🔒 Legal

Privacy Policy

We are committed to protecting your personal data and being transparent about how we collect, use, and share it.

Effective Date: April 5, 2025
Last Updated: April 5, 2025
Version: 3.0
ℹ️
Plain-Language Summary

We collect information you give us (like your name, resume, and job preferences) and information about how you use our platform. We use it to match you with jobs, improve our service, and communicate with you. We never sell your personal data. You can delete your account and data at any time.

1Who We Are

TaIQ Inc. ("TaIQ," "we," "us," or "our") operates the TaIQ recruitment platform, accessible at www.taiq.us and through our mobile applications. We act as a data controller for the personal data you provide to us.

Our registered address is: 123 Innovation Drive, Suite 400, Philadelphia, PA 19103, United States.

We have appointed a Data Protection Officer (DPO) who can be reached at [email protected].

2Data We Collect

Information You Provide Directly

  • Account data: name, email address, password (hashed), phone number, profile photo
  • Candidate profile: resume/CV, work history, education, skills, certifications, salary expectations, job preferences, LinkedIn URL
  • Employer profile: company name, size, industry, job postings, billing information
  • Applications: cover letters, responses to screening questions, interview availability
  • Communications: messages sent through our platform, support tickets, survey responses

Information Collected Automatically

  • Usage data: pages visited, job searches, applications submitted, time on site, features used
  • Device data: IP address, browser type and version, operating system, screen resolution
  • Location data: city/region level, derived from IP address (we do not collect precise GPS location)
  • Cookies and tracking: see our Cookie Policy for full details

Information from Third Parties

  • LinkedIn profile data (when you connect your account or apply via LinkedIn)
  • Background check results (only when you explicitly authorize a check)
  • Identity verification data from our verification partners
  • Public professional profiles and contact details from data enrichment providers

3How We Use Your Data

Purpose Data Used Legal Basis
Create and manage your account Account data Contract performance
Match candidates with relevant jobs Profile, skills, preferences Contract / Legitimate interest
Enable employers to search candidates Profile (you control visibility) Contract performance
Send application status updates Email, application data Contract performance
Improve platform features with AI/ML Anonymized usage data Legitimate interest
Send marketing emails (optional) Email, job preferences Consent
Prevent fraud and abuse Usage data, IP address Legitimate interest / Legal obligation
Comply with legal requirements As required Legal obligation

4Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide you with the services you have requested.
  • Legitimate interests: Processing that is in our legitimate business interests, such as preventing fraud, improving our services, and conducting analytics — balanced against your privacy rights.
  • Legal obligation: Processing required to comply with applicable laws and regulations.
  • Consent: Where you have given explicit consent (e.g., marketing emails, non-essential cookies). You may withdraw consent at any time without affecting prior processing.

5Data Sharing

We never sell your personal data.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We share data only in the following circumstances:

  • With employers: When you apply to a job, your profile and application materials are shared with that employer. You control which profile elements are public.
  • Service providers: AWS (hosting), SendGrid (email delivery), Stripe (payments), Cloudflare (security/CDN) — all bound by data processing agreements.
  • Background check partners: Only when you explicitly initiate a background check.
  • Analytics providers: Aggregated, de-identified data only — no personally identifiable information.
  • Legal requirements: When required by law, court order, or to protect the safety of our users.
  • Business transfers: In the event of a merger or acquisition, personal data may be transferred. We will notify you before your data is subject to a different Privacy Policy.

6International Data Transfers

TaIQ is headquartered in the United States. If you are located outside the US, your data will be transferred to and processed in the United States and other countries. We ensure appropriate safeguards are in place:

  • For transfers from the EEA/UK: We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • We maintain EU-US Data Privacy Framework certification
  • All third-party processors are vetted for adequate protection standards

7Data Retention

Data Type Retention Period
Active account data Duration of account + 30 days after deletion request
Application records 2 years from application date
Usage / analytics logs 13 months (rolling)
Financial / billing records 7 years (legal requirement)
Support tickets 3 years
Fraud prevention data 5 years
Marketing consent records Until withdrawn + 3 years

8Your Privacy Rights

👁️

Right to Access

Request a copy of all personal data we hold about you.

✏️

Right to Rectification

Correct inaccurate or incomplete personal data.

🗑️

Right to Erasure

Request deletion of your data ("right to be forgotten").

⏸️

Right to Restriction

Restrict how we process your data in certain circumstances.

📦

Data Portability

Receive your data in a structured, machine-readable format.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, email [email protected] or visit your account settings. We will respond within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before fulfilling a request.

EEA/UK residents may also lodge a complaint with their local supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU).

9Children's Privacy

TaIQ is not directed at individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately at [email protected] and we will delete it promptly.

10AI & Automated Decision-Making

🤖
How We Use AI on TaIQ

We use machine learning to power our job-matching algorithm. Automated decisions that significantly affect you (such as account suspension) are always reviewed by a human. You can request human review of any automated decision by contacting us.

Our AI systems analyze profile data, skills, search behavior, and application history to rank job recommendations. This profiling is conducted on the basis of legitimate interest and you may opt out at any time by adjusting your preferences in account settings. Opting out will not remove you from the platform but will result in less personalized recommendations.

11Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Bcrypt password hashing (never stored in plain text)
  • Annual third-party penetration testing and SOC 2 Type II audit
  • Multi-factor authentication available for all accounts
  • Strict employee access controls and security training

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, as required by GDPR.

12California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: The categories of personal information we collect and how it is used
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: We do not sell personal information. For targeted advertising opt-outs, see our Cookie Policy
  • Right to Correct: Correct inaccurate personal information
  • Right to Limit: Limit use of sensitive personal information
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To submit a CCPA request, email [email protected] with subject line "California Privacy Request." We will verify your identity and respond within 45 days.

13Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Send you an email notification at least 30 days before changes take effect
  • Display a prominent notice on our platform
  • Update the "Last Updated" date at the top of this page
  • Archive previous versions, accessible by contacting us

Your continued use of TaIQ after the effective date constitutes acceptance of the updated policy.

14Contact Us

Data Protection & Privacy Team

📧 Email: [email protected]

📧 DPO: [email protected]

📬 Mail: TaIQ Inc., Attn: Privacy Team
123 Innovation Drive, Suite 400
Philadelphia, PA 19103, USA

Response time: within 30 days of receipt