Bridge Labs Logo

BRIDGE LABS

Solution

Bridge HR

Follow

LinkedinInstagramFacebookX

Resources

Insights

Use Cases

SMBsBPOsStaffing AgenciesStartupsEnterprise

© 2026 Bridge Labs. All rights reserved. | Privacy Policy | Terms and Conditions

Privacy Policy

Bridge Labs Technology, Inc. Privacy Policy

1. Introduction and Governance

1.1. Purpose

This Privacy Policy describes how Bridge Labs Technology, Inc. collects, uses, secures, and shares Personally Identifiable Information (PII) and sensitive data, and outlines the rights afforded to data subjects (candidates/applicants), particularly regarding the high-risk nature of AI-driven recruitment systems.

1.2. Governing Frameworks

This policy aligns with the General Data Protection Regulation (GDPR), the EU AI Act, US Federal and State laws (including NYC Law 144, AIVI Act), and regional African data protection standards (POPIA, NDPR, Ghana Data Protection Act 2012).

1.3. Ethical Governance

Bridge Labs adheres to published AI ethics policies outlining bias mitigation, data privacy, and accountability structures. We maintain structured human oversight, ensuring AI acts as a supporting tool rather than an autonomous decision-maker.

2. Data Collection and Consent

2.1. Types of Data Collected

We collect and process data necessary for candidate assessment, including:

  • Personally Identifiable Information (PII): Resumes, names, contact information, and employment history.
  • Sensitive Assessment Data: Raw video interview files and AI-generated analysis data, such as transcripts and analytical scores (e.g., Candidate Score, Matchability Score).

Note on Biometric Data: We classify video analysis as processing sensitive data; however, we do not evaluate emotions or infer sensitive attributes from biometric data for scoring purposes, in compliance with the EU AI Act.

2.2. Explicit Candidate Consent

We mandate the use of explicit candidate consent mechanisms prior to processing sensitive data, especially when utilizing AI-powered video interview technology. Candidates must be fully informed about the study’s purpose, methods, rights, and any possible dangers. Consent must be obtained before using facial recognition technology in job interviews where required (e.g., Maryland).

2.3. Lawful Basis for Processing (GDPR)

Data processing is performed on lawful bases, determined jointly with the client, ensuring compliance with data processing principles outlined in GDPR.

3. Data Usage, Bias, and Transparency

3.1. Purpose of Processing

Data is used to train machine learning models and algorithms to predict candidate suitability, enhance recruitment efficiency, and automate screening tasks for the Client.

3.2. Bias Mitigation (Fairness and Justice)

We implement systematic measures to mitigate algorithmic bias and ensure fairness.

  • Training Data: AI systems are trained on broad, representative datasets to prevent the perpetuation of historical biases.
  • De-biasing: We remove sensitive variables/protected characteristics (e.g., race, gender, age) or inputs correlated with disparate impact.
  • Auditing: We conduct regular, systematic bias audits of AI algorithms and systems, including testing for intersectional bias (e.g., race and gender overlap), to identify and correct discriminatory patterns.

3.3. Transparency and Explainable AI (XAI)

We commit to transparency to counter the "algorithmic black box" dilemma:

  • Disclosure:Candidates are proactively informed about AI's role in the hiring process, including when and how AI is used and what factors are being evaluated.
  • Right to Explanation: We implement Explainable AI (XAI) techniques to provide comprehensible explanations for algorithmic decisions when requested, adhering to GDPR requirements.

4. Data Security and Storage

4.1. Security Measures

We employ robust security measures, including encryption and access controls, to safeguard PII, videos, transcripts, and proprietary AI models against unauthorized access or misuse (e.g., Model Theft).

4.2. Cross-Border Transfers

Data transfers outside the country of origin, particularly for EU and African candidates, are conducted only to countries with adequate safeguards or via contracts, in compliance with GDPR and POPIA requirements.

4.3. Data Retention and Deletion

We retain candidate personal data, interview videos, transcripts, and AI-generated analytical outputs only for as long as necessary to provide recruitment services to the Client and to meet legal, contractual, and audit requirements. Unless a shorter period is required by law or contract, candidate interview data is retained for a maximum of 12 months after the completion of the recruitment process.

Data subjects can exercise their "Right to be Forgotten" (data deletion). Upon receipt of a verified deletion request, Bridge Labs will delete or irreversibly anonymise the candidate’s interview video, transcripts, and AI-generated analytical outputs from active systems within 14 days, and from backup and disaster-recovery systems within 60 days, unless continued retention is required by law.

5. Candidate Rights (Data Subject Rights)

In addition to the right to explicit consent and data security, candidates possess the following rights in relation to their data:

  • 5.1. Right to Access and Portability: Candidates have the right to request access to and export of their personal data (Data Subject Access Requests).
  • 5.2. Right to Appeal/Redressal: Candidates may request human review of AI-driven decisions.
  • 5.3. Right to Opt-Out: Candidates have the right not to agree with the proceedings and processes.

6. Contact Information

For questions regarding this Privacy Policy, data subject rights, security, or regulatory compliance, candidates and Clients may contact Bridge Labs’ Data Protection Officer (DPO) or Compliance function at:

Email: hello@bridgelabs.tech

Bridge Labs has appointed an interim Data Protection Officer responsible for overseeing GDPR, EU AI Act, POPIA, NDPR, and CPRA compliance.