logo

Sign In

logo

Sign In

logo

This Privacy Policy explains how Welldin collects, uses, discloses, and protects information in connection with our websites, applications, and services (collectively, the “Services”).

1) Who this policy applies to

This policy applies to:

  • Website Visitors (people browsing our marketing site)

  • Customer Users (people using Welldin on behalf of a business customer)

  • Candidates / Applicants (people invited by a business customer to complete an interview or assessment)

If you are a Candidate, the most important point is: Welldin provides the platform, but the business customer that invited you controls how your data is used for hiring and recruiting.

2) Roles: Controller vs Processor (important)

Depending on the context, Welldin may act as:

A) Processor / Service Provider (Candidate Data)

When a Customer invites Candidates to use Welldin, Welldin processes Candidate personal data on behalf of the Customer to provide the Services. In this context:

  • The Customer is the Controller / Business (they decide why/how Candidate data is used).

  • Welldin is a Processor / Service Provider (we process data under the Customer’s instructions).

If you are a Candidate and want to exercise privacy rights (access, deletion, etc.), you should contact the Customer first. We may assist the Customer as required by law and our Data Processing Addendum.

B) Controller (Our own business operations)

Welldin is the Controller for:

  • marketing website data (e.g., site analytics)

  • customer account administration and billing data

  • communications with you (sales/support)

  • security and fraud prevention logs

3) Information we collect

A) Information you provide (Customer Users & Website Visitors)

We may collect:

  • Account & profile data: name, email, company name, role, login credentials (or SSO identifiers)

  • Billing data: billing contact details, subscription plan, payment status (payment card data is typically handled by our payment processor, not stored by Welldin)

  • Communications: messages you send to sales/support, feedback, survey responses

B) Candidate information (processed on behalf of Customers)

Depending on how the Customer configures the Services, we may process:

  • Recordings: video and/or audio recordings

  • Transcripts: text transcripts derived from recordings (if enabled)

  • Responses and materials: answers, files, links, and other content submitted during screening

  • Evaluations: recruiter notes, ratings, tags, and structured assessments created by Customer Users

  • Interview metadata: timestamps, session status, device/browser info during the session

C) Information collected automatically (Website & Services)

We may collect:

  • Device and usage data: IP address, device type, browser type, operating system, session activity, timestamps, pages/screens viewed, feature usage

  • Log data: diagnostic logs, security logs, error reports

  • Cookies / similar technologies: as described in Section 8

4) How we use information

We use information for the following purposes:

A) To provide and operate the Services

  • create and administer accounts

  • deliver interviews/assessments and enable Customer workflows

  • store and retrieve Customer Data (including Recordings) as configured

  • provide customer support and respond to inquiries

B) To secure the Services and prevent abuse

  • authenticate users, enforce access controls

  • detect fraud, abuse, or security incidents

  • protect the integrity and availability of the Services

C) To manage subscriptions and billing

  • process payments via payment providers

  • manage plan limits, renewals, invoices, and account notices

D) To improve and maintain the Services (without training on Customer/Candidate data)

  • debug issues, improve performance, improve usability

  • analyze aggregated and de-identified usage trends

We do not use Customer Data (including Candidate recordings, transcripts, or responses) to train generalized AI or machine learning models.

E) Marketing (primarily B2B)

  • communicate about product updates, events, and offers

  • measure marketing performance (where permitted by law)

You can opt out of marketing emails using the unsubscribe link or by contacting us.

5) AI features (assistive only)

Welldin may offer AI-assisted features such as summarization, tagging, or “skill match” suggestions. These features:

  • produce assistive recommendations, not final decisions

  • may be inaccurate or incomplete

  • are intended to be reviewed by the Customer as part of a human-led process

Customers are responsible for lawful use of AI outputs, including any required notices/consents and ensuring appropriate human review.

6) How we share information

We share information only as described below:

A) With the Customer (for Candidate data)

Candidate submissions and outputs are made available to the Customer and its authorized users as part of the recruiting workflow.

B) With service providers (subprocessors)

We use third-party vendors to help provide the Services (e.g., cloud hosting, analytics, email delivery, customer support tooling). These vendors process data only to provide services to Welldin, under contractual obligations.

A list of subprocessors may be available at [Subprocessor List Link].

C) For legal reasons

We may disclose information to comply with law, lawful requests, or legal process, or to protect the rights, safety, and security of Welldin, our customers, candidates, and others.

D) Business transfers

If Welldin is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

7) Data retention

Retention depends on the context:

  • Candidate Data / Customer Data: retained according to the Customer’s configuration, instructions, and our contractual terms (including post-termination export windows), and then deleted or anonymized according to our retention practices unless we are legally required to retain it longer.

  • Website analytics & security logs: retained for a limited period appropriate for security, debugging, and compliance.

Customers are responsible for setting retention policies that meet their legal obligations. Candidates should contact the Customer for the Customer’s retention practices.

8) Cookies and similar technologies

We use cookies and similar technologies for:

  • essential website functionality

  • security (e.g., session integrity)

  • analytics (to understand website usage)

  • marketing measurement (where enabled and permitted by law)

Where required (e.g., in the EEA/UK), we provide a cookie banner and obtain consent for non-essential cookies. You can also control cookies through browser settings.
(If you want, we can spin out a separate Cookie Notice that lists cookie categories and typical vendors.)

9) Security

We maintain reasonable administrative, technical, and organizational measures designed to protect information. However, no security system is perfect, and we cannot guarantee absolute security.

10) International data transfers

Welldin is based in the United States and may process data in the U.S. and other countries where we or our service providers operate.

Where required by law (e.g., GDPR), we use appropriate safeguards for international transfers, such as Standard Contractual Clauses (SCCs) and related measures, as set out in our Data Processing Addendum[DPA Link].

11) Your privacy rights and choices

A) Candidates

If you are a Candidate, the Customer is typically the Controller of your data. Please contact the Customer first to exercise your rights (access, deletion, correction, objection, restriction, portability).
Welldin may support the Customer in fulfilling these requests as required by law and our contractual obligations.

B) Customer Users and Website Visitors

Depending on your location, you may have rights to:

  • access and receive a copy of personal data

  • correct inaccurate personal data

  • delete personal data (subject to legal exceptions)

  • object to or restrict certain processing

  • opt out of marketing communications

To submit a request, contact privacy@welldin.com.

12) GDPR / EEA / UK notice (if applicable)

If GDPR applies to Welldin’s processing where Welldin is the Controller (e.g., marketing site, account admin), our legal bases may include:

  • Contract (to provide the Services)

  • Legitimate interests (security, fraud prevention, product improvement, B2B marketing)

  • Consent (where required, e.g., certain cookies/marketing)

  • Legal obligation (compliance with law)

You may lodge a complaint with your local data protection authority. If you are in the EEA, you can also contact the supervisory authority in your country of residence.

13) California Privacy Notice (CCPA/CPRA)

This section applies to California residents where Welldin acts as a “business” under CCPA/CPRA for its own operations (e.g., website, sales/support).

Categories of personal information collected

May include:

  • identifiers (name, email, IP address)

  • internet/network activity (usage, logs)

  • professional/employment info (job title, company)

  • communications content (support requests)

Purposes

As described in Section 4 (operate services, security, support, billing, improvement, marketing).

Selling or sharing

Welldin does not sell personal information in exchange for money.
If we use marketing/analytics tools that qualify as “sharing” for cross-context behavioral advertising, we will provide an opt-out mechanism (e.g., “Do Not Sell or Share My Personal Information”) as required. [If you do not run ads / retargeting, keep this simple and state: “We do not share for cross-context behavioral advertising.”]

Sensitive personal information

We do not use sensitive personal information to infer characteristics or for purposes requiring a “limit” opt-out, except as needed to provide the Services.

Rights

California residents may have the right to know, access, delete, correct, and opt out of selling/sharing (if applicable). We will not discriminate for exercising rights.
Submit requests: privacy@welldin.com.

14) Children

The Services are not intended for children under 16 (or the age defined by applicable law). Customers may not knowingly invite minors to submit Recordings or personal data without lawful basis and required consents.

15) Changes to this policy

We may update this Privacy Policy from time to time. We will update the “Effective date” and post the revised policy. Material changes may be communicated via the Services or email.

16) Contact

Questions or requests: privacy@welldin.com
Welldin, Inc. — 1111B S Governors Ave STE 39725 Dover, DE, 19904 US