Bluelet

Privacy Policy

Bluelet.ai – Privacy Policy (Ontario, Canada)

Last updated: July 9, 2025

1. Who we are

Beyz Inc. ("Bluelet", "we", "our" or "us") is an Ontario‑incorporated company that operates an AI‑powered talent‑discovery platform available at https://bluelet.ai (the "Site") and through related web‑based services, plug‑ins and application‑programming interfaces (together, the "Services").

2. Scope of this Policy

This Policy explains how we collect, use, disclose and protect personal information (information about an identifiable individual) when you:

  • visit, log in to or interact with the Site;
  • use any subscription product (including the Bluelet talent‑search engine, message‑generation tools and analytics dashboards); or
  • are listed as a job candidate in our platform.

Data that belongs exclusively to you

Any content uploaded or generated inside your Bluelet workspace—such as search history, saved search strategies, job‑description drafts, email templates, candidate‑pipeline notes and analytics dashboards ("Customer Workspace Data")—is processed solely on your behalf. It is logically segregated from other customers' data, is inaccessible to other customers, and Bluelet accesses it only to provide and maintain the Services or as required by law.

This Policy does not cover personal information that Bluelet processes strictly as a service provider/processor under a separate Master Subscription Agreement (MSA) or Data‑Processing Addendum (DPA). In those cases, the customer's instructions and the DPA govern.

3. Our privacy framework

Bluelet is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Ontario private‑sector privacy requirements. We follow the ten fair‑information‑practice principles set out in PIPEDA: accountability, identifying purposes, consent, limitation of collection, limitation of use/disclosure/retention, accuracy, safeguards, openness, individual access and compliance.

4. What we collect and where it comes from

We collect personal information in the following categories:

  • Publicly‑available candidate data – names, titles, education, skills and contact details from public websites.
  • Customer Workspace Data – search keywords, job‑description drafts, outreach templates, candidate notes and analytics created in your workspace.
  • Account & billing data – name, business email, company, passwords, subscription tier, payment method.
  • Communications & marketing preferences – support tickets, chat transcripts, survey responses, newsletter opt‑in status.
  • Device & usage data – IP address, browser type, device identifiers, pages visited, log‑in timestamps.
  • Social‑media interactions – public profile information and engagement metrics when you interact with Bluelet pages on LinkedIn, X (Twitter) or similar platforms.

We do not intentionally collect sensitive information such as health data, union membership or political opinions.

5. How we use personal information & our legal authority

Purposes and PIPEDA bases:

  • Deliver & administer the Services (contractual necessity; implied consent).
  • Improve & secure our platform (legitimate business interests).
  • Market our products (express or implied consent under CASL).
  • Comply with law & enforce rights (legal obligation; legitimate interests).

6. Use of AI models

Bluelet uses artificial intelligence (AI) models to power features such as talent discovery, message generation, and analytics within our platform. We may use personal information—including Customer Workspace Data and publicly-available candidate data—to develop, improve, and retrain our AI models, always in accordance with applicable privacy laws.

Data Use for Model Training

We may use data collected through your use of the Services, including search queries, job descriptions, communications, and other content, to enhance and refine our AI models. This helps us improve accuracy, relevance, and performance for all users.

Storage and Security

Personal information used for model training is subject to the same security safeguards described elsewhere in this Policy, including encryption, access controls, and data minimization.

Automated Decisions

Some features may involve automated processing or decision-making (e.g., candidate recommendations). These processes are designed to support—not replace—human decision-making. If you believe an automated outcome is incorrect or unfair, you may contact us to request human review.

Fairness and Bias

We actively monitor and test our AI models to minimize bias and promote fairness. However, no AI system is perfect; we encourage users to provide feedback or challenge results if concerns arise.

Opt-Out

If you do not want your Customer Workspace Data to be used for model training beyond what is necessary to provide the Services, please contact contact@bluelet.ai to discuss your options.

We are committed to transparency in our AI practices and welcome your questions or feedback at any time.

7. When we share personal information

We share personal information only with:

  • Your organisation's Bluelet users – Customer Workspace Data is visible only within your workspace.
  • Bluelet customers – publicly‑available candidate data returned in search results; never Customer Workspace Data.
  • Service providers – hosting, payment processing, support, analytics, email delivery, security.
  • External AI/LLM vendors – under strict contractual controls.
  • Professional advisers – legal counsel, auditors, insurers (as needed).
  • Authorities & courts – where required to comply with law or protect rights.
  • Successor entities – in connection with a merger or asset sale (subject to this Policy).

8. International transfers

Bluelet is headquartered in Ontario, Canada, but many cloud providers operate in the United States or other jurisdictions. Personal information stored or processed outside Canada may be subject to foreign laws. We apply contractual and technical measures (encryption, role‑based access, sub‑processor DPAs) to protect it regardless of location.

9. Retention

We keep personal information only as long as necessary to fulfil the purposes described here, to meet legal and accounting obligations, or until you withdraw consent. Afterwards it is securely deleted or irreversibly de‑identified.

10. Safeguards

We employ administrative, technical and physical safeguards—TLS encryption, tenant isolation, role‑based access controls, SOC‑2‑aligned policies and penetration testing—to protect personal information against loss, theft or unauthorised access.

11. Your privacy rights (Canada)

Under PIPEDA you may:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Withdraw consent to non‑essential uses.
  • Challenge our compliance by contacting our Privacy Officer.
  • Complain to the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario if unresolved.

To exercise any right, email contact@bluelet.ai. We may request proof of identity.

12. Cookies & interest‑based advertising

We use cookies, pixels, and local-storage objects to remember preferences, analyze traffic, and serve ads. You can manage your cookie preferences at any time through your browser settings or the cookie-preferences link in our Site footer. We provide an option to refuse all non-essential cookies with a single click. Third-party services (such as analytics and advertising partners) may collect device, usage, and engagement data via cookies or similar technologies; these partners process data according to their own privacy policies.

13. Changes to this Policy

We may update this Policy to reflect legal or operational changes. Material updates will be announced by email or banner notice and the "Last updated" date will change. Continuing to use the Services after the update means you accept the revised Policy.

14. Children

The Services are intended for business users and not directed to children under 16. We do not knowingly collect personal information from minors. If we become aware that a child under 16 has provided personal information, we will promptly delete that information and take steps to prevent further collection.

15. Data Retention and Deletion

We retain personal information only as long as necessary to fulfill the purposes described here, to meet legal and accounting obligations, or until you withdraw consent. Account and billing data are retained for the duration of your account plus seven years for legal compliance; logs and analytics data are retained for up to two years; backup data is deleted or irreversibly de-identified within 90 days of account closure. Upon expiry of the retention period, data is securely deleted or anonymized. You may request deletion of your personal information at any time, and we will comply unless legal obligations require otherwise.

16. User Rights and Response Mechanism

In addition to rights under PIPEDA, you may have the right to data portability, to request erasure ("right to be forgotten"), and to object to or restrict processing. We respond to privacy requests within 30 days. If your request is denied, we will provide the reason and information on how to appeal or file a complaint with the relevant authority.

17. Security Incident Response

We maintain administrative, technical, and physical safeguards—TLS encryption, tenant isolation, role-based access controls, SOC-2-aligned policies, and penetration testing—to protect personal information against loss, theft, or unauthorized access. If a data breach occurs that may affect your information, we will notify you and relevant regulatory authorities as required by law, providing details of the breach, what data was involved, and guidance on protective steps you can take.

Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: contact@bluelet.ai