Data Policy

1. Data Roles & Responsibilities

BT1 operates under clearly defined roles to ensure compliance with global data protection laws:

Data Processor: BT1 acts as a processor when handling candidate data on behalf of our enterprise customers.
Data Controller: BT1 acts as a controller for business-related data, account management, and service improvement analytics.

2. Categories of Personal Data

Candidate & Interview Data

Includes names, contact details, audio/video recordings, transcripts, and AI-generated scores or insights.

Customer & Business Data

Includes account credentials, billing information, and professional contact details of platform users.

Website & Usage Data

Includes IP addresses, browser types, interaction logs, and cookie-based analytics.

3. Data Processing Framework

BT1’s legal basis for data processing is established through a multi-layered framework combining contractual necessity, data subject consent, and strict alignment with global data protection principles.

All processing activities are:

Clearly defined: Specific purposes for every data element processed.
Contractually governed: Bound by enterprise-grade Data Processing Addendums (DPA).
Technically enforced: Logic-level controls prevent data leakage or misuse.
Continuously monitored: Real-time compliance tracking and periodic internal audits.

This ensures that BT1 operates as a trusted, regulator-ready processor, capable of supporting highly regulated institutions while maintaining strict adherence to privacy and data protection obligations.

4. Information Security Program

BT1’s information security program is built upon a holistic, risk-based framework that integrates advanced technical safeguards with robust organizational controls.

Holistic Approach: By leveraging secure cloud infrastructure, strict access governance, comprehensive monitoring, and formalized policies, BT1 ensures the confidentiality, integrity, and availability of all processed data.

Our security architecture includes:

Infrastructure Security: Enterprise-grade hosting with SOC 2 Type II compliant providers.
Encryption: Data encrypted at rest via AES-256 and in transit using TLS 1.3 protocol.
Access Governance: Multi-factor authentication (MFA) and Role-Based Access Control (RBAC) across all systems.
Continuous Monitoring: Real-time logging, vulnerability scanning, and incident response readiness.

5. Core Data Principles

We adhere to the highest international standards of data governance, ensuring your information is handled with the utmost care:

Purpose Limitation: We process data only for the provision of the agreed-upon services.
Data Minimization: We only collect what is strictly necessary for the AI Interview and assessment engine.
Accuracy & Integrity: Systems designed to ensure data remains consistent and up-to-date throughout its lifecycle.
Accountability: Clear documentation and transparency regarding our data processing methodologies.

6. EU Artificial Intelligence Act (AI Act)

BT1 is committed to the ethical development of AI. In alignment with the EU AI Act, we implement human-in-the-loop designs and rigorous bias mitigation practices to support human-led decision-making.

7. Data Retention

We retain data only as long as necessary. Typically, interview recordings are kept for 24 months unless requested otherwise by the customer or candidate.

8. Data Sharing and Disclosure

We may share your information with:

Customers, as directed through use of the Services
Service providers and subprocessors that support our operations
Professional advisors (e.g., legal, accounting)
Authorities where required by law

All subprocessors are subject to contractual confidentiality and data protection obligations.

9. International Data Transfers

For data transfers outside the EEA, we utilize Standard Contractual Clauses (SCCs) and other approved mechanisms to ensure a consistent level of protection.

10. AI Data Safety & Ethics

As an AI-first platform, BT1 implements specific safeguards for data used in machine learning and automated decision-making:

Data Anonymization: PII is stripped or masked before being used for model optimization.
Bias Prevention: Regular auditing of evaluation logic to ensure fair treatment of all candidates.
Linguistic Privacy: Audio and video data processed with strict privacy-preserving techniques.

11. Compliance & Governance

This approach enables BT1 to meet the stringent security expectations of financial institutions and regulated environments, positioning it as a trusted and security-mature technology partner.

We maintain active alignment with:

GDPR (General Data Protection Regulation)
LGPD (Lei Geral de Proteção de Dados)
Industry-specific regulatory requirements for talent selection.

12. Cookies & Tracking Technologies

BT1 uses cookies and similar technologies to operate, analyze, and improve our Services. You can manage your cookie preferences through your browser settings at any time.

13. Children's Privacy

The Services are not directed to children under 16. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Data Policy from time to time. We will notify you of significant changes by updating the "Last updated" date and, if appropriate, through other communication channels.

15. Contact & Data Subject Rights

If you have any questions regarding our data policy or wish to exercise your rights, please contact our Compliance Department:

Right to Human Review: You have the right to request a human review of any AI-generated outputs and to express your point of view.

BT1 Compliance Team
Email: privacy@bt1.ai