Scovai ("we", "us", "our") operates the Scovai talent intelligence platform. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our services, visit our website, or interact with our platform as a recruiter, candidate, or visitor.
We are committed to protecting your privacy in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the EU AI Act (Regulation (EU) 2024/1689), and applicable national data protection laws.
1. Data Controller
The data controller for personal data processed through the Scovai platform is:
Scovai
Email: privacy@scovai.com
For tenant-specific processing (where organisations use Scovai to manage recruitment), the respective organisation acts as the data controller, and Scovai acts as a data processor on their behalf.
2. Data We Collect
2.1 Candidate Data
- Identity data: Name, email address, phone number, location
- CV and career data: Work experience, education, skills, certifications, languages — extracted via AI-powered CV parsing
- Assessment data: Technical assessment responses, psychometric evaluation results (Big Five personality traits, culture fit preferences, leadership style indicators)
- Interview data: AI interview transcripts, responses, and generated evaluation reports
- Scoring data: AI-generated scores across multiple dimensions (technical, experience, education, soft skills, potential) with explainability rationale
- Embedding data: 768-dimensional vector representations of CV content used for semantic matching (not human-readable)
2.2 Recruiter and Organisation Data
- Account data: Name, email, role, organisation name
- Configuration data: Scoring weight preferences, company culture profiles, AI feature settings
- Usage data: Platform activity, feature usage, analytics data
2.3 Website Visitor Data
- Technical data: IP address, browser type, device information
- Usage data: Pages visited, time on site, referral source
3. How We Use Your Data
We process personal data for the following purposes:
- Service delivery: To provide CV parsing, AI scoring, assessments, interview facilitation, and candidate-position matching
- AI-powered analysis: To generate scores, psychometric profiles, interview evaluations, and shortlist rankings using machine learning models
- Platform improvement: To improve the accuracy and fairness of our AI models, optimise user experience, and develop new features
- Compliance: To maintain audit trails, enable human review of AI decisions, and monitor for algorithmic bias
- Communication: To send notifications, assessment invitations, interview links, and service updates
4. Legal Bases for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Providing recruitment services | Performance of contract / Legitimate interest |
| AI scoring and profiling | Explicit consent (Art. 6(1)(a)) + Art. 22 safeguards |
| Psychometric assessments | Explicit consent |
| Bias monitoring | Legitimate interest (ensuring fairness) |
| Audit trail and compliance | Legal obligation |
| Website analytics | Legitimate interest / Consent (cookies) |
5. Automated Decision-Making and Profiling
Scovai uses AI to score candidates, generate psychometric profiles, and produce interview evaluations. In accordance with GDPR Article 22 and the EU AI Act:
- Transparency: Every AI-generated score includes an Explainable AI (XAI) rationale in plain language, explaining why the score was assigned
- Human oversight: No fully automated hiring decisions are made. AI outputs serve as recommendations — human recruiters make final decisions
- Right to contest: Candidates can request human review of any AI-generated assessment or score
- Bias monitoring: We continuously monitor AI scoring for demographic bias across gender and age dimensions
6. Data Retention
- Candidate data: Retained for the duration of the recruitment process plus 12 months, unless consent is given for talent pool retention
- Talent pool data: Retained until consent is withdrawn or for a maximum of 24 months from last activity
- Account data: Retained for the duration of the service agreement plus 12 months
- Audit logs: Error and critical logs retained for 365 days; informational logs for 30 days; warning logs for 90 days
- AI model training data: We do not use individual candidate data to train or fine-tune AI models
7. Data Sharing
We do not sell personal data. Data may be shared with:
- Employer organisations: Candidate data is shared with the recruiting organisation that the candidate applied to or was matched with
- AI infrastructure providers: CV parsing and scoring are processed using locally hosted AI models. Job description generation uses the Anthropic Claude API — only position data (not candidate data) is sent to this external service
- Hosting providers: Infrastructure hosted within the European Economic Area
8. Data Security
We implement appropriate technical and organisational measures including:
- AES-256-CBC encryption for API keys and sensitive credentials
- Argon2 password hashing
- JWT-based authentication with access and refresh tokens
- TLS encryption for all data in transit
- Role-based access control (RBAC) with tenant isolation
- Comprehensive audit logging of all platform actions
9. Your Rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Data portability — receive your data in a structured, machine-readable format (Art. 20)
- Object to processing, including profiling (Art. 21)
- Not be subject to solely automated decisions with legal effect (Art. 22)
- Withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3))
To exercise any of these rights, contact us at privacy@scovai.com. We will respond within 30 days.
10. International Transfers
All data processing occurs within the European Economic Area. We do not transfer personal candidate data outside the EEA. The only external AI service (Anthropic Claude API, used exclusively for job description generation) processes only position-related data, not personal candidate information.
11. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users and posted on this page with an updated "Last updated" date.
12. Contact
For privacy enquiries, data protection requests, or complaints:
Email: privacy@scovai.com
You also have the right to lodge a complaint with your national data protection authority.