Privacy Policy
Last updated on Apr 1, 2026
1. Introduction and Scope
Welldin, Inc., a Delaware corporation ("Welldin," "we," "us," or "our"), operates an artificial intelligence-assisted pre-interview platform that enables businesses to screen job applicants through structured, question-based assessments (the "Platform"). The Platform is accessible at welldin.app. This Privacy Policy (the "Policy") sets forth the manner in which Welldin collects, processes, uses, discloses, and retains personal information in connection with the Platform and related services (collectively, the "Services"), and describes the rights and choices available to individuals whose personal information is processed.
This Policy applies to the following categories of individuals: (i) businesses and their human resources and recruitment personnel who access the Platform to create and manage interview processes ("Customers"); (ii) job applicants who are invited by a Customer to complete a pre-interview assessment through the Platform ("Candidates"); and (iii) visitors to Welldin's marketing website. Candidates are encouraged to read Section 3 of this Policy with particular care, as it describes the collection and use of personal information that most directly concerns them.
This Policy does not govern personal information that Customers collect or process independently outside the Platform, nor does it govern the employment decisions made by Customers on the basis of assessment results. Customers bear independent responsibility for compliance with applicable employment, data protection, and equal opportunity laws in their respective jurisdictions.
2. Data Controller and Processor Roles
The role in which Welldin acts with respect to personal information depends upon the context in which such information is processed, and is described below.
2.1 Welldin as Controller
Welldin acts as a data controller, within the meaning of the General Data Protection Regulation ("GDPR") and analogous legislation, in respect of personal information that Welldin collects and processes for its own operational and commercial purposes. Such purposes include the administration of Customer accounts and billing relationships, the operation and security of the Platform, communications with Customers and prospective customers, and the collection of analytics relating to Welldin's marketing website.
2.2 Welldin as Processor
When a Customer deploys the Platform to conduct candidate assessments, Welldin processes Candidate personal information on behalf of and under the instructions of the Customer. In this context, the Customer is the data controller and Welldin acts as a data processor or service provider, as those terms are defined under applicable data protection law. The purposes and legal bases for the processing of Candidate data are determined by the Customer, and Candidates who wish to exercise data subject rights in respect of their application data should, in the first instance, direct their requests to the Customer that invited them to participate. Welldin will assist Customers in fulfilling such requests as required by law and by any applicable data processing agreement.
3. Personal Information Collected
3.1 Customer and User Account Information
In connection with the registration and administration of Customer accounts, Welldin collects the following categories of personal information from Customer personnel: full name; work email address; company name and job title; login credentials or, where applicable, single sign-on identifiers; billing contact details and subscription plan information. Payment card data is processed exclusively by Welldin's third-party payment processor and is not stored on Welldin's systems. Welldin also collects job and role-related content uploaded by Customers, including job descriptions, competency requirements, assessment criteria, and question sets, for the purpose of configuring interview processes on the Platform.
3.2 Candidate Personal Information
Candidate personal information is collected in stages corresponding to the Candidate's progression through the assessment process. Each stage is described below.
Stage 1: Application and Eligibility Screening
When a Candidate submits an application through a Welldin-hosted application page, which may be embedded in or linked from a job posting published by the Customer, Welldin collects the following information: full name; email address; telephone number; geographic location (city and country); desired salary range; and work authorisation status, where requested by the Customer. This information is used to create a Candidate account, to verify the Candidate's identity through email and, where applicable, SMS confirmation, and to conduct a rule-based eligibility check against the Customer's stated screening criteria, including location, salary range, and work authorisation requirements. Candidates who meet the stated criteria are issued an invitation to proceed to the assessment stage. This eligibility check is rule-based and does not involve artificial intelligence or automated profiling. Welldin does not disclose this contact information to any third party. It is used solely for account creation, identity verification, and communications within the Platform.
Stage 2: Video and Audio Recording of Assessment Responses
Candidates who accept an invitation to complete an assessment are asked to record their responses to assessment questions by video and audio. The primary purpose of such recordings is to enable the Customer's authorised hiring personnel to watch and listen to the Candidate's responses as part of their human evaluation of the application. Human review of recordings by the Customer's recruitment and hiring team is an intentional and integral feature of the Service. Recordings are additionally used for basic liveness verification to confirm that a real person is completing the assessment. More robust identity verification functionality is planned for future versions of the Platform and is not active during the current pilot.
Before any recording session commences, Candidates are presented with a dedicated consent screen that describes the purpose and use of the recording in plain terms. Candidates must click a clearly labelled consent button to proceed. Receipt of an invitation to complete an assessment does not constitute consent to recording. Candidates may withdraw from the process at any time before completing the assessment by closing the session, and such withdrawal will not affect any legal rights they may hold.
The following information is collected during the recording session: video and audio of the Candidate's responses to assessment questions; and session metadata including timestamps, browser and device type, and session identifier. Welldin does not analyse facial expressions, eye movements, micro-expressions, or physical gestures from recordings. Welldin does not perform paralinguistic analysis, including analysis of tone of voice, speaking pace, or other non-verbal audio signals. Welldin does not infer personality traits, psychological profiles, emotional states, or any characteristic of the Candidate other than the substance of their spoken answers. Recordings are not disclosed to any party outside the Customer's authorised personnel and Welldin's infrastructure service providers, as further described in Section 6.
Important notice regarding biometric data: Video recordings may capture facial imagery and voiceprints that may constitute biometric data under applicable law, including the Illinois Biometric Information Privacy Act ("BIPA") and the GDPR. Welldin collects such recordings solely for the purposes described above. Recordings are stored with appropriate security controls, access is restricted to the Customer's authorised personnel, and recordings are deleted upon account deletion or upon receipt of a valid data deletion request. Customers who operate in jurisdictions that impose specific requirements in respect of the collection of biometric data, including written consent, retention schedules, and destruction obligations, bear responsibility for ensuring compliance with those requirements prior to inviting Candidates to record.
Stage 3: Assessment Responses and Transcripts
Welldin transcribes Candidates' spoken responses into text. These transcripts constitute the primary input for Welldin's AI-assisted evaluation feature, as described in Section 4. Transcripts are stored securely and are accessible to the Customer's authorised personnel through the Platform dashboard.
4. Artificial Intelligence Features
Welldin employs artificial intelligence at two discrete points in the assessment workflow. In view of the sensitivity of AI use in employment contexts, each application is described in detail below.
4.1 AI-Assisted Question Generation
Upon a Customer's configuration of a new interview process, Welldin's AI engine, analyses the materials provided by the Customer, including job descriptions, required competencies, and role-specific criteria, and proposes assessment topics and questions. The Customer is responsible for reviewing and approving the final question set prior to deployment. This feature is assistive in nature; the Customer retains full editorial control over the questions presented to Candidates.
4.2 AI-Assisted Response Evaluation
Following completion of an assessment, Welldin's system applies AI analysis to the text transcripts of Candidates' responses for the purpose of evaluating response quality. This evaluation is based exclusively on the substantive content of what the Candidate said: that is, the technical accuracy and clarity of their answers. The evaluation does not draw upon video or audio recordings, paralinguistic signals, facial or behavioural data, or any characteristic of the Candidate other than the informational content of their responses. The evaluation does not produce scores attributed to individuals, nor does it generate inferences regarding personality, cognitive aptitude, confidence, cultural fit, or any characteristic beyond the subject-matter quality of the answers given.
The output of the evaluation is presented to the Customer's human resources or recruitment personnel as a shortlisting aid, indicating relative response quality on a descriptive scale. All decisions regarding which Candidates to invite for further interview, or to reject, are made by the Customer's authorised human personnel. Welldin does not make or recommend hiring decisions.
Welldin does not use Candidate answers, recordings, or transcripts for the purpose of training generalised artificial intelligence or machine learning models. Candidate data is used solely for the evaluation of that Candidate's responses within the Customer's hiring process. Where Welldin conducts analysis of assessment patterns for the purpose of monitoring and improving the quality of its evaluation methodology, such analysis is performed exclusively on aggregated and anonymised data that cannot be attributed to any identifiable individual.
5. Processing Practices Not Currently in Effect
In the interest of transparency regarding the current pilot stage of the Platform, Welldin confirms that the following data processing activities are not active and will not be activated without prior amendment of this Policy and advance notification to affected Customers and Candidates: sharing of Candidate or Customer personal data with third parties for commercial, marketing, or recruitment marketplace purposes; the operation of any talent marketplace or profile-sharing feature that would make a Candidate's information visible to employers other than the one that initiated the relevant hiring process; know-your-customer or third-party identity verification processing; biometric identification, including facial recognition or voiceprint matching against external databases; behavioural or psychological profiling of Candidates; and fully automated hiring decisions made without human review. Should Welldin elect to introduce any of the above practices in a future version of the Platform, it will update this Policy accordingly and provide advance notice as specified in Section 15.
6. Disclosure of Personal Information
Welldin discloses personal information only in the circumstances described in this Section. Welldin does not sell personal information, and does not disclose personal information for cross-context behavioural advertising purposes.
6.1 Disclosure to Customers
Candidate profiles, application data, recordings, transcripts, and AI-assisted evaluation outputs are made available through the Platform to the Customer that initiated the relevant assessment process, and to that Customer's authorised personnel exclusively. No Candidate data is accessible to any other Customer or employer through the Platform.
6.2 Disclosure to Infrastructure and Service Providers
Welldin engages third-party service providers, including providers of cloud hosting and storage, artificial intelligence language model services used for question generation and response evaluation, transactional email and SMS delivery, and application performance monitoring. These providers process personal data solely for the purpose of delivering services to Welldin and are contractually prohibited from processing such data for their own purposes. Welldin will publish a list of its subprocessors at welldin.com/subprocessors prior to the conclusion of the pilot phase.
6.3 Disclosure Required by Law
Welldin may disclose personal information where required to do so by applicable law, regulation, court order, or other legal process, or where Welldin reasonably determines that such disclosure is necessary to protect the rights, safety, or property of Welldin, its Customers, Candidates, or other parties.
6.4 Business Transfers
In the event that Welldin is a party to a merger, acquisition, asset sale, financing, reorganisation, or insolvency proceeding, personal information may be transferred as part of such transaction. Welldin will use reasonable efforts to ensure that any successor entity is bound by obligations substantially similar to those set forth in this Policy.
7. Retention of Personal Information
Welldin retains personal information for no longer than is necessary for the purposes for which it was collected, or as required by applicable law or contractual obligation. The following retention periods apply, subject to any shorter period requested by a Customer or Candidate: Candidate application data, recordings, and transcripts are retained for the duration of the Customer's active hiring process and for a period of up to twelve (12) months following the close of that process. Candidate account data is retained until the Candidate requests deletion of their account. Customer account data is retained for the duration of the Customer's subscription and for a reasonable period thereafter to support billing reconciliation, compliance obligations, and data export. Website analytics data and security logs are retained for a period of up to twelve (12) months. Candidates may request deletion of their data at any time in accordance with Section 10.
8. Security
Welldin implements and maintains appropriate technical and organisational measures designed to protect personal information against unauthorised access, disclosure, alteration, or destruction. Such measures include encrypted storage and transmission of all personal data, including recordings and transcripts; role-based access controls ensuring that only the specific Customer's authorised personnel may access their Candidates' data; logical separation of Candidate data between Customers such that no Customer may access the data of another Customer's Candidates; and security event monitoring and logging. Notwithstanding the foregoing, no information security system is impenetrable, and Welldin does not warrant or guarantee the absolute security of personal information. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, Welldin will notify the relevant supervisory authorities and, where required, affected individuals, within the timeframes prescribed by applicable law.
9. Cookies and Similar Technologies
Welldin's website employs cookies and similar tracking technologies for the following purposes: the operation of essential website functionality, including session management and security; and the collection of aggregated analytics data for the purpose of understanding website usage patterns. Welldin does not currently use cookies or similar technologies for advertising, retargeting, or cross-site behavioural tracking. In jurisdictions where applicable law requires prior consent for the use of non-essential cookies, Welldin will obtain such consent through an appropriate consent mechanism presented upon the user's first visit to the website.
10. Rights of Data Subjects
10.1 Rights of Candidates
Subject to applicable law, Candidates may have the right to: (i) request confirmation of whether Welldin or the Customer holds personal data relating to them and to obtain a copy of such data; (ii) request correction of inaccurate or incomplete personal data; (iii) request erasure of their personal data, including recordings and transcripts, subject to any legal obligation of retention; (iv) receive their personal data in a structured, commonly used, and machine-readable format for the purpose of transmitting it to another controller (data portability); (v) object to or request restriction of certain processing activities; and (vi) withdraw consent to the recording of their assessment responses at any time prior to completion of the assessment session, without prejudice to the lawfulness of processing carried out prior to withdrawal.
Because the Customer is, in most circumstances, the data controller in respect of Candidate data processed through the Platform, Candidates are advised to direct requests to exercise the above rights to the Customer in the first instance. Where a Candidate is unable to contact the Customer, or where the request concerns processing for which Welldin is the controller, requests may be submitted to Welldin at privacy@welldin.com. Welldin will respond within the period prescribed by applicable law, which is generally thirty (30) days.
With respect to the outcome of the application process, the Customer is solely responsible for communicating decisions to Candidates, including any notification that a Candidate has not been selected to proceed. Candidates who have not received communication regarding their application status should contact the relevant Customer directly.
Requests for account deletion and the associated erasure of personal data may be submitted to privacy@welldin.com. Welldin will process such requests within thirty (30) days, subject to any applicable legal obligation to retain specific records for a longer period.
10.2 Rights of Customers
Customers may request access to, correction of, export of, or deletion of their account data and Customer-uploaded content through the account settings interface or by contacting privacy@welldin.com.
10.3 Marketing Opt-Out
Recipients of marketing communications from Welldin may opt out of receiving such communications at any time by using the unsubscribe mechanism included in each communication, or by submitting a request to privacy@welldin.com.
11. International Transfers of Personal Data
Welldin is incorporated and headquartered in the United States of America. Personal data processed through the Platform may be transferred to and stored in the United States and in such other countries in which Welldin's infrastructure and service providers operate. Where personal data is transferred from the European Economic Area, the United Kingdom, or another jurisdiction that imposes restrictions on international transfers of personal data, Welldin will rely on appropriate transfer mechanisms, including, where applicable, the Standard Contractual Clauses adopted by the European Commission, to ensure an adequate level of protection for such data. Further information regarding the mechanisms relied upon for any particular transfer is available on request by contacting privacy@welldin.com.
12. EEA and UK Supplemental Notice (GDPR)
This Section applies to individuals located in the European Economic Area or the United Kingdom whose personal information is processed by Welldin in its capacity as a data controller. The legal bases upon which Welldin relies for such processing are as follows: (i) the performance of a contract, or steps taken at the request of the data subject prior to entering into a contract, for the purposes of creating and managing accounts, delivering the Services, and processing subscriptions and billing; (ii) the legitimate interests of Welldin, including the security and integrity of the Platform, the prevention of fraud and abuse, the improvement of the Services, and the conduct of business-to-business marketing, where such interests are not overridden by the interests or fundamental rights of the data subject; (iii) consent, in respect of non-essential cookies and, where applicable, the collection of video and audio recordings from Candidates; and (iv) compliance with a legal obligation to which Welldin is subject.
Data subjects located in the EEA or the UK have the right to lodge a complaint with the competent data protection supervisory authority in their jurisdiction. A list of EEA supervisory authorities is available at edpb.europa.eu. The supervisory authority for the United Kingdom is the Information Commissioner's Office, accessible at ico.org.uk.
13. California Supplemental Notice (CCPA/CPRA)
This Section applies to residents of the State of California to the extent that Welldin acts as a "business" within the meaning of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"). Welldin collects the categories of personal information described in Section 3 of this Policy for the purposes described in Section 4. The categories of personal information collected include identifiers (such as name, email address, and IP address); internet and network activity information (such as usage logs and session data); professional or employment-related information (such as job title, company, and application data); visual and audio information (recordings); and the contents of communications (such as support enquiries).
Welldin does not sell personal information within the meaning of the CCPA/CPRA. Welldin does not share personal information for the purpose of cross-context behavioural advertising. California residents have the right to know, access, delete, and correct personal information held about them, and to opt out of any sale or sharing of personal information, which is not applicable to Welldin's current processing activities. Welldin will not discriminate against any individual for exercising rights under the CCPA/CPRA. Requests may be submitted to privacy@welldin.com.
14. Minors
The Services are not directed to, and Welldin does not knowingly collect personal information from, individuals under the age of eighteen (18) years. Customers are prohibited from inviting individuals under the age of eighteen (18) to complete assessments through the Platform without a lawful basis and, where required by applicable law, the consent of a parent or legal guardian. If Welldin becomes aware that it has collected personal information from a minor without appropriate authorisation, it will take prompt steps to delete such information. Enquiries concerning the accidental collection of data relating to minors should be directed to privacy@welldin.com.
15. Amendments to This Policy
Welldin reserves the right to amend this Policy from time to time in order to reflect changes in its data processing practices, applicable law, or the features of the Platform. The "Effective Date" at the head of this document will be updated upon each revision. In the event of material changes to this Policy, including any changes that expand the purposes for which Candidate personal data is processed, Welldin will provide advance notice to affected Customers and Candidates by email or through a prominent notice within the Platform, prior to such changes taking effect. Continued use of the Services following the provision of such notice will constitute acceptance of the revised Policy.
16. Contact Information
Questions, requests, or complaints regarding this Policy or Welldin's data processing practices may be addressed to:
Entity
Welldin, Inc.
Address
1111B S Governors Ave STE 39725, Dover, DE 19904, United States
info@welldin.com
Website
welldin.com
Accessibility: Individuals who require this Policy in an alternative format, or who wish to have its contents explained or translated, are invited to contact Welldin at privacy@welldin.com.