Trust & Governance Center

1. AI and Automated Processing Disclosure

As a platform specializing in AI Governance careers, we maintain strict guardrails regarding the use of artificial intelligence and automated decision-making (ADM) on candidate data.

• No AI Training on Candidate Data: GRC Careers does not, and will not, scrape, license, or sell candidate profiles, resumes, or application data to train proprietary or third-party Large Language Models (LLMs).
• No Automated Auto-Rejections: We do not deploy algorithmic profiling or automated decision-making (ADM) to unilaterally rank, score, or auto-reject candidates on our platform.
• Employer Processing: Employers utilizing our platform are bound by our Terms of Service to comply with all applicable algorithmic fairness and employment laws when processing applications exported from GRC Careers.

2. Data Chain of Custody (Controller vs. Processor)

To ensure absolute clarity regarding data subject rights under GDPR, CCPA/CPRA, and global privacy frameworks, our chain of custody is strictly delineated:

• Platform Account Data: For data required to create a GRC Careers profile and manage job alerts, GRC Careers, LLC acts as the Data Controller.
• Application Data: When a candidate submits an application to a specific job posting, the hiring employer immediately becomes the Data Controller of that application data. In this transaction, GRC Careers acts strictly as a Data Processor facilitating the secure transfer of information. Requests for deletion of application data held by an employer must be directed to that hiring entity.

3. Affirmative Privacy and Data Practices

We collect the absolute minimum data required to facilitate connections between GRC professionals and hiring entities.

• We do not sell personal data. This applies universally to all users, satisfying the opt-out requirements of the CCPA/CPRA without the need for a secondary "Do Not Sell" mechanism.
• We do not engage in cross-context behavioral advertising. Your activity on GRC Careers is not tracked, packaged, or shared with third-party data brokers or advertising networks.
• We do not warehouse candidate data. We do not build permanent shadow profiles or host public resume databases.

4. Global Jurisdiction and Cross-Border Governance

Because GRC Careers connects talent globally, we operate under a unified compliance architecture modeled after the world's strictest data and AI frameworks (including the EU GDPR, the EU AI Act, Canada's AIDA, and California's CPRA).

• International Data Transfers: For users residing within the EU, EEA, or UK, any transfer of personal data to entities located outside these regions is executed utilizing lawful transfer mechanisms, including the EU-U.S. Data Privacy Framework (DPF) and European Commission-approved Standard Contractual Clauses (SCCs).
• Algorithmic Fairness Compliance: We actively monitor and align our platform boundaries with localized automated hiring laws, including New York City Local Law 144 and emerging U.S. State Automated Decision-Making Technology (ADMT) rules. Because our platform mandates human-in-the-loop processing and prohibits standalone algorithmic sorting, we maintain a zero-bias architectural footprint.

5. The Legal Stack

For the precise legal mechanisms, operational policies, and definitions governing your use of GRC Careers, consult our core governance documents:

• Terms of Service: The binding rules of engagement for job seekers, employers, and executive search firms utilizing the platform, including our DMCA policy and dispute resolution framework.
• Privacy Policy: The comprehensive technical and legal disclosure of how we collect, store, and protect your data, including your rights under GDPR and CCPA/CPRA.
• Cookie Policy: A detailed breakdown of the strictly necessary and privacy-respecting functional cookies utilized on this platform.

For formal legal inquiries, data subject access requests (DSARs), or compliance matters, contact our data privacy officer at contact@ai-governance-jobs.com.