Privacy Policy

1. Who We Are

GRC Careers (ai-governance-jobs.com) is operated by GRC Careers, LLC, a company that builds specialized job boards for governance, risk, compliance, and AI governance professionals. Our platform is an extension of the team behind ExecSearches.com, which has served nonprofit and public sector organizations since 1999.

Contact: contact@ai-governance-jobs.com

2. Information We Collect

We collect the minimum information necessary to operate the platform.

Job Seekers / Candidates

• Email address - Required to create an account and deliver job alerts.
• Name - Optional, used to personalize communications.
• Alert preferences - Keywords, categories, and alert frequency you choose.
• Password (hashed) - Stored using industry-standard bcrypt hashing. We never store plain-text passwords.

We do NOT collect or store resumes, CVs, work history, or any documents from job seekers. We do not warehouse candidate data.

Employers / Job Posters

• Contact information (name, email, phone) for the person submitting the posting.
• Organization name and job details as provided in the posting form.
• Payment information is processed entirely by Stripe - we never see or store credit card numbers.
• Company logos uploaded at the poster's direction.

Technical Data

• Standard web server logs (IP address, browser type, pages visited) for security and analytics purposes.
• Analytics data via privacy-focused, cookieless analytics tools where applicable.

3. How We Use Your Information

• To deliver job alert emails matching your preferences.
• To publish and manage job postings submitted by employers.
• To process payments for job postings (via Stripe).
• To send transactional emails (verification, confirmation, status updates).
• To maintain platform security and prevent fraudulent activity.
• To improve our platform and user experience.

We do not use your data for targeted advertising. We do not build behavioral profiles. We do not sell, rent, or share your personal information with third-party marketers.

4. Data Sharing

We share personal data only in these limited circumstances:

• Stripe - Payment processing for job postings. Stripe's privacy policy governs data they collect.
• Email service providers - To deliver job alerts and transactional emails on our behalf.
• Legal requirements - When required by law, court order, or to protect the rights of GRC Careers, LLC.
• Business transfers - If GRC Careers, LLC is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

5. Data Retention

We retain candidate account data for as long as the account is active. If you request deletion of your account, we will remove your personal information within 30 days, except where we are legally required to retain it.

Job posting data (employer contact info, job details) is retained for our records to maintain posting history, compliance, and dispute resolution. Anonymous posting employer identity data is retained internally and never published.

Inactive accounts. Candidate profiles and job alert accounts that remain inactive for 24 continuous months are automatically purged or fully anonymized, except where we are legally required to retain certain records. Anonymization is irreversible and removes all identifiers that could reasonably link the data back to you.

6. Your Privacy Rights

Depending on where you are located, you may have the following rights regarding your personal data:

• Right to access - Request a copy of the personal data we hold about you.
• Right to correction - Request that we correct inaccurate data.
• Right to deletion - Request that we delete your personal data ("right to be forgotten").
• Right to restrict processing - Request that we limit how we use your data.
• Right to data portability - Request your data in a structured, machine-readable format.
• Right to opt out of sale - We do not sell personal data. This right is automatically satisfied.

California residents (CCPA): You have the right to know what personal information we collect, to delete it, and to opt out of its sale (we do not sell personal information). To exercise these rights, contact us at contact@ai-governance-jobs.com .

EU/EEA residents (GDPR): Our lawful basis for processing your data is contractual necessity (to provide the service you requested) and legitimate interest (platform security and improvement). For consent-based processing, you may withdraw consent at any time.

To exercise any of your rights, email us at contact@ai-governance-jobs.com . We will respond within 30 days.

Global DSAR and Privacy Rights Request Workflow

To exercise any of the rights above, submit a Data Subject Access Request (DSAR) by emailing contact@ai-governance-jobs.com with the subject line "Privacy Rights Request." Regardless of your jurisdiction, we apply a single global standard to every request: we acknowledge receipt promptly, verify your identity to protect your data, and complete processing within a mandatory 30-day window (extendable once, where permitted by law, for complex requests, with written notice to you). There is no fee for a standard request, and exercising your rights will never result in discriminatory treatment.

7. Cookies & Tracking

We use a minimal number of cookies necessary for the platform to function:

• Authentication tokens - Stored in your browser's local storage to keep you signed in.
• Analytics - We may use privacy-respecting, cookieless analytics tools (such as Plausible or similar) that do not track you across sites or build personal profiles. No third-party advertising cookies are used.

We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies. You can block cookies in your browser settings without affecting your ability to use this site.

8. Security

We implement industry-standard security measures including HTTPS encryption, password hashing (bcrypt), and secure authentication tokens. However, no method of transmission over the internet is 100% secure.

If you discover a security vulnerability, please report it responsibly to contact@ai-governance-jobs.com .

9. Children's Privacy

This platform is intended for professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. International Data and Cross-Border Transfers

GRC Careers is operated by GRC Careers, LLC, a United States-based company. If you access this platform from the European Union, European Economic Area (EEA), or United Kingdom, your personal information is transferred to and processed in the United States. The United States does not have a formal adequacy determination from the European Commission covering all transfers, and you should be aware that data protection laws in the United States differ from those in your country of residence.

We process personal data from EU, EEA, and UK residents on the following lawful bases under the General Data Protection Regulation (GDPR) and UK GDPR:

• Contractual necessity - Processing required to provide the services you request, such as account creation, job alert delivery, and employer contact facilitation.
• Legitimate interest - Processing undertaken to operate, secure, and improve the platform, where those interests are not overridden by your fundamental rights and freedoms.

EU-US Data Privacy Framework: We do not currently participate in the EU-US Data Privacy Framework (DPF) administered by the U.S. Department of Commerce. We are actively monitoring developments in transatlantic data transfer mechanisms and will update this policy if our participation status changes.

If you are located in the EU, EEA, or UK and have questions about the legal basis for transfer of your data, or wish to exercise your rights under applicable law (including rights of access, rectification, erasure, restriction, portability, and objection), contact us at contact@ai-governance-jobs.com. EU and UK residents also have the right to lodge a complaint with your local supervisory authority.

11. California Privacy Rights (CCPA and CPRA)

This section applies to residents of California and supplements the information provided elsewhere in this Privacy Policy. It is provided pursuant to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA).

Categories of Personal Information We Collect

In the preceding 12 months, we have collected the following categories of personal information as defined under the CCPA/CPRA:

• Identifiers - Name, email address, postal address (if provided), IP address, and account credentials.
• Professional or employment-related information - Job titles, employment history, skills, and career interests submitted by job seekers; employer name, role, and contact details submitted by employers and recruiters.
• Internet or other electronic network activity information - Pages visited, search queries conducted on the platform, links clicked, and general usage patterns.
• Inferences - Preferences or interests inferred from your activity on the platform, such as job categories or locations you search most frequently.
• Communications - Content of messages sent to us via contact forms or email.

We do not collect sensitive personal information as defined under CPRA (such as Social Security numbers, financial account credentials, precise geolocation, or biometric data) in the ordinary course of platform operations.

We Do Not Sell Your Personal Information

We do not sell personal information to third parties, and we have not done so in the preceding 12 months. We do not share personal information with third parties for cross-context behavioral advertising purposes.

Use of Sensitive Personal Information

To the extent any sensitive personal information is collected, we use it only for purposes that are necessary to provide the services you requested, consistent with CPRA Section 1798.121, and we do not use or disclose it for any additional purpose without your consent.

Your California Privacy Rights

California residents have the following rights under the CCPA/CPRA:

• Right to Know - You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom it was shared.
• Right to Delete - You may request deletion of personal information we have collected from you, subject to applicable exceptions.
• Right to Correct - You may request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing - We do not sell or share personal information, but you may contact us to confirm this or to exercise this right if our practices change.
• Right to Limit Use of Sensitive Personal Information - You may direct us to limit our use of sensitive personal information to the purposes permitted under CPRA.
• Right to Non-Discrimination - We will not discriminate against you for exercising any of your rights under the CCPA/CPRA. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised a privacy right.

How to Submit a Request

To exercise any of the rights above, contact us at contact@ai-governance-jobs.com with the subject line "California Privacy Request." We will acknowledge your request within 10 business days and respond substantively within 45 calendar days of receipt. If we require additional time, we will notify you in writing and may extend the response period by an additional 45 calendar days where reasonably necessary.

We will verify your identity before fulfilling a request. Requests may be submitted on your behalf by an authorized agent. Authorized agents must provide written authorization signed by you, or a copy of a power of attorney, along with verification of your identity and the agent's identity. We may contact you directly to confirm authorization.

12. Automated Decision-Making and AI

We do not use artificial intelligence, machine learning models, or automated decision-making systems to screen, rank, filter, evaluate, or make decisions about job seekers. Job listings are displayed based on posting date and category, not algorithmic scoring or ranking. Employer and recruiter access to candidate-submitted information is not mediated by any automated scoring or profiling system.

This is a deliberate design choice, not an oversight. As a platform serving the governance, risk, and compliance community, we recognize the reputational, legal, and ethical risks of opaque algorithmic hiring systems.

Monitoring the EU AI Act: We are actively monitoring the EU Artificial Intelligence Act (Regulation (EU) 2024/1689), which entered into force in August 2024. We note that Annex III of the AI Act classifies AI systems used for recruitment and employment decisions, including candidate filtering and evaluation, as high-risk systems subject to significant compliance obligations. While GRC Careers does not currently deploy such systems, we are committed to remaining in compliance with applicable law as the AI Act's implementation timeline progresses.

We will update this section promptly if we introduce any automated or AI-assisted processing that affects how users interact with this platform. Our commitment to transparency in technology use is consistent with the governance principles our user community works to uphold professionally.

13. Cookie Policy

This section provides a summary of our cookie practices. For complete details, please review our Cookie Policy.

We use a minimal number of cookies necessary to operate this platform. Specifically:

• We use session and functional cookies required for basic site operation, including maintaining logged-in status and remembering your preferences.
• We do not use advertising cookies or participate in any ad network tracking.
• We do not use cross-site tracking technologies that follow your activity on other websites.
• We use basic, privacy-respecting analytics to understand aggregate site usage. No individually identifiable behavioral profiles are created.

You can manage or disable non-essential cookies through your browser settings. Disabling functional cookies may affect your ability to use certain platform features. For a full list of cookies in use, their purposes, and your opt-out options, see our Cookie Policy.

14. CAN-SPAM Compliance

GRC Careers, LLC complies with the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM Act) in connection with all commercial electronic mail messages sent to users.

Specifically:

• All marketing and promotional emails sent from this platform include a clear and functioning unsubscribe mechanism.
• We honor opt-out and unsubscribe requests within 10 business days of receipt.
• We do not use deceptive subject lines or misleading header information in any email communications.
• All commercial email communications identify GRC Careers, LLC as the sender, with our physical mailing address included as required by law.
• Transactional emails (such as job alert notifications, account confirmations, and password resets) are sent only to users who have requested those services.

To opt out of marketing communications at any time, use the unsubscribe link in any marketing email or contact us directly at contact@ai-governance-jobs.com.

15. Data Breach Notification

In the event of a security incident resulting in unauthorized access to, disclosure of, or loss of personal information, GRC Careers, LLC will take prompt action to contain and investigate the incident and will notify affected users and applicable regulatory authorities as required by applicable law.

• California residents - Notification will comply with the California data breach notification statute, Cal. Civ. Code Section 1798.82, which requires notification in the most expedient time possible and without unreasonable delay following discovery of a breach of unencrypted personal information.
• EU and EEA residents - To the extent GDPR applies, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a breach, in accordance with GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, consistent with GDPR Article 34.
• UK residents - We will follow equivalent notification requirements under UK GDPR, including notification to the Information Commissioner's Office (ICO) within 72 hours where feasible.

Breach notifications to affected users will describe the nature of the incident, the categories of personal information involved, the likely consequences, and the steps we are taking to address the breach and mitigate its effects. We maintain incident response procedures consistent with recognized information security standards.

For security-related concerns or to report a suspected vulnerability, contact us at contact@ai-governance-jobs.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.

17. Contact Us

For any privacy-related questions, requests, or concerns, please contact:

GRC Careers, LLC

Operating GRC Careers (ai-governance-jobs.com)

contact@ai-governance-jobs.com