Introduction

Featuring You Limited, trading as Decision Agent ("Decision Agent," "we," "us," or "our"), is an AI-powered platform dedicated to transforming recruitment and hiring through interactive scenario assessments. Our mission is to help organizations make better hiring decisions by evaluating candidates through realistic, AI-driven simulations that reveal behavioral signals, decision-making patterns, and capabilities beyond what traditional CVs and interviews can show. We are committed to protecting the privacy and security of your data while ensuring compliance with applicable privacy laws in the United Kingdom, European Economic Area, Switzerland, and other jurisdictions where we operate.

Our core platform infrastructure is hosted in the United Kingdom on Amazon Web Services (AWS) in the EU West (UK) region.

This Privacy Policy ("Policy"), available online at https://decision-agent.ai/privacy, outlines how Decision Agent collects, uses, shares, and otherwise processes personal information from users, including recruiters, hiring managers, candidates, and visitors ("User," "you," or "your") of our website, platform, and services (collectively, our "Services"). By using our Services, you acknowledge this Policy; our legal basis for processing may include contract performance, legitimate interests, or legal obligations, as set out in Section 3. If you do not agree with the terms of this Policy, please discontinue your use of our Services.

1. Definitions

2. Information We Collect

2.1 Information You Provide Directly

When you create an account, purchase a subscription, create scenarios, or otherwise use our Services, you may provide personal data such as:

• Name, email address, and phone number
• Company name and role information
• Payment information (processed via Stripe; see Stripe's privacy policy at stripe.com/privacy)
• Scenario content including job descriptions, company values, and assessment criteria
• Candidate information provided for assessment purposes
• Responses and decisions made during interactive scenarios
• Support requests and communications with our team

2.2 Information Collected Automatically

When you interact with the Services, we automatically collect technical data such as:

• IP address, browser type, and operating system
• Device identifiers and connection information
• Pages visited, features accessed, and timestamps
• Error logs and performance metrics
• Usage patterns and feature engagement data

2.3 AI-Generated Data

Our Services use AI to generate scenario content, stakeholder responses, candidate assessments, and reports. This AI-generated content is processed through third-party AI providers including OpenAI (via OpenRouter). When using AI features, your inputs (prompts, scenario descriptions) and related data are transmitted to these providers for processing. We do not control these providers' data practices, and you are responsible for reviewing their privacy policies at openrouter.ai/privacy and openai.com/policies/privacy-policy.

2.4 Children's Data

Decision Agent's Services are not intended for individuals under the age of eighteen (18), and we do not knowingly collect or solicit personal data from anyone under this age. If we discover that we have collected personal data from a minor without verifiable parental consent, we will promptly delete that information. If you believe we may have collected such data, please contact us at info@decision-agent.ai.

3. Legal Bases and Purposes for Processing

3.1 Applicable Privacy Frameworks

• United Kingdom: UK GDPR and Data Protection Act 2018
• European Union: GDPR (EEA)
• Switzerland: Revised Federal Act on Data Protection (rev-FADP)

3.2 Legal Bases We Rely On

• Performance of a Contract: We process your data to provide, maintain, and support the Services you have requested.
• Legitimate Interests: We use personal data to secure the platform, detect fraud, generate analytics, and improve AI features where these interests are not outweighed by your privacy rights.
• Consent: We rely on your opt-in consent for non-essential cookies, marketing emails, and any other processing that requires consent under applicable law. You may withdraw consent at any time.
• Legal Obligations: We retain and disclose information as necessary to comply with legal duties, court orders, or regulatory requirements.

3.3 Purposes of Processing

We process personal information for the following purposes:

• To provide, operate, and maintain the Services, including scenario generation, AI-driven assessments, and report generation
• To personalize your experience and optimize AI-driven features for your use cases
• To analyze usage patterns and improve performance, functionality, and reliability
• To detect, prevent, and investigate fraud, abuse, or security incidents
• To communicate with you and provide customer support
• To process payments and manage subscriptions
• To comply with legal, regulatory, and audit requirements
• To improve our AI models and scenario generation capabilities using anonymized or aggregated data

4. How We Share Your Information

4.1 Service Providers and Sub-Processors

We engage third-party service providers to support our Services. A complete and up-to-date list of our sub-processors is available at decision-agent.ai/legal/sub-processors.

All service providers are bound by contractual obligations to protect your data and process it only as instructed by us.

While our core platform infrastructure is hosted in the UK, some service providers (including AI model providers) may process data in other countries depending on their operations and the services you use.

4.2 Legal Disclosures

We may disclose information if required by law or if we believe in good faith that such action is necessary to comply with legal processes, protect our rights or property, prevent fraud, or protect the safety of our users or the public.

4.3 No Sale of Personal Data

Decision Agent does not sell or share your personal information for cross-context behavioral advertising or other commercial purposes outside of providing our Services.

5. International Transfers

We host our core platform infrastructure in the United Kingdom. However, depending on the services you use (including AI features), personal data may be transferred to and processed in other countries by service providers.

Where we transfer personal data outside the UK or EEA, we use appropriate safeguards as required by applicable law, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or EU Standard Contractual Clauses, as applicable.

6. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

• Encryption in transit (where supported) and access controls
• Least-privilege internal access and credential management
• Monitoring, logging, and abuse/fraud detection
• Vendor due diligence and contractual protections

7. Data Retention

We retain personal data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and the context in which it is processed.

• Account and billing records may be retained for compliance and audit purposes.
• Operational logs and security records are retained for a limited period to maintain service integrity and investigate incidents.
• Backups may persist for a limited period as part of routine disaster recovery processes.

8. Cookies

We use cookies and similar technologies to operate and secure the Services, maintain sessions, and improve performance.

• Essential cookies: Required for core functionality (e.g., authentication and security).
• Optional cookies: Where used (e.g., analytics), we rely on consent where required by law.

You can control cookies through your browser settings. If we provide a cookie consent mechanism on the site, you can also manage your preferences there.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following privacy rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete information.
• Deletion: Request deletion of your personal data under certain conditions.
• Restriction: Limit how we process your personal data.
• Portability: Receive your data in a structured, machine-readable format and transfer it to another service provider.
• Objection: Object to processing based on legitimate interests or direct marketing.
• Consent withdrawal: Opt out of optional data uses (e.g., marketing emails) at any time.

To exercise any of these rights, please contact us at info@decision-agent.ai. We will respond to verified requests within 30 days or as required by applicable law.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority, including the UK Information Commissioner's Office (ICO) or relevant EEA supervisory authority.

10. Changes to This Policy

We may update this Policy from time to time to reflect changes to our practices, technologies, or legal requirements. When we make material changes, we will take reasonable steps to notify you (for example, by posting an updated version on this page or via the Services).

11. Controller vs Processor

In many cases, Decision Agent acts as a data controller for information relating to our business relationship with you (for example, account registration details, billing information, and service communications).

When recruiters and hiring teams use Decision Agent to run assessments and upload or input candidate information, they generally act as the data controller, and Decision Agent acts as a data processor for that candidate data, processing it on the customer's instructions to provide the Services.

12. Contact Information

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

We aim to respond to all inquiries within 30 days. If you believe your inquiry has not been satisfactorily resolved, you may lodge a complaint with the UK Information Commissioner's Office or your local supervisory authority.