Privacy Policy
- Effective date
- 1 June 2026
- Version
- 2026.06.01
Effective date: 1 June 2026 Version: 2026.06.01
1. Who we are
Fairsort Ltd ("Fairsort", "we", "us" or "our") provides software that helps employers, recruiters and hiring teams process recruitment documents, organise candidates, evaluate candidate information against job requirements, and manage related workflow activity.
Fairsort Ltd is a company registered in England and Wales with company number 16673168 and registered office at 20 Wenlock Road, London, N1 7GU, England.
For privacy questions or requests, contact us at privacy@fairsort.ai.
2. When this policy applies
This policy explains how we process personal data when you visit our website, create or use a Fairsort account, use the Fairsort application or APIs, connect an email mailbox or other integration to Fairsort, communicate with us, or have your recruitment information processed through Fairsort by one of our customers.
If you are a job applicant or candidate and your information was uploaded, connected, or otherwise processed by an employer, recruiter or hiring organisation using Fairsort, that organisation is normally the controller of your recruitment information. In that situation, Fairsort usually acts as their processor and processes your information on their instructions. You should contact that organisation first about hiring decisions, application status, deletion requests, or access to recruitment records.
For our website, account administration, product operation, security, billing, support and business communications, Fairsort acts as controller.
3. Personal data we process
We process personal data depending on how Fairsort is used. This may include account, identity and access data such as name, business email address, user identifier, authentication provider identifier, tenant/customer membership, role, permissions, account status, login and access records, and security audit information.
Customer and billing data may include organisation name, tenant/customer identifiers, subscription plan, billing status, billing contact details, plan limits, external billing identifiers, invoice or payment status metadata, and related support communications. Payment card details are handled by our payment provider where applicable and are not intended to be stored directly by Fairsort.
Recruitment and document data may include CVs, resumes, job descriptions, job requirements, candidate profiles, employment history, education, skills, qualifications, experience, salary or availability information where included in uploaded documents, and other information contained in recruitment documents or mailbox attachments. Recruitment documents may contain special category data or other sensitive information if a candidate, customer or connected mailbox provides it, even though Fairsort does not require that information to use the service.
Fairsort may parse documents and generate structured data such as extracted profile information, skills, experience evidence, job requirements, document text, document chunks, embeddings, semantic search records, evaluation results, rankings, workflow states, placement board activity, issue decisions, and evidence summaries. These outputs are intended to support customer review and workflow decisions. They are not intended to be the sole basis for hiring or rejection decisions.
If a customer connects a Microsoft 365, Google Workspace or other supported mailbox/integration, we may process mailbox connection identifiers, provider account details, OAuth tokens or token references, subscription/watch metadata, message identifiers, sync status, attachment metadata, message or body content where needed for the connected workflow, and ingestion records.
Technical, usage and security data may include IP address, device and browser information, request metadata, API activity, diagnostic logs, error reports, audit records, correlation identifiers, feature usage, timestamps, and security events.
Communications data may include emails, support messages, meeting notes, feedback, legal notices, and other communications you send to us.
4. Where we get personal data from
We may receive personal data from you directly, your employer or organisation, Fairsort customers and their authorised users, candidates or applicants where they submit information through a customer workflow, connected mailbox or integration providers, identity, authentication, billing, hosting, analytics, support and security providers, and automatically from your use of our website, application, APIs and services.
5. Why we process personal data and our lawful bases
We process personal data to provide and operate Fairsort, process recruitment documents for customers, protect security and prevent abuse, administer customers and billing, provide product support and communications, improve the product, comply with legal obligations, and send marketing communications where permitted.
Our lawful bases include contract, legitimate interests, legal obligation, consent where required, and processor activity on customer instructions. Where we rely on legitimate interests, we balance our interests against the rights and freedoms of affected individuals. Our legitimate interests include operating, securing, improving and supporting our services, managing customer relationships, preventing misuse, and maintaining accurate business records.
Where we rely on consent, you can withdraw that consent at any time by using the method provided in the communication or by contacting privacy@fairsort.ai.
6. Special category data
Fairsort does not require customers or candidates to provide special category data. However, recruitment documents or connected mailbox content may include information such as health information, disability information, racial or ethnic origin, religious beliefs, trade union membership, or other sensitive information.
Where we process this information as a processor, we do so on the instructions of the relevant customer. Customers are responsible for ensuring they have a lawful basis and any required Article 9 condition for processing special category data in their recruitment process.
Where Fairsort acts as controller for limited operational processing, we only process special category data where necessary and where an appropriate lawful basis and condition applies, such as legal claims, employment-related obligations where applicable, substantial public interest conditions where applicable, or explicit consent where required.
7. Automated processing and AI-assisted outputs
Fairsort uses automated processing and AI-assisted tools to extract, structure, search, compare and summarise recruitment information. This may include parsing documents, extracting skills and experience, identifying job requirements, producing evidence snippets, creating embeddings, and generating evaluation or ranking outputs.
Fairsort outputs are designed to assist human review. Customers remain responsible for their recruitment decisions and should not use Fairsort as the sole basis for decisions that produce legal or similarly significant effects for candidates.
If you are a candidate and have questions about a decision made using Fairsort, contact the employer, recruiter or hiring organisation responsible for that process.
8. Who we share personal data with
We may share personal data with authorised users within the relevant customer tenant; cloud hosting, database, storage, search, queueing, logging, monitoring and security providers; identity and authentication providers; mailbox and integration providers where a customer connects an integration; payment and billing providers; AI, document processing, extraction or search providers used to operate Fairsort; professional advisers, auditors, insurers and legal advisers; regulators, courts, law enforcement or public authorities where required by law; and a buyer, investor or successor if we are involved in a business sale, merger, financing, reorganisation or similar transaction.
We require service providers to protect personal data and process it only for permitted purposes. Where Fairsort acts as a processor for a customer, subprocessors are used in accordance with the applicable customer agreement and data processing terms.
9. International transfers
We may process or transfer personal data outside the UK and European Economic Area where our service providers, infrastructure or business operations require it. Where required, we use appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement or Addendum, EU Standard Contractual Clauses, contractual protections, and supplementary measures where appropriate.
10. How long we keep personal data
We keep personal data only for as long as necessary for the purposes described in this policy, including to provide the service, meet contractual commitments, comply with legal obligations, resolve disputes, maintain security, and enforce agreements.
Retention periods depend on the type of data and the customer configuration. In general, account and customer administration records are kept while the account or customer relationship is active and for a reasonable period afterwards; recruitment documents and derived processing records are kept according to the relevant customer instructions, product configuration, contract or deletion request; billing, tax and accounting records are kept for legally required retention periods; security, audit and diagnostic logs are kept for limited periods appropriate to security, reliability and compliance needs; and support and communication records are kept for as long as needed to manage the request and maintain business records.
Customers are responsible for setting and applying appropriate retention rules for recruitment data where they are the controller.
11. Security
We use technical and organisational measures designed to protect personal data, including access controls, tenant-based authorisation, encryption in transit, cloud security controls, audit logging, secrets management, monitoring, and operational controls.
No service can guarantee absolute security. You are responsible for keeping your credentials secure and for ensuring that your authorised users handle personal data appropriately.
12. Your rights
Depending on where you are located and the basis on which your data is processed, you may have rights to access your personal data, correct inaccurate personal data, delete personal data, restrict processing, object to processing, receive a portable copy of personal data, withdraw consent where processing is based on consent, complain to a supervisory authority, and ask for human review or challenge certain automated decisions where applicable.
To exercise rights relating to your Fairsort account, website use or communications with Fairsort, contact privacy@fairsort.ai.
If your request relates to recruitment data processed for a Fairsort customer, we may need to direct your request to that customer or handle it in accordance with their instructions.
13. Cookies and similar technologies
Our website and application may use cookies, local storage and similar technologies to operate the service, remember preferences, secure sessions, understand usage, and improve performance.
14. Children
Fairsort is a business service and is not intended for children. We do not knowingly collect personal data directly from children through our website or application. Recruitment documents provided by customers may include information about young applicants where the customer lawfully processes that information.
15. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the effective date and take reasonable steps to notify customers or users where required.
16. Contact and complaints
Contact us at privacy@fairsort.ai.
You also have the right to complain to the UK Information Commissioner's Office or another applicable supervisory authority. The UK ICO can be contacted through https://ico.org.uk/.