platform Usage:

  • How you interact with our platform

  • Jobs you view or apply to

  • Interview completion and results

What We DON'T Collect:

  • Personal (non-business) contact information without your consent

  • Social security numbers or government IDs

  • Financial information

  • Sensitive data about race, religion, health, etc. (see Section 3)

1.3 Why We Process Your Information (Lawful Basis)

Primary Lawful Basis: Legitimate Interest

We process your professional information based on our legitimate interest in:

  • Operating a recruitment technology platform

  • Connecting qualified candidates with employment opportunities

  • Facilitating efficient hiring processes

Our clients (employers) have a legitimate interest in:

  • Identifying qualified candidates for open positions

  • Conducting recruitment activities

Balancing Your Rights:

  • We only use publicly available professional data

  • You can opt out easily at any time

  • No automated hiring decisions (human review required)

  • No processing of sensitive personal data

  • Clear transparency about our processing

Other Lawful Bases:

  • Consent: When you apply directly or opt into services

  • Contract: When necessary to provide services you've requested

  • Legal Obligation: When required by law

1.4 Talent Pool (Shared Candidate Visibility)

How Candidate Visibility Works:

If You're Passively Sourced:

  • When employers search for candidates using our tools

  • Your profile appears in that employer's private workspace only

  • NOT shared with other employers

  • That employer's notes about you remain private

If You Actively Apply or Opt In:

  • When you apply to jobs via our platform

  • When you create a searchable candidate profile

  • When you opt into talent pool visibility

Then your profile becomes part of a shared talent pool where:

  • Multiple employers can discover you for relevant opportunities

  • You get broader exposure to job opportunities

  • Each employer's notes and decisions about you remain private

  • Shortlistd manages the pool as independent controller

Benefits:

  • Apply once, match with multiple relevant opportunities

  • Increased visibility to employers seeking your skills

  • More efficient job search process

Your Control:

  • Opt out of talent pool anytime: shortlistd.io/opt-out

  • Removed from shared pool within 7 days

  • Continue with passive sourcing only (one employer at a time)

  • Or request complete removal from platform

Privacy Protection:

  • Employers never see each other's notes about you

  • No employer knows which other employers viewed you

  • Your application history remains confidential

  • Talent pool participation is optional

1.5 How We Use Your Information

Recruitment Matching:

  • Identify relevant job opportunities for your profile

  • Match your qualifications with employer requirements

  • Facilitate introductions between you and potential employers

Communication:

  • Contact you about relevant job opportunities

  • Facilitate interview scheduling and process

  • Respond to your inquiries

Platform Services:

  • Provide AI-assisted interview tools

  • Generate skills assessments and recommendations

  • Maintain your candidate profile if you create one

Improvement:

  • Analyze aggregated, anonymized data to improve our platform

  • Develop and test new features

  • Enhance matching algorithms

We DO NOT:

  • Sell your data to third parties

  • Use your information for marketing unrelated products

  • Train AI models on your personal data without consent

  • Make automated hiring decisions without human review

1.6 Who We Share Your Information With

Employers (Our Clients): When you match with a job opportunity, we share your professional profile with the employer who posted that opportunity. The employer becomes a joint data controller with us.

Talent Pool Sharing: If you actively apply via our platform, create a profile, or opt into talent pool visibility, your profile becomes searchable by multiple employers for relevant opportunities. Each employer becomes a joint controller when they engage with your profile.

Important:

  • Passive sourcing (when employer searches) = profile shared with that employer only

  • Active application or opt-in = profile visible in shared talent pool

  • Each employer's notes about you remain private

  • You control talent pool participation via shortlistd.io/opt-out

Service Providers (Sub-Processors): We use trusted service providers who process data on our behalf:

  • Messaging Infrastructure: Unipile (for email, LinkedIn, WhatsApp delivery)

  • Cloud Hosting: GCP (for secure data storage)

  • AI Processing: Google Gemini (for analysis and matching)

These providers:

  • Act only on our instructions

  • Are bound by strict data protection agreements

  • Cannot use your data for their own purposes

Data Providers: We coordinate with our data providers (the companies we obtain initial candidate information from) on:

  • Suppression of your data if you opt out

  • Updates to your professional information

  • Data quality and accuracy

Legal Requirements: We may disclose information if required by law, court order, or government request.

We DO NOT:

  • Sell your data to data brokers

  • Share with advertisers or marketers

  • Provide to anyone except as described above

1.7 Your Rights

You have the right to:

Access - Request a copy of your personal data
Correction - Fix inaccurate information
Deletion - Request removal of your data
Object - Opt out of processing
Restriction - Limit how we use your data
Portability - Receive your data in portable format
Human Review - Request human review of AI assessments
Explanation - Understand how AI was used in your evaluation

How to Exercise Your Rights:

Easiest Way - Opt Out: Visit shortlistd.io/opt-out and complete the form. We'll:

  • Remove you from our platform within 7 days

  • Add you to permanent suppression list

  • Coordinate suppression with our data providers

  • Ensure you won't be re-contacted

Other Requests: Email privacy@shortlistd.io with:

  • Subject: "Privacy Request" or "Data Subject Request"

  • Your name and any contact information we might have

  • Specific request (access, correction, explanation, etc.)

Response Time: Within 30 days (or as required by applicable law)

No Cost: Exercising your rights is free

Identity Verification: We may ask for verification to protect your privacy

1.8 Data Retention

Active Recruitment:

  • While you're being considered for opportunities: Duration of recruitment process

  • Platform accounts: While account is active

After Opt-Out:

  • Deleted within 30 days

  • Permanently suppressed to prevent re-discovery

Suppression List:

  • Maintained indefinitely to honor your opt-out

Backup Systems:

  • Deleted from backups within 90 days

Legal Requirements:

  • We may retain some data longer if required by law

1.9 International Data Transfers

Primary Location: United States

If you're located outside the United States:

  • Your data will be transferred to and processed in the U.S.

  • We use appropriate safeguards (Standard Contractual Clauses)

  • You consent to this transfer by engaging with our services

2. Information for Clients (Employers)

2.1 Account Information

When you create a client account, we collect:

  • Company name and contact information

  • User account details (name, email, role)

  • Billing information (processed by Stripe - we don't store card details)

  • Connected account credentials (Gmail/LinkedIn/WhatsApp - encrypted)

2.2 How We Use Client Information

Service Delivery:

  • Provide access to candidate database and platform features

  • Execute outreach on your behalf through connected accounts

  • Generate AI-assisted recruitment insights

  • Facilitate interviews and assessments

Account Management:

  • Process payments and subscriptions

  • Provide customer support

  • Send service updates and notifications

Platform Improvement:

  • Analyze usage patterns (aggregated, anonymized)

  • Develop new features

  • Improve matching algorithms

2.3 Joint Controller Relationship

When you use our candidate sourcing features, you and Shortlistd are joint data controllers for candidate personal data.

What This Means:

  • We share responsibility for GDPR compliance

  • You determine which candidates to contact (purpose)

  • We determine how data is sourced and delivered (means)

  • Both of us must honor candidate rights requests

Your Obligations:

  • Use candidate data only for recruitment purposes

  • Comply with data protection laws in your jurisdiction

  • Honor candidate opt-out and deletion requests

  • Maintain appropriate security measures

Joint Controller Agreement: All clients must accept our Joint Controller Agreement which establishes clear responsibilities.

2.4 Client Data Rights

You can:

  • Export your candidate data at any time

  • Request deletion of your account

  • Object to certain processing activities

  • Request correction of your account information

Contact: privacy@shortlistd.io

3. AI and Automated Processing

3.1 No Automated Hiring Decisions

Critical: Our AI systems DO NOT make final hiring decisions.

How AI Works:

  • AI analyzes candidate profiles and matches with job requirements

  • AI generates recommendations and match scores

  • AI assists with interview question generation and response analysis

  • AI provides summaries and insights

Human Oversight:

  • All AI outputs are advisory only

  • Employers make all final hiring decisions

  • Candidates can request human review at any time

  • No candidate is automatically rejected by AI

3.2 Fairness and Bias Prevention

Prohibited Processing: Our AI systems are designed NOT to infer, process, or use:

  • Race, ethnicity, or national origin

  • Gender, sexual orientation, or gender identity

  • Religious or philosophical beliefs

  • Health information or disability status

  • Political opinions or union membership

  • Genetic or biometric data

If Sensitive Data Appears: If our systems inadvertently surface sensitive data from public sources:

  • Do not use it in hiring decisions

  • Report it to privacy@shortlistd.io immediately

  • We will investigate and improve our filters

3.3 AI Transparency

You Can:

  • Request explanation of how AI evaluated your profile

  • Understand what factors influenced match scores

  • Know what data was analyzed

  • Request human review of AI assessments

  • Opt out of AI processing where legally required

Contact: privacy@shortlistd.io with "AI Processing Inquiry"

4. Data Security

4.1 Security Measures

We implement industry-standard security:

Technical Measures:

  • Encryption in transit (TLS 1.3)

  • Encryption at rest (AES-256)

  • Secure authentication (MFA available)

  • Regular security testing and audits

  • Access controls and logging

Organizational Measures:

  • Employee training on data protection

  • Clear security policies and procedures

  • Incident response plan

  • Vendor security assessments

4.2 Data Breach Notification

If we experience a data breach affecting your personal information:

  • We'll notify you within 72 hours of discovery

  • We'll explain what happened and what data was affected

  • We'll describe steps we're taking to address it

  • We'll notify authorities as required by law

Report Security Concerns: security@shortlistd.io

4.3 Your Responsibility

For Clients:

  • Keep account credentials secure

  • Use strong passwords and enable MFA

  • Secure connected Gmail/LinkedIn/WhatsApp accounts

  • Report suspicious activity immediately

5. Cookies and Tracking

5.1 Cookies We Use

Essential Cookies:

  • Account authentication

  • Platform functionality

  • Security protection

Analytics Cookies:

  • Usage statistics (aggregated)

  • Platform performance monitoring

  • Feature usage analysis

We DO NOT:

  • Use advertising cookies

  • Track you across other websites

  • Sell cookie data

5.2 Your Choices

Browser Settings: You can disable cookies in your browser, but some platform features may not work properly.

Do Not Track: We respect Do Not Track signals where technically feasible.

6. Third-Party Services

6.1 Data Providers

We obtain candidate information from third-party professional database providers and contact enrichment services.

Important: These providers are independent data controllers, not our sub-processors. They have their own:

  • Privacy policies

  • Lawful bases for processing

  • Opt-out mechanisms

  • Data protection practices

Specific Provider Information: For compliance purposes, you can request the names and contact information of our data providers by emailing privacy@shortlistd.io.

Coordination: When candidates opt out:

  • We remove them from our platform

  • We coordinate suppression with our data providers

  • We maintain permanent suppression list

6.2 Sub-Processors

We use the following service providers who process data on our behalf:

Messaging Infrastructure:

  • Unipile - Facilitates email, LinkedIn, and WhatsApp delivery through client-connected accounts

  • Privacy: https://www.unipile.com/privacy-policy/

Cloud Hosting:

  • GCP - Secure data storage and platform hosting

  • Privacy: https://cloud.google.com/terms/cloud-privacy-notice

  • Location: United States

AI Processing:

  • Google Gemini - Natural language processing and analysis

  • Privacy: https://ai.google.dev/gemini-api/terms_preview

  • Usage: Enterprise terms (no training on customer data)

Payment Processing:

  • Stripe - Payment and billing

  • Privacy: https://stripe.com/privacy

  • Note: We do not store credit card information

Sub-Processor Changes: We'll notify clients 30 days before adding new sub-processors. Clients have the right to object.

7. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect information from children.

If you believe we've collected information from a child, contact privacy@shortlistd.io immediately.

8. Changes to This Policy

Updates: We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices

  • New legal requirements

  • New features or services

  • User feedback

Notification:

  • Material changes: 30 days notice via email

  • Minor updates: Posted on website with updated date

  • Previous versions: Available upon request

Continued Use: Continued use of our services after changes constitutes acceptance of the updated policy.

9. Your Privacy Rights by Region

9.1 European Economic Area (EEA), UK, Switzerland

GDPR Rights: All rights described in Section 1.6 apply, plus:

  • Right to lodge complaint with supervisory authority

  • Right to object to processing based on legitimate interest

  • Right to withdraw consent at any time

EU Representative: [If applicable]

Supervisory Authority: [Your local data protection authority]

9.2 California Residents (CCPA/CPRA)

Your Rights:

  • Right to know what personal information we collect

  • Right to delete personal information

  • Right to opt out of "sale" (we don't sell data)

  • Right to non-discrimination for exercising rights

  • Right to correct inaccurate information

  • Right to limit use of sensitive personal information

How to Exercise: Email privacy@shortlistd.io or visit shortlistd.io/opt-out

No Sale of Data: We do not sell personal information.

Shine the Light: California residents may request information about data shared with third parties for their marketing purposes (we don't do this).

9.3 Other U.S. States

Similar rights may apply under:

  • Virginia CDPA

  • Colorado CPA

  • Connecticut CTDPA

  • Utah UCPA

Contact privacy@shortlistd.io for information specific to your state.

10. Contact Us

For Privacy Requests:

Email: privacy@shortlistd.io
Subject: "Privacy Request" or specific request type

For Opt-Out:

Web Form: shortlistd.io/opt-out (fastest)
Email: privacy@shortlistd.io with "Opt Out Request"

For General Questions:

Email: info@shortlistd.io
Address: 221 W 9th St, Wilmington, DE 19801, United States

For Security Issues:

Email: security@shortlistd.io
Subject: "Security Incident" or "Security Concern"

For AI Processing Questions:

Email: privacy@shortlistd.io
Subject: "AI Processing Inquiry"

11. Legal Information

11.1 Data Controller

Shortlistd, Inc. is the data controller for information processed through our platform.

For candidate sourcing features, Shortlistd and our clients are joint data controllers.

11.2 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer: Email: dpo@shortlistd.io

11.3 Legal Basis Summary

Processing Activity

Legal Basis

Candidate sourcing and matching

Legitimate interest

Platform accounts and services

Contract performance

Direct applications

Consent + Contract

Marketing communications

Consent

Legal compliance

Legal obligation

Security and fraud prevention

Legitimate interest

11.4 International Frameworks

We comply with:

  • EU-U.S. Data Privacy Framework (if certified)

  • Standard Contractual Clauses for international transfers

  • Appropriate safeguards under GDPR Article 46

Appendix: Detailed Data Categories

Information We May Process:

Professional Identity:

  • Full name

  • Professional titles and roles

  • Company names and employment history

  • LinkedIn profile and professional URLs

Contact Information:

  • Business email addresses

  • Work phone numbers

  • Professional social media handles

Professional Background:

  • Work experience and job history

  • Skills and competencies

  • Education and certifications

  • Professional achievements and publications

  • Portfolio work and projects

Communication Records:

  • Messages about job opportunities

  • Interview responses and transcripts

  • Application materials you submit

  • Support inquiries

Platform Activity:

  • Jobs viewed and applied to

  • Search activity (for clients)

  • Interview completion

  • Profile updates

Technical Information:

  • IP address

  • Browser type and version

  • Device information

  • Log data

END OF PRIVACY POLICY

Version History

  • v3.0 (January 24, 2026): Updated data provider disclosure approach, enhanced transparency

  • v2.0 (December 2, 2025): Added AI processing details, expanded candidate rights

  • v1.0 (Initial): First publication

Questions? Contact privacy@shortlistd.io

Opt Out? Visit shortlistd.io/opt-out