HaystackID US Privacy Notice
Information for US Residents
We collect Personal Data from US residents and comply with the consumer privacy laws of California, Colorado, Connecticut, Utah, and Virginia (“US Privacy Laws”). In addition to our general Privacy Notice available at https://haystackid.com/privacy/, this US Privacy Notice applies to certain US residents (“you” or “your”).
For the purposes of this US Privacy Notice, “Personal Data” means information that is linked or reasonably linkable to a particular individual or household. However, the following categories of information are not Personal Data:
- Publicly available information;
- Deidentified or aggregated data; or
- Information otherwise excluded from the scope of US Privacy Laws.
This Privacy Notice provides the following information to US residents:
- Categories of Personal Data we collect;
- Purposes for which we use Personal Data;
- Categories of Personal Data we disclose to third parties;
- Categories of third parties to which we disclose Personal Data; and
- How US residents can exercise their rights under US Privacy Laws:
- The rights to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of sensitive personal data in certain circumstances; and
- The rights to opt out of targeted advertising, sales of personal data, or profiling.
Categories of Non-Sensitive Personal Data
The table below outlines the non-sensitive categories of Personal Data HaystackID collects about US residents and whether and how they are disclosed to third parties.
We collect Non-Sensitive Personal Data directly from our users and from our business partners.
| Category of Personal Data: Identifiers |
|---|
| Examples |
| Identifiers may contain the following: Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
| Purpose(s) |
| Service Changes, Support, Resolution of Technical Issues, Offers and Updates |
| Targeted Advertising |
| We may share this data with advertising partners for targeted advertising purposes |
| Sale |
| This data is not sold to third parties |
| Sharing |
| This data may be shared with Processors and Business Partners |
| Retention Period |
| HaystackID will retain your Personal Data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. HaystackID will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. |
| Category of Personal Data: Internet/Electronic Activity |
| Examples |
| Internet/Electronic Activity may contain the following: Cookie IDs, hashed email addresses, and mobile advertising IDs, real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
| Purpose(s) |
| Service Maintenance, Interactive Features, Support, Service Improvement, Usage Monitoring, Resolution of Technical Issues |
| Targeted Advertising |
| We may share this data with advertising partners for targeted advertising purposes |
| Sale |
| This data is not sold to third parties |
| Sharing |
| This data may be shared with Processors and Business Partners |
| Retention Period |
| HaystackID will retain your Personal Data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. HaystackID will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. |
| Category of Personal Data: Imprecise Geolocational Data |
| Examples |
| Imprecise Geolocational Data may contain the following: Imprecise physical location or movements. |
| Purpose(s) |
| Service Maintenance, Interactive Features, Support, Service Improvement, Usage Monitoring, Resolution of Technical Issues |
| Targeted Advertising |
| We may share this data with advertising partners for targeted advertising purposes |
| Sale |
| This data is not sold to third parties |
| Sharing |
| This data may be shared with Processors |
| Retention Period |
| HaystackID will retain your Personal Data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. HaystackID will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. |
| Category of Personal Data: Professional Information |
| Examples |
| Professional Information may contain the following: employment history, practical experience, and other professional qualifications, licenses or certifications. |
| Purpose(s) |
| If you apply for a job with HaystackID, you may provide us with your resume, name, contact details, and any other relevant information. HaystackID may collect Professional Information in order to assist with selection and hiring of employment candidates. If you become an employee, we collect additional information, such as your family information, beneficiary selections, banking information, and other relevant information for employment, payroll, and benefit purposes, and we may collect certain sensitive Personal Data such as trade union membership data or biometric data for identity verification. |
| Targeted Advertising |
| We do not engage in targeted advertising using this data or share this data for targeted advertising purposes |
| Sale |
| This data is not sold to third parties |
| Sharing |
| This data is not shared with third parties |
| Retention Period |
| HaystackID will retain your Personal Data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. HaystackID will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. |
| Category of Personal Data: Educational Information |
| Examples |
| Educational Information may contain the following: educational background, institutions attended, degrees or certifications sought or awarded. |
| Purpose(s) |
| If you apply for a job with HaystackID, you may provide us with your resume, name, contact details, and any other relevant information. HaystackID may collect Educational Information in order to assist with selection and hiring of employment candidates. If you become an employee, we collect additional information, such as your family information, beneficiary selections, banking information, and other relevant information for employment, payroll, and benefit purposes, and we may collect certain sensitive Personal Data such as trade union membership data or biometric data for identity verification. |
| Targeted Advertising |
| We do not engage in targeted advertising using this data or share this data for targeted advertising purposes |
| Sale |
| This data is not sold to third parties |
| Sharing |
| This data is not shared with third parties |
| Retention Period |
| HaystackID will retain your Personal Data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. HaystackID will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. |
Categories of Sensitive Personal Data
No
Use of Personal Data
We use Personal Data for the purposes described in our general Privacy Notice (see https://haystackid.com/privacy/). Personal Data may also be used or disclosed as otherwise permitted or required by applicable law.
Disclosing Personal Data
We share Personal Data with the following categories of third parties:
- Processors: We use processors to securely handle Personal Data on our behalf and only on our instructions. These companies may not use your Personal Data for their own purposes.
See the table above for more details about how different categories of Personal Data are shared.
We do not sell Personal Data to anyone.
Exercising Your Personal Data Rights
US residents have the following rights under US Privacy Laws:
- The rights to access, correct, or delete Personal Data;
- The right to obtain a portable copy of Personal Data;
- The right to limit the use of Sensitive Personal Data in certain circumstances; and
- The rights to opt out of targeted advertising, sales of personal data, or profiling.
If you are a US resident, you can submit a request to exercise your personal data rights under US Privacy Laws by If you wish to exercise your personal data rights under US privacy laws, please contact us for assistance. You can contact us by calling our toll-free number at 1-877-942-9782, by emailing [email protected], or by visiting our online portal here. Please be ready to provide your name and email address, and if you have authorized an agent to make a request on your behalf, we will need you to provide the agent’s name and email address, as well as your written authorization appointing the agent to make a request on your behalf.
Please note that we may ask you to verify your identity before responding to such requests. To submit an opt-out request, you may We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any or all of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us at [email protected], with the subject line “Opt-Out Request.”
To protect your privacy, we may need to authenticate your identity before we respond to your rights request. We will use commercially reasonable efforts to verify your identity for this purpose. Any information you provide to authenticate your identity will only be used to process your rights request. Please be aware that we do not accept or process rights requests through other means (e.g., via fax or social media).
After submitting your request online, you will receive a follow-up email, which may include a link you must click on in order to verify your identity. If you do not click on that link, we may be unable to complete your request due to lack of verification. It is important that you provide a valid email address in order for us to be able to process your request.
We will respond to your rights request within 45 days, though in certain cases we may inform you that we will need up to another 45 days to act on your request. If we suspect fraudulent or malicious activity on or from your account, we will delay acting on your request until we can appropriately verify your identity and the request as authentic. Also note that each of the rights are subject to certain exceptions. If you believe our response to your rights request is insufficient, you can appeal our decision by contacting Data Protection Officer at [email protected] and we will inform you of our final decision within 45 days.
We reserve the right to decline to process, or charge a reasonable fee for, requests from a US resident that are manifestly unfounded, excessive, or repetitive.
Notice of Profiling in Furtherance of Significant Decisions
“Profiling” as used in this Privacy Notice means any automated processing of Personal Data to evaluate, analyze, or predict personal aspects related to an individual’s personal preferences, interests, reliability, experience, education or skills. The law provides a right to opt out of profiling that is part of making decisions that produce legal or similarly significant effects. You can opt out of this type of profiling as described in the “Your Rights and Choices” section above. Please be aware that we do not accept or process opt-out requests through other means (e.g., via fax or social media). We may engage in these types of profiling:
- Decisions Subject to Profiling: We use profiling to help match individuals’ skills and experience with potential employment opportunities. Final placement decisions are made by humans and not by automated means.
- Categories of Personal Data: We may use Professional Data, Educational Data, and Inferences in order to make the Decisions Subject to Profiling.
- Profiling Logic: Our system uses algorithms to evaluate details of candidates’ experience and skillsets to predict whether they are likely to be successful on particular engagements or on specific tasks. Specifically, our system considers a candidate’s domain/industry expertise, legal practice area proficiency, education, language proficiency, review experience, and historical task completion and accuracy in order to match highly skilled and tailored candidates with appropriate engagements.
- Use of Profiling in Decision-making: Once the algorithms have assessed candidates’ qualifications, we take our algorithms’ prediction as to whether an individual is likely to be a good match for an engagement and consider it in conjunction with the details of a customer’s prior interaction with our business to decide whether to assign individual candidates to an engagement. Our algorithms’ recommendations carry equal weight as the customer’s prior interaction with our business, so a history of a particular candidate working with HaystackID or a particular customer can outweigh an algorithmic analysis that a candidate is not a good match. Humans conduct the evaluation of the candidate’s prior interactions with HaystackID, and humans make the final decision as to whether to match a candidate to an engagement.
- Profiling System Evaluation: We have evaluated our profiling system and determined that it is reasonably accurate, fair, and unbiased.
- Benefits and Consequences: The potential benefits of the Decisions Subject to Profiling include speedier and better-quality reviews, more efficient use of human resources, rapid identification and hiring of qualified candidates, and higher rates of employee/contractor job retention and overall reviewer job satisfaction. A potential consequence of the Decisions Subject to Profiling is that candidates may not be matched with potential opportunities.
Details about HaystackID’s approach to the responsible use of AI and Profiling, including risk awareness and mitigation, AI governance, and HaystackID’s commitment to responsible AI innovation can be requested
Cookies
We may collect Personal Data via cookies and similar technologies. HaystackID’s Cookie policy is here. Most web browsers allow you to manage cookies through the browser settings. To find out more about cookies, you can visit www.aboutcookies.org or www.allaboutcookies.org.
Targeted Advertising
“Targeted advertising” as used in this Privacy Notice means the disclosure of Personal Data to a third party for behavioral advertising. An example of this is displaying advertisements to a US resident where the advertisement is selected based on Personal Data obtained from that person’s activities over time and across nonaffiliated websites or online applications to predict such person’s preferences or interests. We share some Personal Data for behavioral advertising. You can opt out of the sharing of your Personal Data for targeted advertising by submitting a rights request as described above.
Limiting the Use of Sensitive Personal Data
You have the right to limit some uses of Sensitive Personal Data. In particular, you may direct companies not to use Sensitive Personal Data except as necessary to provide goods or services you have requested. However, HaystackID does not Process any Sensitive Data.
Authorized Agent Requests
You may designate an authorized agent to make a rights request on your behalf. Your authorized agent may submit such a request by following the same method described above. We may require verification of your authorized agent in addition to the information for verification above for US residents and households.
Contact Us
If you have any questions or concerns regarding this US Privacy Notice, contact us at [email protected].
Last updated: October 30, 2025