Skip to main content

Privacy Policy

Last updated: 21 March 2026

1. Information We Collect

We collect information in the following categories:

Account Information

When you create an account, we collect your email address, display name, and a hashed version of your password. Passwords are stored using industry-standard one-way hashing and are never stored in plain text.

Candidate Data

When CVs are uploaded to the platform, we extract and store structured information including:

  • Personal details (name, email address, phone number)
  • Employment history (job titles, employers, dates, responsibilities)
  • Educational qualifications
  • Skills and competencies
  • Professional certifications

Interview Data

During voice interviews, we collect audio data which is processed in real time to generate text transcriptions. Interview transcripts and AI-generated assessment summaries are stored against the relevant session.

Usage Data

We collect basic usage data including login timestamps, actions performed within the platform, and audit logs of scoring runs and configuration changes.

2. How We Use Your Information

We use collected information to:

  • Provide and operate the recruitment platform
  • Parse and score CVs against configured rubrics
  • Conduct and transcribe voice interviews
  • Generate AI-powered assessment summaries
  • Maintain audit trails of scoring decisions and configuration changes
  • Administer user accounts and access permissions
  • Improve the Service through aggregated, anonymised analytics

3. Data Storage and Security

All data is stored in a PostgreSQL database hosted on infrastructure controlled by the Service operator. We implement appropriate technical and organisational measures to protect personal data, including:

  • Password hashing using Werkzeug security utilities
  • Session-based authentication with secure cookies
  • Role-based access controls (admin and standard user roles)
  • Audit logging of significant platform actions

4. Third-Party Services

The Service uses the following third-party providers to deliver its functionality:

OpenAI

We use OpenAI's APIs for the following purposes:

  • Realtime API — Powers voice interviews via WebRTC. Audio is processed by OpenAI in real time and is not stored by OpenAI after the session ends (per OpenAI's API data usage policy).
  • Whisper — Provides speech-to-text transcription during interviews.
  • GPT-4o — Generates interview assessment summaries, parses CV documents into structured data, and generates rubrics from job descriptions.

Data sent to OpenAI via the API is processed in accordance with OpenAI's API data usage policies and is not used to train OpenAI's models.

5. Legal Basis for Processing

We process personal data under the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). Our legal bases for processing are:

  • Contract — Processing account data is necessary to provide the Service you have signed up for
  • Legitimate interests — Processing usage data and audit logs to maintain platform security, prevent misuse, and improve the Service
  • Consent — Where you explicitly consent to AI processing of CVs or participation in AI-conducted interviews (consent checkboxes are presented before each action)

Organisations using Sift CV to process candidate data act as data controllers and are responsible for ensuring they have a lawful basis (typically legitimate interests for recruitment, or consent) for processing candidate personal data.

6. CV Data Processing

CV documents uploaded to the platform are processed as follows:

  1. The document (PDF or DOCX) is parsed locally to extract raw text
  2. The text is sent to OpenAI's API to extract structured fields (personal details, experience, qualifications, skills)
  3. Structured data is stored in the database for scoring and display
  4. Original uploaded files are stored in the application's file system

As the data controller, you are responsible for ensuring you have a lawful basis for processing candidate CVs, and for informing candidates that their data will be processed using AI tools.

7. Cookies and Analytics

The Service uses essential cookies required for the platform to function and lightweight, privacy-respecting analytics. We do not use any third-party tracking or advertising cookies.

Cookie / Technology Purpose Type Duration
session Maintains your authenticated login session Essential Browser session (cleared on close)
csrf_token Protects against cross-site request forgery attacks Essential Browser session
RegenInsite Analytics Collects anonymous page view data (pages visited, referrer, device type) to help us improve the Service. No personal data is collected or shared with third parties. Analytics (legitimate interest) Session only

We also use localStorage (not a cookie) to remember your cookie banner dismissal preference. This data never leaves your browser.

8. Data Retention

Account data, candidate records, interview transcripts, and scoring results are retained for as long as your account is active. Upon account deletion, your personal data will be removed. Candidate data associated with your organisation's jobs and scoring runs may be retained by other administrators in your organisation.

You may request deletion of specific candidate records at any time through the platform interface or by contacting us directly.

9. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate personal data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restriction — Request restriction of processing of your personal data
  • Portability — Request transfer of your data in a structured, machine-readable format
  • Object — Object to processing of your personal data in certain circumstances
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at bryan@ai-regenesis.com. We will respond within 30 days.

10. Complaints

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority:

We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please reach out to us first.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact

For questions about this Privacy Policy or our data practices, contact:

AI-Regenesis Ltd
Email: bryan@ai-regenesis.com

Your Privacy Matters

We use essential cookies to keep you logged in and lightweight analytics to improve our service. We never track you across other sites or serve ads.

Privacy Policy