Help Center

Privacy Policy

Privacy Policy

Last updated: April 22, 2026

Knoot.AI ("Knoot", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform and services. This policy is designed to comply with applicable data protection laws including the General Data Protection Regulation (GDPR) of the European Union, Vietnam's Personal Data Protection Decree (Decree 13/2023/ND-CP), Singapore's Personal Data Protection Act (PDPA), Australia's Privacy Act 1988, and relevant United States privacy laws.

SECTION 1

Information We Collect

We collect the following categories of information:

Information You Provide

  • Account information: name, email address, phone number, company name, and job title
  • Resume and candidate data: resumes, CVs, and related documents uploaded by you for screening and matching purposes
  • Payment information: billing details processed through our third-party payment providers (we do not store full credit card numbers)
  • Communications: messages, feedback, and support requests you send to us

Information Collected Automatically

  • Device and browser information: IP address, browser type, operating system, and device identifiers
  • Usage data: pages visited, features used, timestamps, referring URLs, and interaction patterns
  • Cookies and similar technologies: session cookies, analytics cookies, and preference cookies (see Section 9)

SECTION 2

How We Use Your Data

We use your personal data for the following purposes:

  • To provide, maintain, and improve the Service, including AI screening, candidate matching, and analytics
  • To process transactions and manage your subscription
  • To communicate with you about your account, updates, and support
  • To ensure platform security, prevent fraud, and enforce our Terms of Service
  • To comply with legal obligations and respond to lawful requests from authorities

SECTION 3

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contractual necessity: processing required to provide the Service you requested
  • Consent: where you have given explicit consent (e.g., marketing communications)
  • Legitimate interests: improving the Service, fraud prevention, and platform security
  • Legal obligation: compliance with applicable laws and regulations

SECTION 4

Data Sharing & Third Parties

We do not sell your personal data. We may share data only in the following circumstances:

  • With service providers (hosting, analytics, payment processing) who process data on our behalf under strict data protection agreements
  • When you voluntarily share resumes to the community pool, other users may access that data according to platform rules
  • When required by law, regulation, or legal process, or to protect the rights, property, or safety of Knoot, our users, or the public

SECTION 5

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission for EEA data, compliance with Vietnam's Decree 13/2023 requirements for cross-border data transfers, adherence to PDPA requirements for data transfers from Singapore, and compliance with the Australian Privacy Principles (APPs) for transfers from Australia.

SECTION 6

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Data shared in the community pool may remain accessible even after account deletion, as other users may have already accessed it.

SECTION 7

Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest (AES-256), access controls and authentication mechanisms, regular security audits and vulnerability assessments, and isolated data storage for private talent pools. While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

SECTION 8

Your Privacy Rights

Depending on your jurisdiction, you may have specific rights regarding your personal data:

European Union (GDPR)

If you are in the EEA, you have the right to:

  • Access: obtain a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data ("right to be forgotten")
  • Restriction: limit how we process your data
  • Portability: receive your data in a structured, machine-readable format
  • Object: object to processing based on legitimate interests or direct marketing

Vietnam (Decree 13/2023/ND-CP)

Under Vietnam's Personal Data Protection Decree, you have the right to be informed about the processing of your personal data, to consent and withdraw consent, to access your personal data, to delete or correct your data, to restrict data processing, and to request data portability. We process data in compliance with the obligations of a Data Controller and Data Processor under Vietnamese law.

Singapore (PDPA)

Under Singapore's PDPA, you have the right to access your personal data held by us, to request correction of inaccurate data, and to withdraw consent for the collection, use, or disclosure of your personal data. We will respond to access and correction requests within 30 days.

Australia (Privacy Act 1988)

Under the Australian Privacy Principles, you have the right to know what personal information we hold about you, to request correction of inaccurate information, and to make a complaint about our handling of your personal information. We will respond to access requests within 30 days and handle complaints in accordance with our internal dispute resolution process.

United States

For residents of states with comprehensive privacy laws (such as California's CCPA/CPRA, Virginia's VCDPA, Colorado's CPA), you may have the right to know what personal information we collect and how it is used, to request deletion of your personal information, to opt out of the sale of your personal data (we do not sell personal data), and to non-discrimination for exercising your privacy rights.

SECTION 9

Cookies & Tracking Technologies

We use cookies and similar technologies for essential functionality, performance monitoring, and user preference storage. You can manage cookie preferences through your browser settings. Essential cookies are required for the Service to function and cannot be disabled. Analytics cookies help us understand usage patterns and improve the platform. Preference cookies remember your settings and choices.

SECTION 10

Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

SECTION 11

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and sending a notification through the platform or via email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

SECTION 12

Contact Us

For any privacy-related questions, requests, or complaints, please contact us at: Email: service@knoot.ai. For GDPR-related inquiries, you may also contact the relevant supervisory authority in your jurisdiction.