1. INTRODUCTION

GogHR, Inc. ("GogHR," "we," "us," or "our"), a Delaware corporation, is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information from candidates, recruiters, employers, and other users ("you" or "User") of our AI-powered recruitment platform accessible at goghr.ai (the "Platform").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.

1.1 About GogHR, Inc.

Legal Entity: GogHR, Inc.
Jurisdiction: Delaware, United States
Registration Number: 32-0798506
Registered Address: 1111b South Governors Ave STE 25155, Dover, DE 19904, United States
Contact: info@goghr.ai
Phone: +1 (786) 630-8431

Website: https://goghr.ai

2. SCOPE AND APPLICABILITY

This Privacy Policy applies to: - All personal data collected through the GogHR Platform - Data collected via our website, mobile applications, and related services - Information obtained through third-party integrations (LinkedIn, job boards, etc.) - Communications via email, phone, or other channels

This Privacy Policy governs all processing activities conducted by GogHR, Inc. and covers compliance with: - United States: California Consumer Privacy Act (CCPA), Delaware Personal Data Privacy Act (DPDPA), and applicable federal laws - European Union/EEA: General Data Protection Regulation (GDPR) - United Arab Emirates: Personal Data Protection Law (PDPL) - Other jurisdictions: Applicable data protection laws where our Users are located

3. DEFINITIONS

For purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion
• "Controller" means GogHR, Inc., which determines the purposes and means of processing personal data
• "Processor" means any third party that processes personal data on behalf of GogHR
• "Candidate" means individuals seeking employment who use the Platform
• "Recruiter" means individuals or organizations using the Platform to identify and evaluate candidates
• "Employer" means organizations that post job opportunities and hire through the Platform

4. PERSONAL DATA WE COLLECT

4.1 Information You Provide Directly

From Candidates: - Full name, email address, phone number, location (city/country) - Resume/CV (work history, education, skills, certifications, references) - Cover letters and application materials - Profile information (professional summary, career preferences, salary expectations) - Video interview recordings (audio and visual data, facial expressions, speech patterns) - Voice recordings and transcriptions - Responses to assessment questions and technical tests - Identity verification documents (when required) - Demographic information (optionally provided for diversity initiatives)

From Recruiters and Employers: - Business contact information (name, title, company, email, phone) - Company details (industry, size, location) - Job descriptions and requirements - Hiring criteria and preferences - Payment and billing information - Team member information for collaborative hiring

From All Users: - Account credentials (username, password hashes) - Communication preferences and settings - Feedback, surveys, and support inquiries - User-generated content (notes, comments, evaluations)

4.2 Information Collected Automatically

Technical Data: - IP address, browser type, device identifiers - Operating system, screen resolution, language preferences - Cookies, web beacons, and similar tracking technologies - Access times, referring URLs, pages viewed - Platform usage patterns and interaction data

Behavioral Analytics: - Feature usage statistics - Click-through rates and navigation paths - Time spent on various Platform sections - Search queries and filter preferences - Video interview engagement metrics

4.3 Information from Third-Party Sources

• Social Media Platforms: Profile data imported from LinkedIn, GitHub, or other professional networks (with your authorization)
• Job Boards: Application data when you apply through integrated platforms
• Public Sources: Publicly available professional information
• Verification Services: Background check data (when authorized)
• Payment Processors: Transaction and billing information

5. LEGAL BASIS FOR PROCESSING

GogHR processes personal data based on the following legal grounds:

5.1 Contract Performance (Primary Basis)

Processing necessary to provide Platform services, facilitate recruitment, conduct interviews, and fulfill our obligations under the Terms of Service and Subscription Agreements.

5.2 Consent

• Video and voice recording during AI interviews
• Optional demographic data collection
• Marketing communications
• Third-party data sharing beyond service provision
• Cookies and non-essential tracking technologies

You may withdraw consent at any time by contacting info@goghr.ai or adjusting your account settings.

5.3 Legitimate Interests

• Platform security and fraud prevention
• Improving AI algorithms and service quality
• Internal analytics and business optimization
• Customer support and dispute resolution
• Legal compliance and regulatory reporting

We conduct balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms.

5.4 Legal Obligations

• Compliance with employment laws and anti-discrimination regulations
• Tax and financial reporting requirements
• Responding to lawful requests from authorities
• Protecting legal rights in litigation

6. HOW WE USE PERSONAL DATA

6.1 Core Platform Services

For Candidates: - Create and manage your profile - Match you with relevant job opportunities - Conduct AI-powered video interviews and assessments - Analyze skills, competencies, and job fit - Generate interview reports and candidate scorecards - Facilitate communication with recruiters and employers - Provide feedback and career development insights - Enable job application tracking

For Recruiters and Employers: - Post and manage job listings - Search and filter candidate databases - Review applications and interview recordings - Access AI-generated candidate evaluations - Facilitate collaborative hiring decisions - Manage hiring pipelines and workflows - Generate recruitment analytics and reports

6.2 AI and Machine Learning

We use personal data, including video and voice recordings, to: - Train and improve AI interview models - Enhance natural language processing capabilities - Develop bias detection and mitigation algorithms - Improve candidate-job matching accuracy - Refine speech recognition and sentiment analysis - Generate predictive hiring insights

Important: AI training uses anonymized and aggregated data whenever possible. Identifiable data is only used with explicit consent and subject to strict access controls.

6.3 Platform Improvement and Analytics

• Monitor Platform performance and reliability
• Analyze user behavior to enhance UX/UI
• Develop new features and services
• Conduct A/B testing and product research
• Generate anonymized usage statistics

6.4 Communications

• Send transactional emails (account confirmations, password resets, application updates)
• Provide customer support responses
• Deliver Platform notifications and alerts
• Send marketing communications (with consent, opt-out available)
• Conduct surveys and request feedback

6.5 Security and Compliance

• Detect and prevent fraud, spam, and abuse
• Enforce Terms of Service and acceptable use policies
• Protect intellectual property rights
• Comply with legal obligations and regulatory requirements
• Respond to legal processes and government requests

7. DATA SHARING AND DISCLOSURE

GogHR does not sell personal data. We share data only as described below:

7.1 With Recruiters and Employers (Candidates)

When you apply for a position or participate in an interview: - Your profile, resume, and application materials are shared with the hiring organization - Interview recordings and AI-generated evaluations are accessible to authorized recruiters - Assessment results and scoring analytics are provided to employers

You control which organizations see your data by choosing which jobs to apply for.

7.2 With Candidates (Recruiters/Employers)

• Candidate profiles and application materials (as submitted)
• Interview recordings and assessment results
• AI-generated insights and recommendations

7.3 Service Providers and Processors

We engage trusted third-party vendors who process data on our behalf:

Infrastructure and Hosting: - Amazon Web Services (AWS) – Cloud infrastructure, data storage, and computing (US and EU regions) - Content Delivery Networks (CDNs) – Global content distribution

AI and Analytics: - OpenAI – Large language model APIs for conversational AI and natural language processing - Google Cloud

AI – Speech-to-text and machine learning services - Analytics Providers – Platform usage analytics (Google Analytics, Mixpanel, Heap)

Communication Services: - Email Service Providers – Transactional and marketing emails (SendGrid, Mailgun) - Customer Support Tools – Ticketing and live chat (Intercom, Zendesk)

Payment Processing: - Stripe – Payment processing and billing management - PayPal – Alternative payment processing

Verification and Security: - Background Check Providers – Employment verification (when authorized) - Security Services – Fraud detection and DDoS protection

Marketing and CRM: - HubSpot – Customer relationship management and marketing automation - LinkedIn – Professional networking integration - Advertising Platforms – Google Ads, Facebook Ads (with cookie consent)

All processors are contractually required to: - Process data only on our instructions - Implement appropriate security measures - Comply with applicable data protection laws - Maintain confidentiality - Delete or return data upon contract termination

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to the successor entity. You will be notified via email and/or Platform notice before your data is transferred and becomes subject to a different privacy policy.

7.5 Legal Requirements and Protection

We may disclose personal data when required or permitted by law: - To comply with subpoenas, court orders, or legal processes - To respond to lawful government or regulatory requests - To protect the rights, property, or safety of GogHR, our users, or the public - To enforce our Terms of Service and agreements - To detect, prevent, or address fraud, security, or technical issues

7.6 With Your Consent

We may share data with third parties when you provide explicit consent, such as: - Sharing your profile with specific recruiters or employers - Integrating with third-party applications - Participating in research studies or case studies - Public testimonials or marketing materials

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers

GogHR operates globally. Personal data may be transferred to and processed in countries outside your jurisdiction, including: - United States (primary data processing location) - European Union (EU/EEA data residency options) - Other regions where our service providers operate

8.2 Transfer Safeguards

For transfers from the EU/EEA or other regions with data localization requirements, we implement appropriate safeguards:

Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with all non-EU processors.

Adequacy Decisions: We rely on adequacy decisions recognized by the European Commission where applicable.

Binding Corporate Rules: For intra-group transfers (if applicable in the future).

Data Processing Agreements: All processors sign DPAs incorporating GDPR-compliant terms.

Supplementary Measures: We conduct Transfer Impact Assessments (TIAs) and implement encryption, pseudonymization, and access controls to protect data during international transfers.

8.3 Data Residency Options

Enterprise clients may request: - EU-only data processing and storage - Specific geographic restrictions - Data localization guarantees

Contact info@goghr.ai for custom data residency arrangements.

9. DATA RETENTION

9.1 Retention Periods

We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by law:

Candidate Data: - Active Accounts: Retained while account is active and for 3 years after last login - Interview Recordings: Retained for 2 years after interview completion (unless deletion requested) - Application Materials: Retained for duration of recruitment process + 1 year (for reporting and analytics) - AI Training Data: Anonymized data retained indefinitely; identifiable data deleted after 2 years or upon request

Recruiter/Employer Data: - Active Accounts: Retained while account is active and subscription is current - Job Postings: Retained for 2 years after posting closure - Billing Records: Retained for 7 years (legal/tax requirements) - Candidate Evaluations: Retained as long as candidate data is retained

General Data: - Technical Logs: 90 days (unless required for security investigations) - Analytics Data: Aggregated data retained indefinitely; individual-level data 2 years - Support Communications: 3 years after resolution.

9.2 Deletion and Anonymization

Upon expiration of retention periods or when data is no longer needed: - Personal data is securely deleted using industry-standard methods (overwriting, degaussing) - Alternatively, data is anonymized so it can no longer identify you - Backup systems are purged according to our data retention schedule (backups deleted within 90 days)

9.3 Legal Holds

Data may be retained beyond normal periods when: - Subject to pending litigation or investigations - Required by court order or legal obligation - Necessary to protect legal rights or defend claims

10. DATA SECURITY

10.1 Security Measures

GogHR implements comprehensive technical and organizational measures to protect personal data:

Encryption: - In Transit: TLS 1.3 encryption for all data transmissions - At Rest: AES-256 encryption for stored data - End-to-End: Encrypted video storage and transmission

Access Controls: - Role-based access control (RBAC) with principle of least privilege - Multi-factor authentication (MFA) for administrative access - Regular access reviews and permission audits - Separate production and development environments

Network Security: - Firewalls and intrusion detection/prevention systems (IDS/IPS) - DDoS protection and traffic monitoring - Virtual Private Cloud (VPC) isolation - Regular vulnerability scanning and penetration testing.

Application Security: - Secure coding practices and code reviews - Regular security updates and patch management - Web application firewall (WAF) - SQL injection and XSS prevention - CSRF token protection

Operational Security: - Security incident response plan - Regular security awareness training for staff - Vendor security assessments - Third-party security audits and certifications (SOC 2, ISO 27001 in progress) - Data loss prevention (DLP) tools

Physical Security: - AWS data centers with 24/7 monitoring and access controls - Redundant infrastructure and disaster recovery - Regular backups with encrypted offsite storage

10.2 Limitations

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for: - Maintaining confidentiality of your account credentials - Using strong, unique passwords - Enabling MFA when available - Promptly reporting suspected unauthorized access

11. YOUR PRIVACY RIGHTS

11.1 Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right of Access: Request confirmation of whether we process your personal data and obtain a copy.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances.
• Right to Restriction: Request we limit processing of your data in specific situations.
• Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller.
• Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling.
• Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing).
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

11.2 Rights Under CCPA (California Users)

If you are a California resident, you have:

• Right to Know: Request disclosure of personal data collected, sources, purposes, and third parties with whom it's shared.
• Right to Delete: Request deletion of personal data (subject to exceptions).
• Right to Opt-Out: Opt-out of "sale" of personal data (Note: GogHR does not sell personal data).
• Right to Non-Discrimination: Not be discriminated against for exercising CCPA rights.
• Right to Correct: Request correction of inaccurate personal data.
• Right to Limit Use of Sensitive Personal Information: Limit use of sensitive data (video/voice recordings) to providing services.

11.3 Rights Under Delaware DPDPA

Delaware residents have rights similar to CCPA, including: - Right to confirm processing and access data - Right to correct inaccuracies - Right to delete personal data - Right to opt-out of targeted advertising and sale (GogHR does not engage in these)

11.4 Rights Under UAE PDPL

UAE residents have: - Right to access personal data - Right to rectify or complete data - Right to erase data - Right to restrict processing - Right to object to processing - Right to data portability

11.5 How to Exercise Your Rights

• Online: Log into your account and adjust settings under "Privacy & Security"
• Email: Send requests to info@goghr.ai with subject line "Privacy Rights Request"
• Mail: GogHR, Inc., Attn: Privacy Officer, 1111b South Governors Ave STE 25155, Dover, DE 19904, USA
• Phone: +1 (786) 630-8431
• Required Information: - Full name and email address associated with your account - Specific right you wish to exercise - Description of your request - Proof of identity (government-issued ID may be required)
• Response Time: - GDPR: 30 days (may be extended by 60 days for complex requests) - CCPA/DPDPA: 45 days (may be extended by 45 days) - UAE PDPL: 30 days

We will verify your identity before processing requests. For deletion requests, we may retain certain data as permitted or required by law.

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 What Are Cookies?

Cookies are small text files stored on your device when you visit the Platform. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance functionality and collect usage data.

12.2 Types of Cookies We Use

• Strictly Necessary Cookies (Cannot be disabled) - Authentication and session management - Security and fraud prevention - Load balancing and performance
• Functional Cookies (Enabled by default, can be disabled) - Remember preferences and settings - Provide enhanced features - Support Platform functionality
• Analytics Cookies (Require consent) - Google Analytics – Usage statistics and behavior analysis - Mixpanel – Feature usage and user flows - Heap – Session replay and interaction tracking
• Marketing Cookies (Require consent) - Google Ads – Conversion tracking and retargeting - LinkedIn Insight Tag – B2B advertising - Facebook Pixel – Social media advertising

12.3 Managing Cookies

• Cookie Consent Banner: Upon first visit, you can accept or reject non-essential cookies.
• Cookie Settings: Click "Cookie Settings" in the footer to modify preferences anytime.
• Browser Settings: Configure your browser to block or delete cookies (may affect Platform functionality).
• Opt-Out Links: - Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout - Network Advertising Initiative: https://optout.networkadvertising.org/

12.4 Do Not Track (DNT)

Some browsers offer "Do Not Track" signals. Currently, there is no industry standard for responding to DNT. We do not respond to DNT signals but provide cookie controls as described above.

13. CHILDREN'S PRIVACY

The Platform is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children.

If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information promptly.

If you believe a child has provided us with personal data, please contact us immediately at info@goghr.ai.

15. THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to third-party websites, applications, or services (e.g., LinkedIn, job boards, payment processors). This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We recommend reviewing the privacy policies of any third-party services you access through our Platform.

Third-Party Integrations: - When you authorize integration with LinkedIn or other platforms, you are subject to their privacy policies. - Data shared through integrations is governed by the third party's terms.

6. AUTOMATED DECISION-MAKING AND PROFILING

16.1 AI-Powered Assessments

• GogHR uses AI algorithms to: - Analyze interview responses and candidate suitability - Generate skill assessments and competency scores - Rank and recommend candidates to employers - Provide hiring insights and predictions
• Important Disclosures:
• No Fully Automated Decisions: Final hiring decisions are always made by human recruiters or employers, not solely by AI. Our AI provides recommendations and insights to assist decision-making.
• Right to Human Review: You have the right to request human review of AI-generated assessments.
• Right to Explanation: You can request an explanation of how AI evaluations are generated.
• Bias Mitigation: We actively work to detect and reduce bias in AI models through: - Regular algorithmic audits - Diverse training datasets - Fairness metrics and testing - Compliance with employment anti-discrimination laws.

16.2 Profiling

We create profiles based on: - Skills, experience, and qualifications - Interview performance and assessment results - Job preferences and career goals - Engagement with Platform features

You may object to profiling or request restrictions by contacting info@goghr.ai.

17. CALIFORNIA "SHINE THE LIGHT" LAW

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal data to third parties for direct marketing purposes.

GogHR does not share personal data with third parties for their direct marketing purposes. If you have questions, contact info@goghr.ai.

18. ANONYMITY AND PSEUDONYMITY

18.1 Limitations

Due to the nature of our Platform (recruitment and employment services), it is generally not practical to interact anonymously or under a pseudonym. We require verified identities to: - Maintain trust between candidates and employers - Comply with employment verification requirements - Prevent fraud and abuse - Facilitate meaningful hiring processes

18.2 Limited Anonymous Browsing

You may browse certain public areas of the Platform (e.g., job listings) without creating an account. However, to apply for jobs or conduct interviews, you must create an account and provide accurate information.

19. CONTACT INFORMATION AND COMPLAINTS

19.1 Privacy Officer

For privacy-related inquiries, requests, or complaints:

Email: info@goghr.ai
Subject Line: "Privacy Inquiry" or "Data Rights Request"

Mailing Address:
GogHR, Inc.
Attn: Privacy Officer
1111b South Governors Ave STE 25155
Dover, DE 19904
United States

Phone: +1 (786) 630-8431

19.2 EU Representative (GDPR Article 27)

For users in the European Union/EEA, our EU representative for GDPR matters:

[To be appointed]
We will update this section upon appointment of an EU representative.

19.3 UK Representative (UK GDPR)

For users in the United Kingdom:

[To be appointed]
We will update this section upon appointment of a UK representative.

19.4 Supervisory Authorities

You have the right to lodge a complaint with a data protection authority:

EU/EEA Users:
Find your local Data Protection Authority: https://edpb.europa.eu/about-edpb/board/members_en

UK Users:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: +44 303 123 1113

UAE Users:
UAE Data Office (UDO)
Website: https://u.ae/en/about-the-uae/digital-uae/data/the-uae-data-office
Email: udo@tdra.gov.ae

California Users:
California Attorney General's Office
Website: https://oag.ca.gov/privacy/ccpa
Phone: +1 916 210 7580

Delaware Users:
Delaware Department of Justice
Website: https://attorneygeneral.delaware.gov
Phone: +1 302 577 8400

20. CHANGES TO THIS PRIVACY POLICY

20.1 Updates

We may update this Privacy Policy from time to time to reflect: - Changes in our data practices - New features or services - Legal or regulatory developments - Feedback from users and regulators

20.2 Notification

Material Changes: We will notify you via: - Email to your registered address (at least 30 days before effective date) - Prominent notice on the Platform - Pop-up notification upon next login

Non-Material Changes: We will update the "Last Updated" date and post the revised policy on the Platform.

20.3 Continued Use

Your continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, you must discontinue use and may request account deletion.

21. ADDITIONAL DISCLOSURES

21.1 AI and Third-Party Services Disclaimer

GogHR utilizes advanced AI technologies and third-party services to provide the Platform, including:

AI Services: - OpenAI (ChatGPT, GPT-4, Whisper) – Conversational AI, natural language processing, speech-to-text - Google Cloud AI – Machine learning, translation, and analytics - Proprietary GogHR AI Models – Custom-trained models for recruitment assessment

Infrastructure: - Amazon Web Services (AWS) – Cloud hosting and data storage - Cloudflare – CDN and security services

Analytics and Marketing: - Google Analytics – Website and Platform analytics - HubSpot – CRM and marketing automation - Mixpanel, Heap – Product analytics

Important: By using the Platform, you acknowledge that your data may be processed by these third-party providers. We ensure all providers comply with applicable data protection laws (GDPR, CCPA, UAE PDPL, DPDPA) through: - Data Processing Agreements (DPAs) - Standard Contractual Clauses (SCCs) - Security and confidentiality commitments - Regular vendor assessments

We recommend reviewing the privacy policies of third-party providers: - OpenAI Privacy Policy: https://openai.com/privacy - AWS Privacy Notice: https://aws.amazon.com/privacy - Google Privacy Policy: https://policies.google.com/privacy

21.2 Video and Voice Recording Consent

Explicit Consent Required: Before participating in AI video interviews, you will be asked to provide explicit consent to: - Record video and audio of your interview - Analyze facial expressions, tone, and speech patterns - Use recordings for AI training and service improvement - Share recordings with prospective employers

You may decline consent, but this will prevent you from participating in AI interviews (manual resume review may still be available).

You may request deletion of interview recordings at any time by contacting info@goghr.ai. Deletion will occur within 30 days, except where retention is required by law or for active recruitment processes.

21.3 Biometric Data (Where Applicable)

Some jurisdictions classify facial recognition and voice analysis as "biometric data" subject to heightened protections (e.g., Illinois BIPA, Texas CUBI).

GogHR does not: - Create voiceprints or facial templates for identification purposes - Use biometric data for surveillance or tracking - Share biometric identifiers with third parties (except as disclosed)

We do: - Analyze facial expressions and voice tone to assess communication skills - Use AI to evaluate candidate responses and engagement - Anonymize biometric features where possible for AI training

If you are located in a jurisdiction with biometric data laws, additional protections apply. Contact info@goghr.ai for jurisdiction-specific disclosures.

21. ADDITIONAL DISCLOSURES

21.1 AI and Third-Party Services Disclaimer

GogHR utilizes advanced AI technologies and third-party services to provide the Platform, including:

• AI Services: - OpenAI (ChatGPT, GPT-4, Whisper) – Conversational AI, natural language processing, speech-to-text - Google Cloud AI – Machine learning, translation, and analytics - Proprietary GogHR AI Models – Custom-trained models for recruitment assessment
• Infrastructure: - Amazon Web Services (AWS) – Cloud hosting and data storage - Cloudflare – CDN and security services
• Analytics and Marketing: - Google Analytics – Website and Platform analytics - HubSpot – CRM and marketing automation - Mixpanel, Heap – Product analytics
• Important: By using the Platform, you acknowledge that your data may be processed by these third-party providers. We ensure all providers comply with applicable data protection laws (GDPR, CCPA, UAE PDPL, DPDPA) through: - Data Processing Agreements (DPAs) - Standard Contractual Clauses (SCCs) - Security and confidentiality commitments - Regular vendor assessments

We recommend reviewing the privacy policies of third-party providers: - OpenAI Privacy Policy: https://openai.com/privacy - AWS Privacy Notice: https://aws.amazon.com/privacy - Google Privacy Policy: https://policies.google.com/privacy

21.2 Video and Voice Recording Consent

• Explicit Consent Required: Before participating in AI video interviews, you will be asked to provide explicit consent to: - Record video and audio of your interview - Analyze facial expressions, tone, and speech patterns - Use recordings for AI training and service improvement - Share recordings with prospective employers
• You may decline consent, but this will prevent you from participating in AI interviews (manual resume review may still be available).
• You may request deletion of interview recordings at any time by contacting info@goghr.ai. Deletion will occur within 30 days, except where retention is required by law or for active recruitment processes.

21.3 Biometric Data (Where Applicable)

• Some jurisdictions classify facial recognition and voice analysis as "biometric data" subject to heightened protections (e.g., Illinois BIPA, Texas CUBI).
• GogHR does not: - Create voiceprints or facial templates for identification purposes - Use biometric data for surveillance or tracking - Share biometric identifiers with third parties (except as disclosed)
• We do: - Analyze facial expressions and voice tone to assess communication skills - Use AI to evaluate candidate responses and engagement - Anonymize biometric features where possible for AI training

If you are located in a jurisdiction with biometric data laws, additional protections apply. Contact info@goghr.ai for jurisdiction-specific disclosures.

22. ACCESSIBILITY

GogHR is committed to ensuring this Privacy Policy is accessible to all users. If you require this policy in an alternative format (large print, audio, Braille, or other accessible formats), please contact:

Email: info@goghr.ai
Subject Line: "Accessible Privacy Policy Request"

We will provide alternative formats within 15 business days at no charge.

23. GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with:

Primary Jurisdiction: The laws of the State of Delaware, United States (excluding conflict of law principles)

For EU/EEA Users: GDPR and applicable EU member state laws
For California Users: CCPA and California privacy laws
For UAE Users: UAE Personal Data Protection Law
For Other Jurisdictions: Local data protection laws apply to the extent required

Any disputes arising from this Privacy Policy shall be resolved in accordance with the dispute resolution provisions in our Terms of Service.

24. SEVERABILITY

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. Invalid provisions shall be modified to the minimum extent necessary to make them valid and enforceable while preserving the original intent.

25. ENTIRE AGREEMENT

This Privacy Policy, together with our Terms of Service, Cookie Policy, and Data Processing Agreement, constitutes the entire agreement between you and GogHR regarding the processing of your personal data.

26. ACCEPTANCE AND CONSENT

By using the GogHR Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy.

For video/voice recording consent, you will be asked to provide explicit opt-in consent before participating in AI interviews.

If you do not agree with this Privacy Policy, you must not use the Platform.

GogHR, Inc.
1111b South Governors Ave STE 25155
Dover, DE 19904
United States
info@goghr.ai
+1 (786) 630-8431

© 2026 GogHR, Inc. All rights reserved.