Let's Talk

Privacy Policy

Last updated: 1/23/2026
Talent Stream Group LLC. Privacy Policy
This Privacy Policy describes how Talent Stream Group LLC ("Talent Stream" "we", “us” or "our") processes personal information that we collect through our digital and online properties or services that link to this Privacy Policy (including as applicable, our website, web application, member platform, mobile app, electronic communications, and social media pages) as well as our marketing activities and other activities described in this Privacy Policy (collectively, the “Service”). 
If you are located outside of the United States, please also see our Notice to users outside of the United States.
This Privacy Policy does not apply to our employees or independent contractors or job candidates.
Personal information we collect
Information you provide to us. Personal information you may provide to us includes:
  • Contact data, such as your first and last name, alias, signature, salutation, email address, billing and mailing addresses, and phone number.
  • Demographic data, such as your city, state, country of residence, postal code, gender, physical characteristics, and age.
  • Profile data, such as account name, the username and password that you may set to establish an online account on the Service, biographical details, job title, avatar, photograph or picture, date of birth, interests, preferences, links to your profiles on social media networks, and any other information that you add to your account profile.  
  • Payment data needed to complete transactions, including payment card information or bank account number. We use a third-party vendor to directly collect and process your payment card information, as described further below.
  • Communications data based on our exchanges with you, including when you contact us through the Service, communicate with us via email, phone, chat features, social media, or otherwise. 
  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • Call/video recordings, such as video and audio recordings of interviews and practice sessions provided on the Service.
  • Employment information, such as your past and current employers and job titles.
  • Education information, such as schools you have attended and academic certifications.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Data about others. We may offer features that help users invite their contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.
Third-party sources. We may combine personal information we receive from you with personal information of the kinds identified above that we obtain from other sources, such as:
  • Public sources, such as credit bureaus, government agencies, public records, publicly accessible social media profiles, and other publicly available sources.
  • Data providers, such as information services, data licensors/brokers, lead generators and cooperative databases. 
  • Service providers that provide services on our behalf or help us operate the Service or our business.
  • Partners, such as joint marketing partners and event co-sponsors.
  • Ad networks
  • Data analytics providers
  • Social media platforms
Automatic data collection. We, our service providers, and our advertising partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:
  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Location data, which may be approximate (for example, as inferred from network data or device settings).
  • Communication interaction data such as your interactions with our email, text, chat or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails enabling us to detect if you have opened or forwarded a message. 
  • Online activity data, such as pages or screens you viewed, search history, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
Tracking technologies. Some of the automatic collection described above is facilitated by the following technologies:
  • Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, credentials, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a web browser session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our service providers and other third parties place. 
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications. 
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed, clicked or forwarded.
  • Chat technologies, such as those provided by third parties that employ cookies and software code to operate the chat features that you can use to communicate with us through the Service.  These third parties may access and use information about webpages visited on our website, your IP address, your general geographic information (e.g., city, state), and other personal information you share through online chats to respond to your questions and for the purposes described in this Privacy Policy.
  • Session-replay technologies, such as those provided by third parties that employ software code to record users’ interactions with the Services in a manner that allows us to watch video replays of those user sessions. The replays include users’ clicks, mobile app touches, mouse movements and scrolls during those sessions. These replays help us diagnose usability problems and identify areas for improvement.
How we use your personal information
We may use your personal information for the following purposes or as otherwise described at the time of collection:
Service delivery and operations. We may use your personal information to:
  • provide and operate the Service;
  • process your requests;
  • enable security features of the Service;
  • personalize the service, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;
  • establish and maintain your user profile on the Service;
  • communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, user-to-user communications, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications; 
  • provide support for the Service, and respond to your requests, questions and feedback;
  • facilitate your invitations to friends you invite to join the Service; 
  • facilitate social features of the Service, such as by identifying and suggesting connections with other users of the Service and providing chat or messaging functionality; 
  • to collect and share user testimonials; 
  • to provide services to our business customers for their purposes, including, but not limited to, personal information for evaluating your candidacy, matching you with job opportunities, facilitating the hiring process, and communicating with you about your application status, and fine-tuning, evaluating, benchmarking, or otherwise training artificial intelligence and machine learning systems.
  • fraud prevention and security.
Research and development. We may use your personal information for research and development purposes, including to develop, analyze and improve our products and services, including to train our AI. We may also provide your call/video recordings to our business customers for their use in research and development of their services, including fine-tuning, evaluating, benchmarking, or otherwise training artificial intelligence and machine learning systems. As part of these activities, we may also create aggregated, de-identified or other anonymous data from personal information. We may use this anonymous or de-identified data and share it with third parties for any lawful business purposes. We do not attempt to reidentify deidentified information derived from personal information, except for the purpose of testing whether our deidentification processes comply with applicable law. 
Data licensing and commercialization. We may use, aggregate, de-identify, or otherwise process your personal information — including call/video recordings, text transcripts, biometric data, and inferred or derived data — to create datasets, analytics products, and other data offerings that we license, sell, or otherwise make available to third parties, including artificial intelligence developers, research institutions, data partners, and other commercial entities, for purposes including but not limited to AI model training, workforce analytics, salary and compensation benchmarking, labor market intelligence, and other lawful commercial purposes.
Marketing and advertising. We and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
  • Direct marketing. We may send you direct marketing communications and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of marketing section.  
  • Interest-based advertising. We and our third-party advertising partners may use cookies, pixels and other technologies to collect information about your interaction (including the data described in the Automatic Data Collection section above) with the Service, our communications and other third party online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online properties. You can learn more about your choices for limiting interest-based advertising in the Your choices section. 
Compliance and protection. We may use your personal information to:
  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, court orders, investigations or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); 
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies; 
  • enforce the terms and conditions that govern the Service; and 
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.  
With your consent. In some cases, we may specifically ask for your consent to collect, use, or share your personal information for further purposes, if those purposes are not compatible with the initial purpose for which that personal information was collected.  
Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:
  • Technical operation. To allow the technical operation of the Service, such as remembering selections as you navigate the site and remembering whether you are logged in.
  • Functionality. To enhance the performance and functionality of our services.
  • Analytics. To help us understand user activity on the Service, including the volume and demographics of users, which pages are most and least visited and how users move around the Service or interact with our emails. 
  • Data sharing in the context of corporate transactions, we may share certain personal information in the context of actual or prospective corporate transactions – for more information, see How we share your personal information, below.
How we share your personal information
We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.  
Business Customers. We provide your personal information, including video and audio of interviews and interview practices, to our business customers for their use. Our business customers determine the uses of the data, but such uses may include, but not be limited to, uses for evaluating your candidacy, matching you with job opportunities, facilitating the hiring process, and communicating with you about your application status, fine-tuning, evaluating, benchmarking, or otherwise training artificial intelligence and machine learning systems, and other purposes as determined by our business customers. 
Affiliates.  In some cases, our corporate parent, subsidiaries, and affiliates might have access to personal information. 
Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, internet service providers, information technology, order fulfillment, customer support, online chat functionality providers, email delivery, marketing, consumer research and website/data analytics).
Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as [Payment Processor – e.g., Stripe]. [Payment Processor] may use your payment data in accordance with its privacy policy, available at [link to payment processor’s policy].
Artificial intelligence platforms. We use third-party artificial intelligence (AI) providers to power certain aspects of the Services. We may also license or sell personal information, including voice and video recordings, biometric data, transcripts, and derived data, to artificial intelligence companies and research institutions for their use in developing and training AI models and related technologies.
Data licensees and AI developers. We may license, sell, or otherwise provide your personal information — including voice and video recordings, text transcripts, biometric data (such as voiceprints and facial geometry), emotion and behavioral data, and derived or aggregated datasets — to third-party artificial intelligence developers, machine learning companies, research institutions, data analytics firms, and other commercial entities for their use in training, developing, and improving AI models, algorithms, and related technologies, as well as for data analytics, workforce intelligence, salary and compensation benchmarking, labor market research, and other lawful commercial purposes.
Advertising partners / ad networks. Third-party advertising companies for the interest-based advertising purposes described above.
Social networks. We use their ad services to display ads to our customers, or other people like them, on social media.
Third parties designated by you. We may share your personal information with other third parties where you have instructed us or provided your consent to do so.
Linked third-party services. If you log into the Service with, or otherwise link your Service account to, a social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account on the third-party service.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties in litigation, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above. 
Corporate transactions. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments, financings, public stock offerings, the sale, transfer or merger of all or part of our business, assets or shares, liquidation or reorganization). For example, we may need to share certain personal information with prospective counterparties and their advisers. We may disclose your personal information to an acquirer, successor, or assignee or a portion of our business assets as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.
Your choices 
In this section, we describe the choices available to you.
———————————————————— doc end
2.4 Information from Third Parties
We may receive information about you from:
  • Hiring companies: Companies that engage TalentStream to conduct interviews may provide us with your name, email, resume, and job application details.
  • Job platforms: If you apply through a third-party job board (e.g., LinkedIn, Indeed), we may receive your application information from that platform.
  • Referrals: If someone refers you to TalentStream, we may receive your name and contact information from the referring party.
3. How We Use Your Information
We use your personal information for the following purposes:
Recruitment services: Evaluating your candidacy, conducting and recording interviews, matching you with job opportunities, facilitating the hiring process, and communicating with you about your application status. Legal basis: Legitimate interest (GDPR Art. 6(1)(f)); Performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)); Consent for biometric processing (GDPR Art. 9(2)(a)).
AI research data sharing: With your separate, voluntary, explicit consent, sharing Anonymized Data (video, audio, transcripts) with technology companies for the purpose of training, fine-tuning, evaluating, benchmarking, or demonstrating artificial intelligence and machine learning systems. Legal basis: Explicit consent (GDPR Art. 9(2)(a)); Explicit consent (LGPD Art. 11(I)); Consent (CCPA §1798.100).
Platform improvement: Improving our interview platform, recruitment processes, candidate matching algorithms, and user experience. This may include aggregate analysis of interview data in de-identified form. Legal basis: Legitimate interest (GDPR Art. 6(1)(f)).
Communication: Contacting you about your application, scheduling interviews, providing platform updates, and responding to your inquiries. Legal basis: Legitimate interest; Performance of a contract.
Legal compliance: Complying with applicable laws, regulations, legal processes, and enforceable governmental requests. Establishing, exercising, or defending legal claims. Legal basis: Legal obligation (GDPR Art. 6(1)(c)); Legitimate interest.
Safety and security: Detecting, preventing, and addressing fraud, security incidents, and technical issues. Protecting the rights, property, and safety of TalentStream, our users, and the public. Legal basis: Legitimate interest.
4. AI Research Data Sharing Program
This section describes a core component of TalentStream's business: the sharing of Anonymized Data with technology companies for AI development. This program is conducted only with your separate, voluntary, explicit consent and is governed by strict contractual and technical safeguards.
4.1 Overview
TalentStream partners with technology companies that develop artificial intelligence systems. With your explicit, voluntary consent — obtained separately from your consent to be interviewed — we may share Anonymized Data derived from your interview recording with these companies for AI research and development.
TalentStream receives compensation from Recipients for providing Anonymized Data. Under certain privacy laws, including the California Consumer Privacy Act (CCPA), this exchange may constitute a "sale" of personal information. We disclose this openly and provide you with the right to opt out. See Section 10.2 for details.
4.2 What Data Is Shared
We share:
  • Video recordings of your interview (including your visual image, facial appearance, and body language)
  • Audio recordings of your interview (including your voice and speech patterns)
  • Automated transcripts of your interview
We do NOT share:
  • Your name
  • Your email address, phone number, or mailing address
  • Your resume, work history, or educational credentials
  • Your country of residence, state/province, or any location data
  • Your application details, interview scores, or hiring outcomes
  • Any metadata that directly identifies you
Important disclosure regarding biometric data: Although we remove directly identifying information, the Anonymized Data still contains your face and voice, which are biometric in nature. We disclose this to you so that your consent is fully informed. Recipients are contractually prohibited from using biometric data to attempt to identify you.
4.3 Who Receives This Data
We share Anonymized Data only with vetted technology companies that meet all of the following criteria:
  • Reputable entity: The Recipient is an established technology company with a legitimate AI research or development program.
  • Not a foreign adversary: The Recipient is not controlled by, headquartered in, or subject to the jurisdiction of a country designated as a foreign adversary under the Protecting Americans' Data from Foreign Adversaries Act (PADFA), including the People's Republic of China, the Russian Federation, the Islamic Republic of Iran, the Democratic People's Republic of North Korea, the Republic of Cuba, and the Maduro regime of Venezuela.
  • Bound by DPA: The Recipient has executed a Data Processing Agreement with TalentStream that imposes binding obligations regarding data use, security, retention, and destruction.
4.4 How Recipients May Use This Data
Recipients are contractually permitted to use Anonymized Data solely for:
  • Training artificial intelligence and machine learning models
  • Fine-tuning, calibrating, or adapting existing AI models
  • Evaluating, benchmarking, and testing AI model performance
  • Demonstrating AI capabilities to internal stakeholders or customers
  • Academic or scientific research conducted by or in partnership with the Recipient
Recipients are contractually prohibited from:
  • Attempting to re-identify any individual whose data is included in the Anonymized Data
  • Using Anonymized Data for surveillance, profiling, or monitoring of individuals
  • Sharing Anonymized Data with sub-processors without TalentStream's prior written approval
  • Using Anonymized Data for any purpose not expressly authorized in the DPA
  • Using Anonymized Data to develop products that primarily target or harm individuals in the demographic groups represented in the data
4.5 Consent Requirements
Your consent to AI research data sharing is:
  • Voluntary: You are never required to consent. Declining does not affect your interview, your candidacy, your access to our Services, or any employment decision.
  • Separate: AI data sharing consent is obtained through a separate, clearly distinguished consent mechanism (a separate checkbox) from your consent to be recorded for recruitment purposes.
  • Informed: Before consenting, you are provided with a clear description of what data will be shared, who will receive it, how it will be used, and your rights, including links to this Privacy Policy.
  • Specific: Your consent authorizes only the specific data sharing described in this section and in the consent language presented to you.
  • Revocable: You may withdraw your consent at any time (see Section 4.6).
4.6 Withdrawing Consent
You may withdraw your consent to AI research data sharing at any time by emailing support@talentstream.co with the subject line "Withdraw AI Data Sharing Consent" and including your name and the email address associated with your TalentStream account.
Upon receiving your withdrawal request:
  1. We will confirm receipt within 5 business days.
  2. We will cease sharing your Anonymized Data with any new Recipients.
  3. We will instruct existing Recipients to delete your Anonymized Data in accordance with their DPA obligations.
Limitation on withdrawal: Data that has already been incorporated into trained AI models (i.e., used as training data to adjust model weights) cannot be individually extracted, identified, or removed from those models. This is a technical limitation of how machine learning systems work, not a policy choice. We disclose this limitation to you so that your consent is fully informed. Withdrawal of consent prevents all future sharing and triggers deletion of unprocessed copies, but cannot reverse incorporation into existing trained models.
5. Disclosure of Personal Information
We may disclose your personal information to the following categories of third parties:
  • Hiring companies: We share your name, email, resume, interview recording, interview evaluation, and related application materials to facilitate the hiring process for positions you have applied for or been recommended for.
  • AI technology companies (Recipients): Anonymized Data only (video, audio, transcript with identifying information removed). Only with your separate, explicit consent. For AI research and development as described in Section 4.
  • Cloud service providers: All data stored on our platform is hosted by our cloud infrastructure provider for data storage, processing, and security. Providers act as sub-processors under DPAs.
  • Communication providers: Email address, phone number (for SMS/WhatsApp notifications) for sending interview invitations, reminders, and status updates.
  • Analytics providers: De-identified usage data and device information for understanding platform usage patterns and improving our Services.
  • Legal and regulatory: Any information required by law, for complying with legal obligations, responding to subpoenas, court orders, or governmental requests.
  • Business transfers: All personal information in connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy.
We do not sell, rent, or disclose your personal information to data brokers, advertising networks, or marketing companies. The only "sale" (as defined under applicable law) of personal information we engage in is the AI research data sharing described in Section 4, which requires your prior explicit consent and from which you may opt out at any time.
6. Data Retention and Destruction
We retain personal information only as long as necessary for the purposes described in this Privacy Policy or as required by applicable law. Our specific retention periods are:
  • Interview recordings (recruitment): Up to 3 years from interview date, or when the initial purpose for collection has been satisfied, or upon your request — whichever comes first.
  • Anonymized Data shared with Recipients: Per DPA terms (up to 5 years). Expiration of the DPA term, or upon consent withdrawal (for new sharing). Existing Recipients are instructed to delete per DPA terms.
  • Contact and application information: Up to 5 years from last interaction, or upon your deletion request, whichever comes first.
  • Consent records: 7 years minimum, required for legal compliance, audit defense, and regulatory inquiries. Retained even after other data is deleted.
  • Automatically collected data: Up to 2 years from collection date.
6.1 Destruction Methods
When personal information reaches the end of its retention period or is subject to a valid deletion request, we destroy it using the following methods:
  • Digital recordings and files: Cryptographic erasure or secure overwrite methods that render data permanently unrecoverable, applied to all copies including primary storage, backups, disaster recovery systems, and caches.
  • Database records: Permanent deletion from all databases with verification that records cannot be restored from backups within 90 days.
  • Third-party copies: Written instruction to Recipients and service providers to delete the data, with confirmation of deletion required under our DPA terms.
Destruction timeline: Destruction is completed within 30 days of the triggering event, except where technically impracticable (e.g., data in encrypted backup tapes that are overwritten on a regular cycle, typically within 90 days).
7. Biometric Data Practices
This section serves as TalentStream's biometric data policy as required by the Illinois Biometric Information Privacy Act (740 ILCS 14/), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code §503.001), the Washington Biometric Identifier statute (RCW 19.375), and other applicable biometric privacy laws.
7.1 Biometric Data We Collect
Through our video interview platform, TalentStream collects biometric data in the form of:
  • Facial geometry: The geometric patterns, measurements, and spatial relationships of your facial features as captured in video recordings.
  • Voiceprint characteristics: The acoustic patterns, frequency distributions, and temporal characteristics of your voice as captured in audio recordings.
This biometric data exists within interview recordings as a natural consequence of video and audio capture. TalentStream does not independently extract biometric templates (such as faceprint vectors or voiceprint models) from interview recordings for its own recruitment purposes.
7.2 Purpose of Biometric Data Collection
Primary purpose (recruitment): Biometric data is collected as part of the interview recording process for the purpose of evaluating your candidacy for employment opportunities.
Secondary purpose (AI research, consent required): With your separate, voluntary, written consent, Anonymized Data containing biometric data may be shared with Recipients for AI research and development as described in Section 4.
7.3 Disclosure of Biometric Data
TalentStream does not sell, lease, trade, or otherwise profit from biometric data except as follows:
  • AI research data sharing: Only with your separate, explicit, written consent, and only to Recipients who have executed a DPA. This disclosure is described in detail in Section 4.
  • Hiring companies: Interview recordings (containing biometric data) are shared with hiring companies for the purpose of evaluating your candidacy.
  • Service providers: Cloud infrastructure providers that host recordings on our behalf under contractual data protection obligations.
  • Legal requirements: When required by law, legal process, or enforceable governmental request.
7.4 Biometric Data Retention and Destruction
Retention: Biometric data (in the form of interview recordings) is retained for up to 3 years from the interview date for recruitment purposes, or for the duration of the applicable DPA term for AI research purposes (up to 5 years).
Destruction trigger: Biometric data is permanently destroyed when the initial purpose for collecting or obtaining such data has been satisfied, or within 3 years of your last interaction with TalentStream, whichever occurs first, unless a longer period is authorized by your consent or required by law.
Destruction method: Cryptographic erasure or secure overwrite, applied to all copies. Destruction is completed within 30 days of the triggering event.
Protection standard: We store, transmit, and protect biometric data using a standard of care that is the same as or more protective than the standard we apply to other forms of confidential and sensitive information.
7.5 Biometric Consent
Before collecting biometric data, we provide you with: (1) written notice that biometric data will be collected (via the interview lobby consent screen); (2) identification of the specific biometric data being collected (facial geometry and voiceprint); (3) the specific purpose for collection (recruitment evaluation and, if separately consented, AI research); (4) the retention period and destruction schedule; and (5) a link to this Privacy Policy.
Your affirmative action in checking the consent checkbox constitutes your informed, written consent as required by applicable biometric privacy laws, including BIPA. Consent for AI data sharing is obtained through a second, separate checkbox as described in Section 4.5.
8. Data Security
We implement and maintain appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
Technical safeguards:
  • Encryption at rest: AES-256 encryption for all stored data, including interview recordings and personal information.
  • Encryption in transit: TLS 1.2 or higher for all data transmitted between your device, our platform, and our infrastructure.
  • Access controls: Role-based access control (RBAC) limiting data access to authorized personnel on a need-to-know basis. Multi-factor authentication (MFA) required for all staff accounts.
  • Infrastructure: Hosted on Amazon Web Services (AWS) with industry-standard physical, environmental, and network security controls.
  • Monitoring: Continuous security monitoring, intrusion detection, and automated alerting for suspicious activity.
Organizational safeguards:
  • Personnel: All TalentStream employees and contractors with access to personal information are subject to confidentiality obligations and receive regular data protection training.
  • Vendor management: Third-party service providers are vetted for security practices and bound by data processing agreements.
  • Incident response: We maintain a documented incident response plan. In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law.
Limitation: While we take reasonable and appropriate measures to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
9. International Data Transfers
TalentStream is incorporated in Delaware, United States. Your personal information may be transferred to, stored in, and processed in the United States, regardless of your country of residence. The data protection laws of the United States may differ from those of your country.
Transfer mechanisms:
  • From the EEA, UK, or Switzerland: We rely on Standard Contractual Clauses (SCCs) adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) as our primary transfer mechanism. Where required, we supplement SCCs with a Transfer Impact Assessment (TIA) evaluating the legal framework of the destination country.
  • From Brazil: We rely on your explicit consent as a valid transfer mechanism under LGPD Article 33(VIII). We may also execute Standard Contractual Clauses as adopted by the Autoridade Nacional de Proteção de Dados (ANPD) when available.
  • From the Philippines: We comply with the requirements of the Data Privacy Act of 2012 and NPC Circular 2016-02 regarding cross-border transfer of personal data.
  • From India: We comply with the Digital Personal Data Protection Act, 2023, which permits transfers to countries not restricted by the Central Government.
  • From other jurisdictions: We rely on your consent and/or applicable legal mechanisms as permitted under local law.
10. Your Privacy Rights
This section describes your rights regarding your personal information. These rights vary depending on your jurisdiction. We honor all applicable rights regardless of whether you reside in a jurisdiction with specific data protection legislation.
10.1 Rights Available to All Candidates
Regardless of where you live, you may:
  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, subject to applicable legal retention requirements and technical limitations.
  • Withdraw consent: Withdraw your consent to interview recording or AI data sharing at any time, without affecting your candidacy or access to our Services.
  • Objection: Object to certain processing of your personal information.
  • Non-discrimination: We will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not result in denial of services, different pricing, or reduced service quality.
To exercise any right, email support@talentstream.co. We will verify your identity before processing your request. We will respond within the timeframe required by applicable law (see jurisdiction-specific sections below), or within 30 days if no specific timeframe applies.
10.2 United States — State Privacy Rights
California (CCPA/CPRA): If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; request correction of inaccurate personal information; opt out of the sale of your personal information. Our AI research data sharing program constitutes a "sale" of personal information under the CCPA. You may opt out by declining consent at the time of your interview, by withdrawing consent at any time via support@talentstream.co, or by submitting a request through our "Do Not Sell My Personal Information" mechanism (if applicable). You may also request that we limit our use of sensitive personal information (including biometric data) to purposes necessary for providing our Services. Response time: 45 days (extendable by an additional 45 days with notice). You may designate an authorized agent to submit a request on your behalf.
Illinois (BIPA): If you are an Illinois resident, you have the right to: receive written notice and provide written consent before collection of biometric identifiers; know the specific purpose and length of time for which your biometric data is being collected, stored, and used; have your biometric data permanently destroyed when the initial purpose has been satisfied or within 3 years of your last interaction with TalentStream, whichever comes first; have your biometric data stored, transmitted, and protected using reasonable security measures; not have your biometric data sold, leased, traded, or otherwise profited from without your prior written consent. See Section 7 for our complete biometric data practices.
Other US States: If you reside in Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have rights to access, correction, deletion, portability, and/or opt-out of sale or targeted advertising under your state's applicable consumer privacy law. Contact support@talentstream.co to exercise these rights.
10.3 Brazil (LGPD)
If you are a resident of Brazil, you have the following rights under the Lei Geral de Proteção de Dados (Law No. 13,709/2018):
  • Confirmation of the existence of processing of your personal data
  • Access to your personal data held by us
  • Correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in non-compliance with the LGPD
  • Portability of your personal data to another service provider or product supplier, upon express request
  • Deletion of personal data processed with your consent, except where retention is legally required
  • Information about the public and private entities with which we have shared your data
  • Information about the possibility of not providing consent and the consequences thereof
  • Revocation of consent at any time, upon express request, at no cost
Legal basis: We process your sensitive personal data (including biometric data) based on your explicit consent, provided separately and prominently as required by LGPD Article 11(I). We process non-sensitive personal data for recruitment purposes based on the execution of a contract or preliminary procedures (LGPD Article 7(V)) and legitimate interests (LGPD Article 7(IX)).
Response time: 15 days.
Regulatory authority: If you believe your rights have been violated, you may file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd.
10.4 European Economic Area and United Kingdom (GDPR)
If you are a resident of the EEA or UK, you have the following rights under the General Data Protection Regulation (EU 2016/679) and/or the UK GDPR:
  • Access your personal data and receive a copy (Art. 15)
  • Rectification of inaccurate data or completion of incomplete data (Art. 16)
  • Erasure of your personal data, "right to be forgotten" (Art. 17)
  • Restriction of processing in certain circumstances (Art. 18)
  • Data portability in a structured, commonly used, machine-readable format (Art. 20)
  • Object to processing based on our legitimate interests (Art. 21)
  • Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7(3))
  • Not be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects (Art. 22)
  • Lodge a complaint with your local supervisory authority
Legal basis for processing: Recruitment data: legitimate interest (Art. 6(1)(f)) and pre-contractual steps (Art. 6(1)(b)). Biometric data for recruitment: explicit consent (Art. 9(2)(a)). AI data sharing: explicit consent (Art. 9(2)(a)).
Data transfers: See Section 9.
Response time: 30 days (extendable by 60 days for complex requests, with notice).
Data Protection Officer: TalentStream has not appointed a DPO at this time. For data protection inquiries, contact support@talentstream.co.
10.5 Philippines (DPA 2012)
If you are a resident of the Philippines, you have the following rights under the Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules: the right to be informed, to access, to object, to erasure or blocking, to damages, to file a complaint, to rectification, and to data portability.
Response time: We will respond to requests within 30 days.
Regulatory authority: You may file a complaint with the National Privacy Commission (NPC) at www.privacy.gov.ph.
10.6 India (DPDPA 2023)
If you are a resident of India, you have the following rights under the Digital Personal Data Protection Act, 2023: the right to access information about processing, the right to correction and erasure, the right to grievance redressal, the right to nominate another person to exercise your rights in the event of your death or incapacity, and the right to withdraw consent at any time.
Response time: As prescribed by the Central Government, or within 30 days if no specific timeframe has been prescribed.
10.7 Latin America
If you reside in a Latin American country, you may have rights under your country's data protection legislation:
  • Colombia (Law 1581 of 2012): Rights to access, update, rectification, and deletion (habeas data). You may file complaints with the Superintendencia de Industria y Comercio (SIC).
  • Chile (Law 19,628): Rights to access, modification, blocking, and deletion of personal data.
  • Argentina (Law 25,326): Rights to access, rectification, suppression, and confidentiality of personal data. You may file complaints with the Agencia de Acceso a la Información Pública.
  • Mexico (LFPDPPP): ARCO rights: access, rectification, cancellation, and opposition. You may file complaints with the INAI.
  • Central America and other countries: We will honor access, correction, and deletion requests regardless of whether your country has specific data protection legislation.
11. "Do Not Sell or Share My Personal Information"
Under the CCPA and similar state laws, the sharing of Anonymized Data with Recipients for compensation constitutes a "sale" of personal information. You have the right to opt out of this sale.
How to opt out:
  • At interview time: Simply do not check the optional AI data sharing consent checkbox.
  • After interview: Email support@talentstream.co with the subject "Do Not Sell My Personal Information."
We do not sell the personal information of minors under 18. We do not engage in cross-context behavioral advertising or share personal information with third parties for targeted advertising purposes.
12. "Do Not Track" Signals
Our platform does not currently respond to "Do Not Track" (DNT) browser signals. However, you may exercise your opt-out rights as described in this Privacy Policy regardless of DNT settings.
13. Cookies and Tracking Technologies
We use cookies and similar technologies on our platform for the following purposes:
  • Essential cookies: Session management, authentication, security, and basic platform functionality. These are required for the platform to function and cannot be opted out of.
  • Analytics cookies: Understanding how users interact with our platform, identifying errors, and improving performance. You may opt out via browser settings or cookie preferences.
  • Preference cookies: Remembering your language, timezone, and display settings. You may opt out, but this may degrade your experience.
We do not use advertising or tracking cookies. You can manage cookies through your browser settings. Blocking essential cookies may prevent you from using our platform.
14. Children's Privacy
Our Services are intended for individuals aged 18 and older. We do not knowingly collect, use, or disclose personal information from anyone under the age of 18 (or under the age of majority in their jurisdiction, if higher). If we discover that we have collected personal information from a child, we will promptly delete such information and any associated interview recordings. If you believe we have inadvertently collected information from a child, please contact us at support@talentstream.co.
15. Third-Party Links and Services
Our platform may contain links to third-party websites, services, or applications (e.g., LinkedIn, Indeed, Calendly). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you access through our platform.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will post the updated Privacy Policy on our website with a new effective date and version number, and we will notify you of material changes by email or through our platform at least 30 days before the changes take effect.
For changes that affect the AI research data sharing program (Section 4) or biometric data practices (Section 7), we may seek renewed consent where required by applicable law.
Your continued use of our Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the changes, you should discontinue use of our Services and contact us to exercise your deletion rights.
17. Contact Us
If you have questions about this Privacy Policy, wish to exercise any of your privacy rights, or have concerns about our data practices, please contact us:
Talent Stream Holdings Inc.
©2025 Talent Stream. All right reserved.
hello@talentstream.co
LinkedIn
Terms of Service
Privacy Policy