Privacy Policy
Effective Date: April 20, 2025 · Last Updated: April 20, 2025
1. Introduction
BlindScreen, Inc. ("BlindScreen," "we," "us," or "our") operates the BlindScreen platform, including the BlindScreen evaluation engine, BlindScreen CRM, Sentinel legal intelligence service, and associated consulting services (collectively, the "Services"), accessible at blindscreen.us and related subdomains.
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Services. It also describes the rights you have with respect to your personal information and how to exercise them. Please read this policy carefully. If you do not agree with its terms, please discontinue use of our Services.
BlindScreen processes two distinct categories of data: (1) information about our customers and their authorized users ("Customer Data"), and (2) information about job candidates submitted for evaluation ("Candidate Data"). This policy addresses both categories and explains the different legal bases and protections that apply to each.
2. Information We Collect
2.1 Customer Account Information
When you create an account or engage our consulting services, we collect: your name, email address, job title, employer name, billing information, and account credentials. We use this information to provide, administer, and improve the Services, to process payments, and to communicate with you about your account.
2.2 Candidate Data
Our customers submit resume and application materials on behalf of job candidates for evaluation. This data may include names, contact information, employment history, educational background, skills, and other information contained in a resume or application. BlindScreen acts as a data processor with respect to Candidate Data — we process it solely on behalf of and under the instructions of our customers, who are the data controllers.
Anonymization: Before any Candidate Data is submitted to our AI evaluation engine, BlindScreen applies a two-stage anonymization process that removes or redacts personally identifiable information including names, contact details, dates of birth, graduation years, and other demographic indicators. The AI evaluation engine never receives unanonymized Candidate Data.
2.3 Usage and Technical Data
We automatically collect certain technical information when you use our Services, including IP addresses, browser type, operating system, pages visited, time spent on pages, referring URLs, and other diagnostic data. This information is used to maintain and improve the Services, to detect and prevent fraud and security incidents, and to generate aggregate analytics.
2.4 Communications
If you contact us via email, our contact form, or other channels, we retain the content of your communications and our responses for customer service and quality assurance purposes.
3. Legal Bases for Processing
For customers and users in the European Economic Area, the United Kingdom, or other jurisdictions requiring a legal basis for processing personal data, we rely on the following bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and service delivery | Performance of a contract |
| Payment processing | Performance of a contract |
| Candidate evaluation (as processor) | Customer's instructions and contractual obligation |
| Security monitoring and fraud prevention | Legitimate interests |
| Service improvement and analytics | Legitimate interests |
| Marketing communications (with opt-in) | Consent |
| Legal compliance and regulatory obligations | Legal obligation |
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Services
- Process candidate evaluations on behalf of our customers
- Create and maintain your account and workspace
- Process transactions and send related information, including purchase confirmations and invoices
- Send administrative information, including changes to our terms, conditions, and policies
- Respond to customer service requests and support needs
- Monitor and analyze usage patterns to improve the Services
- Detect, investigate, and prevent fraudulent transactions and other illegal activities
- Comply with applicable legal obligations, including responding to lawful requests from public authorities
- Generate compliance reports and audit documentation as required by applicable law
We do not sell personal information to third parties. We do not use Candidate Data to train our AI models without explicit written consent from the data controller customer.
5. How We Share Information
We may share your information in the following circumstances:
5.1 Service Providers
We engage third-party vendors to perform services on our behalf, including cloud infrastructure (Microsoft Azure), email delivery (Postmark), payment processing, and AI model inference (Azure OpenAI Service). These providers are contractually bound to use your information only as directed by us and in accordance with this policy.
5.2 Customer Instructions
As a data processor for Candidate Data, we share or disclose that data only as directed by the customer who submitted it, or as required by applicable law.
5.3 Legal Requirements
We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a legal obligation.
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
6. Data Retention
We retain Customer Data for as long as your account is active or as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Upon account termination, we will delete or anonymize your personal information within 90 days, except where retention is required by law.
Candidate Data is retained in accordance with the retention policy configured by the customer (data controller). Our default retention period for Candidate Data is 24 months from the date of submission, after which it is automatically purged. Customers may configure shorter retention periods or request immediate deletion at any time through the governance settings in their workspace.
Audit log records are retained for a minimum of 7 years to support regulatory compliance and legal proceedings. Audit logs are immutable and cannot be deleted by customers or BlindScreen staff.
7. Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.2+) and at rest, access controls and authentication requirements, regular security assessments, and employee training on data protection.
No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected individuals and relevant supervisory authorities as required by applicable law.
8. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
| Right | Description | Applicable Jurisdictions |
|---|---|---|
| Access | Request a copy of the personal information we hold about you | GDPR, CCPA, most US states |
| Rectification | Request correction of inaccurate or incomplete information | GDPR, most US states |
| Erasure | Request deletion of your personal information | GDPR, CCPA, most US states |
| Portability | Receive your data in a structured, machine-readable format | GDPR |
| Restriction | Request that we limit processing of your information | GDPR |
| Objection | Object to processing based on legitimate interests | GDPR |
| Opt-out of sale | Opt out of the sale of personal information (we do not sell data) | CCPA/CPRA |
| Non-discrimination | Not be discriminated against for exercising privacy rights | CCPA/CPRA |
To exercise any of these rights, please submit a request to [email protected]. We will respond to verified requests within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
Note for job candidates: If you are a job candidate whose resume was submitted for evaluation by a company using BlindScreen, your data subject rights should be directed to that company (the data controller). BlindScreen will cooperate with and assist the data controller in responding to your request.
9. Automated Decision-Making and AI
BlindScreen uses artificial intelligence to assist in the evaluation of job candidates. Our AI system produces tier rankings (Tier 1, Tier 2, Tier 3) and qualifications assessments based on anonymized resume content. These outputs are intended to assist human decision-makers and do not constitute final employment decisions.
In compliance with applicable law, including the EU AI Act, NYC Local Law 144, the Colorado AI Act, and the Illinois Artificial Intelligence Video Interview Act, we maintain the following safeguards:
- All AI evaluations are performed on anonymized data — the AI never sees candidate names, contact information, or demographic indicators
- Human review is required before any AI evaluation result is used to make or inform a final hiring decision
- Customers are required to conduct and document annual bias audits of AI-assisted screening results
- Candidates have the right to request human review of any AI-assisted evaluation that affects them
- All AI evaluation prompts and model versions are logged and retained for audit purposes
- BlindScreen publishes a System Card documenting the AI system's design, intended use, known limitations, and bias mitigation measures
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Services. Specifically, we use session cookies for authentication (to keep you logged in), preference cookies to remember your settings, and analytics cookies to understand how the Services are used. We do not use third-party advertising cookies or behavioral tracking for advertising purposes.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept authentication cookies, you may not be able to use some portions of the Services.
11. International Data Transfers
BlindScreen is operated from the United States. If you are located outside the United States, please be aware that information we collect may be transferred to, stored, and processed in the United States and other countries where our service providers operate. We ensure that such transfers are made in accordance with applicable data protection law, including through the use of Standard Contractual Clauses approved by the European Commission where required.
12. Children's Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated effective date, and by sending an email notification to the address associated with your account at least 30 days before the changes take effect. Your continued use of the Services after the effective date of the revised policy constitutes your acceptance of the changes.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
This Privacy Policy is provided for informational purposes. BlindScreen recommends that customers consult with qualified legal counsel regarding their own privacy obligations as data controllers.