top of page

Privacy Policy, GDPR, PDPA and Security of Data


AI Sourcing is hosted on the platform. provides us with the online platform that allows us to sell our services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.


AI Enabled Data Services 

Safe, Secure and ready for the General Data Protection Regulation (GDPR)

Nothing matters more to us than the security of your data. We have you covered for the General Data Protection Regulation (GDPR).

Securing your data

Protecting customer data is a top priority at AI Sourcing. Much of our data is stored with our Partner provider or the AI Sourcing Platform X0pa Ai. We understand you are trusting us with your data and we take the responsibility of securing it extremely seriously. Our Security page outlines all of our practices.

Data Correction

Account admins can modify collected personal data to meet the correction requirement of the GDPR with our user management tools or by making a request to

Right to be forgotten

You can request that personal information in your account be permanently removed. We give this control to you. The AI recruitment platform offers you an option to delete your profile and it will also purge your information such as interviews, jobs and references.

Built for security

The Platform protects all of our customers with an array of security features.

  • Data encryption in transit

  • Data encryption at rest

  • Data centers routinely audited with industry-standard SSAE-16 methods

  • Data redundancy for resilience during disasters

  • SAML, OAUTH and OpenID support for secure authentication

  • Continuous network monitoring

  • Industry-standard security evaluations

  • Independent third-party security reviews and penetration tests

  • Role-based authentication

  • IP address whitelisting

Cyber security is a very important aspect for the Technology Provider, the X0PA AI Platform and this is where X)pa AI's partnership with Microsoft helps, increasing security to our clients by hosting the platform on Microsoft’s cloud, Azure.


What is the GDPR?


Effective May 25th 2018, the GDPR tightens the rules for businesses on how they collect, store and process EU citizens’ personal data. The new regulations impact organisations worldwide that collect and process personal data of EU citizens. Some of the key changes likely to impact your customer feedback programs are listed below.

GDPR and Privacy Shield

Europe is currently leading the way in terms of regulating the protection of personal data of individuals. The new EU GDPR, which replaces the 1995 EU “Data Protection Directive” (and the laws of the various EU member states implementing the 1995 Directive), has been the focal point of discussion and compliance efforts for many companies around the world.

We are committed to respecting the privacy rights of all of its customers and their users and to taking reasonable and appropriate measures to protect the privacy and security of their personal information, including by implementing measures designed to comply with specific, applicable provisions of the GDPR.

More generally, our technology provider for the AI Platform - X0PA has updated its technology, service offerings, terms and conditions of service and privacy notice to reflect our ongoing commitment to data privacy and security in compliance with our agreements with our customers and with applicable law.

Enabling you to be GDPR-compliant

Supporting our customers to be GDPR-compliant means we:

  • Provide sufficient guarantees to the controller to implement appropriate technical and organisational measures designed to safeguard customer data

  • Processes data (that could include personal data) only to fulfill its obligations as related to the Services

  • Enables users to modify and delete their personal data

  • Can sign a contract that governs the processing of EU personal data

GDPR contract – Data Processing Addendum (DPA)

GDPR Article 28, Section 3 requires that a contract be in place between a data controller and a data processor. For years, the Ai platform provider X0PA Ai’s Terms of Service, Privacy Policy, and Customer Agreements have provided the fundamental legal requirements and obligations regarding data ownership, processing behavior, safeguarding data and more.

If you as a customer, wish to have a GDPR-specific addendum to your agreement, please contact our Customer Success team at



Security and Privacy
This policy sets out:

1. the information we collect about you when you visit our website, use our products or services or otherwise interact with us;

2. how we use, share, store and secure the information; and

3. how you may access and control the information.

In this policy, Ai Sourcing Ltd of Kemp House, 152 – 160 City Road, London, EC1Y 2NX (together with our subsidiaries, our holding company and subsidiaries of our holding company from time to time) and “Platform” means our website “AI AI” and Technology of AI Sourcing Platform provider X0PA Ai Pte ltd of 81 Ayer Rajah Crescent, #01-66/67, JTC Launchpad, Singapore In this policy, “personal information” refers to any data, information, or combination of data and information that is provided by you to us, or through your use of our products or services, that relates to an identifiable individual.

1. What information we collect about you

1.1 We collect the following types of information about you:

(a) Account and profile information that you provide when you register for an account or sign up for our products or services, for example name, title, email address and company details (collectively, “Account Data”);

(b) information you provide through support channels, for example when you report a problem to us or interact with our support team, including any contact information, documentation, or screenshots (collectively, “Support Data”);

(c) communication, marketing and other preferences that you provide us when you participate in a survey or a questionnaire that we send you (collectively, “Preference Data”);

(d) details of any transactions, purchases or orders that you’ve made with us (collectively, “Transaction Data”);

(e) payment information, for example credit card information (collectively, “Financial Data”);

(f) information about your device or connection, for example your internet protocol (IP) address, log-in data, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our products or services and information we collect through cookies and other data collection technologies. Please read our Cookies Policy for details. (collectively, “Technical Data”); and

(g) Information about your use of or visit to our Platform, for example your clickstream to, through, and from our Platform, products you viewed, used, or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) or methods to browse away from the page (collectively, “Usage Data”).

1.2 We collect the above information when you provide it to us or when you use or visit our Platform. We may also receive information about you from other sources, including:

1.3 We do not collect sensitive data or special category data about you. This includes details about your race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health or sexual orientation.

2. How we use information we collect

2.1 We only use your personal information where the law allows us to. We use your personal information only where:

(a) it is needed to perform the contract we have entered into (or are about to enter into) with you, including to operate our products or services, to provide customer support and personalised features and to protect the safety and security of our Platform;

(b) It satisfies a legitimate interest which is not overridden by your fundamental rights or data protection interests, for example for research and development, and in order to protect our legal rights and interests;

(c) You’ve given us consent to do so for a specific purpose, for example we may send you direct marketing materials or publish your information as part of our testimonials or customer stories to promote our products or services with your permission; or

(d) We need to comply with a legal or regulatory obligation.


2.2 If you have given us consent to use your personal information for a specific purpose, you have the right to withdraw your consent any time by contacting us (please refer to paragraph 8 for contact information), but please note this will not affect any use of your information that has already taken place.

2.3 We do not share your personal information with any company outside our group for marketing purposes, unless with your express specific consent to do so.

2.4 For visitors to or users of our Platform who are located in the European Union, we have set out our legal bases for processing your information in the Legal Bases Table at the end of this policy.

3. How we share information we collect

3.1 We share information with other companies in our group in order to operate our Platform and to offer and improve our products and services.

3.2 We may share personal information on an aggregated or de-identified basis with third parties for research and analysis, profiling and similar purposes to help us improve our products and services.

3.3 If you use any third-party software in connection with our products or services, for example any third-party software that our Platform integrates with, you might give the third-party software provider access to your account and information. Policies and procedures of third-party software providers are not controlled by us and this policy does not cover how your information is collected or used by third-party software providers. We encourage you to review the privacy policies of third-party software providers before you use the third-party software.

3.4 Our Platform may contain links to third-party websites over which we have no control. If you follow a link to any of these websites or submit information to them, your information will be governed by their policies. We encourage you to review the privacy policies of third-party websites before you submit information to them.

3.5 We may share your information with government and law enforcement officials to comply with applicable laws or regulations, for example when we respond to claims, legal processes, law enforcement or national security requests.

3.6 If we are acquired by a third party as a result of a merger, acquisition, or business transfer, your personal information may be disclosed and/or transferred to a third party in connection with such a transaction. We will notify you if such a transaction takes place and inform you of any choices you may have regarding your information.

4. How we store and secure information we collect

4.1 We use data hosting service providers based in Singapore to host the information we collect.

4.2 We have adopted the following measures to protect the security and integrity of your personal information:

(a) Information is encrypted using TLS/SSL technology;

(b) Access to your personal information is restricted to personnel or service providers on a strictly need-to-know basis, who will only process your information on our instructions and who are subject to a duty of confidentiality; and

(c) Our information collection, storage and processing practices are reviewed regularly;


4.3 We have put in place procedures to manage any suspected privacy breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

4.4 While we implement safeguards designed to protect your information, please note that no transmission of information on the internet is completely secure. We cannot guarantee that your information, during transmission through the internet or while stored on our systems or processed by us, is absolutely safe and secure.

4.5 We only retain personal information for so long as it is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. After such time, we will delete or anonymise your information or, if this is not possible, we will securely store your information and isolate it from further use. We periodically review the basis and appropriateness of our data retention policy.

5. Your rights

5.1 You have the right to:

(a) Be informed of what we do with your personal information;

(b) Request a copy of the personal information we hold about you;

(c) Require us to correct any inaccuracy or error in any personal information we hold about you;

(d) Request erasure of your personal information (note, however, that we may not always be able to comply with your request of erasure for record keeping purposes, to complete transactions, or to comply with our legal obligations);

(e) Object to or restrict the processing by us of your personal information (including for marketing purposes);

(f) Request to receive some of your personal information in a structured, commonly used, and machine readable format and request that we transfer such information to another party; and

(g) Withdraw your consent at any time where we are relying on consent to process your personal information (although this will not affect the lawfulness of any processing carried out before you withdrew your consent).


5.2 You may opt out of receiving marketing materials from us by using the unsubscribe link in our communications, by updating your preferences within your account on our Platform, or by contacting us. Please note, however, that even if you opt out of receiving marketing materials from us, you will continue to receive notifications or information from us that are necessary for the use of our products or services.

5.3 As a security measure, we may need specific information from you to help us confirm your identity when processing your privacy requests or when you exercise your rights.

5.4 Any request under paragraph 5.1 will normally be addressed free of charge. However, we may charge a reasonable administration fee if your request is clearly unfounded, repetitive or excessive.

5.5 We will respond to all legitimate requests within one (1) month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests.

6. Changes to this policy

6.1 We may amend this policy from time to time by posting the updated policy on our Platform. By continuing to use our Platform after the changes come into effect, you agree to be bound by the revised policy.

7. Policy towards children

7.1 Our products and services are not directed to individuals under 12. We do not knowingly collect personal information from individuals under 12. If we become aware that an individual under 12 has provided us with personal information, we will take steps to delete such information. Contact us if you believe that we have mistakenly or unintentionally collected information from an individual under 12.

8. Contact us

8.1 Please contact us at or submit any written request to:

AI Sourcing Ltd, Kemp House, 152-160 City Road, London, EX1V 2NX

Attn: Chief Technology Officer

8.2 Please contact us in the first instance if you have any questions or concerns. If you have unresolved concerns, you have the right to file a complaint with a data protection authority in the country where you live or work or where you feel your rights have been infringed.


Cookies are small text files that are placed on your device by a web server when you access our Platform. We use cookies to identify your access and monitor usage and web traffic on our Platform to customise and improve our products and services.

We use both persistent cookies and session cookies. A persistent cookie stays in your browser and will be read by us when you return to our site or a partner site that uses our services. Session cookies only last for as long as the session lasts (usually the current visit to a website or a browser session).

We use the following types of cookies:

(a) Strictly necessary cookies – these are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our website;

(b) Analytical/performance cookies – these allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example by ensuring that users are easily finding what they are looking for.

bottom of page