This document provides an overview of the DATA SECURITY POLICY of Copilot Careers, (CC) its subsidiaries, and affiliates. It is the intention of CC to protect the confidential and personally identifiable information (PII) of its clients, users, partners and customers, (together “Users”), as well as its own confidential and proprietary business information, from unauthorized access both outside of and within the company. This Policy applies to all employees and contractors (together, “Personnel”).

User Data:
For the purposes of performing services to users, CC may receive User Personal Information, including but not limited to User PII. All User Data shall be protected by commercially-acceptable standards — standard administrative, technical and physical security measures to preserve the confidentiality (authorized access), integrity and availability of User Data — and no less rigorously than it protects its own confidential information.

Acquiring Data:
CC may have access to and/or receive User Data through the course of the engagement with the User. Data may also be shared with CC by Clients through secure Cloud Storage, SFTP (SSH File Transfer Protocol, Secure File Transfer Protocol), or other means as discussed and agreed upon by Client and CC.

Data Usage:
CC uses User Data to provide relevant written and verbal outreach to connect users with relevant opportunities based on their past engagement with CC or CC Clients.

Data Sharing:
CC guarantees it will not share User Data and opt-out information with any third-party unless required by law.

Data Storage:
User PII is stored in third-party secure Cloud Storage of the highest commercial standards, including, but not limited to, the following: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, PCI DSS, FedRAMP Moderate, DoD IL2, DoD IL4, NIST SP 800-171, HIPAA, HITRUST, Financial Services Compliance - USA, Privacy Shield, TRUSTe Certified Privacy Seal, UK Cyber Essentials.

Data Access:
Access to User Data and User Personal Information, including User PII, is restricted in scope by role and requirements.

Auditing and Monitoring:
All access to User PII and Confidential Information will be logged, audited and regularly monitored.

Data Destruction:
User PII and Confidential Information will be destroyed upon the completion of the engagement between User and CC, or upon request.