R
RecruitAICopilotLegal

Privacy Policy

Last updated: 14 June 2026

RecruitAICopilot (“the Service”, “we”, “us”) is operated by Philip Chua, an individual based in Singapore (the “Operator”). This Privacy Policy explains how we handle personal data in connection with the Service, in line with Singapore’s Personal Data Protection Act 2012 (“PDPA”). Questions or requests can be sent to philipchuaonline@gmail.com.

1. Two roles: your account vs. candidate data

It is important to distinguish two kinds of data, because our role differs for each:

  • Your account data — information about you as a subscriber (the recruiter/firm). For this, we are the data controller.
  • Candidate data — information about prospective recruits that you capture from LinkedIn profiles you visit. For this, you are the controller and we act as your data intermediary (processor), handling it on your behalf and on your instructions. Our processing terms are set out in our Data Processing Agreement.

2. What we collect

Account & usage data (we are controller)

  • Account details: name, email address, hashed password, role.
  • Your recruiting criteria and settings, and (optionally) a voice profile distilled from your own public LinkedIn posts that you choose to import.
  • Usage and audit logs (e.g. captures, sends, logins) used to operate and secure the Service.
  • If you opt in to the Telegram digest, your Telegram chat identifier.

Candidate data (you are controller; we process on your behalf)

  • Only information that candidates have made public on LinkedIn and that you actively choose to capture — such as name, headline, employer, education, location, and public posts.
  • AI-derived outputs computed from that public information: detected career signals, a confidence score for Singapore/PR likelihood, a recruit-readiness score, and drafted outreach messages.

The browser extension reads only profiles you actively visit, inside your own logged-in browser session. It does not perform background scraping, use proxy accounts, or send connection requests or messages on your behalf.

3. How we use data

  • To provide, operate, secure, and improve the Service.
  • To rank candidates against your criteria and draft outreach in your configured voice.
  • To run an automated compliance check that flags potential MAS red flags before you send a message.
  • To communicate with you about your account and support.

We do notsell personal data, and we do not pool or share one customer’s candidate data with any other customer.

4. AI processing & third parties (sub-processors)

We rely on a small number of service providers to run the Service:

  • Anthropic (AI inference, processed in the United States). Content is sent for processing to generate signals, scores, and drafts; it is not used to train models and is not retained by us beyond what is needed to return the result.
  • Hosting provider — a Singapore-region virtual server where the application and database run.
  • Telegram — only if you enable the optional digest.

Because AI inference occurs in the United States, some data is transferred outside Singapore. We take reasonable steps so that recipients provide a standard of protection comparable to the PDPA.

5. Retention & deletion

  • You can permanently delete any candidate record at any time from the candidate page. We do not auto-delete on your behalf.
  • On cancellation we provide an export (CSV) of your data on request, then revoke access and delete your account data.
  • We retain limited audit/log records as needed for security and legal purposes.

6. Security

We apply reasonable administrative and technical safeguards, including encrypted transport (HTTPS), hashed passwords, signed session tokens, and access controls. No method of transmission or storage is perfectly secure, but we work to protect data appropriately to its sensitivity.

7. Your rights under the PDPA

Subject to the PDPA, you may request access to, or correction of, your personal data, and you may withdraw consent for certain processing. Where we act as intermediary for candidate data, requests from candidates are directed to you as the controller, and we will assist you in responding. To make a request, contact philipchuaonline@gmail.com.

8. Changes

We may update this Policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, notified to account holders.

9. Contact

Operator: Philip Chua (Singapore). Data protection contact: philipchuaonline@gmail.com.