Privacy Policy - WorkSignal

Privacy Policy

Last updated: March 5, 2026

1. Introduction

RoboticForce, Inc. ("RoboticForce", "we", "us", or "our") operates the WorkSignal platform. We are committed to protecting the privacy of all individuals whose personal information we collect and process through our Service, including recruiters, employers, and candidates.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have regarding your information. It applies to all users of the WorkSignal platform, our website at worksignal.com, and all related services.

RoboticForce, Inc. is incorporated under the laws of the Province of Ontario, Canada, with its principal office in Kingston, Ontario. Our Privacy Officer can be reached at contact@worksignal.com.

2. What We Collect

Recruiter and employer data

  • Name, email address, and business contact information.
  • Organization name, billing address, and billing email.
  • Payment information (processed and stored by Stripe; we do not store full credit card numbers).
  • Account preferences, settings, and configuration data.
  • Usage data, including features used, actions taken, and time spent in the application.

Candidate data

  • Name, email address, phone number, and other contact details.
  • Resumes, cover letters, and supporting documents uploaded by recruiters or submitted by candidates.
  • Voice recordings and transcripts from AI phone screenings.
  • Chat transcripts from AI career portal conversations.
  • AI-generated scores, assessments, summaries, and analysis results.
  • Application status, pipeline stage, and hiring workflow data.
  • Scheduling preferences and availability information.

Technical and cookie data

  • IP address, browser type, operating system, and device information.
  • Pages visited, referral URLs, and interaction patterns on our website.
  • Cookies and similar tracking technologies (see Section 10).
  • Time zone and language preferences detected from your browser.

3. How We Collect It

We collect personal information through:

  • Direct collection: Information you provide when creating an account, configuring your organization, setting up roles, or contacting us.
  • Recruiter uploads: Candidate data that recruiters or employers submit through the Service, including bulk resume uploads and manual candidate entry.
  • Candidate submissions: Information that candidates provide through our career portal, application forms, and AI chat interfaces.
  • AI interactions: Voice recordings, transcripts, and chat logs generated during AI-powered screening conversations.
  • Automated collection: Technical data collected automatically through cookies, analytics tools, and server logs when you access our website or use the Service.
  • Third-party integrations: Data synchronized from connected applicant tracking systems (such as Greenhouse, Lever, and Ashby), calendar services, and other integrated platforms.

4. Why We Use It

We use personal information for the following purposes:

  • Service delivery: To provide, maintain, and operate the WorkSignal platform, including AI screening, candidate management, and analytics features.
  • Billing and payments: To process subscription payments, manage invoices, and handle billing-related communications.
  • Analytics and insights: To generate recruiting analytics, pipeline reports, and hiring performance metrics for our customers.
  • Service improvement: To analyse usage patterns, identify issues, and improve the functionality and performance of the Service.
  • Communications: To send transactional messages (account verification, billing notices, service updates) and, where consented, marketing communications.
  • Security and fraud prevention: To detect and prevent unauthorized access, spam, abuse, and fraudulent activity.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

As a Canadian organization, our primary privacy framework is the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, we rely on the following forms of consent:

  • Express consent: For the collection and use of sensitive personal information, such as voice recordings, detailed candidate assessments, and AI-generated analyses. We obtain express consent through clear disclosures and affirmative actions (such as accepting these terms and starting a voice screening).
  • Implied consent: For the collection and use of less-sensitive personal information where the purpose would be obvious to a reasonable person, such as collecting a recruiter's business email to manage their account, or using technical data for website analytics.

Where you are located in a jurisdiction that requires additional legal bases (such as the European Union under the GDPR), we may also process your information based on contractual necessity, legitimate interests, or explicit consent as appropriate.

6. AI Processing and Automated Decisions

WorkSignal uses artificial intelligence to process personal information for screening and evaluation purposes. This includes:

  • Resume analysis: AI reviews uploaded resumes and extracts skills, experience, qualifications, and other relevant information. It scores candidates against role-specific criteria defined by the recruiter.
  • Voice screening: AI conducts voice conversations with candidates, asking role-specific questions and evaluating responses. Calls are recorded and transcribed.
  • Candidate scoring: AI generates numerical scores, rankings, and qualitative summaries based on the information collected during screening.
  • Chat interactions: AI-powered career portal agents interact with candidates to answer questions about roles, collect application information, and guide the application process.

Important: AI-generated outputs are recommendations provided to recruiters and are not intended to replace human judgement. Recruiters make all final hiring decisions. If you are a candidate and believe an AI-generated assessment has negatively affected your candidacy, you may request human review by contacting the recruiting organization directly or by reaching out to us at contact@worksignal.com.

7. Who We Share With

We share personal information only as necessary for the purposes described in this Policy:

  • Recruiters and employers: Candidate data (including scores, transcripts, recordings, and analysis) is shared with the recruiting organization that initiated the screening or to which the candidate applied.
  • Stripe: We share billing and payment information with Stripe, Inc. for payment processing. Stripe acts as a data processor and is subject to PCI DSS compliance requirements.
  • Cloud hosting providers: Our Service is hosted on cloud infrastructure. These providers process data on our behalf under data processing agreements.
  • AI providers: We use third-party AI model providers to power our voice screening, resume analysis, and chat features. Data shared with these providers is limited to what is necessary for processing and is subject to data processing agreements.
  • Analytics services: We use Umami (a privacy-focused analytics tool), LinkedIn Insight Tag, and Facebook Pixel for website analytics and marketing attribution. See Section 10 for details and opt-out options.
  • ATS integrations: When enabled by the recruiter, we synchronize data with connected applicant tracking systems such as Greenhouse, Lever, and Ashby.
  • Legal requirements: We may disclose personal information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of RoboticForce, our users, or the public.

We do not sell personal information to third parties.

8. International Data Transfers

RoboticForce, Inc. is based in Canada. Our primary data storage and processing occurs in Canada. However, some of our service providers and sub-processors may process data in the United States or other jurisdictions.

When personal information is transferred outside of Canada, we ensure that appropriate safeguards are in place, including contractual data processing agreements with our service providers. Canada has been recognized by the European Commission as providing an adequate level of data protection.

9. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:

  • Account data: Retained for the duration of the active account plus 90 days following account closure, to allow for account reactivation or data export requests.
  • Candidate data: Retained for the duration of the recruiting organization's account. Recruiters may delete individual candidate records at any time through the Service.
  • Voice recordings and transcripts: Retained for up to 1 year from the date of the recording, unless the recruiter deletes them sooner or requests extended retention.
  • Payment and billing records: Retained for 7 years as required by the Canada Revenue Agency (CRA) for tax and financial record-keeping purposes.
  • Server logs and technical data: Retained for up to 90 days for security and troubleshooting purposes.

Upon expiry of the applicable retention period, personal information is securely deleted or anonymized.

10. Cookies and Tracking

Our website uses the following tracking technologies:

  • Umami Analytics: We use Umami, a privacy-focused, open-source web analytics tool, to understand how visitors interact with our website. Umami does not use cookies, does not collect personally identifiable information, and does not track users across websites. All data is aggregated and anonymous.
  • LinkedIn Insight Tag: We use the LinkedIn Insight Tag to measure the effectiveness of our LinkedIn advertising campaigns and understand our professional audience. This tag places a cookie on your browser and may collect data such as your IP address, timestamp, page URL, and LinkedIn member status. You can opt out of LinkedIn tracking by adjusting your LinkedIn ad preferences.
  • Facebook Pixel (Meta): We use the Facebook Pixel to measure the effectiveness of our Facebook and Instagram advertising campaigns. This pixel may place cookies on your browser and collect data about your interactions with our website. You can opt out of Facebook tracking through your Facebook ad settings or by using the Digital Advertising Alliance of Canada opt-out tool.
  • Essential cookies: We use essential cookies that are strictly necessary for the operation of our website and application, such as session cookies for authentication and security tokens. These cookies cannot be disabled.

You can control non-essential cookies through your browser settings. Note that disabling cookies may affect the functionality of certain features.

11. Security Safeguards

We implement technical and organizational safeguards to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Sensitive data, including voice recordings and candidate documents, is encrypted at rest using industry-standard encryption.
  • Access controls: Access to personal information is restricted to authorized personnel on a need-to-know basis. Role-based access controls are enforced within the application.
  • Audit logging: We maintain audit logs of significant system activities to detect and investigate security incidents.
  • Secure hosting: Our infrastructure is hosted in professionally managed data centres with physical security controls.
  • Regular review: We periodically review and update our security practices to address emerging threats and vulnerabilities.

While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Data Breach Notification

In the event of a security breach involving personal information that creates a real risk of significant harm, we will:

  • Notify the Office of the Privacy Commissioner of Canada (OPC) as required under PIPEDA's mandatory breach notification provisions.
  • Notify affected individuals as soon as feasible, providing details about the breach, the information involved, and steps they can take to protect themselves.
  • Maintain records of all breaches of security safeguards as required by law.

13. Your Rights

Under PIPEDA (all users)

Under the Personal Information Protection and Electronic Documents Act, you have the right to:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of any inaccurate or incomplete personal information.
  • Withdrawal of consent: Withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions. Note that withdrawing consent may affect our ability to provide the Service.
  • Complaint: File a complaint with us or with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

Additional rights for EU/EEA users (GDPR)

If you are located in the European Union or European Economic Area, you may also have the following rights under the General Data Protection Regulation:

  • Right to erasure (right to be forgotten).
  • Right to data portability.
  • Right to restriction of processing.
  • Right to object to processing based on legitimate interests.
  • Right not to be subject to solely automated decision-making.

To exercise any of these rights, please contact our Privacy Officer at contact@worksignal.com. We will respond to all legitimate requests within 30 days.

14. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take reasonable steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us at contact@worksignal.com.

15. CASL Compliance

We comply with Canada's Anti-Spam Legislation (CASL) in all our electronic communications. This means:

  • We only send commercial electronic messages with the recipient's express or implied consent.
  • All commercial messages include accurate sender identification and contact information.
  • All commercial messages include a functional unsubscribe mechanism.
  • We process unsubscribe requests within 10 business days.

Transactional messages (such as account verification emails, billing notices, and security alerts) are not considered commercial electronic messages under CASL and do not require consent.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:

  • Post the updated policy on our website with a revised "Last updated" date.
  • Notify registered users via email for material changes that affect how we handle personal information.

We encourage you to review this policy periodically to stay informed about how we protect your information.

17. Contact and Complaints

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact our Privacy Officer:

Privacy Officer
RoboticForce, Inc.
Kingston, Ontario, Canada
Email: contact@worksignal.com

We will investigate all complaints and respond within 30 days. If you are not satisfied with our response, you may escalate your complaint to:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca