TAPilotBeta
Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

TAPilot ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CV analysis platform and related services.

We comply with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection laws. By using TAPilot, you consent to the data practices described in this policy.

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Information

  • Email address (required for account creation)
  • Full name (optional)
  • Password (stored in encrypted/hashed form)
  • Google account information if you use Google Sign-In

2.2 CV and Document Data

  • CV/resume files you upload (PDF, DOCX, TXT formats)
  • Extracted text content from your CVs
  • Job descriptions you provide for matching
  • Analysis results and competency scores

2.3 Usage Data

  • Service usage patterns and feature interactions
  • Analysis history and conversation logs with AI agents
  • Technical data (IP address, browser type, device information)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide CV analysis, competency scoring, job matching, and interview preparation features
  • AI Processing: To process your CV through our AI models for analysis and insights
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support
  • Service Improvement: To improve our AI models, features, and user experience
  • Communication: To send service-related notifications and updates

4. Third-Party AI Processing

Important: To provide our CV analysis services, we use OpenAI's API to process your CV content. This means:

  • Your CV text (up to 30,000 characters) is sent to OpenAI's servers for analysis
  • OpenAI processes this data according to their Privacy Policy and API Data Usage Policies
  • OpenAI does not use API data to train their models
  • Data is transmitted securely via encrypted connections

By using TAPilot's analysis features, you explicitly consent to this data processing. If you do not consent to your CV being processed by OpenAI, please do not upload CVs or use analysis features.

5. Processing Data on Behalf of Organizations (Recruiters & HR Teams)

TAPilot is used by recruiters, HR professionals, and organizations to analyze candidate CVs. This section explains the data protection roles and responsibilities in this context.

5.1 Data Controller vs. Data Processor

When an organization (employer, recruitment agency, or HR team) uses TAPilot to analyze candidate CVs:

  • The Organization is the Data Controller – responsible for determining why and how candidate personal data is processed, and for obtaining appropriate consent from candidates
  • TAPilot is the Data Processor – we process candidate CV data on behalf of and under the instructions of the organization
  • OpenAI is a Sub-processor – processes data on our behalf to provide AI analysis

5.2 Organization Responsibilities

Organizations using TAPilot to process candidate CVs are responsible for:

  • Ensuring they have a lawful basis (such as consent or legitimate interest) to process candidate CVs
  • Informing candidates that their CVs may be processed using AI-powered tools, including third-party AI services
  • Updating their own privacy notices to disclose the use of TAPilot and AI-based CV screening
  • Responding to candidate data access, correction, or deletion requests related to their own recruitment processes
  • Ensuring compliance with applicable employment and data protection laws in their jurisdiction

5.3 Candidate Rights (For CVs Uploaded by Organizations)

If your CV was uploaded to TAPilot by a recruiter or employer:

  • Your primary point of contact for data rights is the organization that uploaded your CV
  • You may contact them to request access, correction, or deletion of your data
  • If you have concerns about how your CV was processed, contact the organization's HR or data protection team
  • You may also contact TAPilot at [email protected] and we will assist in directing your request appropriately

5.4 Data Processing Agreement

Enterprise and business customers may request a formal Data Processing Agreement (DPA) that documents our obligations as a data processor. Contact [email protected] for DPA requests.

6. Data Storage and Security

We implement appropriate security measures to protect your data:

  • Passwords are hashed using industry-standard bcrypt encryption
  • All data transmission is encrypted using HTTPS/TLS
  • Access to personal data is restricted to authorized personnel only
  • We maintain secure server infrastructure with regular security updates

Your data is stored on secure servers. While we take reasonable precautions, no method of electronic transmission or storage is 100% secure.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services:

  • Account data: Retained until you delete your account
  • CV files and analysis: Retained until you delete them or your account
  • Usage logs: Retained for up to 12 months for service improvement

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes.

8. Your Rights Under PDPA

Under the Singapore PDPA, you have the following rights:

  • Access: Request access to your personal data we hold
  • Correction: Request correction of inaccurate or incomplete data
  • Withdrawal of Consent: Withdraw consent for data processing (this may affect service availability)
  • Data Portability: Request a copy of your data in a structured format
  • Deletion: Request deletion of your personal data

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Cookies and Tracking

We use essential cookies to maintain your session and authentication. These cookies are necessary for the service to function and cannot be disabled. We do not use third-party tracking or advertising cookies.

10. International Data Transfers

Your data may be processed in countries outside Singapore, including:

  • United States (OpenAI API processing)
  • Cloud infrastructure regions where our servers are hosted

We ensure that any international transfers comply with applicable data protection laws and that appropriate safeguards are in place.

11. Children's Privacy

TAPilot is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of TAPilot after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact our Data Protection Officer:

Email: [email protected]

Subject: Privacy Inquiry - TAPilot