Perfect JobPerfectJob Back to home

Data Protection Readiness Statement

Effective Date: June 11, 2026

At Perfect Job, we recognize that trust is the foundation of the modern digital recruitment landscape. As a cutting-edge recruiting platform and intelligence tool, we are committed to maintaining the highest standards of data privacy, security, and regulatory compliance.

This Data Protection Readiness Statement outlines our systematic approach to compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and the Telephone Consumer Protection Act (TCPA).

Platform Clarification

Perfect Job operates exclusively as a recruiting technology platform and software tool that connects candidates directly with employers and corporate hiring managers. We do not operate as a staffing agency, professional employer organization (PEO), or joint employer.

1. Our Data Governance Philosophy: Privacy by Design

Perfect Job is engineered with "Privacy by Design" and "Privacy by Default" principles. This means data protection is not an afterthought; it is embedded into our software architecture, user interfaces, and commercial data workflows.

Our compliance framework is built to balance innovative recruitment automation—including machine learning assessment algorithms and strategic data monetization—with uncompromising user control and transparent disclosure.

2. Regulatory Compliance Pillars

A. GDPR & UK GDPR Readiness

For candidates, employees, and corporate clients operating within the European Economic Area (EEA) and the United Kingdom, Perfect Job ensures full compliance through:

  • Lawful Basis for Processing: We process data under strict legal grounds, mandating explicit, affirmative opt-in consent for sensitive biometric data processing (audio/video assessments) and commercial data licensing.
  • Data Subject Rights Architecture: Our platform features automated data retrieval and deletion tools, enabling European users to seamlessly execute their rights to access, rectify, port, or erase ("Right to be Forgotten") their personal information.
  • Cross-Border Data Integrity: For data transferred to the United States, we utilize robust legal mechanisms, including the EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs), verified by rigorous annual compliance audits.

B. CCPA / CPRA Readiness

For California-based job applicants, platform users, and internal personnel, Perfect Job provides comprehensive protections under state frameworks:

  • Notice at Collection: Explicit, up-front disclosure of all collected personal and sensitive data categories.
  • Granular Consent Toggles: A centralized, programmatic ecosystem that honors Global Privacy Control (GPC) signals and handles "Do Not Sell or Share My Personal Information" directives within legal timelines.
  • Sensitive Personal Information (SPI) Isolation: Strict administrative controls that isolate government identifiers (SSNs, Passports) and financial data, ensuring they are never bundled or sold into commercial datasets.

C. TCPA Compliance

To ensure total alignment with Federal Communications Commission (FCC) standards, our automated outreach tools require prior express written consent before initiating any automated text or voice communications. We maintain fully auditable consent logs, real-time "STOP" opt-out processing, and immediate synchronization with our internal Do-Not-Call registry.

3. Specialized Readiness: Ethical AI Data Monetization

As disclosed in our Privacy Policy, Perfect Job licenses specific, non-sensitive communication strings, resume texts, and evaluation recordings to third-party artificial intelligence and large language model (LLM) developers. Our readiness controls for this unique data pipeline include:

  • Algorithmic Opt-Out Verification: Before any dataset is compiled, leased, or transmitted to an AI development partner, it passes through an automated filtering protocol that scrubs and excludes any candidate record that has flagged a "Do Not Sell" or "Withdraw Consent" directive.
  • Data Minimization & Anonymization: Where feasible, data earmarked for commercial AI training undergoes advanced tokenization and structural anonymization to remove direct real-world identifiers (e.g., stripping names, SSNs, and explicit addresses) before transfer.
  • Strict Downstream Vendor Auditing: We contractually require all AI technology partners to legally bind themselves to security constraints, prohibiting them from attempting to re-identify anonymized Perfect Job datasets.

4. Technical and Organizational Security Measures (TOMs)

Perfect Job maintains robust administrative, technical, and physical safeguards designed to shield personal information from unauthorized access, alteration, disclosure, or destruction:

  • Data Encryption: All data processed by the platform is encrypted utilizing industry-standard Transport Layer Security (TLS 1.3) in transit and Advanced Encryption Standard (AES-256) at rest.
  • Secure Session Recording: Our web session-replay scripts (used to monitor test integrity) are configured to automatically mask sensitive field inputs, ensuring that passwords, keystrokes of financial data, or sensitive personal fields are never recorded or stored in our session logs.
  • Access Control and Multi-Factor Authentication (MFA): Access to platform databases is restricted using the Principle of Least Privilege (PoLP). Internal employees and corporate clients must pass multi-factor authentication protocols to view candidate files.
  • Continuous Vulnerability Management: We conduct routine automated penetration testing, code reviews, and threat-modeling assessments to mitigate potential system vulnerabilities.

5. Third-Party Vendor & Client Risk Management

Because Perfect Job acts as an intermediary tool linking candidates to employers, our readiness program extends to third parties. Every corporate client (hiring company) that registers an account with Perfect Job must sign a mandatory Data Processing Addendum (DPA). This contractually obligates them to treat candidate data in absolute compliance with applicable local and federal privacy laws and prevents them from downloading or utilizing candidate records outside the scope of the specific job opening.

6. Continuous Monitoring and Governance

The data protection regulatory landscape is dynamic. Perfect Job continuously updates its internal frameworks, employee training manuals, and platform codebases to align with evolving state, federal, and international privacy statutes.

For inquiries regarding our Data Protection Readiness Statement, or to review our compliance documentation, please contact our Data Privacy Office at privacy@perfectjob.com.