PRIVACY POLICY
Responsible Party: Twenty4Hire Pty Ltd
Physical Address: Johannesburg, South Africa
Informaon Ocer: [Armand Coertzen | Darien Kayser]
Contact for PI Requests: [privacy@twenty4hire.com]
Eecve Date: [December 2, 2025]
1. Introducon and POPIA Compliance
Twenty4Hire Pty Ltd ("Twenty4Hire," "we," "us," or "our") is commied to protecng your privacy and ensuring the
lawful collecon and processing of your Personal Informaon (PI) in accordance with the Protecon of Personal
Informaon Act, No. 4 of 2013 (POPIA). This Privacy Policy explains what PI we collect, the specic purpose for which
we collect it, how we use and disclose it, and your rights as a Data Subject.
2. Informaon Collected and Lawful Purpose
We collect PI directly from you when you register an account and use the Applicaon. The informaon collected is
categorized by user role and dened by its specic, explicitly dened, and lawful purpose.
2.1 Informaon Collected from Recruiters
We collect Business/Contact PI from Recruiters, including First Name, Last Name, Job Title, Company Name,
Company Size, Oce Locaons, Company Bio, Prole Picture, and Cover Page. This PI is processed to
establish the Recruiter's professional prole, manage billing, and facilitate external communicaon with
Applicants. We also collect Transacon Data, which includes job lisng details and the pricing package
selected, to provide the core recruitment service.
2.2 Informaon Collected from Candidates (PI and Special PI)
2.2.1 Standard Personal Informaon
As a Candidate, we collect detailed personal informaon to create your electronic CV/prole for job
matching. This includes your Email Address (used for system communicaon, account vericaon,
and sending job-related emails) and the following structured data:
a. Identy & Contact: First Name, Last Name, Email Address, and Date of Birth.
b. Professional Details: Professional Bio, LinkedIn Prole Link/URL, Skills and Experience, Work
History, Professional References, and CV Upload (Your original uploaded CV/Resume, which is
included in the exported candidate data package sent to the Recruiter).
c. Visual Data: Prole Picture and Cover Page.
d. Locaon Data: Your current locaon (if granted) and any address input for job search
funconality, used to enhance system usability via the job map.
2.2.2 Educaon and Qualicaons
We collect details of your educaonal history and allow you to upload Qualicaon Cercates.
These cercates are stored securely and are included in the exported candidate data package sent
to the Recruiter for vericaon purposes.
2.2.3 Authencaon and Security Data
We collect your Email Address and securely store your encrypted Password for authencaon and
account security. We also facilitate the oponal use of Passkeys for device-specic login. Please note
that biometric data used for Passkey authencaon is stored only on your personal device and is not
collected or accessed by Twenty4Hire.
2.2.4 Special Personal Informaon (EE Data)
We collect the following Special Personal Informaon (SPI) based on your explicit consent:
Naonality, Ethnicity, Gender, and Disability Status. This SPI is collected for the essenal purpose of
assisng Recruiters in meeng their mandatory Employment Equity (EE) reporng obligaons under
the Employment Equity Act.
2.2.5 Assessment and Monitoring Data
We collect data generated from your acvity:
2.2.5.1 Assessment Data: Eligibility Quesonnaire Answers, Assessment Results, and Interview
Insights for automated processing to assess suitability for roles.
2.2.5.2 Interview Monitoring Data (ANALYTICAL OUTPUT): When you parcipate in interviews, we
process video and audio in real-me to generate analycal metrics, including Transcripts
(from audio), Facial Expression Data (from video), Screenshots (before, during, and aer the
interview), and Behavioural Metrics. CRITICAL NOTE: The raw video and audio les
themselves are NOT stored by Twenty4Hire; only the derived analycal data and security
screenshots are retained for scoring and fraud detecon.
2.2.5.3 Operaonal Data: We automacally collect usage data (token usage, user clicks, purchases,
user locaon) which is used internally to build hiring trends and for target-based sales
strategies.
2.2.6 Survey & Feedback Data
We collect responses to user experience surveys, feature polls, and service quality rangs. This data
is used to analyse user sasfacon, train our AI models on human feedback, and improve Applicaon
funconality.
3. Disclosure, Sharing, and Liability Transfer
3.1 Primary Processing Acvies and WAIVER OF PRIVACY
a. Lawful Purpose: Your PI and SPI are processed based on your explicit consent.
b. Waiver of Privacy: You acknowledge that the primary, explicit purpose of this plaorm is to share
your full prole and CV (including SPI) with registered Recruiters, subject to your chosen privacy
controls.
3.2 Sharing with Recruiters (The Export Mechanism)
Your data is disclosed to the Recruiter via a secure, downloadable .zip le export.
a. Components Shared: Depending on the package type (Screening or Recruitment), this export
includes a Summary PDF, your specic Candidate Report (containing assessment/interview scores),
your original uploaded CV, and copies of your uploaded Qualicaon Cercates.
b. Access Limitaons: To protect your data security, the Recruiter is restricted to a total of three (3)
download aempts, aer which the link expires and the data is no longer accessible on the plaorm.
c. Transfer of Responsibility: Upon the rst download of this le, Twenty4Hire transfers responsibility
for the data. The Recruiter becomes the sole Responsible Party for the secure storage, distribuon,
and lawful use of the exported le under POPIA and the Employment Equity Act.
3.3 Sharing with Third Pares (Operators)
a. Payfast: Payment informaon is processed by the Payfast API. We ulize their services to process
transacons and DO NOT store credit card details. Payfast operates as an external responsible party
for payment data security.
b. Service Providers: We share necessary PI with hosng, analycs, and IT infrastructure providers.
These Operators are bound by wrien contracts to protect your PI under POPIA.
4. Automated Decision-Making and Proling (POPIA Secon 71)
The Applicaon uses automated processing (Arcial Intelligence) to score candidates based on assessments, which
constutes Automated Decision-Making (ADM) under POPIA.
a. Accuracy Disclaimer: While our AI models are designed for accuracy, AI systems can make mistakes, and the
resulng data may not always be 100% accurate. We strongly suggest that both Recruiters and Applicants
verify and check the data used in the assessment process.
b. Monitoring Acknowledgment: You consent to the use of derived audio, video, and screenshot data for
automated analysis and monitoring for performance scoring and fraud detecon.
c. Human Intervenon: The nal decision to hire or reject an Applicant is NOT solely based on the automated
processing; Recruiters conduct human-led nal interviews.
d. Applicant Right to Representaon: You have the right to request claricaon regarding the underlying logic of
your assessment score to enable you to make representaons to the Recruiter.
5. Security Safeguards (POPIA Condion 7)
We are commied to maintaining the security of your PI. We implement technical and organisaonal measures,
including encrypon and access controls, to prevent loss, damage, and unauthorized access.
6. Your Rights as a Data Subject (POPIA Condion 8)
As a Data Subject under POPIA, you have the right to be noed, access your PI, request correcon/deleon of
inaccurate PI, object to processing, object to decisions based solely on ADM, and lodge a complaint with the
Informaon Regulator of South Africa.
7. Data Retenon
We will retain your PI only for as long as necessary to full the purposes set out in this Policy and to meet our legal
obligaons. Candidate Proles are retained for [5 years] unless you request earlier destrucon, to enable us to
suggest relevant future job opportunies.
8. Nocaon of Security Compromises (POPIA Secon 22)
In the event that there are reasonable grounds to believe that your PI has been accessed or acquired by any
unauthorized person, we will nofy the Informaon Regulator of South Africa and the aected Data Subject as soon
as reasonably possible.
9. Changes to this Privacy Policy
We may update this Privacy Policy from me to me. The latest version will always be posted on our applicaon and
will be indicated by the "Eecve Date" at the top of the Policy.
