Legal

Customer Privacy Policy

Published BearTalent legal documents are versioned, immutable once effective, and loaded from the public legal document API when available.

Version

2026-05-31

Effective

May 31, 2026

Canonical Path

https://beartalent.tech/legal/customer/privacy-policy/2026-05-31

What Changed

Initial Publishing

BearTalent Customer Privacy Policy

Version: 2026-05-24-v3 Effective Date: May 24, 2026 Last Updated: May 24, 2026 Operated by: Van Der Wall Tech, LLC

BearTalent is a product of Van Der Wall Tech, LLC ("BearTalent," "Van Der Wall Tech," "we," "us," or "our"). This Customer Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in connection with BearTalent customer accounts, employer tools, business communications, websites, billing, support, sales, marketing, integrations, security, and related services.

This Customer Privacy Policy applies to BearTalent websites, applications, and related services, including:

  • beartalent.tech
  • app.beartalent.tech
  • jobs.beartalent.tech
  • BearTalent customer portals, employer tools, account administration tools, support channels, sales communications, billing workflows, and related customer-facing services

For purposes of this Customer Privacy Policy, the "Services" means the BearTalent websites, applications, customer-facing tools, business communications, and related services described above.

1. Scope of This Customer Privacy Policy

This Customer Privacy Policy applies to personal information we collect from or about:

  • BearTalent employer customers;
  • customer administrators, recruiters, hiring managers, interviewers, evaluators, executives, and other authorized users;
  • business contacts, billing contacts, customer representatives, and vendor contacts;
  • visitors to BearTalent websites;
  • sales prospects, demo requesters, event participants, and marketing contacts;
  • individuals who contact BearTalent for support, security, privacy, billing, legal, or business purposes; and
  • other individuals whose personal information BearTalent processes for its own customer account administration, sales, marketing, support, billing, product, security, compliance, or business operations.

2. Applicant and Candidate Data Is Covered Separately

This Customer Privacy Policy is intended to cover BearTalent customers and customer-facing business operations. It is not intended to serve as the primary privacy policy for job candidates or applicants applying to jobs through BearTalent-powered job pages, including candidate-facing activity on jobs.beartalent.tech.

For jobs.beartalent.tech, this Customer Privacy Policy covers BearTalent-controlled processing such as site operation, security, cookies, analytics, error logging, support, business communications, legal compliance, and similar operational purposes. Applicant submissions, candidate profiles, hiring workflows, interview records, candidate communications, and employer evaluation activity are primarily addressed by the separate BearTalent Applicant Privacy Policy, the employer customer’s privacy policy or candidate notice, and any notices or consents presented during the applicable hiring process.

When an employer customer uses BearTalent to collect, upload, store, evaluate, communicate with, interview, or manage job candidates or applicants, the employer customer generally determines why and how that candidate or applicant information is processed. In those situations, BearTalent generally acts as a service provider or processor on behalf of the employer customer and processes the information according to the customer’s instructions, the applicable customer agreement, and any applicable data processing agreement.

Applicant and candidate privacy matters may be covered by a separate BearTalent Applicant Privacy Policy, the employer customer’s own privacy policy or candidate notice, the applicable job posting, consent forms, or other notices provided during the application or hiring process. If a privacy request concerns candidate or applicant information controlled by an employer customer, BearTalent may direct the request to that customer or assist the customer in responding, as appropriate.

3. BearTalent’s Role

Depending on the context, BearTalent may act in different roles:

  • Independent business or controller. BearTalent generally acts as an independent business or controller when it processes personal information for account administration, billing, sales, marketing, website operation, product analytics, customer support, security, fraud prevention, compliance, legal, and direct business operations.
  • Service provider or processor. BearTalent generally acts as a service provider or processor when it processes customer-controlled data on behalf of an employer customer, including candidate, applicant, recruiting workflow, hiring team, interview, or other customer-submitted data.

Employer customers are responsible for their own use of the Services, including determining what information to collect, what notices or consents are required, which users may access information, how long customer-controlled records should be retained, how hiring decisions are made, and how the customer complies with employment, privacy, anti-discrimination, recordkeeping, automated decision-making, and related laws.

4. Quick Summary

BearTalent may collect personal information such as business contact information, account information, user profile information, company information, billing metadata, authentication and security data, support communications, sales and marketing interactions, product usage data, device and log data, cookie and tracking data, and integration metadata.

We use this information to provide, operate, secure, support, improve, market, and administer BearTalent; manage customer accounts; process billing; communicate with customers and prospects; provide support; maintain audit and security records; enable integrations and communications; support AI-assisted features where enabled; comply with legal obligations; and protect our rights, users, customers, and Services.

We do not sell personal information for money. We may use cookies, pixels, analytics tools, advertising technologies, and similar technologies on our websites. In some jurisdictions, disclosures to third-party marketing, advertising, analytics, or tracking platforms may be considered a "sale," "sharing," or use for "targeted advertising." Where required, we provide a way to opt out.

5. Personal Information We Collect

The personal information we collect depends on how you interact with BearTalent and how a customer configures the Services.

A. Information You Provide Directly

Account and profile information. We may collect names, business email addresses, phone numbers, usernames, passwords or authentication credentials, profile details, job titles, roles, teams, permissions, notification preferences, account settings, and related user account information.

Customer and company information. We may collect company name, business address, company website, primary domain, industry, business contacts, customer plan information, subscription details, license quantities, account configuration, onboarding information, and customer relationship details.

Billing and payment-related information. We may collect billing contact information, invoice details, subscription records, payment processor identifiers, payment method metadata, tax-related information, transaction metadata, and related billing administration information. BearTalent does not intend to store full payment card numbers or card security codes.

Communications and support information. We may collect information you provide when you contact us, request a demo, submit a form, respond to a survey, participate in a call, request support, report a bug, provide feedback, communicate with our team, or otherwise interact with us. This may include message content, attachments, call notes, support tickets, diagnostic details, and related metadata.

Business contact and prospect information. We may collect business contact information from public or professional sources, referrals, events, forms, sales tools, marketing platforms, CRM tools, and similar sources to identify prospective customers, communicate about BearTalent, manage sales outreach, maintain relationship history, and honor opt-out requests.

Product configuration and preference information. We may collect saved views, filters, notification preferences, user interface preferences, workflow configuration, integration settings, role and permission settings, and other customer or user configuration choices.

Customer-controlled data. Employer customers and authorized users may submit information into BearTalent to use the Services. This information is generally processed on behalf of the employer customer and may be subject to the customer’s instructions, customer agreement, data processing agreement, customer privacy notices, and the separate applicant or candidate privacy materials applicable to the relevant workflow.

B. Information Collected Automatically

Device, usage, and log information. We may collect IP address, browser type, device type, operating system, pages viewed, referring URL, timestamps, session activity, feature usage, clickstream data, request metadata, error logs, diagnostic events, performance data, and similar technical information.

Authentication and security information. We may collect login events, session identifiers, authentication tokens, security events, audit logs, failed login attempts, account lockout data, role and permission activity, administrative actions, and other information used to protect accounts and the Services.

Cookies and similar technologies. We may use cookies, local storage, pixels, SDKs, tags, and similar technologies to operate the Services, keep users logged in, remember preferences, measure performance, understand usage, improve the product, and support marketing or advertising where enabled.

Approximate location information. We may infer approximate location from IP address for security, fraud prevention, localization, analytics, diagnostics, and legal compliance purposes. We do not intend to collect precise geolocation from customer users unless a feature is clearly enabled and appropriate notice or consent is provided where required.

C. Information From Customers, Integrations, and Third Parties

We may receive personal information from employer customers, authorized users, identity providers, single sign-on providers, payment processors, calendar tools, email systems, messaging providers, analytics providers, advertising or marketing platforms, customer relationship management tools, publicly available business sources, event or webinar platforms, and other integrations or third parties.

When a customer connects BearTalent to a third-party service, the information we receive or disclose may depend on the customer’s configuration, the permissions granted, and the third-party service’s own terms and privacy practices.

6. Notice at Collection

The table below summarizes the categories of personal information BearTalent may collect for customer-facing and business operations, examples of that information, why we collect it, how it may be disclosed, and our general retention approach.

| Category | Examples | Purposes | Disclosure, Sale, or Sharing | Retention | | --- | --- | --- | --- | --- | | Identifiers | Name, business email address, phone number, account ID, user ID, IP address, online identifiers | Account creation, authentication, support, communications, billing, security, customer administration | Disclosed to service providers, customer organization administrators, authorized users, and customer-enabled integrations. Not sold for money. May be shared through marketing or tracking technologies where enabled and legally applicable. | For the account term, as needed to provide the Services, or as needed for legal, security, operational, billing, or business purposes | | Customer and commercial information | Company name, billing contact, subscription plan, license quantity, invoices, payment processor IDs, billing metadata, customer status | Billing, subscription administration, account management, fraud prevention, tax/accounting, customer support | Disclosed to service providers such as payment processors, hosting providers, and support providers. Not sold for money. | As needed for billing, accounting, tax, audit, legal, compliance, and business records | | Professional or business contact information | Job title, employer, department, role, team, business contact details, lead source, sales outreach history, customer relationship history, marketing preferences, opt-out status | Customer account administration, support, sales, marketing, lead qualification, contract management, product communication, honoring opt-out requests | Disclosed to service providers, marketing platforms, CRM providers, customer organization administrators, and professional advisors where appropriate. Not sold for money. May be shared for targeted advertising where legally applicable. | For the customer relationship, sales cycle, or as needed for business, legal, compliance, opt-out, and operational purposes | | Internet or network activity | IP address, browser/device details, log data, usage events, page views, referring URLs, cookie identifiers, diagnostic events | Security, diagnostics, product analytics, fraud prevention, abuse prevention, performance monitoring, marketing analytics, service improvement | Disclosed to hosting, analytics, security, monitoring, and marketing providers where enabled. May be considered sharing or targeted advertising where legally applicable. | Generally retained for a limited operational period unless needed for security, compliance, analytics, dispute resolution, or business purposes | | Communications content and metadata | Emails, SMS messages, support requests, form submissions, sales communications, chat messages, call notes, attachments, delivery metadata, SMS consent and opt-out status | Customer support, sales communications, transactional communications, SMS delivery, opt-out handling, workflow history, auditability, troubleshooting | Disclosed to communications providers, support providers, CRM tools, service providers, and customer-enabled integrations. Not sold for money. | As needed to provide support, maintain business records, comply with law, resolve disputes, honor opt-outs, and provide the Services | | Authentication, security, and audit data | Login events, session identifiers, failed login attempts, administrative actions, permissions activity, audit logs, security alerts | Authentication, authorization, account protection, fraud prevention, abuse prevention, incident investigation, compliance | Disclosed to hosting, security, monitoring, infrastructure, and service providers as needed. Not sold for money. | As needed for security, audit, legal, compliance, fraud prevention, and operational purposes | | Preferences and configuration data | Saved views, filters, notification preferences, UI settings, role settings, integration settings, workflow configuration | Personalization, usability, account configuration, product operation | Disclosed to service providers as needed to operate the Services and to customer organization administrators where appropriate. Not sold for money. | While the account is active or until changed, deleted, or no longer needed | | Audio, visual, or electronic information | Profile photos, support call recordings if enabled, webinar participation, meeting metadata, interview recording or transcription data where customer-enabled | Support, training, quality assurance, customer communications, customer-configured interview workflows, transcription, summarization | Disclosed to service providers, communications providers, AI/transcription providers where enabled, and customer-enabled integrations. Not sold for money. | As configured by the customer, as stated at collection, or as needed for legal, operational, support, or business purposes | | Inferences and product analytics | Product usage patterns, feature adoption, account health indicators, suggested workflows, AI-assisted outputs where enabled | Product improvement, support, customer success, workflow assistance, analytics, reporting, service optimization | Disclosed to service providers and authorized customer users where appropriate. Not sold for money. | As part of customer records, analytics records, or operational logs, depending on feature configuration and business need | | Sensitive personal information | Account credentials, security information, contents of communications, precise geolocation if enabled, customer-controlled sensitive data submitted into the Services | Security, authentication, service delivery, customer-configured workflows, legal compliance, support, access control | Disclosed only as needed to provide the Services, secure the platform, comply with law, or as directed by the customer. Not sold for money. | As needed to provide the Services, as directed by the customer, or as required for legal, security, compliance, or operational purposes |

We do not intentionally collect more personal information than we need to provide, secure, support, improve, market, and administer the Services.

7. How We Use Personal Information

We may use personal information to:

  • provide, operate, maintain, and improve BearTalent;
  • create and manage customer accounts, user accounts, roles, permissions, settings, workflows, integrations, reports, dashboards, and account records;
  • authenticate users, manage sessions, enforce permissions, and secure the Services;
  • communicate with customers, authorized users, prospects, and business contacts;
  • send transactional messages, service announcements, account notifications, billing notices, security alerts, support responses, and administrative communications;
  • send marketing communications, newsletters, event invitations, product updates, and promotional materials, subject to applicable law and user preferences;
  • identify prospective customers, manage sales outreach, maintain CRM records, and honor marketing opt-out requests;
  • provide customer support, troubleshoot issues, investigate bugs, and respond to requests;
  • process billing, subscriptions, invoices, taxes, payment-related records, and account administration;
  • enable SMS, email, and other communications features where configured or requested;
  • enable customer-selected integrations and connected services;
  • provide AI-assisted features where enabled, such as parsing, summarization, drafting, search assistance, classification, transcription, workflow assistance, or similar functionality;
  • generate reports, analytics, dashboards, and operational insights;
  • understand product usage, improve performance, develop new features, and evaluate account health;
  • monitor, detect, prevent, and investigate fraud, abuse, security incidents, unauthorized access, and violations of our terms or policies;
  • comply with legal obligations, respond to lawful requests, enforce agreements, and protect rights, safety, and property;
  • administer contracts, legal records, audits, insurance, compliance, and corporate governance; and
  • create aggregated, anonymized, or de-identified information that does not reasonably identify an individual.

8. AI-Assisted Features

BearTalent may offer AI-assisted features. Depending on the Services and customer configuration, these features may support parsing, summarization, drafting, classification, search assistance, transcription, interview summaries, workflow recommendations, or similar productivity and recruiting workflow assistance.

AI-assisted features are intended to support customer workflows and human review, not to replace recruiter, hiring-manager, or employer judgment. Outputs should be reviewed by authorized customer users before being relied upon, and employer customers remain responsible for employment decisions and compliance with applicable employment, privacy, anti-discrimination, recordkeeping, automated decision-making, and similar laws. BearTalent does not make final hiring decisions.

Employer customers are responsible for deciding whether and how to use AI-assisted features, configuring those features appropriately, reviewing AI-assisted outputs, and determining what notices, consents, audits, human review rights, opt-out rights, appeal rights, or other safeguards are required under applicable law. Where customer-configured workflows involve automated processing, ranking, scoring, profiling, or similar functionality, the employer customer is responsible for ensuring that its use of those workflows is lawful and appropriately disclosed.

BearTalent may use third-party AI providers to deliver AI-assisted features. Those providers may process personal information according to their applicable terms, product settings, agreements, and our configuration. Any commitments regarding third-party AI provider retention, use, or model training apply only to the extent they are expressly stated in a signed agreement, applicable provider terms, product settings, or official BearTalent documentation.

Customers and authorized users should not submit unnecessary sensitive personal information into AI-assisted features and should ensure their use of AI-assisted features complies with their own legal obligations, internal policies, and candidate-facing notices.

9. SMS, Communications, Interview Recording, and Transcription

BearTalent may support email, SMS, messaging, scheduling, recording, transcription, summarization, and related communication workflows. These features may be used for customer account communications, support, security, billing, or customer-configured recruiting workflows.

Where SMS or messaging features are enabled, we may process phone numbers, message content, delivery status, timestamps, opt-out events, and related communications metadata. Communications may be routed through third-party communications providers. Users may have the ability to opt out of certain SMS or marketing communications as described in the message or as required by law. Transactional, security, support, or account-related communications may still be sent where permitted.

Where recording, meeting assistant, or transcription features are enabled by an employer customer, those features may involve processing audio, video, screen content, speaker information, chat content, meeting metadata, transcripts, summaries, and related information. Employer customers are responsible for deciding whether to enable these features, providing any required notices, obtaining any required consents, and honoring applicable access, deletion, opt-out, or other rights.

10. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

Employer Customers and Authorized Users

Information associated with a customer account may be available to the employer customer and its authorized users, including administrators, recruiters, hiring managers, interviewers, evaluators, executives, and other users with appropriate permissions.

Service Providers and Subprocessors

We may disclose personal information to vendors that help us provide, secure, support, market, and improve the Services. Current core service providers and subprocessors include:

| Provider | Purpose | | --- | --- | | Amazon Web Services (AWS) | Cloud hosting, infrastructure, storage, databases, networking, security, logging, monitoring, and related platform services | | Stripe | Payment processing, subscriptions, invoices, billing administration, and payment-related metadata | | OpenAI | AI-assisted features such as parsing, summarization, drafting, search assistance, classification, and workflow assistance where enabled | | Recall.ai | Meeting assistant, interview recording, transcription, meeting capture, and related interview workflow support where enabled | | Twilio | SMS, messaging, communications routing, delivery metadata, opt-out handling, and related communications services |

We may add, replace, or remove service providers and subprocessors over time. Where required by contract or law, we will provide notice or maintain an updated subprocessor list.

Customer-Enabled Integrations

When an employer customer connects BearTalent to third-party services, we may disclose information to those services as directed by the customer. Examples may include identity providers, email providers, calendar providers, messaging platforms, HR systems, job boards, analytics tools, document tools, reporting tools, and other customer-selected integrations.

Analytics, Advertising, Marketing, and Tracking Platforms

We may disclose limited website, device, cookie, usage, and marketing interaction information to third-party analytics, advertising, marketing, CRM, or tracking platforms where those tools are enabled. Some privacy laws may treat these disclosures as a sale, sharing, or targeted advertising. Where required, we provide a way to opt out.

Payment Processors

Payment information may be processed by third-party payment processors. BearTalent generally receives and stores payment processor identifiers, subscription records, invoice metadata, billing status, and payment-related metadata rather than full card numbers.

Professional Advisors

We may disclose information to lawyers, accountants, auditors, insurers, bankers, consultants, and other professional advisors where reasonably necessary for business, legal, compliance, insurance, financial, or corporate purposes.

Legal, Compliance, Security, and Safety Purposes

We may disclose information when we believe it is necessary to comply with law, legal process, regulatory requests, security investigations, fraud prevention, enforcement of agreements, or protection of rights, safety, and property.

Business Transactions

If BearTalent or Van Der Wall Tech, LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, personal information may be disclosed or transferred as part of that transaction.

Aggregated, Anonymized, or De-Identified Information

We may disclose information that has been aggregated, anonymized, or de-identified so that it does not reasonably identify an individual. Where required by law, we will maintain and use de-identified information in de-identified form and will not attempt to re-identify it except as permitted by law.

11. Cookies, Analytics, Advertising, and Similar Technologies

We may use cookies and similar technologies for the following purposes:

  • Essential technologies: to keep users logged in, route requests, maintain security, prevent fraud, provide core product functionality, and remember privacy choices.
  • Preference technologies: to remember settings such as saved views, filters, language preferences, or interface preferences.
  • Analytics technologies: to understand product usage, diagnose performance issues, measure website traffic, and improve the Services.
  • Marketing and advertising technologies: to measure marketing campaigns, understand site traffic, retarget visitors, measure conversions, or support advertising.

You may be able to manage cookies through browser settings, device settings, a cookie banner, a privacy preferences center, a "Cookie Settings" link, a "Your Privacy Choices" link, or other opt-out mechanisms we provide. Some technologies are necessary for the Services to work correctly and cannot be disabled through our preference tools.

Where required by law, we will provide a way to opt out of sale, sharing, targeted advertising, or non-essential cookies. Where required by applicable law, we will also honor browser-based opt-out preference signals, such as Global Privacy Control or similar legally recognized signals.

Because third-party marketing, analytics, and tracking tools may change over time, this Customer Privacy Policy describes those tools by category rather than listing every individual vendor.

12. Marketing Communications

We may send marketing communications to customers, prospects, and business contacts where permitted by law. We may use business contact information collected from public or professional sources, referrals, events, forms, sales tools, CRM tools, marketing platforms, and similar sources to contact organizations that may be interested in BearTalent. You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing communications, we may still send transactional, security, billing, support, legal, or account-related communications where permitted.

If we send SMS or text messages for marketing purposes, we will provide legally required disclosures and opt-out instructions. This Customer Privacy Policy is not intended to serve as consent to receive marketing text messages; where consent is required, consent should be collected separately through the applicable signup, application, customer configuration, or messaging workflow. Customer-configured SMS communications may be subject to the customer’s own notices, consents, and compliance obligations.

13. Payments and Billing

If you purchase BearTalent or administer a paid account, we may process billing contact information, subscription information, license quantity, invoice details, customer IDs, payment method IDs, and related payment metadata. Payments may be processed by Stripe or another third-party payment processor. BearTalent does not intend to store full card numbers or card security codes.

14. Legal Bases for Processing in the EEA, UK, and Similar Jurisdictions

Where applicable privacy laws require a legal basis for processing, we may rely on the following legal bases:

  • Contract: to provide the Services, manage accounts, authenticate users, support customers, and process transactions.
  • Legitimate interests: to secure the Services, prevent fraud, improve the product, provide support, analyze usage, maintain business records, communicate with customers and prospects, and market our Services where permitted.
  • Consent: where required for certain cookies, marketing communications, SMS communications, AI-assisted features, recordings, precise geolocation, or other optional processing.
  • Legal obligations: to comply with laws, tax/accounting rules, lawful requests, regulatory obligations, and dispute resolution needs.
  • Vital interests or public interest: where necessary in rare circumstances involving safety or legal requirements.

Where BearTalent processes customer-controlled data on behalf of an employer customer, the employer customer is generally responsible for identifying the applicable legal basis for that processing.

15. Privacy Choices and Rights

Depending on where you live and how your information is processed, you may have some or all of the following rights:

  • access personal information we hold about you;
  • request correction of inaccurate personal information;
  • request deletion of personal information;
  • request a copy of personal information in a portable format;
  • object to or restrict certain processing;
  • opt out of sale, sharing, targeted advertising, or certain profiling where applicable;
  • limit the use or disclosure of sensitive personal information where applicable;
  • withdraw consent where processing is based on consent; and
  • appeal a decision we make about a privacy request where applicable.

To submit a privacy request, contact us at privacy@beartalent.tech. We may need to verify your identity before responding. You may also use an authorized agent where permitted by law. If we deny your request and applicable law gives you an appeal right, you may appeal by contacting privacy@beartalent.tech and including "Privacy Appeal" in the subject line.

We intend to provide a consistent privacy request process. Some rights, exceptions, response timelines, and appeal rights may vary depending on your location, the type of information involved, our role, and applicable law.

If a request concerns customer-controlled data, including applicant, candidate, recruiting workflow, interview, or hiring-related data controlled by an employer customer, we may direct the request to that customer or assist the customer in responding.

16. U.S. State Privacy Notice

This section supplements the rest of this Customer Privacy Policy and applies to residents of U.S. states with comprehensive privacy laws where those laws apply to BearTalent. These laws may include privacy laws in California, Colorado, Connecticut, Delaware, Iowa, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states as their laws become effective or applicable.

A. Categories of Personal Information Collected

In the preceding 12 months, we may have collected the categories of personal information described in Section 6 above, including identifiers, customer and commercial information, professional or business contact information, internet or network activity, communications content and metadata, authentication/security/audit data, preference and configuration data, audio/visual/electronic information, inferences and product analytics, approximate geolocation data, and sensitive personal information where applicable.

B. Sources of Personal Information

We may collect personal information from you, employer customers, authorized users, customer administrators, service providers, payment processors, analytics providers, advertising or marketing platforms, communications providers, integrations, publicly available business sources, and other sources described in this Customer Privacy Policy.

C. Purposes for Collection, Use, and Disclosure

We collect, use, and disclose personal information for the purposes described in this Customer Privacy Policy, including providing the Services, administering customer accounts, supporting customers, communicating with users and prospects, managing billing, securing the platform, using AI-assisted features where enabled, improving the product, marketing our Services, and complying with legal obligations.

D. Categories of Third Parties to Whom We Disclose Personal Information

We may disclose personal information to the categories of recipients described in Section 10 above, including employer customers and authorized users, service providers and subprocessors, customer-enabled integrations, analytics providers, advertising and marketing platforms, payment processors, professional advisors, legal and compliance recipients, business transaction recipients, and recipients of aggregated or de-identified information.

E. Sale, Sharing, and Targeted Advertising

We do not sell personal information for money. We may use advertising cookies, retargeting pixels, analytics technologies, marketing platforms, or similar technologies that may be considered a "sale," "sharing," or use for "targeted advertising" under some U.S. state privacy laws. Where required, we provide a "Your Privacy Choices," "Do Not Sell or Share My Personal Information," or similar mechanism to opt out.

F. Sensitive Personal Information

We use sensitive personal information only as needed to provide the Services, ensure security, comply with law, support customer-configured workflows, prevent fraud or abuse, or for other purposes permitted by applicable law. Where required, we provide a mechanism to limit certain uses or disclosures of sensitive personal information.

G. State Privacy Rights

Depending on your state of residence and applicable law, you may have the right to:

  • confirm whether we process your personal information;
  • access personal information we process about you;
  • delete personal information;
  • correct inaccurate personal information;
  • obtain a portable copy of personal information;
  • opt out of sale, sharing, targeted advertising, or certain profiling or automated decision-making where applicable;
  • limit certain uses or disclosures of sensitive personal information;
  • withdraw consent where processing is based on consent;
  • appeal a privacy request decision; and
  • not be discriminated against for exercising privacy rights.

To exercise these rights, contact privacy@beartalent.tech. We may require verification before processing a request. We may deny or limit requests where permitted by law, including where we need to retain information for security, legal, compliance, fraud prevention, dispute resolution, backup, or other permitted purposes.

H. California Privacy Rights

California residents may have the right to:

  • know what personal information we collect, use, disclose, sell, or share;
  • access personal information;
  • delete personal information;
  • correct inaccurate personal information;
  • opt out of sale or sharing;
  • limit certain uses and disclosures of sensitive personal information;
  • use an authorized agent where permitted by law; and
  • not be discriminated against for exercising CCPA rights.

We do not knowingly sell or share personal information of individuals under 16.

I. Financial Incentives

We do not currently offer financial incentives or price or service differences in exchange for personal information. If that changes, we will provide any required notice and consent mechanism.

17. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, maintain accounts, comply with contracts, support customers, meet legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, improve the Services, and operate our business.

Customer account, billing, legal, tax, audit, and compliance records may be retained for longer periods as required or permitted by law. Security logs and operational records may be retained as needed for security, fraud prevention, incident response, and service reliability. Marketing and prospect records may be retained until they are no longer needed or until a valid deletion or opt-out request is honored, subject to applicable exceptions.

For customer-controlled data, retention is generally determined by the employer customer, customer configuration, contract terms, or legal requirements. Customers may configure or request deletion of certain records, subject to legal, security, backup, and operational limitations.

If a customer account is closed, canceled, expires, or is deleted, BearTalent may deactivate account access and delete, return, archive, or retain customer-controlled data according to the applicable agreement, product settings, legal requirements, and operational limitations. We may retain certain information after account closure where reasonably necessary for billing, tax, accounting, audit, security, fraud prevention, backup, disaster recovery, legal claims, dispute resolution, contract enforcement, compliance, or legitimate business records.

Deletion from active systems may not immediately remove information from encrypted backups, logs, disaster recovery systems, or archival systems. Backup and archival copies are protected from routine use and deleted, overwritten, or isolated according to our retention practices unless a legal hold, security need, dispute, compliance obligation, or other permitted exception applies.

18. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. These safeguards may include role-based access controls, authentication, authorization, audit logging, encryption in transit, cloud security controls, network controls, managed infrastructure, monitoring, vulnerability management, secure configuration, and access limitation.

BearTalent is hosted using AWS infrastructure and related AWS-native security capabilities where configured. We do not currently claim third-party security certifications such as SOC 2, ISO 27001, or similar certifications unless separately stated in a signed agreement or official security documentation.

No method of transmission or storage is completely secure. We cannot guarantee absolute security. Users are responsible for maintaining the confidentiality of their credentials and for using strong, unique passwords and available security features.

19. International Transfers

BearTalent may process and store personal information in the United States and other countries where we, our service providers, or our customers operate. These countries may have privacy laws that differ from the laws in your jurisdiction.

Where required, we use appropriate safeguards for international transfers, such as data processing agreements, standard contractual clauses, or other lawful transfer mechanisms. We do not claim participation in a cross-border transfer certification framework unless separately stated in official BearTalent documentation or a signed agreement.

20. Children’s Privacy

BearTalent’s customer-facing Services are not intended for children under 13, and we do not knowingly collect personal information from children under 13 for customer account, sales, billing, marketing, or support purposes. If we learn that we have collected personal information from a child under 13 without appropriate authorization, we will take steps to delete it.

Some jurisdictions may impose a higher age threshold. Employer customers should not use BearTalent to collect information from minors unless they have determined that doing so is lawful and have provided any required notices or obtained any required consents.

21. Third-Party Links and Integrations

The Services may contain links to third-party websites or integrations with third-party services. This Customer Privacy Policy does not apply to third-party websites, services, or practices. Employer customers and users should review the privacy policies of any third-party services they choose to use or connect to BearTalent.

22. Changes to This Customer Privacy Policy

We may update this Customer Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and provide additional notice where required by law or contract. Continued use of the Services after an updated policy becomes effective means the updated policy applies to future processing.

23. Contact Us

For privacy questions, requests, or complaints, contact:

Van Der Wall Tech, LLC Product: BearTalent Email: privacy@beartalent.tech Mailing Address: 501 Union St Ste 545 PMB 674791 Nashville, Tennessee 37219-1876 US