Privacy Policy

    Human by Design Ltd. | Humans.id

    Version 5  |  April 2026

    Amendment Note (v5): This version corrects the list of third-party data providers in Section 1.2, removes the reference to LinkedIn scraping, explicitly names legitimate interest as the lawful basis for candidate data processing, adds a reference to the Cookie Policy, corrects the response time for data subject rights requests, removes the DPF self-certification claim, adds a forward-looking statement on retargeting, and updates the document date.

    Protecting your private information and data is our priority. This Privacy Policy applies to https://app.myhumans.id/ and https://www.humans.id/ and governs personal data collection and usage by Human by Design Ltd.

    Humans.id is a Software as a Service (SaaS) platform for use by hiring managers, recruiters, and staffing firms, allowing professionals to source candidates, automate recruiting workflows, and manage candidate pipelines.

    By using or visiting the Humans.id website you accept the terms of this Privacy Policy.

    For information about how we use cookies and tracking technologies, please see our Cookie Policy.

    Contact us at:

    • Human by Design Ltd.
    • 54 Portland Road, Bishop's Stortford, Hertfordshire, CM23 3SJ, United Kingdom
    • support@myhumans.id

    1. Processing of Personal Data

    1.1 Contact Persons of Humans.id's Customers

    i. Purposes and Legal Basis of the Processing

    If you purchase Humans.id's products and services, we process personal information about your representatives, contact persons and/or employees. This data is limited to the minimum necessary for contract management and is processed on the legal basis of contract performance (UK GDPR Article 6(1)(b)) and legitimate interests (UK GDPR Article 6(1)(f)) in maintaining and developing the commercial relationship.

    Humans.id may periodically contact you via email for announcements, promotional offers, alerts, confirmations, surveys, and/or other general communications related to our products and services. You may opt out of such messages at any time by clicking the unsubscribe button within the message.

    Some customers may integrate their account with their Google (Gmail) or Microsoft (Outlook) email inbox. When authorisation is granted, we may use this to send messages from your email address with your approval, or to count and/or read responses related to messages sent via our service. We will not access or read responses to messages that were not sent via our service.

    ii. Recipients

    Humans.id will not communicate personal data of their customers' representatives, contact persons and/or employees to third parties, unless essential for the execution of the contract or required by law. Where data is transferred to service providers outside the European Union, we implement appropriate safeguards including Standard Contractual Clauses.

    iii. Retention Period

    Humans.id stores personal data of customers' representatives and contact persons for the duration of the contract and thereafter only to the extent required by law or to maintain a legitimate commercial relationship.

    iv. Use of Third-Party AI Service Providers

    To provide certain AI-powered features, Humans.id may process user-provided content using third-party AI service providers acting as data processors on our behalf, including Anthropic PBC. Personal data is transmitted securely and used solely to deliver the requested functionality. The data is not used by the AI service provider to train or improve general AI models. Such data is retained by the provider for no longer than 30 days. Processing may involve transfers outside the European Union under Standard Contractual Clauses.

    1.2 Professional Candidates

    i. Purposes and Legal Basis of the Processing

    [AMENDED v5] If you are a working professional or adult-aged student, we may process information about you for the purpose of identifying you as a potential candidate for employment roles on behalf of our Subscriber clients.

    We source candidate data exclusively from the following licensed third-party professional data providers, each of which operates under its own GDPR compliance programme and lawful basis for the initial collection of data:

    • Apollo.io
    • Lusha Systems
    • ZoomInfo

    Humans.id does not scrape LinkedIn or other professional networks directly. All candidate data enters the platform via the licensed providers listed above.

    The lawful basis for this processing is legitimate interest under UK GDPR Article 6(1)(f). We have conducted a Legitimate Interest Assessment (LIA) which is available upon written request. In summary, we process professional data to match candidates with relevant career opportunities, which is consistent with the reasonable expectations of professionals who publish career information with professional data providers.

    The types of data we store and process include:

    • First and last name
    • Previous job history
    • Contact information and email address
    • Social media links (LinkedIn, GitHub, etc.)
    • Education history
    • Professional credentials and certifications
    • Professional skills

    Our service does not collect sensitive personal information such as sexual orientation, political views, or personal health information.

    ii. Recipients

    When acting as data controller, Humans.id will not share your data with any third party without your knowledge, unless required by law. Your data is shared with a Subscriber (employer) only when you have explicitly expressed interest in a specific role advertised by that Subscriber. At that point you become aware of the identity of the employer and consent to the transfer of your data to them for that role and, where indicated, for consideration for other current and future roles with that employer.

    iii. Retention Period

    Humans.id stores your personal data for one year from the date it was gathered. We may annually update such data to extend the retention period where our legitimate interest continues to apply. Candidates may object at any time to the continued processing of their data for job matching or talent pooling purposes. Where such an objection is received, Humans.id will cease such processing and erase the data unless retention is required by law.

    1.3 Humans.id Website Visitors

    [AMENDED v5] When you visit our website, we may collect information such as your name, email address, employer, and job title where you provide this to us. We may also use analytics tools to understand how visitors use our website, such as which pages are visited most often. This data is used to improve our services and website experience.

    We do not currently serve targeted advertising to website visitors. However, we reserve the right to implement retargeting and advertising cookies in the future. Where we do so, we will update this Privacy Policy and our Cookie Policy accordingly, and we will obtain your prior consent via our cookie consent mechanism before placing any non-essential cookies.

    Our website may contain links to other sites. We are not responsible for the content or privacy practices of such sites.

    1A. Data Processing, Storage and International Transfers

    1A.1 Storage Location

    All candidate personal data collected and processed by Humans.id is stored on servers maintained by Amazon Web Services (AWS) located in Frankfurt, Germany (EU region eu-central-1). Data does not leave the EU/UK storage environment except as described in this section.

    1A.2 AI Processing via Third-Party Provider

    Certain AI-assisted features of the platform involve transmitting candidate data to Anthropic PBC (United States) via their Claude API for the purpose of generating candidate assessments and summaries. This processing is subject to Standard Contractual Clauses approved by the UK ICO and the European Commission. Anthropic PBC does not use data transmitted via the API to train or improve its general AI models, and such data is retained by Anthropic for no longer than 30 days.

    1A.3 Data Flow

    The flow of candidate personal data through the Humans.id platform is as follows:

    • Candidate data is sourced from licensed third-party data providers (Apollo.io, Lusha, ZoomInfo) who operate under their own GDPR compliance programmes
    • Data enters Humans.id's secure platform and is stored on AWS Germany servers
    • Where a Subscriber requests an AI-assisted assessment, relevant professional data is transmitted to Anthropic PBC (US) under Standard Contractual Clauses
    • The resulting AI output is returned to the Subscriber's user interface
    • Candidate personal data is shared with a Subscriber only where the candidate has expressly shown interest in a specific role

    1A.4 International Transfers to Subscribers Outside the UK/EU

    Where a Subscriber is located outside the UK/EU, candidate personal data may be transferred to that Subscriber when a candidate has expressly shown interest in a role with that employer. Such transfers are only made where one of the following conditions is met:

    • (a) The destination country benefits from an adequacy decision issued by the UK ICO or European Commission
    • (b) Standard Contractual Clauses are in place between Humans.id and the Subscriber
    • (c) The candidate has provided explicit informed consent to the transfer, having been made aware of the destination country and the absence of an adequacy decision

    Candidates are informed of the identity of the employer and the location of their headquarters before their data is shared.

    2. Data Subjects' Rights

    [AMENDED v5] Data subjects may at any time exercise their rights to access the information we hold about them, rectify it, object to or restrict its processing, and request its erasure. Where applicable, data subjects may also withdraw consent, without such withdrawal affecting the lawfulness of processing carried out prior to it.

    We will respond to rights requests within one calendar month of receipt. Where a request is complex or we receive a high volume of requests, we may extend this period by a further two months. We will inform you of any such extension within one month of receiving your request, together with the reasons for the delay.

    To exercise your rights, contact us at:

    • 54 Portland Road, Bishop's Stortford, Hertfordshire, CM23 3SJ, United Kingdom
    • support@myhumans.id

    Data subjects also have the right to lodge a complaint with the relevant supervisory authority. For UK residents this is the Information Commissioner's Office (ICO) at www.ico.org.uk. For EU residents this is the supervisory authority in your member state.

    2A. Candidate Data Ownership and Revocation Rights

    2A.1 Candidate Data Ownership

    Humans.id recognises that candidates retain ownership of their personal data at all times. Our collection and use of candidate data does not transfer ownership of that data to Humans.id or to any Subscriber. Candidates have the right to access, correct, and delete their data at any time as described in Section 2 of this Privacy Policy.

    2A.2 What Candidates Consent to When Applying for a Role

    When a candidate expresses interest in a role or applies for a role facilitated by Humans.id, they consent to share their personal data with the relevant Subscriber for the purpose of that specific role and, where indicated, for consideration for other current and future roles with that employer. The candidate will be informed of the identity of the employer and the location of their headquarters before their data is shared.

    This consent is specific to the Subscriber and the role(s) indicated at the time of application. It does not constitute consent to share candidate data with any other employer or for any unrelated purpose.

    2A.3 Withdrawing from a Specific Role

    Withdrawing from a specific role application is distinct from deleting your account entirely. A candidate may withdraw from an individual role at any time without affecting their broader presence on the platform.

    When a candidate withdraws from a specific role via the platform, Humans.id will:

    • Remove the candidate from that role's pipeline immediately
    • Notify the relevant Subscriber of the withdrawal within 2 working days

    The Subscriber retains the right to contact the candidate about other current or future roles, subject to the consent granted at the point of application and applicable data protection law.

    2A.4 Full Account Deletion

    A candidate may request full deletion of their Humans.id account and all associated personal data at any time. Upon receipt of a valid deletion request, Humans.id will:

    • Delete all personal data relating to that candidate from its own systems within 5 working days
    • Confirm deletion to the candidate in writing within 7 working days

    Candidates should be aware that when they applied for roles via the platform, they consented to share their data directly with the relevant employer. That employer holds candidate data under their own independent lawful basis and is responsible for their own compliance with applicable data protection law. Humans.id's obligations extend to data held within the Humans.id platform only.

    2A.5 How to Submit a Deletion Request

    Candidates may request full account deletion at any time by:

    • Using the account deletion function within the Humans.id platform (processed immediately), or
    • Emailing support@myhumans.id with the subject line "Account Deletion Request", including their full name and registered email address (processed within 5 working days)

    Humans.id will acknowledge all emailed deletion requests within 2 working days.

    3. Security of Personal Information

    Humans.id protects information from unauthorised access using TLS encryption in transit and AES-256 encryption at rest. Personal information is stored on servers maintained by Amazon Web Services (AWS), subject to their continuously audited security safeguards. While we take care to protect your personal information, no data transmission via the Internet can be guaranteed to be 100% secure.

    3A. Data Breach Response

    Humans.id maintains procedures to identify, assess, and respond to personal data breaches in accordance with applicable data protection laws. Where a breach is likely to result in a risk to the rights and freedoms of individuals, Humans.id will notify the relevant supervisory authority without undue delay and, where required, within 72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to affected individuals, Humans.id will notify those individuals without undue delay.

    4. Processing of Children's Personal Data

    Humans.id does not knowingly collect personally identifiable information from children in accordance with applicable labour law. If you are under the legal working age in your country, you must ask a parent or legal guardian for permission to use this website.

    5. California Residents and CCPA

    California Civil Code Sections 1798.83–1798.84 give California residents the right to request a notice defining the types of personal information we collect and share with customers for marketing purposes. California residents may request this information by writing to support@myhumans.id.

    6. International Data Transfers

    [AMENDED v5] Where we transfer personal data collected in the European Union, United Kingdom, or Switzerland to countries outside these areas, we do so only in compliance with applicable data protection law.

    Transfers to the United States occur in connection with our use of Anthropic PBC for AI-assisted processing. Such transfers are made under Standard Contractual Clauses approved by the European Commission and/or the UK ICO. Anthropic PBC independently participates in the EU-U.S. Data Privacy Framework. Humans.id relies on Anthropic's own compliance mechanisms for these transfers.

    Transfers to Subscribers located outside the UK/EU are made only where appropriate safeguards are in place as described in Section 1A.4.

    7. Legal Obligations

    In certain circumstances, we may share users' personal information with third parties including law enforcement agencies. This may occur when:

    • Complying with valid legal requests from authorised public authorities as required by applicable laws
    • Detecting, preventing, or addressing illegal, fraudulent, or malicious activities
    • Protecting the fundamental rights and safety of our personnel, users, and the broader community

    8. Changes to This Policy

    Humans.id reserves the right to change this Privacy Policy at any time. We will notify you about significant changes by sending a notice to the primary email address associated with your account and/or by placing a visible notice on our site. Continued use of our services following notice of such changes constitutes acknowledgement and acceptance of the updated policy.

    Updated: April 2026

    Humans.id  |  Privacy Policy  |  v5  |  April 2026

    This is the current version. View previous versions of our legal documents.

    Humans.id is a trading name of Human by Design Ltd. Registered in England & Wales No. 13550402. VAT No. GB388 5871 28. Registered Office: 54 Portland Road, Bishop's Stortford, Hertfordshire, United Kingdom, CM23 3SJ.