ModernLoop Privacy Policy

Personal Information We Collect

Customer Information

In order to serve our Customers, ModernLoop will collect various information on our Customers, including:

• Information of Customer employees such as your name, company email, company name, company website URL.
• Correspondence, which may include any personal information provided during an email correspondence or customer service engagement.
• Billing and administrative finance information.
• Calendar information when Customer provides ModernLoop with read and write access.
• Recordings and transcripts of, and information provided during, interviews of Candidates (defined below).
• Information about how our Customers use our Services, including our Platform, such as time spent on our applications, behavioral activity, and metadata associated with software interactions.
• Social media engagement information such as your social media account ID, your social media 'likes', click-throughs to our Website, or custom interactions when you interact with our accounts on social media platforms.
• Information about your use of our Platform.

Customers' Job Candidate Information

When our Customers use our Services, they enable ModernLoop to process various types of personal information of applicants to Customer's job postings ("Candidates"). Below, we provide a list of the commonly processed personal information of Candidates. Please note, the below list is not exhaustive of all personal information, and is intended to serve as a sample set.

• Candidate contact information provided by Customers, or directly by Candidates if Candidates registered directly with our Platform, such as name, email address, phone number, address.
• Candidate employment information including current and past employer(s) or role(s)/title(s).
• Information in a Candidate's resume and cover letter such as employment history, education, and additional information included by the Candidate.
• Information provided in correspondence between the Candidate and Customer when scheduling interviews and otherwise sent as part of the application process.
• Information from third parties, including LinkedIn.
• Recordings and transcripts of, and information provided during, Candidate interviews with Customer through the Platform.
• Inferences that may be drawn from or created based on any of the information identified above.

Sensitive Personal Information

We, or our Customers, may collect optional personal information deemed 'sensitive' under data privacy laws, such as race or ethnicity as part of our Customers application process or our AI interview sessions.

Website Visitor Information

We collect personal information when you visit our Website, such as:

• Contact information such as name and email address when you reach out to us, including to set up a demo or engage with our AI Interview service.
• Metadata and analytics for your use of our Services, including IP address including its coarse location, device information, date/time of visits, new or returning visits, products viewed, page response times, URL clickstreams, how long you stay on our pages, and what you do on those pages.
• We may use cookies, beacons, pixel tags, and other similar technologies to collect additional information automatically as you interact with the Services and to personalize your experience with our Services. Learn more about our cookie use below.

Artificial Intelligence Input Information

ModernLoop uses various artificial intelligence ("AI") tools to enable its Platform, and will collect the following input information when Customers or AI interviewees utilize the Platform;

• Candidates' responses to Customers' interview questions which will be recorded, transcribed and scored according to Customers' specific instructions.
• Metadata associated with the AI interview session, including date, time, IP address, beginning and end times of each session, and browser or device information.
• Time spent on each question, and various inferences or metrics associated with responses.

How We Use Personal Information

Subject to the terms of our Customer agreements or terms of use, we may use personal information for the following purposes:

• To provide and maintain our Services, including operating as an agent to communicate and schedule interviews with candidates on behalf of our Customers.
• To communicate with, and provide support to, our Customers, which may include email, SMS, and chat communications.
• To process payments securely.
• Customer support, including email.
• To improve our Platform or Services; for example, we use AI input information to improve the interactivity of our Platform and customer support information to improve our Services.
• To authenticate, verify or otherwise ensure compliance with Customer written instructions or to mitigate the risk of fraud.
• For security and safety reasons, such as detecting, preventing, and addressing technical issues and fraudulent, harmful, unauthorized, unethical, or illegal activity.
• For any legal purpose necessary, including IP protection, or if ModernLoop is required to process information as a result of a court order or other legal or regulatory proceeding.
• For any purpose with your consent.

Additionally, unless specified in a Customer agreement, we may use aggregated, de-identified, or anonymized data for any purpose.

How We Collect, Use, and Store SMS Data

We may collect SMS data when you engage with our Services via text messaging, including opt-ins, opt-outs, message content, delivery information, and metadata (e.g., timestamps and phone numbers). This data is collected to facilitate communication between you and ModernLoop, including support updates, reminders, or other service-related notifications.

We use SMS data only to fulfill the purpose for which it was collected, such as:

• Sending service alerts or transactional updates;
• Providing customer support;
• Delivering notifications or confirmations related to our recruiting platform.

SMS message content and associated metadata are securely stored in accordance with our data security protocols and are accessible only to authorized personnel with a legitimate need to know.

Third-Party SMS Providers

We utilize third-party SMS providers to facilitate and deliver SMS communications on our behalf. These providers may process limited personal information, such as your phone number and message content, to support message delivery. A list of our current subprocessors, including SMS providers, can be found at: https://www.modernloop.com/subprocessors/

SMS Data Retention

SMS data is retained only for as long as necessary to fulfill the purpose for which it was collected, in accordance with our standard data retention policies. Unless otherwise required by law or contractual obligation, we will delete or anonymize SMS content and associated metadata once it is no longer needed for operational or legal purposes.

How We Disclose Personal Information

We utilize various service providers (or 'data processors') to operate our Services, which includes sharing Customer and/or User personal information for the following categories of business purposes:

Some of the types of applications are:

• Customer Support.
• Customer Relationship Management.
• Calendar Applications.
• Background check providers.
• Coder tools.
• Video Conferencing Applications.
• SMS Messaging Providers. This may include disclosure of your personal information with our messaging service provider, Twilio, Inc. Twilio acts as our service provider in accordance with their privacy policy.
• Email Service Providers.
• Manage and optimize our Website and Services (see 'Cookies and other Tracking Technologies' below).
• Process payments.

Subject to our Customer agreements, we may disclose information in order to:

• Protect the legal rights of our Customers, our company, our employees, our agents, and our affiliates.
• Protect the safety and security of those who access and use our Services.
• Detect and protect against fraud.
• In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet law enforcement requirements or a court order, subpoena, or other judicial, administrative, or investigative proceedings.
• We may disclose personal information as part of a business transition. For example, we may disclose personal information with prospective purchasers exclusively to evaluate the proposed transaction. You will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

ModernLoop may disclose aggregate or anonymous information for any purpose. This means that the information we disclose does not identify specific individuals, nor is it combined with other personal information to protect your privacy.

Our list of subprocessors may also be found here; https://www.modernloop.com/subprocessors/

Use Of Cookies And Tracking Technologies

Like many companies, we use cookies and similar technologies such as clear gifs, web beacons, tags, and similar technologies (collectively, "Cookies") to collect information about your browsing activities, your interactions with our Website and Platform, and to serve tailored ads and for the purposes described in this Privacy Policy. There are a number of ways to opt out of having your online activity and device data collected through these services, which we summarize below:

• Opting out of cookie use in our Cookie Preferences Center. You can opt out of cookies via our cookie preferences center or by clicking on the 'Your Privacy Choices' link on our website footer.
• Advertising Industry Opt-Out Tools. You can also use these opt-out options to limit use of your information for interest-based advertising online or in apps by visiting http://optout.aboutads.info for U.S. residents, and https://www.youronlinechoices.eu/ for EU/UK residents.
• With Each of Our Vendors Individually. The following advertising or marketing services partners offer opt-out features that let you opt-out of use of your information for interest-based advertising or profiling:

Please note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Privacy Choices

You may exercise the following choices regarding our use of your personal information:

• Access the personal information we maintain about you.
• Delete the personal information we maintain about you. Please note we may be required by law to retain certain information in compliance with accounting, tax or other legal obligations.
• Correct inaccurate personal information we maintain about you
• Opt out of certain uses of your personal information, notably:
  • Marketing Emails. To opt out of marketing e-mail communications, you may click the 'unsubscribe' link in the marketing emails.
  • Marketing Text Messages. To opt out of marketing text messages, you must reply STOP to the text message. You agree that texting 'STOP', 'UNSUBSCRIBE', 'CANCEL', 'END', 'QUIT', 'REVOKE', or 'OPT OUT' in response to our text message is the only reasonable method of opting out. You also understand and agree that any other method of opting out, including, but not limited to, texting words other than 'STOP', 'UNSUBSCRIBE', 'CANCEL', 'END', 'QUIT', 'REVOKE', 'OPT OUT', or verbally requesting one of our employees to remove you from our list, is not a reasonable means of opting out.
  • Tailored advertising using cookies. Refer to our list of advertising services above for company-specific choices, or visit http://optout.aboutads.info to exercise an industry-wide opt-out. In addition, you may reject or delete cookies through your browser settings.

You can exercise these rights by contacting us at privacy@modernloop.io

If you are a candidate, applicant, or former employee of one of our business customers, and you would like to fulfill your rights to the personal information we maintain about you on behalf of our customer, please contact a representative of that customer rather than email us with your request. We cannot provide personal information about a specific individual on behalf of a customer without their express written instructions.

Security

We maintain reasonable safeguards to protect against unauthorized access, use, modification, and disclosure of personal information in our custody and control. Despite our efforts, we cannot guarantee that unauthorized access or use will never occur. It is important that you take steps to keep your information safe and secure. Choose an account password that is hard for others to guess and don't reveal it to third parties. If you use a shared public computer, do not opt to have your login ID or password remembered and be sure to log out of your account when you finish.

Retention

We will retain personal information according to the terms of our written agreements or for as long as it is necessary for the purposes of fulfilling our Services or otherwise as described in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

U.S. State-Specific Notice

Some U.S. states have enacted comprehensive privacy laws. The California Consumer Privacy Act, as amended by the California Privacy Rights Act or "CPRA" (collectively, the "CCPA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), Utah Consumer Privacy Act ("UCPA"), Oregon Consumer Privacy Act ("OCPA"), Texas Data Privacy and Security Act ("TXDPSA"), the Montana Consumer Data Privacy Act ("MTCDPA"), Iowa Consumer Data Protection Act ("IACDPA"), Delaware Personal Data Privacy Act ("DEPDPA"), Nebraska Data Privacy Act ("NEDPA"), New Hampshire Privacy Act ("NHPA"), New Jersey Data Privacy Act ("NJDPA"), Tennessee Information Protection Act ("TNIPA"), Minnesota Consumer Data Privacy Act ("MNCDPA"), and the Maryland Online Data Privacy Act ("MDODPA") create additional privacy obligations for businesses and provide their residents with additional privacy rights.

Additional Privacy Rights

In addition to the rights granted in 'Privacy Choices' above, if you are a resident of the above states, you may have the right to:

• Opt out of the 'sale' or 'share' of your personal information for the purpose of targeted advertising. We do not 'sell' or 'share' your personal information for monetary benefit. However, some third party cookies placed on our Website may be considered a 'sale' or 'share' under these privacy laws. You may opt out of such cookies as detailed in 'Use Of Cookies And Tracking Technologies' section (above).
  • Categories of personal information disclosed that may be considered a 'sale' or 'share': basic identifying information, device information and other unique identifiers, internet or other network activity from our website.
  • Categories of third parties to whom personal information was disclosed that may be considered a 'sale' or 'share' include targeted or cross contextual behavioral advertisers partners, and social media networks.
• Opt out of profiling. While ModernLoop uses artificial intelligence in certain of its Services, we do not engage in 'profiling' for our own business purposes. Candidates or applicants may have state-specific rights that can be directed to Customers utilizing our Platform.
• Sensitive Personal Information. If you participate in our AI Interview Sessions, we may collect certain optional information such as race or ethnicity that may be deemed 'sensitive' under select U.S. state privacy laws. We do not 'sell' or 'share' this information for any third party use, but you can exercise your right to delete any collected information by emailing us at the address below.

You can exercise these rights by emailing us at privacy@modernloop.io or via the 'Your Privacy Choices' webform.

Appeal

If we deny your privacy request, you may appeal that decision by emailing us at privacy@modernloop.io. We will respond to your appeal within a reasonable period of time and as required by law. If you are still unsatisfied with our response, you may have the right to file a complaint with your state attorney general.

Authorized Agent

If you are an authorized agent submitting a request on behalf of another person, you must provide a copy of a lawful power of attorney or written authorization from the consumer (along with proof of your identity). If you make a request as an authorized agent, you will receive additional instructions. Depending on the type of request, we may contact you or the consumer on whose behalf you claim to act to verify your authorization.

Right to Non-Discrimination

We do not discriminate against customers who exercise any of their rights described in our privacy policy.

Business/Controller Designation

ModernLoop operates as a 'Controller' (and a 'Business' under the CCPA) in operating its Website and in processing Customer information.

ModernLoop operates as a 'Processor' (and a 'Service Provider' under the CCPA) in operating its Platform and in processing Candidate information on behalf of our Customers.

Selling under Nevada Privacy Law

We do not currently and will not sell your personal information (as selling is defined under Nevada Privacy Law) for monetary payments without your consent. If we ever do, we will let you know in this Privacy Policy and you will have the right to opt out of selling certain personal information for monetary payments by contacting us at privacy@modernloop.io to make this request (include your state of residence when making such request).

EEA/UK Notice

The European Economic Area ("EEA") and the United Kingdom ("UK") have each enacted privacy laws. The European Union's ("EU") and the UK's General Data Protection Regulation (collectively, the "GDPR") create additional privacy obligations for 'Controllers' of personal data and provide EU and UK residents with additional privacy rights.

Legal Basis

Under the GDPR, we process personal data under the following legal bases.

Controller Designation

We are designated as a 'Controller' in operating our Website and in processing Customer information. A list of our subprocessors is available to our enterprise customers on-demand.

We are designated as a 'Processor' in operating our Platform and in processing Candidate information on behalf of our Customers.

Cross-Border Data Transfers

Our retail Services are directed and offered only to individuals within supported regions in the United States. All data is stored in the United States. As such, if you are a resident of the EEA, UK, or Switzerland, we may transfer to, and store the data we collect about you, to countries other than the country in which the data was originally collected, including the United States. Those countries may not have equivalent data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA, UK, and Switzerland. We rely on Standard Contractual Clauses ("SCCs") for the transfer of personal data to countries that have not received an applicable adequacy decision, as well as the UK's 'International Data Transfer Addendum' to the SCCs.

For more information on cross-border transfers of your Personal Data or the appropriate safeguards in place, please contact us at privacy@modernloop.io.

Data Protection Officer

We have appointed a Data Privacy Officer to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your Personal Data, or would like to request access to your Personal Data, please contact our Data Protection Officer at privacy@modernloop.io.

EU/UK Representatives

Our UK Representative:

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.

Our EU Representative:

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is: Instant EU GDPR Representative Ltd.

Additional Rights for UK or European Economic Area Residents

In addition to the rights granted above, if you are a UK or EEA resident, the GDPR grants you the right to lodge a complaint against us with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Children's Privacy

We do not intentionally collect any personal information from children under the age of 16. If you believe we have obtained personal information associated with children under the age of 16, please contact us at privacy@modernloop.io and we will delete it.

Third-Party Links

The Services may contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our sites and to read the privacy statements of any other site that collects personally identifiable information.

Changes To This Privacy Policy

We may update this Privacy Policy from time to time as we update or expand our Services. If we make material changes, we will post the updated Privacy Policy on this page with a 'Last Updated' effective date of the revisions. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access our Services.

Contact Us

If you have any questions about our privacy or security practices, or if you are a ModernLoop Customer and would like to request access to or correction of your personal information, you can contact us by email at privacy@modernloop.io or at: