Privacy Policy
Effective Date: 12 May 2026Last Updated: 12 May 2026Version 1.0
Routed AI, Inc. (a corporation incorporated in the United States) and RoutedAI Careers Private Limited (a private limited company incorporated in India) (collectively, “Routed AI,” “we,” “us,” or “our”) operate a workforce intelligence platform that helps CHROs, HR leaders, and executives turn workforce data into strategic decisions. We provide competitor benchmarking, attrition forecasting, skills planning, compensation alignment, and talent-market analytics by aggregating and analysing publicly available professional data, corporate disclosures, job postings, and validated third-party sources.
This Privacy Policy (“Policy”) explains what personal information we collect, why we collect it, how we use and share it, how long we retain it, and the rights you have over it. It applies to:
- visitors to our website at www.routedai.com and any subdomains (“Site”);
- business customers and their authorised users who access our platform and API (“Services”); and
- working professionals whose publicly available profile information appears in our workforce-intelligence database as a result of our data-aggregation activities.
If you are located in the EU or EEA, please read Section 10 (European Data Protection Rights) carefully. As a company established outside the EU, we have appointed an EU Article 27 representative whose details are in Section 1.
1. Data Controllers & EU Representative
Routed AI is operated jointly by two affiliated entities, each acting as a data controller in respect of the activities they carry out:
RoutedAI Careers Private Limited (India Entity):A private limited company incorporated in India.
7/B Pinakin Co-op Housing Society, Nirav Flats, Paldi
Ahmedabad – 380007, Gujarat, India
Privacy enquiries:
privacy@routedai.com Both entities share infrastructure, systems, and data in order to operate the platform. The entity you contract with, or whose website or services you access, is the primary controller for your personal data. Where both entities jointly determine the purposes and means of processing, they act as joint controllers.
As both Routed AI entities are established outside the EU and process personal data of individuals in the EU/EEA, we have designated a representative pursuant to Article 27 GDPR. EU/EEA residents and supervisory authorities may contact our representative directly:
EU GDPR Representative (Art. 27 GDPR):Rickert Rechtsanwaltsgesellschaft mbH
– RoutedAI Careers Private Limited –
Colmantstraße 15, 53115 Bonn, Germany
Email:
art-27-rep-RoutedAI@rickert.law Contacting our representative does not prevent you from raising concerns directly with us or lodging a complaint with a supervisory authority.
2.1 Professional Profile Data (Workforce Intelligence Database)
The core of our platform is a workforce-intelligence database built from publicly available professional information. We use this data exclusively to provide analytical, benchmarking, and talent-market insights to our business customers. Categories include:
- Full name, current and historical job titles, and seniority level;
- Current and past employers, industries, and geographic locations (city, region, country);
- Educational background and institutions attended;
- Publicly listed professional skills, certifications, and areas of expertise;
- Tenure data and career-transition patterns derived from public profiles;
- Compensation benchmarks derived from public salary disclosures and job-posting data; and
- Algorithmically inferred professional characteristics (e.g., estimated seniority band or functional area) derived from the above publicly available information.
We do not intentionally collect or process special categories of personal data (“sensitive data”) such as health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or trade-union membership. We do not collect government-issued identification numbers or financial account details of individuals in our workforce database.
2.2 Business Customer & Contact Information
When organisations engage with or purchase our Services, we may collect:
- Name, business email address, phone number, job title, and organisation name;
- Account credentials and billing information;
- Communications exchanged with our sales, support, or customer-success teams; and
- Contract, order, and payment information.
2.3 Website & Platform Usage Data
When you visit our Site or use our platform, we and our service providers automatically collect:
- Device and browser type, operating system, and IP address;
- Pages visited, features used, time spent, and referring/exit URLs;
- Search queries and filters applied within the platform; and
- Error logs and performance diagnostics.
This is collected using cookies and similar technologies. See Section 8 for details.
2.4 Job Application Information
When you apply for a role at Routed AI, we may collect your name, contact information, CV/résumé, employment history, educational background, and any information you voluntarily provide during the hiring process.
3. Legal Bases for Processing (GDPR)
Where the GDPR applies (i.e., for individuals in the EU/EEA), we rely on the following legal bases:
- Legitimate Interests (Art. 6(1)(f)):Building and maintaining our workforce-intelligence database; providing benchmarking and analytics to customers; securing and improving our platform; and fraud prevention. We conduct a balancing test to ensure our interests do not override individuals’ fundamental rights and freedoms.
- Contract Performance (Art. 6(1)(b)): Processing customer and authorised-user data as necessary to deliver the Services contracted for.
- Consent (Art. 6(1)(a)):Where required by law — for example, for non-essential cookies or direct marketing to individuals. You may withdraw consent at any time without affecting the lawfulness of prior processing.
- Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, court orders, or regulatory requirements.
4. How We Use Your Information
4.1 Workforce Intelligence & Platform Services
- Building, maintaining, deduplicating, and continuously refreshing our professional-profile database;
- Providing customers with workforce benchmarking, attrition forecasting, skills-gap analysis, compensation intelligence, and competitive talent-market insights;
- Enabling API integrations so customers can embed workforce data in their own analytics tools and HR systems;
- Generating aggregated, de-identified statistical reports and trend analyses that do not identify any individual; and
- Improving data accuracy and coverage through algorithmic enrichment and standardisation.
4.2 Customer Relationship & Support
- Responding to enquiries, demo requests, and support tickets;
- Administering accounts, contracts, and billing;
- Sending service communications (security alerts, product updates, policy changes); and
- Marketing our products to existing and prospective customers — you may opt out at any time.
4.3 Research, Development & Product Improvement
- Analysing usage patterns to improve platform functionality and user experience;
- Training and evaluating internal machine-learning models using de-identified or aggregated data; and
- We do not permit third-party AI providers to train their own models on your personal data.
4.4 Legal & Compliance
- Complying with applicable laws and regulatory requirements;
- Responding to lawful requests from courts or government authorities;
- Detecting, preventing, and investigating fraud, abuse, or security incidents; and
- Establishing, exercising, or defending legal claims.
5. How We Share Your Information
We do not sell personal information for cross-context behavioural advertising. We share information only as set out below.
- Business Customers: We provide Professional Profile Data to subscribing organisations for workforce analytics, talent benchmarking, and HR decision-making, pursuant to our customer agreements and applicable data-processing addenda.
- Service Providers: We engage third-party vendors for cloud hosting, data processing, analytics, email delivery, payment processing, fraud detection, and CRM services. These providers may only process data on our instructions, must maintain appropriate security standards, and may not use data for their own purposes.
- AI & Technology Partners: We may use third-party AI providers to support specific platform features. We prohibit these providers from training their own models on your personal data and require deletion of personal data within 30 days unless retention is required by law.
- Professional Advisers: Lawyers, auditors, accountants, and insurers, where necessary in connection with the professional services they render to us.
- Law Enforcement & Regulators: Where legally required, or where we in good faith believe disclosure is necessary to comply with a legal obligation, protect rights, or prevent harm.
- Business Transfers: In connection with a merger, acquisition, sale of assets, or insolvency proceedings, personal information may be transferred to a successor entity subject to equivalent privacy protections.
6. International Data Transfers
Routed AI operates globally, with entities in the United States (Routed AI, Inc.) and India (RoutedAI Careers Private Limited). Personal information may be transferred to, stored in, and processed in the United States, India, and other countries where our service providers operate, where data-protection standards may differ from those in your country.
Where we transfer personal data from the EU/EEA to a country lacking an adequacy decision from the European Commission, we implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission; and
- Other legally recognised transfer mechanisms as required by EU law.
7. How Long We Keep Your Information
- Professional Profile Data: Retained for as long as it remains relevant, accurate, and necessary for the purposes described in this Policy, with periodic accuracy reviews. Individuals may request deletion at any time (see Section 10).
- Customer & Contact Information: Retained for the duration of the customer relationship and up to seven (7) years thereafter to satisfy legal, contractual, and tax obligations, unless a shorter period is required.
- Unsuccessful Job Applicants: Retained for no longer than three (3) years from the date of collection, unless you consent to a longer period.
- Website & Usage Data: Retained for up to 26 months for analytics and security purposes, after which it is deleted or irreversibly anonymised.
- Marketing Consent Records: Retained until consent is withdrawn, plus an additional period as required for compliance documentation.
After the applicable retention period, data is securely deleted or irreversibly anonymised so that it can no longer identify you.
8. Cookies & Tracking Technologies
We use cookies and similar technologies (web beacons, pixel tags, and local storage) on our Site and platform. The categories we use are:
- Strictly Necessary: Essential for the Site to function (e.g., session management, security). Cannot be disabled.
- Functional: Remember your preferences and settings to enhance your experience.
- Analytics: Help us understand how visitors interact with the Site (e.g., Google Analytics). Data is aggregated and de-identified where possible.
- Marketing: Enable interest-based advertising on third-party platforms. Only used with your consent where required by law.
You can manage cookie preferences through your browser settings or our cookie preference centre on the Site. We honour Global Privacy Control (GPC) and similar universal opt-out signals as valid opt-out requests for non-essential tracking.
9. Security
We implement technical, administrative, and physical security measures appropriate to the nature and sensitivity of the data we process. These include:
- Encryption of data in transit (TLS/HTTPS) and at rest;
- Access controls based on the principle of least privilege;
- Regular security assessments, penetration testing, and vulnerability management;
- Employee training on data-protection obligations; and
- Incident-response procedures compliant with applicable breach-notification laws, including 72-hour notification to supervisory authorities where required under GDPR.
If you believe your account or data has been compromised, contact us immediately at
privacy@routedai.com.
10. European Data Protection Rights (GDPR)
If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of Access (Art. 15): Request a copy of the personal data we hold about you and information about how we process it.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
- Right to Erasure / ‘Right to be Forgotten’ (Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing.
- Right to Restriction of Processing (Art. 18): Request that we limit how we process your data in certain circumstances (e.g., while accuracy is contested).
- Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
- Right to Object (Art. 21): Object to processing based on legitimate interests or for direct-marketing purposes. Where you object to direct marketing, we will cease processing without delay.
- Right to Withdraw Consent: Withdraw any consent given at any time, without affecting the lawfulness of processing prior to withdrawal.
- Right Not to Be Subject to Solely Automated Decisions (Art. 22): Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you.
We will respond to all rights requests without undue delay and within one (1) calendar month. In complex cases, we may extend this period by up to two further months and will notify you accordingly.
You also have the right to lodge a complaint with the supervisory authority in your EU/EEA country of residence, place of work, or where an alleged infringement occurred. A list of EU supervisory authorities is available at
edpb.europa.eu.
11. Opting Out & Data Rights Requests
Because Routed AI aggregates publicly available professional data to power its workforce-intelligence platform, you may not be directly aware that your information appears in our database. We believe strongly in transparency and your ability to control your data. You can exercise any of the following at any time:
11.1 Opt Out of Processing
If you do not want your professional profile data to be included in our database or used by our customers, you can submit an opt-out request. Once verified, we will remove your data from our active database and suppress your profile from future data collections.
To opt out: Email
privacy@routedai.com with the subject line “Opt-Out Request” and include your full name, current employer (if known to us), and the email address or LinkedIn profile URL associated with your professional profile. We will process your request within 30 days.
11.2 Do Not Sell or Share My Personal Information (CCPA)
Routed AI, Inc. is a US entity that may qualify as a data broker under California law (CCPA/CPRA). We do not sell personal information for advertising purposes. However, licensing professional profile data to business customers may be considered a “sale” or “sharing” of personal information under California law.
California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right:
We will not discriminate against you for exercising this right.
11.3 Other Data Subject Requests
For all other requests — access, correction, deletion, portability, or restriction — please email
privacy@routedai.com with:
- Your full name and the email address associated with your profile;
- The type of request you are making; and
- Any additional information that helps us locate your data (e.g., current employer, LinkedIn URL).
We will acknowledge your request within 5 business days and respond in full within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
12. Children’s Data
Our Services are intended for business professionals and are not directed at individuals under the age of 16. We do not knowingly collect personal information from anyone under 16. If a parent or guardian believes that a child has provided us with personal information without their consent, please contact us at
privacy@routedai.com and we will delete the information within a reasonable time.
13. Third-Party Links & Services
Our Site and platform may contain links to third-party websites or integrate with third-party tools. This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.
14. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will post an updated version on our website with a revised “Last Updated” date and, for significant changes, may also notify you by email or a prominent notice on our platform. We encourage you to review this Policy periodically. Continued use of our Services after the effective date of an update constitutes acceptance of the revised Policy.
For any questions, concerns, or data-rights requests related to this Policy, please contact us through any of the following channels:
India Entity — RoutedAI Careers Private Limited:7/B Pinakin Co-op Housing Society, Nirav Flats, Paldi
Ahmedabad – 380007, Gujarat, India
Email:
privacy@routedai.com EU GDPR Representative (Art. 27):Rickert Rechtsanwaltsgesellschaft mbH
– RoutedAI Careers Private Limited –
Colmantstraße 15, 53115 Bonn, Germany
Email:
art-27-rep-RoutedAI@rickert.law When writing to our EU Representative, please include “RoutedAI Careers Private Limited” in the subject line or body of your message so your enquiry can be promptly forwarded to us.
© 2026 Routed AI, Inc. and RoutedAI Careers Private Limited. All rights reserved.