WorkAffina – Privacy Policy

‍Last updated: May 2026

‍

WorkAffina Ltd (“WorkAffina”, “we”, “us”, or “our”) is committed to protecting the privacy of individuals whose personal data we process.

This Privacy Policy explains how we collect, use, store, share, and protect personal information when you visit our website, create an account, interact with us, or use the WorkAffina platform, software, products, and related services.

By accessing or using WorkAffina, you acknowledge that you have read this Privacy Policy.

If you do not agree with this Privacy Policy, you should discontinue use of the website and platform.

‍

1. Who We Are

‍

WorkAffina Ltd is a company registered in England & Wales.

WorkAffina provides an AI-assisted candidate screening workspace that helps recruiters, hiring teams, founders, and businesses review resumes/CVs, structure candidate information, manage early-stage screening workflows, run optional AI-assisted phone screening calls, and generate structured screening reports.

For privacy-related questions, contact us at:

Email: support@workaffina.com
Website: workaffina.com

‍

2. Our Role Under Data Protection Law

‍

Depending on the context, WorkAffina may act as either a Data Controller or a Data Processor.

‍

2.1 When WorkAffina acts as a Data Controller

‍

We act as a Data Controller for personal data relating to:

• website visitors;
• account registration;
• customer users;
• billing and subscription management;
• customer support;
• sales and onboarding communications;
• platform security;
• service analytics;
• legal and compliance obligations.

This means we determine how and why this personal data is processed.

‍

2.2 When WorkAffina acts as a Data Processor

‍

We generally act as a Data Processor when customers upload or provide candidate data into the WorkAffina platform.

This may include resumes/CVs, candidate contact details, job application information, screening notes, phone screening data, transcripts, summaries, structured reports, and related recruitment information.

In this context, the customer is usually the Data Controller. The customer determines the purpose and lawful basis for processing candidate data. WorkAffina processes that data on the customer’s behalf and in accordance with the customer’s instructions, our Data Processing Agreement (“DPA”), and applicable data protection law.

A copy of the DPA is provided to customers during onboarding or upon request.

‍

3. Personal Data We Collect

‍

We collect different categories of personal data depending on how you interact with WorkAffina.

‍

3.1 Information You Provide Directly

‍

Account and Organisation Information

When you create an account or use the platform, we may collect:

• name;
• business email address;
• organisation name;
• organisation details;
• job role;
• login and authentication information;
• user permissions;
• workspace settings;
• billing and subscription information.

Payment details are processed securely by our payment provider. WorkAffina does not store full payment card details.

‍

Customer and Sales Information

‍

If you contact us, book a demo, join a waitlist, request onboarding, or communicate with our team, we may collect:

• name;
• email address;
• phone number;
• organisation details;
• role or job title;
• communication history;
• onboarding preferences;
• information you provide about your hiring workflow.

Support Communications

‍

If you contact us for support, we may retain:

• your message;
• contact details;
• attachments;
• screenshots;
• support history;
• technical information needed to investigate the issue.

3.2 Candidate and Recruitment Data Provided by Customers

‍

Customers may upload, create, or provide candidate and recruitment data through the platform.

This may include:

• resumes/CVs;
• candidate names;
• email addresses;
• phone numbers;
• employment history;
• education history;
• skills;
• qualifications;
• certifications;
• location or work eligibility information;
• salary expectations, where provided;
• notice period, where provided;
• job application information;
• recruiter notes;
• shortlisting status;
• screening questions;
• candidate responses;
• job descriptions;
• hiring criteria configured by the customer;
• structured candidate profiles;
• factual summaries;
• generated screening reports.

Customers are responsible for ensuring they have a lawful basis and appropriate authority to upload, process, and use candidate data within WorkAffina.

‍

3.3 AI Phone Screening Data

‍

Where a customer chooses to use AI-assisted phone screening, WorkAffina may process data relating to screening calls.

This may include:

• candidate name;
• candidate phone number;
• job title or role being discussed;
• customer-configured screening questions;
• call status;
• call start and end time;
• call duration;
• call metadata;
• call outcome;
• candidate responses;
• call transcript, where enabled or available;
• call summary;
• structured screening answers;
• AI-generated screening report;
• usage and billing information connected to the call.

Customers are responsible for ensuring that candidates are contacted lawfully, that candidate phone numbers have been obtained lawfully, and that candidates receive any required information or notice about the screening process.

WorkAffina does not use AI phone screening to make hiring decisions. Any candidate decision must be made by the customer through meaningful human review.

‍

3.4 Information Collected Automatically

‍

When you visit our website or use the platform, we may collect technical and usage information, including:

• IP address;
• browser type;
• device type;
• operating system;
• pages visited;
• referring pages;
• session activity;
• features used;
• time spent in the platform;
• error logs;
• diagnostic logs;
• security events;
• usage events;
• approximate location derived from IP address.

This information helps us operate, secure, troubleshoot, improve, and monitor the platform.

‍

3.5 Cookies and Similar Technologies

‍

We use cookies and similar technologies to provide, secure, and improve our website and platform.

This may include:

• essential cookies for authentication and platform functionality;
• security cookies;
• session cookies;
• preference cookies;
• analytics cookies, where enabled and legally permitted.

Where required by law, we will ask for consent before using non-essential cookies.

You may be able to control cookies through your browser settings. Disabling some cookies may affect platform functionality.

‍

4. How We Use Personal Data

‍

We process personal data for the purposes described below.

‍

4.1 To Provide and Operate the Platform

‍

We use personal data to:

• create and manage accounts;
• authenticate users;
• provide access to customer workspaces;
• upload and process resumes/CVs;
• extract and structure candidate information;
• support candidate review and shortlisting workflows;
• initiate AI-assisted phone screens when requested by customers;
• generate structured screening reports;
• display candidate and job information;
• provide billing and subscription functionality;
• provide support and troubleshooting.

4.2 To Generate AI-Assisted Outputs

‍

We may use AI systems and related technologies to:

• extract factual information from resumes/CVs;
• summarise candidate information;
• structure application data;
• process screening questions and answers;
• generate call summaries;
• generate structured screening reports;
• assist with outreach or follow-up templates where configured.

AI outputs may be inaccurate, incomplete, or unsuitable for a particular context. Customers are responsible for reviewing and verifying AI outputs before relying on them.

WorkAffina does not make hiring decisions, automatically reject candidates, or automatically select candidates.

‍

4.3 To Support AI Phone Screening

‍

Where requested by a customer, we process relevant candidate and job information to:

• initiate AI-assisted phone screening calls;
• ask customer-configured screening questions;
• record call status and duration;
• process candidate responses;
• generate call summaries and structured reports;
• measure AI call minute usage;
• support billing, limits, reporting, and troubleshooting.

4.4 To Manage Subscriptions, Billing, and Usage Limits

‍

We process customer, account, and usage data to:

• manage subscriptions;
• process payments;
• calculate usage allowances;
• measure AI call minutes;
• monitor resume/CV processing limits;
• enforce plan limits;
• prevent abuse;
• provide billing history and invoices;
• support upgrades, downgrades, renewals, and cancellations.

4.5 To Communicate With You

‍

We may use contact information to send:

• service notifications;
• onboarding guidance;
• product updates;
• billing updates;
• security notices;
• support responses;
• administrative messages;
• sales or demo follow-ups where appropriate.

You can opt out of non-essential marketing communications where applicable. We may still send service, billing, legal, or security communications.

‍

4.6 To Improve and Secure the Platform

‍

We use technical, diagnostic, and usage data to:

• monitor performance;
• identify errors;
• improve reliability;
• improve user experience;
• prevent misuse;
• detect suspicious activity;
• protect accounts;
• investigate abuse or security incidents;
• maintain platform integrity.

We do not use customer candidate data to train our own foundation models.

‍

4.7 To Comply With Legal Obligations

‍

We may process personal data where necessary to:

• comply with tax, accounting, legal, and regulatory obligations;
• respond to lawful requests;
• enforce our Terms & Conditions;
• protect legal rights;
• prevent fraud or abuse;
• maintain required business records.

5. Legal Bases for Processing

‍

Under UK GDPR and, where applicable, EU GDPR, we rely on different legal bases depending on the context.

‍

5.1 Contractual Necessity

‍

We process customer user data where necessary to provide the platform, manage accounts, deliver services, and administer subscriptions.

‍

5.2 Legitimate Interests

‍

We process certain data for our legitimate interests, including to:

• operate and improve WorkAffina;
• secure the platform;
• prevent fraud and abuse;
• provide customer support;
• understand platform usage;
• communicate with business users;
• enforce our Terms & Conditions.

We only rely on legitimate interests where we consider that our interests are not overridden by the rights and freedoms of individuals.

‍

5.3 Legal Obligation

‍

We process data where necessary to comply with legal obligations, including tax, accounting, regulatory, security, and compliance requirements.

‍

5.4 Consent

‍

We rely on consent where required, such as for certain non-essential cookies, analytics, or marketing communications.

You may withdraw consent where applicable.

‍

5.5 Candidate Data Uploaded by Customers

‍

For candidate data processed inside the WorkAffina platform, the customer is generally responsible for identifying and documenting the lawful basis for processing.

This includes the lawful basis for:

• uploading candidate data;
• reviewing candidate information;
• contacting candidates;
• initiating AI-assisted phone screening;
• using screening reports;
• making recruitment decisions.

WorkAffina processes candidate data on the customer’s behalf as a processor, unless otherwise stated.

‍

6. Special Category Data and Sensitive Data

‍

WorkAffina is not designed to collect or process special category data unless such data is included in materials provided by the customer or candidate.

Special category data may include information about health, race or ethnicity, religious beliefs, political opinions, trade union membership, sexual orientation, biometric data, or similar sensitive information.

Customers should not upload special category data unless they have a lawful basis and an applicable condition for processing it.

Where special category data appears in candidate documents or communications, WorkAffina may process it only as necessary to provide the platform and in accordance with the customer’s instructions.

Customers are responsible for configuring their recruitment workflows lawfully and ensuring they do not use sensitive or protected characteristics unlawfully in hiring decisions.

‍

7. Automated Decision-Making and Human Review

‍

WorkAffina does not make hiring decisions.

WorkAffina does not automatically hire, reject, rank, score, or select candidates.

The platform may help customers structure information, review candidates, run optional AI-assisted phone screens, and generate reports. However, any candidate decision must be made by the customer through meaningful human review.

Customers must not use WorkAffina as the sole basis for a decision that has legal or similarly significant effects on a candidate unless the customer has independently ensured that such use is lawful and appropriate safeguards are in place.

This is especially important because automated decision-making in recruitment is a specific area of regulatory focus in the UK. (ICO)

‍

8. How We Share Personal Data

‍

We do not sell personal data.

We may share personal data with trusted third parties where necessary to operate, secure, support, and improve WorkAffina.

These may include:

‍

Hosting and Infrastructure Providers

‍

We may use cloud hosting, database, and storage providers to host the platform and store data securely.

‍

AI Processing Providers

‍

We may use AI model providers to process customer-provided content and generate AI-assisted outputs.

These providers are used to process data for the purpose of providing the platform. We do not permit customer candidate data to be used to train WorkAffina-owned foundation models.

‍

Telephony and AI Calling Providers

‍

Where AI phone screening is used, we may share relevant data with telephony, calling, transcription, or AI voice providers to initiate calls, process responses, and generate call-related outputs.

‍

Payment Providers

‍

We use payment providers to process subscriptions, invoices, billing details, and payments.

‍

Email and Communication Providers

‍

We may use email delivery and communication providers to send service notifications, onboarding messages, support replies, and transactional emails.

‍

Analytics, Monitoring, and Security Providers

‍

We may use analytics, monitoring, logging, and security providers to understand platform usage, detect errors, prevent abuse, and secure the service.

‍

Professional Advisers and Legal Compliance

‍

We may share data with professional advisers, insurers, auditors, regulators, law enforcement, or courts where necessary for legal, regulatory, security, or compliance purposes.

All service providers must process personal data in accordance with applicable data protection requirements and appropriate contractual obligations.

‍

9. Current Categories of Service Providers

‍

WorkAffina may use service providers in categories including:

• hosting and infrastructure;
• database and storage;
• authentication;
• AI model processing;
• telephony and AI calling;
• transcription or call processing;
• payment processing;
• email delivery;
• analytics;
• monitoring and logging;
• security;
• customer support.

Specific providers may change over time as the platform evolves.

Where required, details of subprocessors may be provided in our DPA, onboarding materials, or upon request.

‍

10. International Data Transfers

‍

Some service providers may operate outside the United Kingdom or European Economic Area.

Where personal data is transferred internationally, we take steps to ensure appropriate safeguards are in place.

These may include:

• adequacy regulations or adequacy decisions;
• Standard Contractual Clauses;
• UK International Data Transfer Agreements or Addendums;
• contractual, organisational, and technical safeguards;
• provider security and compliance commitments.

11. Data Retention

‍

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law, contract, security, dispute resolution, or legitimate business needs.

Retention periods may vary depending on the type of data.

‍

Account Data

‍

Account and organisation data is retained while the account remains active and for a reasonable period afterwards for legal, billing, security, and operational purposes.

‍

Billing Data

‍

Billing, invoice, subscription, and payment records may be retained for tax, accounting, audit, and legal compliance purposes.

‍

Candidate Data

‍

Candidate data uploaded by customers is generally retained while the customer maintains an active subscription or as configured by the customer’s plan, settings, or agreement.

This may include resumes/CVs, extracted information, screening reports, call data, and related recruitment records.

‍

AI Phone Screening Data

‍

AI phone screening data may be retained for platform functionality, customer review, billing, audit, troubleshooting, and reporting, depending on the customer’s plan and configuration.

This may include call metadata, summaries, structured answers, transcripts where enabled or available, and usage events.

‍

Usage Logs and Security Logs

‍

Usage, diagnostic, and security logs may be retained temporarily for security, abuse prevention, troubleshooting, and operational purposes.

‍

Support Communications

‍

Support messages may be retained for service quality, dispute resolution, and compliance.

Upon account closure, we delete, anonymise, or restrict data in accordance with our retention practices, DPA, legal obligations, and technical requirements.

‍

12. Security

‍

We implement technical and organisational measures designed to protect personal data.

These may include:

• encryption in transit;
• access controls;
• role-based permissions;
• authentication controls;
• secure cloud infrastructure;
• logging and monitoring;
• least-privilege access practices;
• operational security controls;
• backup and recovery processes;
• periodic security reviews.

No system can be guaranteed to be completely secure. However, we take reasonable steps to protect the personal data we process.

Customers are responsible for maintaining secure passwords, controlling user access, and ensuring their own users handle candidate data appropriately.

‍

13. Your Rights

‍

Depending on your jurisdiction and the context of processing, you may have rights under data protection law.

These may include the right to:

• access your personal data;
• correct inaccurate personal data;
• request deletion;
• restrict processing;
• object to processing;
• request data portability;
• withdraw consent where processing is based on consent;
• lodge a complaint with a data protection authority.

To exercise your rights, contact:

support@workaffina.com

If your request relates to candidate data uploaded by one of our customers, we may refer your request to that customer or ask you to contact them directly. This is because the customer is usually the Data Controller for candidate data, and WorkAffina acts as the Data Processor.

‍

14. Candidate Privacy Requests

‍

If you are a candidate whose data has been processed through WorkAffina, the organisation that uploaded your data or initiated screening is usually responsible for responding to your privacy request.

You may contact us at support@workaffina.com, and where appropriate we will help identify the relevant customer or forward the request to them.

We may not be able to respond directly to all candidate requests where we process the data only on behalf of a customer.

‍

15. Children’s Data

‍

WorkAffina is intended for professional and business use by individuals aged 18 and over.

We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without appropriate authority, we will take reasonable steps to delete it.

‍

16. Third-Party Links

‍

Our website or platform may contain links to third-party websites, services, or content.

We are not responsible for the privacy practices, security, or content of third-party websites or services.

You should review the privacy policies of any third-party services you access.

‍

17. Changes to This Privacy Policy

‍

We may update this Privacy Policy from time to time.

Where changes are material, we will provide notice by email, platform notice, website update, or another reasonable method.

The most current version will be available at:

workaffina.com/privacy-policy

Your continued use of WorkAffina after an updated Privacy Policy is posted means you acknowledge the updated policy.

‍

18. Contact Us

‍

For questions, concerns, or privacy-related requests, contact:

WorkAffina Ltd
Email: support@workaffina.com
Website: workaffina.com

‍