inAiinAi
Back to Legal overview

Emplo Privacy Notice – Emplo-specific annex

Draft – pre-launch (not yet in force)

Download PDF

Draft – pre-launch (not yet in force)

Effective date: to be confirmed.

This document is provided for transparency and may be updated before Emplo’s official launch. It will only become legally binding once Emplo is commercially available and you accept it in the app or sign a contract with inAi.

This page will contain the Emplo-specific Privacy Notice. It will act as an annex to the global inAi Privacy Policy and will describe how Emplo processes personal data, what data is collected, for what purposes, and what rights users have.

This Emplo-specific Privacy Notice is an annex to the global inAi Privacy Policy and should be read together with it. See the global Privacy Policy.

Emplo – Privacy Notice (Annex to inAi Global Privacy Policy)

Last updated: [●]

1. Who we are and what this notice covers

1.1 Controller

This Privacy Notice explains how inAi SASU (“inAi”, “we”, “us”) processes personal data when you use the Emplo service (the “Service” or “Emplo”).

inAi SASU is a French company registered with the RCS Lille Métropole under number 987 977 386, with its registered office at 142 rue d’Iéna, 59000 Lille, France.

For all questions about this notice or how we process personal data, you can contact us at [privacy@inai.fr] (or the then-current privacy contact shown on our Legal page). If inAi has appointed a Data Protection Officer (“DPO”), you can also reach them using the contact details indicated in the global inAi Privacy Policy and the Legal section of our website.

1.2 Scope of this notice

This notice applies specifically to the Emplo service, an AI‑assisted job‑search tool for candidates. It covers:

  • use of the Emplo web application and any associated Emplo interfaces;
  • the current features (CV parsing, matching, drafting of application materials, dashboard);
  • the optional Auto‑Apply feature, where you authorise Emplo to submit applications automatically under your instructions.

This notice is an annex to inAi’s global Privacy Policy. The global Privacy Policy continues to apply to all inAi products and services. If there is a conflict between the global Privacy Policy and this Emplo‑specific annex regarding processing carried out for Emplo, this annex prevails for Emplo.

1.3 Who this notice is for

This notice applies to:

  • individuals who create and use an Emplo account to manage their job search;
  • prospective users who start but do not complete registration;
  • former users whose data we still hold within the retention periods described below.

Emplo is intended for individuals aged 18 or older. We do not knowingly provide Emplo to minors and do not intentionally collect children’s personal data through Emplo.

1.4 Our role and the role of others

For Emplo, inAi generally acts as an independent data controller: we determine the purposes and means of processing your personal data when you use Emplo.

In some limited cases (for example, if Emplo is provided to you via a university, public programme or corporate partner), we may act as a processor or joint controller together with that partner. In those cases, the partner’s privacy information may also apply, and our respective responsibilities will be defined in a separate agreement.

When Emplo sends your applications to job boards or employers, those job boards and employers become independent controllers of any personal data they receive from you via Emplo. Their own privacy notices and policies apply to their further processing of your data.

2. What Emplo does with your data (high‑level overview)

2.1 What Emplo is

Emplo is an AI‑assisted service for job‑seekers across Europe. It:

  • reads your CV and asks clarifying questions about your goals, locations, contract type, salary expectations and constraints;
  • searches job platforms and other job sources that are available to you and compatible with our technical and legal constraints;
  • filters opportunities using AI to identify roles that may match your profile and preferences;
  • drafts tailored CVs and application messages for each selected role;
  • keeps a dashboard of opportunities and applications so you can track your job search.

You remain in control of your job search and applications. Emplo does not make hiring decisions; employers and platforms do.

2.2 Auto‑Apply (if you choose to enable it)

If you turn on the optional Auto‑Apply feature, Emplo can also:

  • use your settings (role types, locations, salary ranges, contract types, daily/weekly limits, platform choices) to identify opportunities that meet your rules and are eligible for automatic application, and then execute your instructions to apply to those opportunities;
  • use your connected job‑board and/or email accounts to submit applications on your behalf, using materials created from your CV and preferences;
  • log all automatic submissions so that you can review them in your dashboard and, where the underlying platform allows, withdraw or amend them.

Auto‑Apply is disabled by default. It only operates if you explicitly enable it and configure your rules. You can disable it at any time.

2.3 Where AI and automation are used

Emplo uses automated systems, including AI models, to:

  • parse and analyse your CV and profile;
  • identify and rank job postings that may be relevant to you;
  • generate drafts of CV variants, cover letters and emails;
  • score the apparent fit between you and a job, based on factors like skills, experience, location and salary;
  • in Auto‑Apply mode, determine, under your configured rules and thresholds, when a job is eligible for automatic application and then execute your instructions to submit an application.

These systems assist your job search. They do not decide whether you are hired and do not replace employers’ own selection processes.

2.4 High‑level data flow

At a high level, Emplo operates as follows:

  • Input: you create an account, upload a CV, provide information about your goals and constraints, and optionally connect job‑board/email accounts and configure Auto‑Apply.
  • Processing: Emplo analyses your data and job postings to identify possible matches; it drafts and stores application materials and logs actions in your dashboard.
  • Output: Emplo presents job suggestions, drafts of CVs and messages, and application logs to you; when you apply (or Auto‑Apply runs), Emplo sends your materials to job boards or employers according to your instructions.

The remainder of this notice explains, in more detail, which data we process, for which purposes, on which legal bases, and with which safeguards.

3. Personal data we collect and use

3.1 Data you provide directly

When you use Emplo, you may provide the following categories of data:

a) Account and identification data

  • name;
  • email address;
  • password or authentication identifier;
  • country or region, and preferred interface language;
  • any other account settings you configure.

b) Profile and preferences

  • desired job titles, roles, functions or industries;
  • preferred locations and remote/relocation preferences;
  • salary expectations or ranges and seniority level;
  • preferred contract types (e.g. permanent, fixed‑term, internship);
  • availability dates, notice period, working‑time constraints;
  • any additional job‑search preferences you explicitly provide to Emplo via forms or chat.

c) CV, documents and content you upload

  • your CV/resume (including employment history, education, skills, languages, certifications and other CV content);
  • additional documents you choose to upload (e.g. portfolio, certificates, transcripts);
  • links you choose to provide (e.g. LinkedIn, portfolio site or Git repository);
  • any free‑text information you write into your profile or documents within Emplo.

d) Auto‑Apply and automation configuration (if enabled)

  • Auto‑Apply on/off status;
  • rules you define for Auto‑Apply (target job titles, locations, salary thresholds, contract types, job boards or platforms, maximum applications per day/week);
  • templates and canned answers you pre‑approve for use in job forms (e.g. availability, notice period, language skills, motivation snippets);
  • lists of platforms and accounts that Emplo is allowed to use for automatic submissions.

e) Connected accounts and integrations

  • identifiers and tokens for job‑board or career‑site accounts you connect;
  • identifiers and tokens (or aliases) for email accounts used to send applications through Emplo;
  • configuration and settings for each integration (e.g. default CV for a particular platform, preferred language for a given job board).

We design integrations to rely on tokens and delegated access mechanisms rather than storing raw passwords for third‑party accounts, and we avoid storing passwords wherever technically and contractually feasible.

f) Communications and support

  • messages you send to our support channels;
  • feedback you provide on matches, applications, or overall service quality;
  • any additional information you share during support interactions (e.g. screenshots or logs).

g) Payment and billing data

  • billing name and address;
  • tax identifiers where required (e.g. for invoices);
  • transaction metadata (payment amount, currency, payment date, payment method);
  • limited payment instrument information (card type, last four digits, expiry month/year) where needed for invoicing and refunds;
  • we do not store full card numbers or CVV codes; these are handled by our payment service provider.

3.2 Data we collect automatically when you use Emplo

When you access or use Emplo, we automatically collect certain information, including:

a) Usage and event logs

  • actions taken in the application (log‑ins, profile updates, CV uploads, job searches, approvals, rejections, toggling of Auto‑Apply);
  • timestamps and technical metadata for those actions;
  • the outcome of certain actions (e.g. application prepared, successfully submitted, error from job board).

b) Application and job‑search logs

  • identifiers or URLs for job postings viewed or processed through Emplo;
  • information about which postings were suggested, shortlisted, applied to, or dismissed;
  • status fields you record for opportunities (e.g. “invited to interview”, “offer received”, “rejected”, “no response”).

c) Device and technical data

  • IP address;
  • device type, operating system and browser type/version;
  • language settings and time zone;
  • identifiers associated with session management and security (e.g. session tokens, cookie IDs where applicable).

d) Auto‑Apply execution data (if enabled)

  • records of each automatic application submission (job posting identifier or URL, date and time, platform used, whether submission succeeded or failed);
  • identifiers for the CV and message variant used in each automatic application;
  • any error codes or responses returned by job boards, platforms or email services.

We use this information to operate, secure and improve Emplo, to provide you with your dashboard and logs, and to detect misuse and technical issues.

3.3 Data obtained from third parties

Where you connect Emplo to third‑party services, or where external systems interact with Emplo, we may receive:

a) Job‑board and career platform data

  • your public or account profile on those platforms (e.g. name, headline, location, avatar) where the platform and your settings allow it;
  • job posting information (title, description, requirements, location, employer name, salary range, posting metadata);
  • application identifiers and status information where the platform provides it through an integration.

b) Email service provider data

  • information necessary to send emails via your account or via a dedicated alias (e.g. email address, authentication token);
  • technical delivery information (delivery success/failure, bounce notices, basic headers);
  • if you explicitly enable it, metadata about replies to applications (e.g. subject line, sender, timestamp) so Emplo can help track responses.

We configure integrations so that Emplo only accesses email data that is necessary to send applications and, if you enable response-tracking features, to detect and associate replies to those applications. We do not use the content of other emails unrelated to Emplo for any purpose.

c) Payment service providers

  • payment confirmations, status updates, and tokens necessary to process future charges or refunds;
  • fraud‑prevention signals provided by the payment provider.

d) Publicly available information (optional)

If you explicitly provide a link to a public profile (such as a professional networking site or public portfolio), Emplo may retrieve limited information from that link to pre‑fill your profile or enrich your CV drafts. This is done under your control and only when you choose to provide such links.

3.4 Special categories of personal data

Emplo does not require special categories of personal data (also called “sensitive data”), such as data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, trade‑union membership, health data, data concerning sex life or sexual orientation, or biometric data.

You should not include such information in your CV, profile or other free‑text fields unless it is strictly necessary for your job search and you are comfortable with us processing it for that purpose (for example, if you wish to mention disability‑related accommodations).

If you choose to include sensitive information:

  • we will process it only as needed to provide the Service at your request (for example, to include a short statement you explicitly add in a CV or letter);
  • we may remove or redact information that is clearly unnecessary or inappropriate for the job‑search context;
  • we will not use such information for profiling or matching, and we will not require you to provide it.

You can remove sensitive information at any time by editing your CV, profile or documents. If you wish us to delete specific sensitive data, you can also ask us to do so using the contact details in this notice.

4. Why we use your data and on what legal bases

We process personal data only when we have a valid legal basis under the GDPR. Depending on the activity, we rely on performance of a contract, your consent, our legitimate interests, or legal obligations.

4.1 Providing and operating Emplo (performance of a contract)

We process your data when it is necessary to create and operate your Emplo account and deliver the Service you request, including:

  • creating and maintaining your Emplo account and profile;
  • analysing your CV and preferences to find relevant job opportunities;
  • generating and storing drafts of CVs, cover letters and application messages;
  • providing your dashboard and job-search history;
  • enabling you to approve, reject or edit opportunities and drafts;
  • processing payments and issuing invoices for Emplo fees where applicable.

Legal basis: Article 6(1)(b) GDPR – performance of a contract (or steps taken at your request before entering into a contract).

If you do not provide the data needed for these activities, we may not be able to provide you with Emplo.

4.2 Auto-Apply feature and connected accounts

If you enable Auto-Apply and/or connect job-board or email accounts, we process additional data in order to:

  • store and apply your Auto-Apply rules (roles, locations, salary thresholds, platforms, daily/weekly caps);
  • generate automatic applications that comply with your rules, using your CV, profile and pre-approved templates;
  • keep logs so you can review automatic submissions and, where the underlying platform allows, withdraw or amend them.

Legal basis for these aspects: Article 6(1)(b) GDPR – performance of a contract, as these features are part of the Emplo service you request when you choose to enable Auto-Apply.

In addition, where you choose to connect third-party accounts (such as job-board or email accounts) and authorise Emplo to use them in your name, we process data in order to:

  • access those accounts in the manner you authorise (for example, to submit applications from your job-board account or send emails via your mailbox or a dedicated alias);
  • store the minimum necessary identifiers and tokens required to maintain that connection securely.

Legal basis for these aspects: Article 6(1)(a) GDPR – your consent for accessing and using those third-party accounts in your name. We ask for your explicit consent when you first enable Auto-Apply or connect accounts, and you can withdraw that consent at any time by disabling Auto-Apply and/or disconnecting the relevant accounts in the interface. Withdrawal does not affect processing already carried out.

4.3 Security, abuse prevention and fraud detection (legitimate interests / legal obligation)

We process certain data to protect Emplo, you and others, including to:

  • secure accounts and sessions (e.g. log-in attempts, IP addresses, device information);
  • detect, investigate and prevent suspicious or abusive behaviour (such as mass-spam applications, attempts to bypass job-board restrictions, or unauthorised access);
  • enforce our Terms of Service and Acceptable Use Policy;
  • prevent and respond to incidents, technical failures and potential data breaches;
  • maintain audit trails for security, compliance and legal defence.

Legal bases:

  • Article 6(1)(f) GDPR – legitimate interests in ensuring the security and proper functioning of our services and protecting our users and infrastructure;
  • in some situations, Article 6(1)(c) GDPR – legal obligation, where applicable security, accounting or regulatory rules require logging and incident reporting.

We balance these interests against your rights and freedoms and use minimised, proportionate logging.

4.4 Service quality, analytics and improvement (legitimate interests)

We may use pseudonymised or aggregated usage data and logs to:

  • understand how users interact with Emplo and which features are used;
  • measure and improve the quality of our matching and drafting systems;
  • run A/B tests on product changes and user experience;
  • generate internal statistics about adoption and performance;
  • analyse aggregated and pseudonymised usage data to refine the matching logic and user experience;
  • where necessary, train or fine-tune internal models and heuristics that support Emplo, under strong safeguards and with strict minimisation.

Where possible, we use aggregated or anonymised data that no longer identifies you. When we use personal data for these improvement purposes, we limit it to what is necessary, apply pseudonymisation where appropriate, and do not use it for unrelated purposes.

Legal basis: Article 6(1)(f) GDPR – legitimate interests in improving and developing Emplo, balanced against your rights and expectations. You may object to certain analytics and improvement activities (see “Your rights” below), in which case we will stop or limit those activities for your data where required by law.

We do not sell your personal data to third parties and do not use your identifiable Emplo data to train general-purpose models that third parties can access independently.

4.5 Communications and marketing

We process contact details and usage information to:

  • send you service communications, such as account notices, security alerts, updates to terms, or changes to Emplo that affect your use;
  • respond to your enquiries and support requests;
  • send you product updates and marketing communications about Emplo and related inAi products, where permitted.

Legal bases:

  • Article 6(1)(b) GDPR – performance of a contract, for strictly necessary service communications;
  • Article 6(1)(c) GDPR – legal obligation, where we must notify you of certain changes;
  • Article 6(1)(f) GDPR – legitimate interests, for some communications to existing customers about similar services; and/or
  • Article 6(1)(a) GDPR – consent, where required by e-privacy rules for marketing messages.

You can unsubscribe from non-essential marketing communications at any time via the link in the email or your account settings, without affecting your use of Emplo.

4.6 Legal obligations and defence of rights

We may process your data to:

  • comply with accounting, tax and other legal retention duties;
  • respond to lawful requests from courts, regulators or law-enforcement authorities, where we are legally required to do so;
  • establish, exercise or defend legal claims (for example, in the context of disputes, audits or investigations).

Legal bases:

  • Article 6(1)(c) GDPR – compliance with legal obligations, where we are subject to statutory duties;
  • Article 6(1)(f) GDPR – legitimate interests in defending our rights and interests, including in litigation or regulatory proceedings.

Where possible and lawful, we will inform you before disclosing your data to authorities.

5. Sensitive data and data about others

5.1 Sensitive data (special categories)

Emplo is not designed to process special categories of personal data (sensitive data) such as:

  • data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership;
  • genetic or biometric data used to uniquely identify a person;
  • data concerning health, sex life or sexual orientation.

We do not require such information for your job search and ask you not to include it in your CV, profile or other free-text fields, except where you knowingly decide it is strictly necessary (for example, to request disability-related accommodations) and you voluntarily choose to disclose it.

If you choose to include sensitive information:

  • we will process it only as needed to provide the Service at your request (for example, to include a short statement you explicitly add in a CV or letter);
  • we may remove or redact information that is clearly unnecessary or inappropriate for the job‑search context;
  • we will not use such information for profiling or matching, and we will not require you to provide it.

You can remove sensitive information at any time by editing your CV, profile or documents. If you wish us to delete specific sensitive data, you can also ask us to do so using the contact details in this notice.

5.2 Personal data about third parties

You may sometimes include personal data about other individuals in your CV or documents (for example, referees, former managers, colleagues or contacts).

When you provide personal data about third parties:

  • you remain responsible for ensuring that you are allowed to share that information with us;
  • you should only include such information if it is relevant to your CV or applications and lawful to share;
  • we will process that information to provide the Service to you (for example, by including it in a CV layout you request) and, in anonymised or aggregated form, to maintain and improve Emplo, without creating individual profiles about those third parties.

We do not independently verify whether you have informed those third parties or obtained any necessary permissions, and we rely on you to ensure that including their data complies with applicable laws.

5.3 Your responsibility for the content you provide

You are responsible for:

  • the accuracy, completeness and lawfulness of the information you provide (CV, profile, preferences, answers, attachments);
  • avoiding inclusion of excessive or inappropriate information (such as sensitive data unrelated to your applications);
  • ensuring that your use of Emplo and the content of your applications are compliant with any contractual or legal obligations you are subject to (e.g. confidentiality duties to current or former employers).

Emplo may provide tools to help you edit and improve your materials, but we do not independently verify the truthfulness of the information you submit and are not responsible for any consequences arising from inaccurate or misleading data you choose to provide.

6. How Emplo uses AI, profiling and automated decisions

6.1 Profiling and scoring for matching

To operate Emplo, we create profiles and apply automated analyses to your data. In particular:

  • we analyse your CV and profile to infer your skills, experience level, and preferred roles or industries;
  • we analyse job postings to extract relevant characteristics such as title, required skills, responsibilities, location and salary range;
  • we compute match scores between your profile and job postings and may classify postings into categories (e.g. “good fit”, “possible fit”, “poor fit”);
  • we use these scores and classifications to prioritise which opportunities to show you and which ones to use when drafting application materials;
  • we generate CV and cover-letter drafts that emphasise different aspects of your profile depending on the specific posting.

This constitutes “profiling” under GDPR, as it involves automated processing of personal data to evaluate personal aspects relating to you. We do not intentionally profile you based on sensitive characteristics (see section 5).

6.2 Automated actions and Auto-Apply

When Auto-Apply is disabled, Emplo uses profiling and automation to prepare drafts and suggestions, but you choose whether to submit each application.

When you enable Auto-Apply, Emplo also:

  • automatically identifies job postings that meet the rules you set (e.g. roles, locations, salary thresholds, platforms, caps);
  • automatically generates application materials based on your CV, profile and pre-approved templates; and
  • automatically submits applications via your connected job-board or email accounts, strictly according to your configured rules and limits;
  • logs each automatic application.

In this mode, Emplo takes automated actions that can influence which jobs you apply for and how many applications you send. However:

  • the rules and limits for Auto-Apply are defined by you;
  • you can disable Auto-Apply or adjust your rules at any time;
  • you can review logs of what has been done in your dashboard and, where platforms allow, act on applications (for example, by withdrawing them directly on the platform).

6.3 No automated decisions with legal or similarly significant effects

Under Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Emplo does not:

  • decide whether you are hired, rejected, shortlisted or blacklisted for any job;
  • operate employer-side selection or ranking systems; or
  • make decisions about your legal rights or obligations.

Emplo’s automation operates on a "Market Filtering" logic, not a 'Candidate Scoring' logic. The system evaluates Job Offers against your preferences and constraints.

When Emplo filters out a job or declines to Auto-Apply, it is executing your standing instruction to ignore opportunities that do not meet the relevance threshold required for a successful application. For these reasons, we do not consider that Emplo makes decisions about you within the meaning of Article 22 GDPR; instead, it executes decisions for you about which job opportunities to pursue, under your ongoing control. If, in a particular legal context, Auto‑Apply were nonetheless considered to involve automated decision‑making in the sense of Article 22, we rely on your explicit consent when enabling Auto‑Apply and provide the safeguards described in this notice (in particular, the ability to change or withdraw your rules at any time, access to detailed logs, and the possibility to request human review of the configuration).

6.4 Information about logic and impact

We aim to provide you with understandable information about how our automated systems work and how they may affect you. In particular:

  • matching and scoring primarily consider factors such as job title, required skills, experience level, location, contract type and salary, compared with your CV and preferences;
  • Auto-Apply only operates within the constraints you set (rules, filters, limits) and is subject to internal safeguards (e.g. thresholds, caps, integration restrictions);
  • we aim to monitor and improve the performance and fairness of our matching systems, including by regularly reviewing error cases and user feedback and adjusting our models and heuristics over time.

Because these systems are complex and may evolve, this notice provides a high-level description. We may also provide additional explanations in product documentation or support materials.

6.5 Your rights related to profiling and automation

Even though Emplo does not make Article-22-type decisions about you, you still have important rights related to profiling and automated processing, including:

  • the right to object, on grounds relating to your particular situation, to certain processing based on our legitimate interests, including profiling for matching and analytics;
  • the right to withdraw consent for Auto-Apply and for any processing that relies on your consent;
  • the right to request human intervention regarding the filtering logic. If you believe the system is filtering out relevant jobs (False Negatives), you may request a review of your matching parameters to adjust the sensitivity of the AI filter.
  • the right to request access to and rectification of the data used in your profile.

You can exercise these rights using the contact details provided in this notice. We will consider each request in line with applicable law and explain how we have addressed it.

You can contact us to request a human review of how your profile and preferences are being used for matching and Auto‑Apply, and we will provide a non‑automated explanation and, where appropriate, help you adjust your configuration.

7. Who we share your data with

We do not sell your personal data. We share it only with the categories of recipients described below, and only to the extent necessary for the purposes set out in this notice.

7.1 Service providers (processors)

We use carefully selected third-party service providers who act on our instructions and provide services such as:

  • cloud hosting, storage and database services;
  • infrastructure, monitoring and logging;
  • email delivery and communications;
  • payment processing and invoicing;
  • analytics, error tracking and performance monitoring;
  • AI or machine-learning tooling, where personal data is processed under strict contractual terms as our processors.

These providers are bound by data-processing agreements that require them to:

  • process personal data only on our documented instructions;
  • implement appropriate technical and organisational security measures;
  • not use personal data for their own independent purposes; and
  • assist us in meeting our GDPR obligations where relevant.

In some cases, certain third-party tools or platforms that integrate with Emplo may act as independent controllers for parts of the processing they perform (for example, some analytics or payment providers). Where this is the case, their own privacy information will explain their role and responsibilities.

A list or description of our main processors and their locations may be made available in our legal or trust documentation and can be requested from us.

7.2 Job boards, platforms and employers (independent controllers)

When you use Emplo to prepare or submit job applications, we share your personal data with the job boards, recruiting platforms and employers you choose to interact with. This may include:

  • your CV and other application documents;
  • information you provide in application forms;
  • your contact details and other profile information.

Once this data is transmitted, those job boards, platforms and employers act as independent controllers of the data they receive. Their own privacy policies and terms apply to their further processing, and they are responsible for compliance with those obligations. We encourage you to review those policies before applying.

Post-Hiring Verification: We do not share your data with employers for post-hiring verification purposes as a standard practice. Such contact only occurs under the specific "Fraud Prevention" legal basis (Legitimate Interest) if you fail to validate your employment status yourself.

7.3 Other independent controllers

We may also share personal data with:

  • payment service providers and financial institutions that process your payments, who act as independent controllers for certain aspects of payment and fraud processing;
  • professional advisers, such as lawyers, accountants and auditors, where necessary for advice, audits or legal proceedings;
  • regulators and authorities, where required by law or where we need to protect our rights or the rights of others.

7.4 Corporate transactions

If inAi is involved in a merger, acquisition, restructuring or sale of all or part of its assets, personal data related to Emplo may be shared with the relevant parties as part of the transaction, under confidentiality obligations and, where required, subject to appropriate information and safeguards for you.

7.5 Legal disclosures

We may disclose personal data to courts, regulators, law-enforcement authorities or other public bodies when we believe in good faith that such disclosure is:

  • required by applicable law, regulation or legal process; or
  • necessary to protect our rights, your safety or the safety of others, or to investigate suspected fraud, security incidents or violations of our terms.

Where legally permitted, we will seek to limit the scope of such disclosures and will inform you when your data has been disclosed in this way.

8. International data transfers

8.1 General approach

We process and store Emplo customer data in an EU-only virtual private cloud (VPC) and use infrastructure and providers that offer EU-based data centres for core storage and processing of Emplo data. Where possible, we select service providers that process personal data only within the EEA.

8.2 Transfers outside the EEA

Some of our service providers or their sub-processors may be located outside the EEA or may access personal data from outside the EEA. When this occurs, and when the destination country has not been recognised by the European Commission as providing an adequate level of data protection, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission, including any necessary supplementary measures; and/or
  • other safeguards approved by the European Commission or EU data-protection authorities.

We also assess, where relevant, the legal environment of the destination country and implement additional technical and organisational controls (such as encryption and strict access management) to protect your data.

8.3 Information on specific transfers

You can contact us using the details provided in this notice if you would like more information about:

  • the countries to which your personal data may be transferred; or
  • the specific safeguards we apply to such international transfers, including copies or summaries of the relevant contractual protections (subject to redaction where necessary for confidentiality).

9. How long we keep your data

9.1 General retention principles

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • providing and improving Emplo;
  • complying with legal, accounting and regulatory requirements;
  • resolving disputes and enforcing our contracts.

We apply retention rules based on the type of data and the context of processing. Once personal data is no longer needed, we either delete it or irreversibly anonymise it so it can no longer be linked to you.

9.2 Indicative retention periods by category

The exact periods may depend on your use of Emplo and applicable law, but in general:

a) Account and profile data

  • We retain your account and profile data for as long as your Emplo account is active.
  • If you close your account, we will delete or anonymise your account and profile data within 30 days (subject to any legal retention obligations). If your account remains inactive for more than 24 months, we may treat it as closed and apply the same rules.

b) CVs, documents and job-search history

  • We retain your CVs, supporting documents, preferences and application history while your account is active so you can manage your job search.
  • After account closure or prolonged inactivity as described above, we will delete or anonymise this data within 30 days, retaining only limited information necessary for legal, accounting or security purposes.

c) Auto-Apply configuration and logs

  • We retain Auto-Apply settings for as long as the feature is enabled and your account remains active.
  • Logs of automatic applications are retained for a period of up to 36 months (or longer if required by applicable statutory limitation periods for contractual disputes) from the date of each application, to allow you to review past actions and to enable us to handle disputes, support requests and abuse investigations. After that period, we delete or anonymise these logs.

d) Technical and security logs

  • Security, access and event logs are kept for a limited period (typically 12 to 24 months, depending on the type of log and the associated risk), to ensure the security, integrity and performance of Emplo and to investigate incidents. Logs may be retained longer where they are relevant to a specific ongoing investigation or legal matter.

e) Payment and billing information

  • We retain payment and billing records for the period required under applicable accounting and tax laws (which can be several years), and then delete or anonymise them where possible.

9.3 Backups and residual copies

Personal data may persist in secure backups for a limited period after deletion from active systems. These backups are kept for disaster-recovery and business-continuity purposes only, with controlled and limited access. Backup data is automatically overwritten or destroyed according to our backup retention schedule, which typically ensures that personal data does not persist in backups for more than approximately 30 days after deletion from active systems, except where longer retention is required for specific legal or security reasons.

9.4 Criteria used to determine retention periods

When determining how long to retain data, we consider:

  • the amount, nature and sensitivity of the data;
  • the potential risk of harm from unauthorised use or disclosure;
  • the purposes for which we process the data and whether we can achieve those purposes through other means;
  • applicable legal, regulatory, tax, accounting and contractual requirements.

You can contact us for more information about specific retention periods that apply to your data.

10. How we protect your data

10.1 Technical security measures

We implement appropriate technical measures to protect personal data processed for Emplo, which may include:

  • encryption of data in transit (e.g. HTTPS/TLS) and at rest;
  • isolation of Emplo data in secure, access-controlled environments;
  • strong authentication and access-control mechanisms for internal tools;
  • segmentation of production environments from development and testing;
  • regular security updates, vulnerability management and patching;
  • rate-limiting and other controls to detect and mitigate abusive or automated activity;
  • secure storage of access tokens and credentials for connected job-board or email accounts, with minimised privileges.

10.2 Organisational security measures

We also apply organisational measures such as:

  • limiting access to personal data to staff and service providers who need it to perform their duties and who are bound by confidentiality obligations;
  • training staff on data protection, security, and privacy practices;
  • implementing internal policies and procedures for handling and protecting personal data;
  • maintaining logs and audit trails of access to production systems and critical operations;
  • reviewing our security measures regularly and updating them in response to new risks and best practices.

10.3 Incident response

We maintain procedures for detecting, managing and responding to personal-data breaches and security incidents. If we become aware of a breach that is likely to result in a risk to your rights and freedoms:

  • we will take appropriate steps to contain and remedy the incident;
  • we will assess the impact and determine whether notification is required under applicable law;
  • where required, we will notify the relevant supervisory authority and, if necessary, inform you without undue delay, providing information about the breach and the measures we have taken.

10.4 Your role in maintaining security

Security also depends on the choices you make:

  • choose a strong, unique password for your Emplo account and keep it confidential;
  • use up-to-date devices and software with appropriate security settings;
  • log out from your account when using shared or public devices;
  • notify us promptly if you suspect unauthorised access to your account or misuse of your credentials.

We cannot be responsible for security incidents that are caused solely by your failure to follow these recommendations or by misuse of your devices or credentials outside our control.

11. Your responsibilities

11.1 Accuracy and lawfulness of the information you provide

You are responsible for ensuring that:

  • all information you provide to Emplo (including your CV, profile, preferences, application answers and documents) is accurate, complete and up to date;
  • any statements you make about your qualifications, experience, education or skills are truthful and not misleading;
  • you do not provide information that you are legally or contractually prohibited from disclosing (for example, trade secrets of your current or former employer, or information covered by a non-disclosure agreement).

We are not required to verify the accuracy of the information you provide and are not responsible for any consequences arising from inaccurate, incomplete or misleading data you choose to include in your profile, CV or applications. We are not required to systematically verify the accuracy of the information you provide and, to the extent permitted by law, we are not responsible for consequences that are solely attributable to inaccurate, incomplete or misleading data you choose to include in your profile, CV or applications.

11.2 Use of Emplo in compliance with third-party terms

You are responsible for ensuring that your use of Emplo complies with:

  • the terms of use and privacy policies of any job boards, recruiting platforms or employer systems you interact with;
  • the terms of service of your email provider and any other connected services;
  • any contractual or legal obligations you may have, including confidentiality duties to current or past employers.

You must not use Emplo to circumvent or violate the terms or technical protections of third-party services (for example, by using automation where a platform explicitly forbids it). If we become aware that your use of Emplo is causing or likely to cause such violations, we may suspend or restrict features like Auto-Apply or, in serious cases, your account.

11.3 Configuration and monitoring of Auto-Apply

If you enable Auto-Apply, you are responsible for:

  • configuring rules and limits that are appropriate for your situation and for the job markets you target;
  • reviewing the logs of automatic applications and taking any necessary corrective actions (for example, updating your rules, withdrawing applications where possible, or contacting employers to clarify information);
  • promptly disabling Auto-Apply if you no longer wish Emplo to submit applications on your behalf.

We provide tools, safeguards and logs to help you maintain control over Auto-Apply, but we cannot fully prevent mis-targeted applications if your rules are overly broad, inconsistent or not regularly reviewed.

11.4 Security hygiene

You are responsible for keeping your Emplo account and devices secure, including by:

  • using a strong, unique password and changing it regularly;
  • enabling any security features we make available;
  • not sharing your login credentials with others and not reusing them across multiple services;
  • promptly notifying us if you suspect unauthorised access, misuse of your account or compromise of your credentials.

We may rely on any instructions and actions taken from your account after successful authentication as if they were given by you, unless we have reason to believe that your account has been compromised or is being misused.

12. Your data protection rights

Under the GDPR and, where applicable, other data-protection laws, you have several rights concerning your personal data. These rights may be subject to conditions and limitations.

12.1 Right of access

You have the right to obtain confirmation as to whether we process personal data about you and, if so, to access that data and receive information such as:

  • the purposes of processing;
  • the categories of personal data involved;
  • the categories of recipients to whom data has been or will be disclosed;
  • the envisaged retention periods;
  • your rights in relation to the processing.

12.2 Right to rectification

You have the right to request the correction of inaccurate personal data concerning you and to have incomplete data completed. In many cases, you can update your information directly in your Emplo account settings and CV.

12.3 Right to erasure (“right to be forgotten”)

You have the right to request the deletion of your personal data in certain circumstances, for example when:

  • the data is no longer necessary for the purposes for which it was collected;
  • you withdraw consent and there is no other legal basis for processing;
  • you successfully object to processing based on our legitimate interests;
  • the data has been processed unlawfully.

This right is not absolute. We may need to retain some data where required by law or where necessary for legal claims, accounting or security.

12.4 Right to restriction of processing

You have the right to request that we restrict processing of your personal data in certain situations, such as when:

  • you contest the accuracy of the data (for a period enabling us to verify it);
  • the processing is unlawful and you oppose deletion;
  • we no longer need the data but you require it for legal claims;
  • you have objected to processing and we are verifying whether our legitimate grounds override your interests.

When processing is restricted, we will generally store the data but not use it further except with your consent or as allowed by law.

12.5 Right to data portability

Where processing is based on your consent or on a contract and is carried out by automated means, you may have the right to:

  • receive the personal data you provided to us in a structured, commonly used and machine-readable format; and
  • transmit that data to another controller or have it transmitted directly where technically feasible.

This right applies, for example, to certain data in your Emplo profile and job-search history.

12.6 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests (Article 6(1)(f) GDPR), including profiling related to those interests.

If you object, we will stop processing your data for those purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is needed for the establishment, exercise or defence of legal claims.

You also have the right to object at any time to the use of your data for direct marketing, in which case we will stop processing for that purpose.

12.7 Right to withdraw consent

Where processing is based on your consent (e.g. Auto-Apply consents, certain integrations, marketing emails), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

You can typically withdraw consent for Auto-Apply and connected accounts directly in your Emplo settings, and unsubscribe from marketing communications using the link provided in each message.

12.8 Rights related to automated decision-making

As explained above, Emplo does not make decisions with legal or similarly significant effects about you within the meaning of Article 22 GDPR. However, if you believe that our use of profiling or automation has affected you in a way that you consider unjustified or harmful, you may contact us to:

* request an explanation of how relevant automated processing works;
* express your point of view;
* request human intervention regarding specific matching outcomes (e.g., if you believe relevant jobs are being systematically filtered out). We will review the matching logic applied to your profile and provide a non-automated explanation.

We will review your request and respond in line with applicable law.

12.9 How to exercise your rights

To exercise your rights, you can contact us using the contact details provided in this notice or in the global inAi Privacy Policy. To protect your privacy, we may ask you to provide additional information to verify your identity before acting on your request.

We will respond to your request as soon as reasonably possible and in any event within the time limits set by applicable law. In some cases, we may not be able to fully comply with your request, for example when it would adversely affect the rights of others or where we must retain certain data for legal reasons. In those situations, we will explain our decision to you.

12.10 Right to lodge a complaint

If you are unhappy with how we process your personal data or with our response to a request, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Our lead supervisory authority in the EU is the Commission Nationale de l’Informatique et des Libertés (CNIL) in France. Contact details and instructions for lodging a complaint are available on CNIL’s website. You may also contact your local data-protection authority. You can find CNIL’s contact information and complaint forms at www.cnil.fr.

13. Cookies and similar technologies

Emplo uses cookies and similar technologies in its web interfaces to support core functionality and, where permitted, for analytics and improvement.

13.1 What cookies we use

Depending on your choices and the part of the service you use, we may set or allow:

  • Strictly necessary cookies required for technical operation of the site and app (for example, to keep you logged in, manage sessions, and enforce security controls). These cookies are essential and cannot be switched off in our systems, although you can configure your browser to block or alert you about them; some parts of Emplo may then not work properly.
  • Preference and functional cookies that remember your settings (such as language or interface preferences) and help personalise your experience.
  • Analytics cookies that help us understand how Emplo is used (e.g. which pages are visited, how long users stay, which features are used), so we can improve the service. These are generally used in aggregated or pseudonymised form.
  • Other tracking technologies, where relevant, such as local storage or similar mechanisms, used for similar purposes as cookies.

13.2 Legal basis and consent

Strictly necessary cookies are used based on our legitimate interests in providing a secure, functioning service. For analytics and other non-essential cookies, we rely on your consent where required by applicable e-privacy rules.

We provide a cookie banner or settings interface that allows you to:

  • accept or reject non-essential cookies;
  • change your choices at any time.

13.3 More information

Details about the specific cookies and similar technologies used on our website and in Emplo, including their purposes, duration and providers, are set out in our separate Cookie Policy, which forms part of our overall legal documentation and is accessible from the footer of our site. The Cookie Policy is available at [link to /legal or /cookies] and may be updated periodically to reflect changes in the tools we use.

14. Changes to this notice

We may update this Emplo-specific Privacy Notice from time to time to reflect changes in:

  • our services and features (for example, new Emplo functionalities or changes to Auto-Apply);
  • our data-processing practices;
  • applicable laws, regulations or guidance;
  • our organisational structure or service providers.

When we make changes, we will:

  • post the updated notice on our website, indicating the date of the latest revision at the top; and
  • where changes are material or significantly affect how we process your personal data, provide additional notice (for example, by email or in-app notification) and, where required by law, seek your consent to the changes.

Where required by emerging regulations such as the EU Artificial Intelligence Act, we may need to carry out additional risk assessments, human‑oversight measures, technical documentation, and logging for AI‑based functionalities used in employment‑related contexts. We may also adjust or limit certain high‑automation features (including some Auto‑Apply behaviours) for users in specific jurisdictions in order to comply with those regulations.

We encourage you to review this notice regularly to stay informed about how we process your personal data in connection with Emplo.

This is a draft document for Emplo and may change before launch.

Back to Legal overview