Privacy & Legal Policies

1. Controller & Contact

Data Controller: Aikho FZ-LLC, IN5 Tech, Dubai, UAE.

Contact: privacy@aikho.com

2. Definitions

• Personal Data: Any information related to an identified or identifiable natural person.
• Processing: Any operation performed on Personal Data.
• Special Categories/Sensitive Data: Data revealing racial/ethnic origin, health, or biometric data (such as a voiceprint).

3. Data We Collect

We may collect and process different categories of information depending on your role and interaction with the Platform. We act as a Controller for data we process to provide our service to you as a user and as a Processor for data processed on behalf of your employer/client. We are committed to collecting only data that is strictly necessary for our purposes and to verifying its accuracy.

Candidate Data:

This includes information you provide directly or that is collected during your use of the Platform, such as:

• Profile & Identity: Full name, contact details, professional background (CV, education, skills, work history), and application information.
• Voice & AI Data: Audio interviews, transcripts, LLM-generated summaries, and conversational analytics (e.g., sentiment, topics discussed). Audio recordings are considered biometric data and are processed only with your explicit consent.
• Behavioral: Job views, application patterns, and AI matching scores.

Recruiter / Employer Data:

This includes your company's information, user account details, and hiring preferences.

Technical & Usage Data:

We automatically collect data about your device, IP address, and how you use the Platform, as well as information from cookies for security, analytics, and personalization.

Data from Third Parties:

We may receive data from your employer or other third-party providers. When you choose to authenticate or connect with a third-party service like LinkedIn, you authorize us to collect the profile information you have made available through that service. We may also collect publicly available data from social media and other web sources, or purchase data from third-party data providers to enrich your profile.

4. Purposes of Processing (How We Use Data)

We use data for the following purposes:

For Employers (as Processor):

We process candidate application data to enable client-side recruitment activities, including sourcing, screening, and communication. This also includes facilitating communications for a given hiring cycle between a client and their candidate (e.g., follow-ups, status updates, interview scheduling, and requests for information) via channels like email, SMS, and messaging apps.

For You (as Controller):

We process your profile data to provide you with direct services, such as:

• Proactive Job Suggestions: Proposing new job opportunities or interviews to you based on your profile and history.
• Profile Enrichment & Security: We use information from social media and other public web sources to enrich your profile, validate your identity, and secure our services. We also analyze your on-platform behavior to improve our understanding of your preferences and the client-candidate relationship.
• Platform Improvement: Using de-identified data for analytics and to improve our services and AI models.
• Customer Support & Feedback: We offer support and conduct satisfaction surveys via various channels.
• AI & LLM Services: We analyze profiles and interview content to generate summaries, identify key skills, and provide conversational AI support. No solely automated decisions with legal or similarly significant effects are made on our platform.

5. Lawful Bases for Processing

We process data under the following legal bases:

• Consent: For candidate applications and optional data like voice recordings (explicit and separate consent for sensitive data like voiceprints).
• Contractual Necessity: To provide the platform and services to you and our clients.
• Legitimate Interests: To improve services, ensure security, and match candidates to roles.
• Legal Obligations: To comply with legal requirements in the UAE, EU, and China.

6. Data Sharing & Disclosures

We do not sell Personal Data. We share data with:

• Employers/Recruiters: We share your specific application data with the employer to whom you applied. We do not share or sell your data to other clients. You are only introduced to other clients if you choose to apply for their job postings.
• Service Providers/Subprocessors: Hosting (Google Cloud), email/SMS, payment processors, and providers of specific AI services (e.g., speech-to-text, LLMs).
• Corporate Transactions: In the event of a merger or acquisition, under appropriate safeguards.
• Legal/Regulatory Bodies: When required by law.

7. International Data Transfers

• Global Transfers: We may transfer data to Google Cloud data centers in various regions.
• GDPR & UK GDPR: We rely on recognized transfer mechanisms (e.g., Standard Contractual Clauses) as required.
• PIPL Compliance: For data originating from China, we will comply with PIPL requirements, including obtaining separate consent and executing a Standard Contract with the overseas recipient.
• UAE PDPL Compliance: We follow permitted transfer grounds and safeguards.

8. Security Measures

We protect data with robust security measures, including encryption, access control (RBAC, MFA), network security, and continuous monitoring. Client data is logically segregated by tenant.

9. Data Retention

We retain Personal Data only as long as necessary.

• Candidate Profile Data (Your User Data): 24 months from your last activity (unless extended by consent).
• Application Data (for the Employer): Retained as defined in the Data Processing Addendum, or for 24 months if no specific instruction is provided.
• Interview Audio/Video: 12 months for quality and audit purposes, subject to client instructions.
• Employer Data: 7 years for legal and accounting compliance.

10. Your Rights

Depending on your location, you have rights including access, rectification, erasure, and objection. You can also:

• Withdraw Consent: Where processing is based on consent.
• Request an Explanation: Receive a meaningful explanation of key factors in AI-assisted decisions.
• Request Human Review: Contest an AI-assisted outcome and request human review.
• Correct Enriched Data: You have the right to request the correction or deletion of any data collected from third-party sources and integrated into your profile.

11. Children's Data

The platform is not intended for individuals under 18. We do not knowingly collect data from children.

12. Changes to this Policy

We will notify you of any material changes via the platform or by email. The updated policy will be posted with a new "Last Updated" date.

1. Acceptance & Eligibility

By using the platform, you agree to these terms. Users must be 18+ and legally capable of entering into contracts.

2. Services & License

Aikho grants a limited, non-exclusive license to use the platform for recruitment purposes.

3. User Content & Responsibilities

You are responsible for all content you upload, including your CV and voice interviews, and you grant Aikho a license to use this data to provide the service, including through AI and LLM models. You warrant that all information you provide is accurate and lawful.

4. Acceptable Use

You agree not to misuse the platform, including by scraping data, uploading malicious code, or using AI outputs to unlawfully discriminate. You must not attempt to manipulate or deceive our AI agents.

5. Fees & Payment (Employers)

Fees may be subscription or usage-based. Payment is due as specified in your agreement with Aikho.

6. Confidentiality & Data Protection

Both parties will protect confidential information. Personal Data processing is governed by our Privacy Policy and the Data Processing Addendum.

7. Intellectual Property

Aikho owns the platform and its content, but you own your User Content.

8. Disclaimers

The platform is provided "as is." We disclaim all implied warranties to the maximum extent permitted by law.

9. Limitation of Liability

Aikho's liability is limited to the fees paid by the employer (or a reasonable amount for free users) and does not extend to indirect or consequential damages.

10. Governing Law & Dispute Resolution

These terms are governed by the laws of the United Arab Emirates. Disputes will be resolved in Dubai Courts.

This policy explains how we use cookies. We use necessary cookies for core functionality, performance cookies for analytics, and optional advertising cookies only with your explicit consent. For users in China, we will obtain separate and explicit consent for all non-essential cookies as required by PIPL.

Types of Cookies We Use

• Necessary Cookies: Essential for the platform to function properly, including authentication and security.
• Performance Cookies: Help us understand how users interact with our platform through analytics.
• Advertising Cookies: Used for targeted advertising and marketing (only with explicit consent).

Managing Your Cookie Preferences

You can manage your cookie preferences through your browser settings or our cookie consent manager. Note that disabling necessary cookies may affect platform functionality.

Third-Party Cookies

We may use third-party services that set their own cookies, including Google Analytics and advertising partners. Please refer to their privacy policies for more information.

This document governs the processing of Personal Data between the Employer (the Controller) and Aikho (the Processor) for data submitted in the context of a specific job application. It does not cover data processed by Aikho as a Controller for its own user base.

Key Terms

• Subject Matter: Processing of Candidate and Employer Personal Data to provide the Platform for the duration of the subscription.
• Nature & Purpose: Hosting, storage, analysis (including AI-assisted processing), matching, communications, logging, support for the specific client's hiring activities.
• Types of Data: As defined in the Privacy Policy.

Processing Obligations

• Controller Instructions: Aikho processes Personal Data only on documented instructions from the Controller, unless required by law.
• Security Measures (TOMs): See Security Policy and Annex A.
• Subprocessing: Aikho may engage subprocessors listed in Subprocessors & Transfers.
• International Transfers: Aikho implements appropriate safeguards for cross-border transfers.
• Assistance: Aikho assists with data subject requests and incident notifications.
• Return or Deletion: Upon termination, Aikho will delete or return Personal Data per Controller's instruction.
• Breach Notification: Aikho will notify Controller without undue delay after becoming aware of a Personal Data Breach affecting Controller data.

This policy outlines our technical and organizational security measures, including data encryption, access management (RBAC, MFA), network security, and incident response procedures. Our security program is aligned with globally recognized frameworks to ensure a high standard of protection.

Technical Safeguards

• Encryption: Data at rest and in transit is encrypted using industry-standard algorithms.
• Access Control: Role-based access control (RBAC) and multi-factor authentication (MFA) for all accounts.
• Network Security: Firewalls, intrusion detection, and regular security monitoring.
• Data Segregation: Client data is logically segregated by tenant to prevent cross-contamination.

Organizational Measures

• Staff Training: Regular security awareness training for all employees.
• Background Checks: Comprehensive screening for personnel with access to personal data.
• Incident Response: Defined procedures for detecting, containing, and responding to security incidents.
• Regular Audits: Periodic security assessments and compliance reviews.

We are committed to using AI responsibly. Our principles include Human-in-the-Loop (AI assists, humans make final decisions), Fairness (periodic bias testing on models), Transparency (we inform candidates when AI is used), and Privacy by Design. Our tools are designed to help clients comply with employment and anti-discrimination laws.

Core AI Principles

• Human-in-the-Loop: AI systems assist human decision-makers but do not make final hiring decisions autonomously.
• Fairness & Non-Discrimination: Regular testing for bias and discriminatory outcomes across protected characteristics.
• Transparency: Clear disclosure when AI tools are used in the hiring process.
• Privacy by Design: AI systems are built with privacy considerations from the ground up.
• Accountability: Clear governance and oversight of AI system development and deployment.

Bias Mitigation

We implement ongoing monitoring and testing to identify and mitigate potential bias in our AI systems, including regular audits of hiring outcomes and continuous improvement of our algorithms.

We retain Personal Data only as long as necessary, as outlined in this schedule.

Retention Periods

• Candidate Profile Data (Your User Data): 24 months from your last activity (unless extended by consent).
• Application Data (for the Employer): Retained as defined in the Data Processing Addendum, or for 24 months if no specific instruction is provided.
• Interview Audio/Video: 12 months for quality and audit purposes, subject to client instructions.
• Employer Data: 7 years for legal and accounting compliance.

Automatic Deletion

We have automated systems in place to ensure data is deleted according to the schedule above, unless there are legal obligations requiring longer retention.

We may use subprocessors for services like hosting (Google Cloud), email, and AI/LLM processing. We implement appropriate safeguards for all international data transfers.

Key Subprocessors

• Google Cloud Platform: Infrastructure hosting and cloud services
• Email Service Providers: For communication and notifications
• AI/LLM Providers: For advanced AI processing and analysis
• Payment Processors: For billing and subscription management

Transfer Safeguards

All international data transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

This document explains how individuals can exercise their rights by contacting privacy@aikho.com.

Your Rights

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@aikho.com. We will respond to your request within 30 days and may require verification of your identity.

This policy outlines our procedures for detecting, containing, and notifying relevant parties in the event of a data breach.

Incident Response Process

1. Detection: Immediate identification and assessment of potential security incidents
2. Containment: Quick action to contain the incident and prevent further damage
3. Investigation: Thorough analysis to understand the scope and cause
4. Notification: Timely notification to relevant authorities and affected individuals
5. Recovery: Restoration of normal operations and implementation of preventive measures

Breach Notification Timeframes

• Regulatory Authorities: Within 72 hours of becoming aware (where required)
• Data Subjects: Without undue delay when high risk to rights and freedoms
• Business Partners: As specified in contractual agreements

This policy prohibits unlawful activity, misuse of AI outputs, and any actions that would compromise the platform's security or integrity.

Prohibited Activities

• Using the platform for any illegal or unauthorized purpose
• Attempting to gain unauthorized access to any part of the platform
• Interfering with or disrupting the integrity or performance of the platform
• Using AI outputs to make discriminatory hiring decisions
• Attempting to reverse engineer or extract proprietary algorithms
• Sharing account credentials with unauthorized parties

Consequences of Violations

Violations of this policy may result in suspension or termination of your account, legal action, and notification to law enforcement authorities where appropriate.

We are committed to informing candidates when AI tools are used, providing explanations, and offering human review of any AI-assisted outputs.

AI Disclosure

We will clearly inform you when AI tools are being used in your hiring process, including:

• CV screening and matching algorithms
• Interview analysis and assessment
• Automated scoring and ranking systems
• Bias detection and mitigation tools

Right to Explanation

You have the right to receive a meaningful explanation of how AI systems have been used to assess your candidacy and what factors contributed to any automated decisions.

Human Review

You can request human review of any AI-assisted decisions that significantly affect your candidacy. Our human reviewers will consider your request and provide a response within a reasonable timeframe.

The governance of our data is overseen internally by a dedicated team to ensure continuous compliance with our policies on security, privacy, and AI ethics.

Governance Structure

• Data Protection Officer: Oversees compliance with privacy regulations
• Security Team: Manages technical and organizational security measures
• AI Ethics Committee: Reviews AI systems for bias and fairness
• Legal Team: Ensures regulatory compliance across jurisdictions

Continuous Monitoring

We implement continuous monitoring and regular audits to ensure our data practices remain compliant with applicable laws and our internal policies.

Policy Updates

Our policies are reviewed regularly and updated as needed to reflect changes in regulations, technology, and business practices.