Global Privacy Policy

Last Updated: Apr 2026
ICO Registered: ZB360429

Introduction

Redeployable Limited ("Redeployable") values your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, share, and store personal information about you. It also outlines your rights regarding your personal data and how to exercise them, as well as explaining our use of cookies and your rights to allow, deny, or choose preferences.

Redeployable is a business operating in the United Kingdom providing services that connect untapped talent with career opportunities. Our services are primarily intended for UK and US residents, though we recognise that users outside of these countries may access our websites and engage with our services. Redeployable acknowledges the rights of these users and makes all reasonable efforts to operate with due diligence and legality, and to comply with any relevant regulations of respective sovereign nations.

This Privacy Policy applies to personal data we collect through:

  • https://www.redeployable.io
  • https://app.redeployable.io
  • https://hiring.redeployable.io
  • https://labs.redeployable.io
  • and other websites that Redeployable operates that link to this policy (collectively "Websites")

The Personal Information We Collect

The personal information we may collect falls into the following categories:

Information You Provide Voluntarily

Certain areas of our websites may ask you to provide personal information willingly, such as when you:

  • Register for an account
  • Complete career assessments and skill profiles
  • Participate in job simulations
  • Upload documents such as CVs or resumes
  • Send or receive messages through our platform messaging feature
  • Provide your location for career matching purposes
  • Request technical support
  • Subscribe to marketing communications
  • Sign up for events
  • Access content
  • Submit inquiries or feedback

For employers and training providers using our platform, we collect additional information related to job roles, talent requirements, and workforce planning.

We will clearly inform you of the data we collect and the reasons for collecting it at the point of collection.

Information Collected Automatically

When you visit our websites or use our platform, we may automatically collect certain information from your device. This information may include:

  • IP address
  • Device type and unique device identifiers
  • Browser type
  • Geographic location (country or city level)
  • Technical information about how your device interacts with our websites
  • Pages accessed and links clicked
  • Session duration and timing

Collecting this information allows us to better understand who uses our services, where they come from, and which content they find most relevant. We use this information for internal analytics, to improve user experience, and to enhance the quality and relevance of our platform.

Information Obtained from Third Parties

Occasionally, we may receive personal information about you from third-party sources, such as:

  • Lead generation providers
  • Partners and referrals
  • Content syndication providers
  • Third-party enrichment tools

We only collect information from third parties that have your consent or are otherwise legally permitted to share it with us. The types of information we collect from third parties may include name, contact information, job title, military service history, career transition status, and internet activity. We use this information to personalise our services and to match talent with relevant opportunities.

Career and Skills Data

Our core service involves collecting and processing information about your career history, skills, and professional aspirations. This may include:

  • Work history and experience (employer names, job titles, roles, dates, descriptions)
  • Education history and professional certifications and qualifications
  • Military service records and details (branch, rank, role, service dates)
  • Career transition status and readiness stage
  • Skills assessments and aptitude evaluations
  • Career preferences and goals

This information is essential for our skills matching technology to connect you with relevant careers and job opportunities.

Job Simulation Data

Our platform allows you to participate in simulated job scenarios ("simulations") to explore careers. When you use simulations, we collect:

  • Your responses: Written answers to simulation tasks and steps
  • Assessment results: Performance ratings and feedback on your responses
  • Progress data: Completion status, time spent, and other metadata
  • Recruiter-facing insights: AI-generated summaries of your performance, which may be shared with recruiters who are reviewing your job application

Assessment results and insights generated through simulations are treated as part of your career profile and are subject to the same data protection rights as other personal data.

Documents and File Uploads

You may upload documents to our platform, including:

  • CVs and resumes: We store the file and its original filename. We may use AI to extract skills and experience data from uploaded documents to enhance your profile.
  • Profile images: You may upload a profile image, which may be displayed to other users, including recruiters, within the platform.

Uploaded documents are stored securely and are accessible only to you and, where applicable, to recruiters and employers who have been granted access to your profile.

Messaging and Communication Data

Our platform includes an in-platform messaging feature that enables direct communication between recruiters (employer users) and candidates (individual users) in connection with career pathway opportunities. When you use our messaging feature, we collect and process:

  • Message content: The text of messages you send and receive
  • Conversation metadata: Sender and recipient identifiers, timestamps, and the job application associated with the conversation
  • Read receipts: Timestamps indicating when messages have been read by each participant
  • Participant information: Your role in the conversation (candidate or recruiter) and your association with a particular employer or job application

Messaging conversations are initiated by recruiters in connection with a specific job application. Multiple recruiters from the same employer may view and participate in a conversation with a candidate.

Messages are not end-to-end encrypted. Platform administrators may access message content for the purposes of investigating abuse reports, enforcing our terms of use, or complying with legal obligations.

How We Use AI in Our Services

Redeployable uses artificial intelligence (AI) technology to enhance our career matching and development services. Specifically, we use AI to:

  • Match skills to career paths: We analyse the skills you've provided to suggest potential career paths that align with your capabilities.
  • Provide personalised career recommendations: Based on the information you provide about your skills, experience, and preferences, we suggest specific jobs you might want to explore.
  • Generate job fit assessments: We produce personalised assessments of your suitability for specific jobs, including skill match analysis, preference fit evaluations, and narrative summaries about your application. These assessments are visible to recruiters who have access to your job application.
  • Chatbot conversations: During career exercises and learning activities, you may interact with a chatbot. The content of these conversations (your questions and any responses) is stored as part of your exercise record.
  • Simulation performance assessments: We evaluate your responses to job simulation exercises and provide feedback, performance ratings, and career fit insights.

How Our AI Works

Our AI-related features work in the following ways:

  • Limited data usage: We process only the data you provide, such as your skills, career preferences, work history, and exercise responses. We do not access or use demographic information such as gender, ethnicity, or age.
  • Third-party AI providers: We use third-party AI service providers (including large language model providers) to power our AI features. Your data is transmitted to these providers for processing. We have data processing agreements in place with these providers, and your data is not used by them to train their AI models.
  • Suggestion-only functionality: Our AI makes suggestions and provides guidance only. It does not make decisions about hiring, candidate selection, or pathway eligibility. You retain complete control over your career exploration and can ignore or refresh recommendations at any time.
  • No automated decision-making: Our AI system does not engage in automated decision-making with legal or similarly significant effects as defined under Article 22 of the UK GDPR.

Your Rights Regarding AI Processing

You have specific rights regarding how your data is used by our AI system:

  • Transparency: You can see which skills triggered specific career recommendations.
  • Control: You can refresh recommendations, modify your profile information, or ignore suggestions entirely without any negative impact on your service.
  • Access to alternatives: You have access to alternative ways to explore career options beyond AI-generated recommendations.

How We Use Your Personal Information

We use the personal information we collect for the following purposes:

  • Providing our Services: To operate our talent matching platform and provide career planning and transition services
  • Personalising User Experience: To offer tailored career pathways, recommendations, and content
  • Facilitating Messaging: To enable direct communication between recruiters and candidates on the platform, deliver message notifications, and maintain conversation history
  • Communication: To respond to inquiries, provide support, and send service-related communications
  • Marketing: To send information about our services, events, and relevant opportunities (subject to your preferences)
  • Service Improvement: To analyse usage patterns, identify trends, and enhance our platform
  • Business Operations: To manage relationships with employers, training providers, and partners
  • Research and Development: To improve our matching algorithms and develop new features
  • Security and Compliance: To protect our platform, users, and comply with legal obligations

Sensitive Personal Data

We may collect sensitive personal data from our customers in the course of providing our services, particularly relating to military service history, training records, and career transitions.

Under California law, "sensitive personal information" also includes login credentials, precise geolocation, and the contents of communications where Redeployable is not the intended recipient.

We implement additional safeguards for this information and do not use sensitive personal data for any purpose beyond providing our core services. We do not sell sensitive personal data, and we do not share sensitive personal data for online advertising.

California residents have the right to limit our use of sensitive personal information. Because we already limit such use to the purposes permitted under the CPRA, no further action is required from you.

How We Protect Your Data

We are committed to protecting your personal data through appropriate technical and organisational security measures:

  • Our platform is built with security by design principles
  • User data is encrypted both in transit and at rest
  • We maintain strict access controls for employee access to personal data
  • Regular security audits and vulnerability assessments
  • Secure authentication mechanisms provided by Auth0 (Okta)
  • Data minimisation practices to collect only what is necessary
  • Role-based access controls for employer and Redeployable administrators

Administrative Access

Authorised Redeployable administrators may access user accounts for the purposes of providing technical support, investigating abuse reports, or resolving platform issues. Administrative access is:

  • Restricted to designated personnel with a legitimate operational need
  • Logged and auditable, including records of impersonation sessions where an administrator accesses the platform as a user
  • Subject to internal policies that limit the scope and duration of access
  • Never used for marketing or commercial purposes unrelated to platform operations

Personal Data Sharing

We may share your personal data with the following categories of recipients:

  • Our service providers: We use carefully selected third-party service providers who assist us in delivering our services, supporting our websites, enhancing their security, and processing data on our behalf
  • Employers and training providers: With your consent, we share relevant profile information with employers and training providers participating in our platform. Where you engage in messaging conversations with recruiters, the content of those messages is accessible to the recruiter and, where applicable, other authorised representatives of the same employer
  • Partners: We may share data with partners who collaborate with us in delivering our services or engaging in joint activities
  • Law enforcement and regulatory bodies: We may disclose data when legally required to comply with applicable laws, enforce our legal rights, or investigate potential wrongdoing
  • Other third parties with your consent: We may disclose your data to other third parties with your explicit consent

Third-Party Service Providers

We share personal data with the following categories of third-party service providers, each of which operates under a data processing agreement with Redeployable:

  • Cloud infrastructure and hosting: Hosting our platform, databases, and file storage, and providing content delivery and network security services
  • Authentication and identity management: Secure user login, account authentication, and profile image hosting
  • Email and communications: Sending transactional and marketing emails, managing email preferences, and tracking delivery events
  • Product analytics: Understanding how users interact with our platform, measuring feature usage, and identifying opportunities to improve the user experience
  • Web analytics and conversion measurement: Measuring website traffic, marketing performance, and conversion events
  • Referral programme management: Managing our referral programme and attributing sign-ups to referrers
  • AI and large language model providers: Powering career assessments, job fit analysis, chatbot conversations, document parsing, and simulation evaluations
  • Location and mapping services: Location autocomplete, geocoding, and mapping functionality to support career matching

We do not sell your personal data to any third party. All third-party service providers are contractually prohibited from using your data for their own purposes beyond the services they provide to us.

Legal Basis for Processing Personal Data

The foundation upon which we collect and utilise personal information is contingent on the specific data type and the context in which it is obtained. Typically, we will gather your personal information only if:

  • Contract fulfillment: We need the data to fulfill our obligations under a contract we have with you, including providing platform features such as messaging between recruiters and candidates
  • Legitimate interests: Processing is necessary to operate our platform, improve our services, ensure platform security, and communicate with you as needed
  • Consent: You have granted us explicit authorisation to process your personal data
  • Service engagement: You engage with our services by creating an account as an employer or candidate

Your rights are further explained in our Terms & Conditions linked here: https://www.redeployable.io/terms-conditions

Cookies and Similar Tracking Technologies

Our websites and platform utilise cookies and similar technologies for various purposes:

  • Essential cookies: These are necessary for our websites to function properly
  • Functional cookies: These enhance usability by remembering your preferences
  • Analytical cookies: These help us understand how visitors interact with our websites
  • Marketing cookies: These track your online activity to deliver targeted advertising

We also use server-side analytics to track events such as account creation, onboarding completion, and feature usage. This data is associated with your user account and is used solely for improving our services.

You can manage your cookie preferences through our cookie settings tool or by adjusting your browser settings.

Data Transfers

Your personal data may be transferred to, and processed in, countries other than your country of residence. In particular, some of our third-party service providers (including cloud infrastructure, AI service providers, and analytics platforms) process data in the United States and other jurisdictions. These countries may have data protection laws that differ from those of your country.

We have taken appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy, including:

  • Standard Contractual Clauses (SCCs): We use EU/UK-approved Standard Contractual Clauses with service providers located outside the UK and EEA where required
  • Data Privacy Framework: Where applicable, we work with providers that are certified under the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF
  • Transfer Impact Assessments: We conduct assessments of the legal frameworks in recipient countries to ensure adequate protection
  • Data processing agreements: All international transfers are governed by contracts that require recipients to protect your data to a standard equivalent to UK GDPR

Redeployable is committed to safeguarding the privacy of personal data transferred from the United Kingdom and European Union. If you would like more information about the specific safeguards applied to international transfers of your data, please contact us.

Data Retention

We retain your personal data as long as we have an ongoing legitimate business need to do so (for example, to provide you with our services or to comply with legal requirements). When we no longer have a legitimate business need to process your personal data, we will either delete or anonymise it, or if this is not possible, securely store it and isolate it from any further processing.

User accounts that remain inactive for 24 months will be archived, with personal data anonymised after an additional 12 months unless retention is required by law.

Your Data Protection Rights

You have the following data protection rights:

  • Access: Request access to your personal data, including a copy of your message history
  • Correction: Request correction or updating of your personal data
  • Deletion: Request deletion of your personal data
  • Objection: Object to the processing of your personal data
  • Restriction: Request restriction of processing of your personal data
  • Portability: Request portability of your personal data
  • Marketing opt-out: Opt out of marketing communications
  • Consent withdrawal: Withdraw your consent (if you have given it)
  • Sale and sharing opt-out: The right to opt out of the sale or sharing of personal information, where applicable. Redeployable does not sell or share personal information, so no opt-out mechanism is required.

You can exercise these rights by contacting us using the contact details provided under the "How to Contact Us" section below.

Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. These rights are included in the "Your Data Protection Rights" section above and apply equally to California residents.

  • We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to do so.
  • We do not share your personal information for cross-context behavioural advertising. "Sharing" under the CPRA includes disclosing personal information to third parties for targeted advertising across different businesses or services. We do not engage in this practice.
  • We do not use or disclose sensitive personal information for purposes other than those permitted under the CPRA (including providing our services, ensuring security, and complying with legal obligations).
  • Categories of personal information we collect, sources, and purposes are described in the "Personal Information We Collect" and "How We Use Your Personal Information" sections above.
  • Categories of third parties to whom we disclose personal information for business purposes are described in the "Personal Data Sharing" and "Third-Party Service Providers" sections above.

To exercise your California privacy rights, please contact us using the details in the "How to Contact Us" section. We will verify your request as described in "Verifying Data Protection Requests."

Non-discrimination

We will not discriminate against you for exercising your data protection rights.

Authorised Agent

You can authorise another person to make a data privacy request on your behalf. To do this, you will need to provide us with a written authorisation that includes the specific data protection request you want the authorised agent to make.

Data Protection Authority

You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

Appealing Our Decision

If you are not satisfied with our response to your data privacy request, you have the right to appeal our decision. To do this, please contact us using the details provided below. If you are not satisfied with the result of the appeal, you have the right to contact your respective attorney general depending on where you reside.

Verifying Data Protection Requests

We verify data protection requests to ensure they are legitimate and to prevent unauthorised access to your personal data. Our verification process is based on matching personal data provided by the requestor with personal data that we have on file. During the verification process, we aim to avoid collecting additional personal data that we don't already have.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the "last updated" date displayed at the top of this document.

How to Contact Us

If you have any questions or concerns about our use of your personal data, please contact us at:

Email: [email protected]

Address: 71-75 Shelton Street Covent Garden London UNITED KINGDOM

Appendix: Legal Frameworks and Terminology

For reference, this Privacy Policy operates within the framework of various data protection laws, including:

  • UK GDPR and Data Protection Act 2018: Our primary regulatory framework as a UK-registered company. The ICO is our lead supervisory authority (registration: ZB360429)
  • EU General Data Protection Regulation (GDPR): Applicable where we process personal data of individuals in the European Economic Area
  • US State Privacy Laws: We comply with applicable US state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Where other US state privacy laws apply to our processing (such as in Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy legislation), we honour the rights those laws provide to their residents.
  • Children's Online Privacy Protection Act (COPPA): Our services are not directed at children under the age of 13 (or 16 in the UK/EU). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately

Key terms used in this document:

  • "Controller," "processor," "data subject," "personal data," and "processing" have the meanings given in EU/UK Data Protection Law
  • "Breach" means an accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access to personal data
  • "Data Privacy Framework" refers to the EU-US, UK-US, and Swiss-US Data Privacy Framework self-certification programs
  • "Standard Contractual Clauses" refers to the appropriate legal mechanisms for international data transfers