Privacy Notice

01 Overview & scope

What this notice covers

This Privacy Notice explains how EnTeam handles personal data when you visit enteam.ai, book a demo, use the EnTeam product as a customer's authorised user, or are interviewed by an EnTeam AI agent as a job candidate.

Capitalised terms used here have the same meaning as in our Terms of Use. Where this notice and our customer contract or Data Processing Addendum conflict on a customer's data, the contract controls.

02 Who we are

The data controller

"EnTeam" refers to Enteam AI Private Limited, the company operating enteam.ai. For visitors and customers, the Company is the data controller. For candidate data submitted by a customer, the Company acts as a data processor on behalf of that customer.

Registered contact for privacy matters: privacy@enteam.ai. The registered office address and Grievance Officer details are in section 25.

03 Who this notice applies to

Three groups of data subjects

EnTeam handles personal data about three distinct groups. Different sections of this notice apply to each.

• Customers and their authorised users — staffing agency employees who buy, set up, or operate EnTeam. We are the controller for their data.
• Candidates — job seekers screened or interviewed by an EnTeam AI agent on behalf of a customer. The customer is the controller; we are the processor.
• Visitors — anyone browsing enteam.ai or booking a demo, including via the Apollo.io visitor tracker on our marketing pages.

04 Personal data we collect

Categories by group

We do not deliberately collect special-category data (e.g. health, religious belief, sexual orientation). If such data appears in a résumé or interview answer, we apply the same protections as the surrounding record and do not surface it as a separate field for hiring decisions.

05 Sources of data

Where the data comes from

• Directly from you — when you fill in a form, send us an email, or use the product.
• From a customer — when a staffing agency uploads a candidate's résumé or invites a candidate to an interview.
• From your device — IP address, browser headers, cookie identifiers.
• From sub-processors and partners — Apollo.io (visitor company enrichment), UIDAI-authorised verification gateways (Aadhaar offline verification), and similar.

06 How we use data

Purposes of processing

• Provide, operate, and improve the EnTeam product and website.
• Schedule and run product demos, follow up on pilots, and bill customers.
• Run AI screening and interviewing tasks at the customer's direction (candidate data only).
• Detect interview cheating tools and verify candidate identity, where the customer enables those checks.
• Communicate with you (transactional emails always; marketing only with consent or a soft opt-in where the law allows).
• Prevent fraud, abuse of the booking endpoint, and other security incidents.
• Comply with legal obligations and respond to lawful requests from authorities.
• Aggregate and anonymise data for product research and benchmarks.

We do not sell personal data, and we do not share it for cross-context behavioural advertising, as those terms are defined under California law.

07 Legal bases (EEA / UK)

Why processing is lawful

If you are in the EEA, UK, or Switzerland, our legal bases under the GDPR are:

• Performance of a contract — providing the product, fulfilling demo bookings.
• Legitimate interests — securing the service, improving the product, marketing to existing business customers in a proportionate way. Balancing tests are documented internally.
• Consent — non-essential cookies, marketing to new prospects in jurisdictions that require prior opt-in.
• Legal obligation — tax, accounting, responding to court orders.

You can withdraw consent at any time, without affecting the lawfulness of processing before the withdrawal.

08 AI & automated decisions

What the AI does, and what it does not decide

EnTeam runs AI agents that conduct screening conversations and interviews with candidates on behalf of customers. The AI scores answers against a rubric the customer approves, flags possible cheating-tool signals, and writes a structured report.

EnTeam itself never makes a hiring decision. The customer (the staffing agency or the end employer) reviews the AI's report and decides whether to advance, reject, or further interview a candidate.

Where GDPR Article 22 applies, candidates have the right to obtain human review of any decision based solely on automated processing that has legal or similarly significant effects. EnTeam's contract with customers requires a human-in-the-loop for adverse decisions; candidates who believe a customer relied on automated processing alone may write to privacy@enteam.ai and we will route the request appropriately.

The logic the AI uses: large-language-model evaluation of the candidate's responses against the customer's approved rubric, with calibrated scoring across knowledge, communication, and role-fit dimensions. Significance: the score may influence whether the customer interviews the candidate further. Consequences: a lower score may lead to no further interview by that customer; it does not blacklist the candidate elsewhere.

09 Model training

Customer and candidate data is not used to train foundation models

We do not use identifiable candidate or customer data to train, fine-tune, or evaluate third-party foundation models. We do use de-identified, aggregated metrics to improve our own evaluation rubrics, scoring calibration, and cheat detection.

Customers can request that their organisation be excluded from any future analytic use entirely. Email privacy@enteam.ai.

10 Voice & video processing

Recordings, transcripts, and biometric considerations

When a candidate completes an EnTeam interview, the session is recorded (audio, optionally video) and transcribed. The recording and transcript are made available to the customer.

We perform voice analysis only for the purposes of transcription, anti-cheat detection (e.g. detecting prompt-leak or screen-share tools), and the customer's approved scoring rubric. We do not run face recognition or voiceprint identification against any external database, and we do not sell or otherwise share biometric-style features with third parties.

If you are a candidate and your interview took place in a jurisdiction with biometric-data laws (for example Illinois BIPA), you may request deletion of audio and video recordings at any time by writing to privacy@enteam.ai or to the customer that interviewed you. We will action the request within 30 days unless we are required to retain it for legal defence.

11 Government ID verification

India PAN, Aadhaar, EPFO

Where a customer enables identity verification, EnTeam calls UIDAI-authorised gateways to verify a candidate's PAN, perform Aadhaar offline verification, and look up EPFO employment history. We do not store raw Aadhaar numbers. Results returned to the customer are limited to a verification status and necessary masked references.

EnTeam handles this data in line with the Aadhaar Act, UIDAI circulars on authorised user agencies, and applicable RBI / SEBI guidance where relevant. Candidates are informed before verification is initiated and may refuse, in which case the customer decides whether to proceed without it.

12 Controller / processor roles

Who is responsible for what

For data about visitors, customer admins, and demo bookings, EnTeam is the controller (or, in DPDP terms, the Data Fiduciary). This Privacy Notice describes how we process that data.

For data about candidates uploaded or invited by a customer, the customer is the controller and EnTeam is the processor (Data Processor). The customer is responsible for the legal basis to collect the candidate's data, for telling the candidate what will happen, and for honouring candidate rights. EnTeam supports the customer by acting on documented instructions and by passing on requests we receive directly from candidates.

13 Sub-processors & sharing

Who else handles your data

We will give existing customers at least 30 days' notice before adding a new sub-processor that processes identifiable customer or candidate data, and customers may object on reasonable grounds.

We also share data when legally required (court orders, regulator requests), when investigating fraud or abuse, and in connection with a corporate transaction (merger, acquisition, financing) under appropriate confidentiality.

14 International transfers

Cross-border flows

EnTeam is based in India and processes data on infrastructure in India and the United States. Personal data may be transferred between these regions and to sub-processors located in the EEA / UK / US.

For transfers out of the EEA or UK, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) where no adequacy decision applies. For transfers under the India DPDP Act, we rely on the Central Government's permitted-jurisdictions framework as updated from time to time.

A copy of our transfer documentation is available to customers on request.

15 Data retention

How long we keep things

16 Security

How we protect data

Encryption in transit (TLS 1.2+) and at rest (AES-256), strict access controls with audit logging, hardened cloud infrastructure on AWS, secrets in AWS Secrets Manager, regular vulnerability scanning, and employee security training.

If we discover a personal-data breach affecting you, we will notify the regulator within 72 hours where required by GDPR, the Data Protection Board of India in the manner required under the DPDP Act, and affected individuals without undue delay where the breach is likely to result in high risk to their rights.

17 Your rights

What you can ask us to do

Depending on where you live and the role under which we hold your data, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete data, subject to legal exceptions.
• Restrict or object to processing.
• Receive a portable copy of data you gave us.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority.

To exercise a right, email privacy@enteam.ai. We will respond within 30 days (we may extend by a further 60 days for complex requests, and will tell you if we do). If you are a candidate and the customer that interviewed you is the controller, we will forward your request to them and assist them in responding.

18 California privacy rights

CCPA / CPRA notice

California residents have the rights to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and not be discriminated against for exercising these rights.

Do Not Sell or Share My Personal Information. EnTeam does not sell personal information and does not share it for cross-context behavioural advertising. If you are a California resident and want to formalise this preference, write to privacy@enteam.ai.

You may use an authorised agent to submit requests on your behalf. We will ask for verification of the agent's authority and your identity before responding.

Categories of personal information collected in the last 12 months: identifiers, commercial information (your role, employer), internet activity (device, usage logs), professional information (resume content where you are a candidate), audio/visual information (interview recordings where applicable), and inferences drawn from the above (AI scoring outputs).

19 Other US state rights

Virginia, Colorado, Connecticut, Utah, Texas and others

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and similar states have rights comparable to those listed above: access, correction, deletion, portability, and opt-out of targeted advertising, sale, and certain profiling. Write to privacy@enteam.ai to exercise them. You may appeal an unfavourable decision by replying to our response email; we will reconsider and respond within the statutory window.

20 India DPDP rights

Digital Personal Data Protection Act, 2023

If you are a Data Principal in India, you have the rights to: receive a clear notice in English or any of the 22 official languages listed in the Eighth Schedule of the Constitution, access information about your processed personal data, correction and erasure, grievance redressal, and nomination of another individual to exercise these rights in the event of death or incapacity.

Where consent is the lawful basis, you may withdraw it at any time with no effect on the lawfulness of prior processing. Where another lawful basis applies (for example, a "legitimate use" enumerated in section 7 of the DPDP Act), the right to erase may be limited accordingly.

Our Grievance Officer is identified in section 25. If your complaint is not resolved, you may approach the Data Protection Board of India.

21 Cookies & tracking

What runs on our marketing pages

• Strictly necessary — session and security cookies needed for the site to work.
• Analytics / visitor enrichment — Apollo.io, which infers a likely employer from IP and sets a tracking cookie. Used to understand which companies are interested in EnTeam.

You can block cookies in your browser; the site will still work. In jurisdictions that require an opt-in for non-essential cookies, we will request consent through a banner before setting them.

22 Children's data

Not directed at minors

EnTeam is a B2B product and is not directed to anyone under 18. If we learn we have inadvertently collected data about a minor, we will delete it. Under the DPDP Act, additional protections apply to children's data; we do not knowingly process such data and do not engage in tracking, behavioural monitoring, or targeted advertising directed at children.

23 Fairness & bias auditing

Our commitment for AI-driven hiring tools

We design EnTeam to evaluate candidates on job-relevant criteria approved by the customer, and we periodically audit our scoring for disparate impact on protected groups. Audit results are made available to customers under NDA on request.

If EnTeam is used in New York City for a position located in NYC, the customer is responsible for complying with NYC Local Law 144 (Automated Employment Decision Tools), including providing candidates with the required 10 business days' notice and publishing an annual bias audit summary. EnTeam supplies the data and supporting reports a customer needs to meet that obligation.

EnTeam will not knowingly support its use for tasks prohibited by the EU AI Act's Annex III high-risk regime without the controls that Act requires.

24 Changes to this notice

How we tell you when things change

We will post material changes here, update the "Last updated" date, and where appropriate notify customers by email at least 30 days before changes take effect. Continued use of the site or the product after the effective date constitutes acceptance.

25 Contact

Privacy team & Grievance Officer

Privacy questions and requests: privacy@enteam.ai

General contact: hi@enteam.ai

India Grievance Officer (DPDP Act): contact via the privacy email above with subject "Grievance Officer". The Officer will acknowledge within 7 days and respond substantively within 30 days.

Legal entity: Enteam AI Private Limited
Office: 3244 Lakewood Hills Dr, Carrollton, TX 75010, United States