Effectv Innovations LLC Privacy Policy

Customer Responsibility: Customers must establish their own lawful basis for processing candidate data (typically consent or legitimate interests) and document it appropriately.

5. INFORMATION SHARING AND DISCLOSURE

5.1 We Do NOT Sell Personal Information

EffectvHire does not sell, rent, or trade personal information to third parties for monetary or other valuable consideration. This includes candidate data, Customer data, and End User data.

5.2 Sharing with Customer-Authorized Parties

• Within Customer Organizations: End Users authorized by the Customer can access candidate information and hiring data according to their assigned roles and permissions

• Customer’s ATS: Data may sync with the Customer’s integrated Applicant Tracking System as configured

5.3 Service Providers and Subprocessors

We share information with trusted third-party service providers who assist in operating our platform:

Current Subprocessors (as of [DATE]):

• Cloud Hosting: Microsoft Azure – Data centers in [EU-Germany West, EU-France South]

• Payment Processing: Stripe – PCI-DSS compliant payment processing

• Email Services: Zepto Mail – Transactional and marketing email delivery

• Analytics: PostHog (anonymized IP) – Usage analytics

• Customer Support: Zoho Desk – Support ticket management

• Authentication: JWT based Tokens – Secure user authentication and OTP based verifications

Subprocessor Commitments:

• All subprocessors are bound by Data Processing Agreements (DPAs)

• Limited to processing data only as instructed by EffectvHire

• Required to implement appropriate security measures

• Prohibited from using data for their own purposes

Updated Subprocessor List: Customers will be notified 30 days in advance of any new subprocessors. The current list is available at [www.Effectv.ai/subprocessors].

5.4 Legal and Safety Disclosures

We may disclose information when required by law or to protect rights and safety:

• Legal Compliance: Court orders, subpoenas, government investigations, or regulatory requests

• Safety and Security: Preventing fraud, security threats, or illegal activity

• Rights Protection: Enforcing our Terms of Service or defending legal claims

5.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred to the successor entity. Affected parties will be notified, and the new entity will be bound by this Privacy Policy or provide notice of changes.

6. DATA SECURITY

6.1 Technical and Organizational Measures

EffectvHire implements industry-standard security controls to protect personal information:

Encryption:

• Data in Transit: TLS 1.2+ encryption for all data transmission

• Data at Rest: AES-256 encryption for stored candidate resumes and sensitive data

• Database Encryption: Encrypted database backups and storage

Access Controls:

• Multi-Factor Authentication (MFA): Required for all user accounts

• Role-Based Access Control (RBAC): Users access only data necessary for their role

• Principle of Least Privilege: Minimal access rights granted by default

• Audit Logging: All data access and modifications are logged

Infrastructure Security:

• Secure Cloud Hosting: Azure compliance-enabled services (SOC 2, ISO 27001)

• Network Segmentation: Isolated production, staging, and development environments

• Regular Security Audits: Penetration testing and vulnerability assessments (at least annually)

• Automated Monitoring: Real-time threat detection and incident response

Application Security:

• Secure Development Practices: Code reviews, static analysis, and dependency scanning

• Regular Patching: Timely updates to address security vulnerabilities

• Data Sanitization: Input validation and output encoding to prevent injection attacks

6.2 Employee Access and Training

• Background Checks: All employees with data access undergo background verification

• Confidentiality Agreements: Legally binding NDAs for all personnel

• Security Training: Annual privacy and security awareness training

• Limited Access: Only authorized personnel access production systems

6.3 Incident Response

In the event of a data breach affecting personal information:

• 72-Hour Notification (GDPR): Customers will be notified within 72 hours of discovery for breaches involving EEA data

• CCPA Notification: California residents will be notified as required by law

• Supervisory Authority Reporting: We will assist Customers in reporting to relevant data protection authorities

• Incident Investigation: Full root cause analysis and remediation plan

Current Security Status:

• ✅ Basic security controls implemented (encryption, OTP, access controls)

• ✅ Self-assessment against SOC 2 criteria (estimated 70% readiness)

• 🔄 SOC 2 Type II audit in progress (projected completion: [12 months from launch])

• 🔄 ISO 27001 certification planned (Year 2)

7. DATA RETENTION

7.1 Retention Periods

Candidate Data (Processed on Behalf of Customers):

• Active Hiring: Retained during the active hiring process as configured by the Customer

• Customer Control: Customers can delete candidate data at any time through the platform

• Post-Termination: Upon Customer account termination, candidate data is deleted within 90 days unless legally required to retain

• Backup Retention: Deleted data is purged from backups within 180 days

Customer Account Data:

• Active Accounts: Retained for the duration of the Customer relationship

• Terminated Accounts: Billing and account data retained for 7 years for tax and legal compliance

• Marketing Preferences: Retained until consent is withdrawn

Usage Data and Logs:

• Security Logs: Retained for 12 months for security monitoring and incident investigation

• Anonymized Analytics: Aggregate, de-identified usage data may be retained indefinitely for product improvement

7.2 Customer-Directed Deletion

Customers can delete candidate data at any time through the platform:

1. Navigate to the candidate profile

2. Select “Delete Candidate Data”

3. Confirm deletion

4. Data is permanently removed within 30 days (excluding legally required retention)

8. YOUR PRIVACY RIGHTS

8.1 Rights for EEA, UK, and Swiss Users (GDPR)

Individuals in the European Economic Area, United Kingdom, and Switzerland have the following rights:

Right to Access: Request a copy of your personal information
Right to Rectification: Correct inaccurate or incomplete information
Right to Erasure (“Right to be Forgotten”): Request deletion of your information
Right to Restrict Processing: Limit how we use your information
Right to Data Portability: Receive your information in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
Right to Lodge a Complaint: File a complaint with your local data protection authority

For Candidates: Since EffectvHire processes candidate data on behalf of Customers (as a Data Processor), please direct your data subject requests to the Customer (the hiring company). We will assist Customers in fulfilling these requests within 30 days.

For Customer Contacts and End Users: Email your request to privacy@effectv.ai. We will respond within 30 days.

8.2 Rights for California Residents (CCPA/CPRA)

California residents have the following rights:

Right to Know: Request information about the categories and specific pieces of personal information collected, sources, purposes, and third parties with whom it’s shared
Right to Delete: Request deletion of personal information (subject to legal exceptions)
Right to Correct: Request correction of inaccurate information (CPRA)
Right to Opt-Out of Sale/Sharing: EffectvHire does NOT sell or share personal information
Right to Limit Use of Sensitive Personal Information: EffectvHire does not process sensitive personal information beyond what is necessary to provide the Service
Right to Non-Discrimination: You will not be discriminated against for exercising your rights

To Exercise Your Rights:

• Email: privacy@effectv.ai

• Online Form: [www.Effectv.ai/privacy-request]

We will verify your identity before fulfilling requests and respond within 45 days (extendable by 45 days with notice).

8.3 Rights for Other Jurisdictions

India (DPDP Act):

• Right to access, correction, and erasure

• Right to nominate a representative for data rights

• Right to lodge complaints with the Data Protection Board

Australia (Privacy Act):

• Right to access and correct personal information

• Right to complain to the Office of the Australian Information Commissioner (OAIC)

Canada (PIPEDA):

• Right to access, correct, and challenge the accuracy of personal information

• Right to withdraw consent

9. INTERNATIONAL DATA TRANSFERS

EffectvHire operates globally and may transfer personal information across borders to provide the Service.

9.1 Data Storage Locations

Primary Data Centers:

• All Customers: Microsoft Azure EU-West (Germany)

Data Residency Options: Enterprise customers can request specific data residency configurations.

9.2 Cross-Border Transfer Mechanisms

For EEA, UK, and Swiss Data:

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers to non-EU countries

• Adequacy Decisions: Where applicable, we rely on EU Commission adequacy decisions

• UK Addendum: We comply with the UK GDPR and use the UK Addendum to SCCs

Data Processing Agreement (DPA):
Customers can execute our DPA, which includes SCCs, by emailing legal@Effectv.ai.

9.3 Subprocessor Locations

Our subprocessors may process data in multiple jurisdictions. See Section 5.3 for the list of subprocessors and their locations.

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Cookies We Use

Essential Cookies (Required):

• Session authentication and security

• Platform functionality and preferences

• Load balancing and performance

Analytics Cookies (Optional):

• Google Analytics (with IP anonymization)

• Usage patterns and feature adoption

• Performance monitoring

Preference Cookies (Optional):

• Language and regional settings

• UI customization preferences

10.2 Managing Cookie Preferences

Browser Controls: You can configure your browser to block or delete cookies. Note that disabling essential cookies may impair platform functionality.

Opt-Out Links:

• Google Analytics: [tools.google.com/dlpage/gaoptout]

• Do Not Track: We honor Do Not Track (DNT) signals for analytics cookies

Cookie Consent Management: First-time visitors will see a cookie consent banner (for EU and UK visitors).

11. CHILDREN’S PRIVACY

EffectvHire is a B2B platform designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly. If you believe we have inadvertently collected such information, contact privacy@Effectv.ai.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

• Changes to our data practices

• New legal or regulatory requirements

• Feedback from customers and users

• Product feature additions

Notification of Changes:

• Material Changes: We will notify Customers via email and in-app notification at least 90 days before the effective date

• Minor Changes: We will post the updated Policy on our website and update the “Last Updated” date

• Customer Objection: If you object to material changes, you may terminate your account within 90 days

Version History: Prior versions of this Privacy Policy are available upon request.

13. CONTACT INFORMATION

13.1 Privacy Inquiries

For questions about this Privacy Policy or our data practices:

Email: privacy@Effectv.ai
Mail: EffectvHire
[INSERT COMPANY ADDRESS]
[CITY, STATE, ZIP CODE]

Response Time: We will respond to inquiries within 10 business days.

13.2 Data Protection Officer (DPO)

For GDPR-related inquiries, you may contact our Data Protection Officer:

Email: dpo@Effectv.ai
Mail: Data Protection Officer, EffectvHire
[INSERT ADDRESS]

13.3 Supervisory Authorities

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority:

• EEA: List of EU Data Protection Authorities

• UK: Information Commissioner’s Office (ICO) – ico.org.uk

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – edoeb.admin.ch

13.4 India Grievance Officer (DPDP Act)

Grievance Officer: Rajeev Soni
Email: grievance@Effectv.ai
Response Time: We will acknowledge complaints within 48 working hours and resolve them within 60 days.

14. SPECIFIC REGIONAL DISCLOSURES

14.1 California Privacy Rights (CCPA)

Categories of Personal Information Collected (Last 12 Months):

• Identifiers (name, email, IP address)

• Commercial information (purchase history, billing)

• Internet activity (usage data, cookies)

• Professional information (job title, company)

Business Purposes for Collection:

• Providing and improving the Service

• Customer support and communications

• Security and fraud prevention

• Legal compliance

Third Parties with Whom We Share Information:

• Service providers and subprocessors (listed in Section 5.3)

• Legal and regulatory authorities (when required by law)

Sale/Sharing of Personal Information: We do NOT sell or share personal information.

Sensitive Personal Information: We do not process sensitive personal information as defined by the CPRA.

14.2 Nevada Privacy Rights

Nevada residents have the right to opt-out of the sale of personal information. EffectvHire does not sell personal information, but you may submit an opt-out request to privacy@Effectv.ai

14.3 Virginia, Colorado, Connecticut, and Utah Privacy Rights

Residents of Virginia, Colorado, Connecticut, and Utah have rights similar to those under the CCPA, including:

• Right to access, correct, and delete personal information

• Right to opt-out of targeted advertising and sale (we do neither)

• Right to appeal our decision on a data rights request

To exercise these rights, contact privacy@Effectv.ai.

15. ADDITIONAL TERMS FOR CUSTOMERS (DATA CONTROLLERS)

15.1 Customer Responsibilities

Customers using EffectvHire to process candidate data agree to:

Obtain Necessary Consents:

• Secure all required candidate consents for data processing

• Provide candidates with privacy notices as required by law

• Obtain explicit consent for optional AI Copilot features (interview recordings)

Establish Lawful Basis:

• Document legal basis for processing under GDPR (consent, legitimate interests, etc.)

• Comply with CCPA, DPDP, and other applicable laws

Respond to Data Subject Requests:

• Handle candidate access, deletion, and correction requests

• Contact EffectvHire at privacy@Effectv.ai for assistance in fulfilling requests

Secure Data Inputs:

• Only upload candidate data that you are authorized to process

• Do not upload data from minors under 18

15.2 Data Processing Agreement (DPA)

EffectvHire’s DPA governs our role as Data Processor for candidate information. Key terms include:

• Processing Instructions: We process candidate data only as instructed by the Customer

• Confidentiality: All personnel accessing data are bound by confidentiality obligations

• Subprocessors: Customers are notified 30 days before new subprocessors are engaged

• Data Subject Rights: We assist Customers in responding to data subject requests

• Security Measures: We implement technical and organizational measures per Section 6

• Breach Notification: We notify Customers within 72 hours of discovering a breach

• Data Return/Deletion: Upon termination, we return or delete candidate data as instructed

Executing the DPA: Customers may sign the DPA during onboarding or by emailing legal@Effectv.ai.

16. COMPLIANCE ROADMAP

Current Status (As of 12 Nov 2025):

• ✅ Privacy Policy compliant with GDPR, CCPA, DPDP, and other major regulations

• ✅ Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs)

• ✅ Basic security controls implemented (encryption, MFA, access controls)

• ✅ Self-assessment against SOC 2 criteria (~80% readiness)

• ✅ Privacy by Design principles integrated into product development

In Progress:

• 🔄 SOC 2 Type II audit (projected completion: 12 months from launch)

• 🔄 ISO 27001 certification preparation (Year 2)

• 🔄 Annual penetration testing and vulnerability assessments

• 🔄 Third-party bias audits for AI/ML algorithms

Transparency Commitment:
We are an early-stage company actively pursuing full compliance certifications. We are transparent about our current status and committed to continuous improvement. For questions about our compliance roadmap, contact legal@Effectv.ai.

​

END OF PRIVACY POLICY

​

APPENDIX: DEFINITIONS

Data Controller: The entity that determines the purposes and means of processing personal data (e.g., the Customer hiring company).

Data Processor: The entity that processes personal data on behalf of the Data Controller (e.g., EffectvHire for candidate data).

Personal Information/Data: Any information relating to an identified or identifiable individual.

Sensitive Personal Information: Data revealing racial or ethnic origin, political opinions, religious beliefs, health information, biometric data, etc. (EffectvHire does not intentionally collect this category).

Candidate: An individual applying for or being considered for a job position by a Customer.

End User: An employee or contractor of a Customer who is authorized to use the EffectvHire platform.

SkillDNA: EffectvHire’s proprietary AI-powered skill framework extraction and customization feature.

Questions? Contact us at privacy@effectv.ai