Privacy Policy

1. Who We Are

WorkTransit AI Ltd ("WorkTransit AI", "we", "us", or "our") provides workforce transition, employability, employer, and programme-delivery software. This policy explains how we collect, use, store, and share personal data when people visit our websites, use our platform, or interact with us.

If you have privacy questions, you can contact us at privacy@worktransit.ai.

2. Scope of This Policy

This policy applies to prospective customers, tenant administrators, advisers, employers, end users, and website visitors. In some cases, an organisation using WorkTransit AI may also act as a controller of user data for its own programme. Where that applies, the organisation's own privacy materials may also be relevant.

3. Personal Data We Collect

• Identity and account data, such as name, email address, role, organisation, and login credentials.
• Profile and transition data, such as employment history, qualifications, skills, goals, CV content, and pathway activity.
• Assessment and learning data, such as responses, scores, progress, recommendations, and feedback.
• Employer and opportunity data, such as vacancies, interview activity, job matches, and application-related records.
• Billing and commercial data, such as subscription details, usage records, invoice information, and service interactions.
• Technical and usage data, such as IP address, browser details, device signals, logs, cookies, and platform events.
• Support and communications data, such as messages, tickets, notifications, and correspondence with us.

4. How We Collect Data

• Directly from you when you register, upload files, complete forms, or contact us.
• From your organisation, adviser, training provider, or employer when they invite you or administer a programme.
• Automatically through platform logs, cookies, analytics, and security monitoring.
• From integrated systems or service providers where this is enabled by your organisation or by you.

5. Why We Use Personal Data

• To provide accounts, authentication, security, and access control.
• To deliver pathway recommendations, assessments, job matching, CV tools, and related platform services.
• To personalise user experience, improve quality, and support programme operations.
• To run billing, finance, support, reporting, and customer relationship processes.
• To monitor service performance, detect misuse, investigate incidents, and maintain resilience.
• To comply with law, regulation, contractual commitments, and lawful requests.

6. Lawful Bases

Depending on the context, we rely on one or more of the following lawful bases:

• Contract, where processing is necessary to provide the service requested.
• Legitimate interests, including service improvement, fraud prevention, security, and programme administration.
• Legal obligation, where we must retain or disclose data to comply with applicable law.
• Consent, where we offer optional analytics, marketing, or similar elective processing.

7. AI and Automated Processing

Some features use AI to generate summaries, recommendations, draft documents, assessments, or insights. These outputs are assistive and may require review. We do not intend AI outputs alone to make decisions with legal or similarly significant effects on individuals. See our AI Transparency Notice for more detail.

8. Sharing Personal Data

We do not sell personal data. We may share data with:

• Your organisation, programme team, adviser, employer, or training provider where relevant to the service.
• Hosting, analytics, communications, payments, infrastructure, and AI service providers acting on our instructions.
• Professional advisers, auditors, regulators, law-enforcement bodies, or courts where required or appropriate.
• A buyer or successor organisation in connection with a corporate transaction, subject to appropriate safeguards.

9. International Transfers

Where personal data is transferred outside the UK, we take steps to ensure an appropriate level of protection, such as contractual safeguards, vendor due diligence, and other recognised transfer mechanisms where required.

10. Security

We use technical and organisational measures designed to protect personal data, including access controls, audit logging, encryption in transit where appropriate, least-privilege permissions, monitoring, and incident-management processes. No system can be guaranteed to be completely secure, so users should also protect their credentials and devices.

11. Retention

We retain data for as long as needed for the relevant purpose, including service delivery, contractual recordkeeping, compliance, audit, and dispute handling. Retention periods may vary by data type and customer arrangement. Where data is no longer needed, we delete it, anonymise it, or restrict its use as appropriate.

12. Your Rights

Subject to applicable law, you may have rights to:

• access a copy of your personal data;
• correct inaccurate or incomplete data;
• request deletion in certain circumstances;
• restrict or object to certain processing;
• receive portable data where applicable; and
• withdraw consent where processing depends on consent.

You can contact privacy@worktransit.ai to exercise these rights. You may also complain to the Information Commissioner's Office at ico.org.uk.

13. Cookies and Similar Technologies

We use cookies and similar technologies for security, authentication, preferences, analytics, and service improvement. More detail is available in our Cookie Policy.

14. Changes to This Policy

We may update this policy from time to time. We will publish the latest version here and update the "last updated" date above. Material changes may also be notified through the platform or by email where appropriate.