Privacy Policy

Effective Date: December 10, 2025

Introduction

Solo Eleven, Inc, doing business as Talent& ("Talent&," "we," "us," or "our"), provides enterprise workforce intelligence services. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our Services.

This Privacy Policy applies to:

  • Our enterprise platform at app.talentand.ai
  • Our APIs and integrations
  • Our websites and documentation

This Privacy Policy does not apply to:

  • Consumer services (governed by separate terms)
  • Information we process on behalf of our enterprise customers as a processor (governed by our Data Processing Addendum)

1. Our Role: Controller vs. Processor

1.1 When We Are a Controller

We act as a data controller when we collect and process information:

  • About our customers' representatives and contacts
  • For our own business purposes (marketing, sales, support)
  • Through our websites
  • To manage customer accounts

1.2 When We Are a Processor

We act as a data processor when we process Employee Data on behalf of our enterprise customers through the Services. In this capacity:

  • Our customers are the data controllers
  • We process data only according to customer instructions
  • Our Data Processing Addendum governs this processing
  • Individuals should contact their employer (our customer) with privacy requests

If you are an employee whose data is processed through Talent&, please see Section 9 (Information for Employees) for important information about your rights.

2. Information We Collect

2.1 Account Information

When customers register for the Services, we collect:

  • Organization name and contact details
  • Administrator names, email addresses, and phone numbers
  • Billing information (processed by our payment processor)
  • Account credentials

2.2 Customer Content

When customers use the Services, we receive:

Input Data (provided by customers):

  • Employee Data obtained through integrations (Microsoft 365, HRIS systems)
  • Organizational structure information
  • Workforce data uploaded by customers

Output Data (generated by Services):

  • Analytics, predictions, and insights
  • Flight risk scores and performance trajectories
  • Organizational health metrics
  • Visualizations and reports

2.3 Integration Data

When customers connect integrations, we may access:

Microsoft 365 Integration:

  • Email metadata (sender, recipients, timestamps, subject lines)
  • Calendar data (meetings, attendees, duration)
  • Teams data (team membership, participation metrics)
  • Organizational directory information

We do not access: Email body content, attachments, file contents, or meeting notes, unless explicitly configured by the customer.

HRIS Integration (via Merge.dev):

  • Employee directory information
  • Organizational structure
  • Employment dates and tenure
  • Department assignments

2.4 Technical Data

We automatically collect:

  • IP addresses and device identifiers
  • Browser type and operating system
  • Usage logs and feature interactions
  • Error reports and diagnostics
  • API call logs

2.5 Communications

When you contact us, we collect:

  • Name and contact information
  • Contents of communications
  • Support ticket history

3. How We Use Information

3.1 To Provide the Services

  • Process customer data to generate analytics and insights
  • Operate, maintain, and improve the Services
  • Provide customer support
  • Authenticate users and manage accounts

3.2 For Business Operations

  • Process payments and billing
  • Send service communications
  • Respond to inquiries
  • Conduct internal analytics

3.3 For Safety and Security

  • Detect, prevent, and address fraud and abuse
  • Monitor for security threats
  • Enforce our terms and policies
  • Comply with legal obligations

3.4 For Service Improvement

We may use aggregated, anonymized data to:

  • Improve our algorithms and models
  • Develop new features
  • Conduct research and analysis
  • Generate benchmarking data

We do not use Customer Content to train AI models without explicit customer consent. See Section 4.

4. AI and Machine Learning

4.1 How We Use AI

The Services use machine learning and artificial intelligence to:

  • Generate predictive analytics (e.g., flight risk scores)
  • Identify patterns in workforce data
  • Create visualizations and insights
  • Provide recommendations

4.2 No Training on Customer Content

We do not use Customer Content to train, improve, or develop our AI/ML models unless the customer explicitly opts in. This includes:

  • Input data provided by customers
  • Output data generated for customers
  • Any derived or processed data

4.3 Third-Party AI Services

We use OpenAI's API to process certain data. Under our agreement with OpenAI:

  • OpenAI does not train its models on data submitted through our API
  • OpenAI may retain data for up to 30 days solely for trust and safety purposes
  • After 30 days, data is deleted

4.4 AI Limitations

Customers acknowledge that AI-generated outputs:

  • May contain errors or inaccuracies
  • Should be reviewed by humans before use
  • Should not be the sole basis for employment decisions
  • May reflect biases present in input data

5. How We Share Information

5.1 With Service Providers

We share information with service providers who assist us in providing the Services:

Provider Purpose Data Shared Location
Google Cloud Platform / Firebase Cloud infrastructure, data storage Customer Content, technical data United States
OpenAI, LLC AI processing Processed inputs and outputs United States
Merge.dev HRIS integration HRIS data United States
Microsoft Corporation Authentication (OAuth) Authentication credentials United States
Payment processors Payment processing Billing information United States

Our service providers are contractually obligated to protect information and use it only for specified purposes.

5.2 With Customer Organizations

For enterprise customers, we may share information with authorized administrators, including:

  • Account usage and metrics
  • User activity logs
  • Billing information

5.3 For Legal Compliance

We may disclose information:

  • To comply with legal obligations
  • In response to lawful requests by public authorities
  • To protect our rights, privacy, safety, or property
  • In connection with legal proceedings

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify customers of any such transfer and any choices they may have.

5.5 With Consent

We may share information with third parties when we have consent to do so.

5.6 We Do Not Sell Personal Information

We do not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising.

6. Data Retention

6.1 Customer Content

  • Active accounts: We retain Customer Content for the duration of the customer relationship plus thirty (30) days
  • After termination: Customers have thirty (30) days to export data; we delete Customer Content within thirty (30) days after the export period
  • Backups: Backup data may be retained for up to ninety (90) days and then deleted or anonymized

6.2 Account Information

  • Active accounts: Retained for the duration of the customer relationship
  • After termination: Retained for seven (7) years for legal and accounting purposes

6.3 Technical and Usage Data

  • Usage logs: Twelve (12) months
  • Security logs: Twenty-four (24) months
  • Aggregated analytics: Indefinitely (anonymized)

6.4 OpenAI Retention

OpenAI may retain data processed through their API for up to thirty (30) days for trust and safety purposes, after which it is deleted.

6.5 Legal Holds

We may retain information longer if required by law or legal proceedings.

7. Data Security

7.1 Security Measures

We implement industry-standard security measures, including:

Technical Safeguards:

  • TLS 1.2+ encryption for data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls
  • Multi-factor authentication available
  • Regular security assessments

Organizational Safeguards:

  • Security awareness training
  • Access limited to authorized personnel
  • Incident response procedures
  • Vendor security assessments

7.2 Infrastructure

Our Services are hosted on Google Cloud Platform infrastructure, which maintains:

  • SOC 2 Type II certification
  • ISO 27001 certification
  • GDPR compliance documentation

7.3 Certifications

We are pursuing SOC 2 Type II certification. Current audit reports are available to customers under NDA upon request.

7.4 Incident Response

In the event of a security incident affecting Customer Content, we will:

  • Notify affected customers within seventy-two (72) hours
  • Provide information about the nature and scope of the incident
  • Describe steps taken to mitigate the incident
  • Cooperate with customer investigations

8. Your Rights

8.1 Account Holders

If you are a customer or customer representative, you may:

  • Access: Request a copy of your account information
  • Correct: Update your account information
  • Delete: Request deletion of your account
  • Export: Export your data in a portable format
  • Object: Object to certain processing activities

To exercise these rights, contact hello@talentand.ai.

8.2 Employees of Customers

If you are an employee whose data is processed through the Services, your employer (our customer) is the data controller. Please contact your employer's HR or IT department to exercise your privacy rights.

We will assist customers in responding to verified privacy requests from their employees.

8.3 Website Visitors

You may:

  • Opt out of marketing communications using the unsubscribe link
  • Configure browser settings to manage cookies
  • Contact us with privacy inquiries

9. Information for Employees

If you are an employee, contractor, or other workforce member whose data is processed through Talent& by your employer:

9.1 What Data May Be Processed

Your employer may use Talent& to process:

  • Work email metadata (not content)
  • Calendar and meeting information
  • Team membership and organizational position
  • HRIS data (from your employer's HR systems)

9.2 Purpose of Processing

Your employer uses this data to:

  • Analyze organizational effectiveness
  • Identify workforce trends
  • Plan for organizational changes
  • Make business decisions about workforce management

9.3 Your Employer's Responsibilities

Your employer is responsible for:

  • Providing notice about their use of workforce analytics tools
  • Obtaining any required consents
  • Responding to your privacy requests
  • Complying with applicable employment and privacy laws

9.4 AI-Generated Insights

Talent& generates AI-powered insights about workforce patterns. These insights:

  • Are provided to your employer, not to you directly
  • Are intended as decision-support tools, not automated decisions
  • Should be reviewed by humans before any action is taken
  • Are not the sole basis for employment decisions

9.5 How to Raise Concerns

If you have concerns about how your data is being processed:

  • Contact your employer: Your HR or IT department can address questions about their use of Talent&
  • Contact Talent&: For general privacy inquiries, email hello@talentand.ai
  • Regulatory authorities: You may have the right to lodge a complaint with a data protection authority

10. International Data Transfers

10.1 Data Location

Customer Content is stored and processed in the United States.

10.2 Transfer Mechanisms

For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Additional supplementary measures as appropriate

10.3 Data Processing Addendum

Our Data Processing Addendum includes the Standard Contractual Clauses and addresses international transfer requirements.

11. U.S. State Privacy Rights

11.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know: Request disclosure of personal information collected, used, and disclosed
  • Delete: Request deletion of personal information
  • Correct: Request correction of inaccurate personal information
  • Opt-out: Opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
  • Non-discrimination: Not be discriminated against for exercising your rights

To exercise these rights, contact hello@talentand.ai.

Categories of Personal Information Collected:

  • Identifiers (name, email, IP address)
  • Commercial information (billing, transaction history)
  • Internet activity (usage logs, device information)
  • Professional information (job title, organization)
  • Inferences (derived from above categories)

We do not sell personal information.

11.2 Texas Residents (TDPSA)

If you are a Texas resident, you have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Delete your personal data
  • Obtain a copy of your personal data in a portable format
  • Opt out of targeted advertising, sale of personal data, or profiling

To exercise these rights, contact hello@talentand.ai.

We will respond within forty-five (45) days of receiving a verified request.

11.3 Other State Privacy Laws

We honor privacy rights under Colorado, Connecticut, Virginia, Utah, and other state privacy laws. Contact hello@talentand.ai to exercise your rights.

12. Cookies and Tracking

12.1 Types of Cookies

We use:

  • Essential cookies: Required for the Services to function
  • Analytics cookies: To understand how the Services are used
  • Preference cookies: To remember your settings

12.2 Cookie Management

You can manage cookies through your browser settings. Note that disabling essential cookies may affect functionality.

12.3 Do Not Track

We do not currently respond to Do Not Track signals.

13. Children's Privacy

The Services are designed for enterprise use and are not directed at individuals under 18. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will:

  • Post the updated policy on our website
  • Notify customers via email or in-product notification
  • Provide at least thirty (30) days notice before changes take effect

Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

15. Contact Information

Data Protection Inquiries

Solo Eleven, Inc
Attn: Privacy Team

Email: hello@talentand.ai

For Employees of Our Customers

Please contact your employer's HR or IT department with privacy requests. Talent& processes employee data on behalf of employers and cannot respond directly to employee requests.

Supervisory Authorities

  • EU/EEA: Your local data protection authority
  • UK: Information Commissioner's Office (ico.org.uk)
  • California: California Privacy Protection Agency
  • Texas: Texas Attorney General

16. Additional Information

16.1 Legal Basis for Processing (EEA/UK)

Purpose Legal Basis
Provide Services Performance of contract
Customer support Performance of contract
Security and fraud prevention Legitimate interests
Service improvement Legitimate interests
Legal compliance Legal obligation
Marketing (with consent) Consent

16.2 Sensitive Data

We do not intentionally collect sensitive personal data (special category data). If Employee Data processed through the Services contains sensitive data, customers are responsible for ensuring lawful processing.

16.3 Automated Decision-Making

The Services generate AI-powered insights and predictions. These outputs are:

  • Designed as decision-support tools
  • Not intended to make automated decisions with legal effect
  • Subject to human review before any employment action

Customers are solely responsible for how they use Output and for compliance with laws regarding automated decision-making in employment.

Last Updated: February 25, 2026