Privacy Policy: how we protect & handle your data

Introduction

FidForward, Inc. (“FidForward”, “we”, or “us”) offers an AI-powered talent sourcing and recruitment platform to help organizations discover and engage with job candidates. We are committed to ensuring your privacy and the legal use of your personal data.

This Privacy Policy applies to our website at https://fidforward.com, our talent sourcing platform, browser extensions, and related applications (collectively, the ‘Services’). We encourage you to read this Privacy Policy carefully before using any of the Services.

By using FidForward you agree to the collection, use, and processing of information in accordance with this policy.

Interpretation and Definitions

Interpretation

Words with capitalized initial letters have defined meanings under the following conditions. These definitions have the same meaning regardless of whether they appear in singular or plural forms.

Definitions

For the purposes of this Privacy Policy:

• FidForward (referred to as either “FidForward”, “We”, “Us”, or “Our” in this Agreement) refers to FidForward, Inc.
• Account means a unique account created for you to access our service.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.
• Cookies are small files placed on your device (computer, mobile device, or any other device) by a website, containing details of your browsing history on that website.
• Country refers to the United States.
• Device means any device that can access the service such as a computer, cellphone, or digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the website, platform and applications.
• Service Provider means any natural or legal person who processes the data on behalf of FidForward. It refers to third-party companies or individuals employed by FidForward to facilitate the service, provide the service on behalf of FidForward, perform services related to the service, or assist FidForward in analyzing how the service is used.
• Usage Data refers to data collected automatically, generated by the use of the service or from the service infrastructure (e.g., duration of a page visit).
• Website refers to fidforward.com, accessible from fidforward.com.
• You means the individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service.

Personal Information we collect and sources

Information we collect about users

When you create an account, use our services, or interact with our website, we may collect the following personal information:

Account Information:

• Email address
• First and last name
• Profile image (if provided)
• Organization membership details
• Account credentials and authentication data (managed by Clerk)

Professional Information:

• Job searches and recruitment criteria
• Candidate notes and communications
• Email sequences and templates
• Campaign and outreach data

Integration Data:

• LinkedIn authentication and session data (when you connect LinkedIn)
• Gmail/Microsoft email integration data (when you connect email accounts)
• Email account configuration for mass outreach

Usage and Analytics Data:

• Website pages visited and interaction data
• Search queries and platform usage patterns
• LinkedIn activity logs (profile views, connections, messages sent)
• Feature usage statistics and performance metrics

Information we collect about candidates

From Public Sources: When candidates have publicly available professional profiles, we may collect:

• First and last name
• Professional experience and job titles
• Educational background
• LinkedIn profile data and connections
• Contact information (email addresses, phone numbers) from data providers
• Skills, industries, and career history

Data Sources:

• Public LinkedIn profiles
• Third-party contact data providers
• Publicly available professional directories and websites
• Customer-provided candidate lists and internal data

We do not collect sensitive personal data such as health information, political affiliations, or protected characteristics from any sources.

Our Use of AI-Powered Technology

FidForward uses artificial intelligence and machine learning to provide effective talent sourcing capabilities. Specifically:

AI-Powered Matching: We use AI algorithms to match job requirements with candidate profiles, analyze candidate suitability scores, and generate recruitment insights.

Automated Message Generation: Our platform can generate outreach messages and email sequences using AI, though all communications require user review and approval before sending.

Search Enhancement: AI helps improve search accuracy by analyzing job descriptions and extracting relevant keywords, skills, and requirements.

Third-Party AI Providers: We may use third-party AI services to power certain features. We do not allow these providers to train their AI models using your data, and we require them to delete your data within 30 days unless otherwise required by law.

Opt-Out Options: As a customer, you may request to opt out of AI-powered features. To do so, contact privacy [at] fidforward.com.

Automatic Data Collection and Cookies

We automatically collect certain information when you use our Services through cookies and similar tracking technologies:

Device and Browser Information:

• IP address and general location (city/region)
• Browser type, version, and language settings
• Operating system and device identifiers
• Screen resolution and device characteristics

Usage Analytics:

• Pages visited and time spent on each page
• Click patterns and user interactions
• Search queries and platform navigation
• Feature usage and performance metrics

Cookie Categories:

• Essential Cookies: Required for platform functionality, authentication, and security
• Analytics Cookies: Google Analytics, PostHog for usage statistics (with consent)
• Marketing Cookies: Meta Pixel, LinkedIn Insights for advertising (with consent)

You can manage your cookie preferences through our cookie consent banner or browser settings.

How We Use Personal Information

Legal Bases for Processing

Our legal bases for processing your personal information are:

1. Legitimate Interest: Running and maintaining our business, improving our services, and providing talent sourcing capabilities
2. Contract Performance: Fulfilling our obligations under our Terms of Service and providing requested services
3. Consent: For analytics cookies, marketing communications, and optional integrations
4. Legal Compliance: Meeting legal obligations such as data retention requirements and regulatory compliance

Use of User Information

We use personal information about our users for the following purposes:

To Provide Our Services:

• Create and manage user accounts
• Process searches and generate candidate matches
• Facilitate email campaigns and LinkedIn outreach
• Provide customer support and platform functionality
• Process billing and subscription management

To Improve and Personalize Services:

• Analyze usage patterns to enhance platform features
• Customize search results and recommendations
• Troubleshoot technical issues and optimize performance
• Research and development for new features

For Communication:

• Send service-related notifications and updates
• Respond to support inquiries and provide assistance
• Marketing communications (with consent)
• Important policy or service changes

Use of Candidate Information

We process job candidate information to help our customers discover and engage with talent:

Talent Sourcing: Candidate profiles are searchable by our customers to identify potential job matches based on skills, experience, and other professional qualifications.

Contact Facilitation: When customers purchase contact reveals, we provide candidate contact information to facilitate recruitment outreach.

Matching and Analytics: We analyze candidate data to improve search accuracy and provide insights about talent pools and market trends.

Customer-Specific Data: Information that customers upload about their own candidates is only accessible to that specific customer and not shared with others.

How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

Service Providers and Processors

Authentication Services: Clerk.dev processes user authentication and account management data on our behalf under strict data processing agreements.

Analytics and Marketing: With your consent, we share usage data with:

• Google Analytics for website analytics
• PostHog for product analytics
• Meta (Facebook) for advertising analytics
• LinkedIn for marketing analytics

AI and Technology Providers: We may share limited data with AI service providers to power platform features. These providers:

• Are prohibited from using your data to train their models
• Must delete your data within 30 days unless legally required to retain it
• Operate under strict data processing agreements

Contact Data Providers: We work with third-party data providers to obtain publicly available professional contact information for candidates. This contact data is retained for a maximum of 2 years and is automatically deleted after this period.

Email Services: Resend and other email service providers process email communications on our behalf for platform notifications and marketing (with consent).

Customers and Business Purposes

Candidate Data Sharing: We share job candidate profile information with our customers for recruitment purposes. This includes professional qualifications, experience, and contact information (when purchased).

Organization Data: Within customer organizations, authorized team members can access shared searches, campaigns, and candidate data.

Legal and Business Requirements

Legal Compliance: We may disclose information to law enforcement, government authorities, or private parties when required by law or to protect legal rights.

Business Transfers: In connection with any merger, acquisition, sale of assets, or other business transaction, personal information may be transferred to the acquiring entity.

Professional Advisors: We may share information with lawyers, auditors, accountants, and other professional service providers as needed for business operations.

Retention of Personal Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, in accordance with our retention policies and applicable laws.

Retention Periods by Data Category

User Personal Data:

• Active accounts: Retained while account is active
• Deleted accounts: Personal data (profile, integrations, LinkedIn connections) deleted immediately upon account deletion
• Authentication data: Deleted immediately upon account deletion

Organization Data (remains after user deletion):

• Searches and candidate lists: Retained while organization account is active
• Candidate notes and communications: Retained while organization account is active
• Campaigns and sequences: Retained while organization account is active
• Contact reveals: Retained while organization account is active
• Billing records: 7 years for tax and financial compliance

Integration Data:

• LinkedIn activity logs: Deleted immediately upon user account deletion
• OAuth tokens and integration credentials: Deleted immediately upon user deletion or disconnection
• Platform usage analytics: Anonymized after user deletion

Candidate Profile Data:

• Public candidate profiles: Retained while commercially useful for recruitment purposes
• Customer-specific candidate data: Controlled by customer data retention policies
• Contact reveal records: 2 years from reveal date, then automatically deleted
• Third-party contact data: Maximum 2 years from collection, automatically deleted

Factors Determining Retention Periods

We consider the following when determining appropriate retention periods:

• Amount, nature, and sensitivity of personal information
• Potential risk of harm from unauthorized use or disclosure
• Business and legal requirements
• Whether purposes can be achieved through other means
• Applicable legal and regulatory requirements

Privacy Rights and Choices

Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

Right to Access (Right to Know): You may request information about the personal information we have collected about you, including the categories of information, sources, purposes, and third parties with whom it’s shared.

Right to Rectification: You may request correction of inaccurate or incomplete personal information.

Right to Deletion: You may request deletion of your personal information, subject to certain legal exceptions.

Right to Data Portability: You may request a copy of your personal information in a portable, machine-readable format.

Right to Object: You may object to certain processing of your personal information, particularly for direct marketing purposes.

Right to Restrict Processing: You may request that we limit how we use your personal information in certain circumstances.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

How to Exercise Your Rights

To exercise any of these rights, you may:

1. Email us: privacy [at] fidforward.com
2. Contact support: Through the support widget on any page

Identity Verification: We may ask for specific information to verify your identity before processing your request.

Response Time: We will respond to your request within 30 days (or as required by applicable law).

Authorized Agents: You may designate an authorized agent to make requests on your behalf by providing written authorization.

Account Deletion Process

When you delete your FidForward account:

1. Immediate Actions: Your account access is revoked and personal data is anonymized
2. Data Removal: Personal information is deleted from our active systems immediately
3. Third-party Cleanup: We remove your data from external services (email lists, etc.)
4. Confirmation: You receive confirmation once deletion is complete

Opt-Out Options

Marketing Communications: Unsubscribe links in all marketing emails or contact privacy [at] fidforward.com

Analytics Cookies: Manage preferences through our cookie consent banner

Data Collection: Contact us to opt out of non-essential data collection

Candidate Database: If you’re a job candidate, you may request removal from our searchable database by emailing privacy [at] fidforward.com. We will manually remove your data within 48 hours of your request.

Data Security

We employ technical, organizational, and physical safeguards designed to protect the personal information we collect:

Technical Safeguards:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security monitoring and vulnerability assessments
• Secure API integrations with third-party services

Organizational Measures:

• Employee access controls and training
• Data processing agreements with all vendors
• Regular security policy reviews and updates
• Incident response procedures

Physical Security:

• Secure data centers with restricted access
• Environmental controls and monitoring
• Redundant systems and backup procedures

However, no security measures are completely failsafe, and we cannot guarantee the absolute security of your personal information.

International Data Transfers

Personal information may be transferred to and processed in the United States and other jurisdictions where we or our service providers operate. These jurisdictions may not provide the same level of data protection as your home country.

When we engage in cross-border data transfers, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Relying on EU Commission adequacy decisions where available
• Standard Contractual Clauses: Using approved contractual protections for international transfers
• Certification Programs: Working with vendors who participate in recognized privacy frameworks

Legal Compliance and Regulatory Information

Responsible Entity

FidForward, Inc. is the data controller responsible for the personal information described in this Privacy Policy.

Regional Representatives

For users in the European Economic Area, United Kingdom, and Switzerland, you have the right to complain to your local data protection authority about our collection and use of your personal information.

California Residents

California residents have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

CCPA Rights:

• Right to Know: Request categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information we have collected about you
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale: Request that we do not sell your personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Do Not Sell My Personal Information: We do not sell personal information to third parties. We may share information with service providers for business purposes as described in this Privacy Policy.

CCPA Categories of Personal Information We Collect:

• Identifiers (name, email, account credentials)
• Professional information (job history, skills, LinkedIn data)
• Internet activity (usage data, search queries)
• Commercial information (subscription details, billing records)

How to Exercise CCPA Rights: Email privacy [at] fidforward.com with your request. We will respond within 45 days and may request verification of your identity.

Children’s Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without proper consent, we will delete it promptly.

Third-Party Services and Links

Our Services may contain links to websites and online services operated by third parties. We are not responsible for the privacy practices of these third-party sites. This Privacy Policy does not apply to third-party websites, and we encourage you to review their privacy policies before providing any personal information.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make changes:

• Minor Changes: We will update the “Last Updated” date at the top of this policy
• Material Changes: We will provide prominent notice through email or platform notifications
• Continued Use: Your continued use of our Services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Contact Information

General Privacy Inquiries

Email: privacy [at] fidforward.com

Data Protection Officer

For specific questions about your personal data or to exercise your privacy rights:
Email: privacy [at] fidforward.com

Customer Support

For account or service-related questions:
Email: privacy [at] fidforward.com
Website: Contact support through the support widget on any page

Appeals Process

If you are not satisfied with our response to your privacy request, you may submit an appeal to privacy [at] fidforward.com with the subject line “Privacy Rights Appeal.”

---

Effective Date: This Privacy Policy is effective as of July 27, 2025, and applies to all information collected by FidForward on or after this date.