Last updated: 18 November 2025

Privacy Policy

In short: We collect and use professional information to deliver our talent-mapping services. We do not sell personal data. You can object to certain types of processing and request deletion, subject to legal limits.

At Longlisted.ai, your privacy matters. This policy explains what personal data we collect, why we collect it, how we use it, and your rights. If anything is unclear, contact info@longlisted.ai.

Scope: This policy covers our website, client onboarding, delivery of our talent-mapping services, and related operations. It applies to clients, prospective clients, candidates whose data appears in our research outputs, and website visitors.

1. Who we are and how to contact us

Controller: Longlisted Limited

  • Company number: 16517894
  • Registered office: 8 Jermyn Avenue, Bury St. Edmunds, England, IP32 7LJ
  • Email: info@longlisted.ai

We are established in the UK and follow the UK GDPR and the Data Protection Act 2018. Where we handle data about people in the EEA, EU GDPR may also apply.

2. When we act as controller or processor

Controller: We usually act as the data controller for candidate research drawn from public and licensed sources, for our website, for sales and client management, and for our own operations.

Processor: If a client provides us with personal data and instructs us how to use it, we act as a processor. In those cases a Data Processing Agreement (DPA) will govern that processing.

3. The data we collect

A. Clients and prospective clients

  • Identification and contact details: name, work email, phone, job title, company.
  • Project information: briefing notes, search criteria, feedback, call notes.
  • Billing and T&Cs data: invoice details, payment status, correspondence, and confirmation of acceptance of our Terms and Conditions.

B. Candidates (professional profiles)

We collect professional information about candidates from public and licensed sources for talent-mapping purposes. We do not contact candidates. Any outreach is carried out solely by our clients.

  • Name, job title, employer, career history, education, location.
  • Work contact information where publicly available or supplied by licensed providers.
  • Public profiles, company bios, published materials.
  • Internal assessments we generate, such as estimated seniority, expertise, salary bands, and fit against a brief.

Important: We do not collect or infer protected characteristics such as ethnicity or disability for scoring or decision-making. Diversity insights may be produced only at the talent-pool level where explicitly requested.

C. Website visitors

  • Technical data such as IP address, device/browser type, pages viewed and time on site.

Where essential cookies are used for security or functionality, they do not track individuals for advertising purposes.

D. Sources of data

  • You, via forms, email or calls.
  • Public internet sources and professional registers.
  • Licensed data providers such as Apollo.io.
  • Service providers such as Webflow, Google Workspace and n8n Cloud.
  • Referrals and client introductions.

4. Why we use your data and legal bases

Deliver services to clients

Examples: produce talent maps, analysis, revisions, whitelabelled deliverables.

Legal basis: Performance of a contract*

Candidate research for clients

Examples: identify professionals via public and licensed sources.

Legal basis: Legitimate interests

Sales and client management

Legal basis: Legitimate interests

Service communications

Legal basis: Contract or Legitimate interests

Site reliability and security

Legal basis: Legitimate interests

Legal and finance

Legal basis: Legal obligation

Marketing to business contacts

Legal basis: Legitimate interests (PECR compliant)

Marketing if you opt in

Legal basis: Consent

*Meaning acceptance of our Terms and Conditions by tick-box or written confirmation.

Legitimate interests test: We process only professional data, from public or licensed sources, for purposes that individuals can reasonably expect in recruitment and market-mapping contexts. We minimise data, secure it, and honour objections promptly.

Article 14 notices: Where notifying every individual would involve disproportionate effort, we rely on this exemption and ensure transparency through this policy. Individuals may object at any time by emailing info@longlisted.ai.

5. Use of AI

Our philosophy: Human Instinct. AI Insight.

AI accelerates our research process, but humans remain responsible for strategy, verification and all meaningful decisions.

A. How we use AI

  • High-volume data gathering and filtering of obvious non-fits.
  • Drafting factual summaries and identifying relevant skills.
  • Highlighting patterns across large data sets.

B. Human control and guardrails

  • Humans approve all search criteria before sourcing starts.
  • All AI outputs are reviewed, corrected and contextualised by human researchers.
  • AI cannot exclude borderline candidates.
  • AI is instructed to say “unknown” rather than guess.
  • We do not process protected characteristics for scoring.
  • No solely automated decisions with legal or similarly significant effects are made.

C. Providers and safeguards

We use trusted AI providers such as OpenAI, orchestrated through secure environments like n8n Cloud. Safeguards include restricted data sharing, no model-training, defensive prompting, and contractual protections.

AI is a core part of how we work. It cannot be disabled on a per-project basis. However, all meaningful decisions remain made by humans.

6. Sharing your data

Clients: Research outputs (including whitelabelled maps) are shared with the commissioning client. Deep Dive and Full Picture deliverables may be provided in the client’s branding for onward sharing or resale, with a “Powered by Longlisted.ai” attribution unless we agree otherwise in writing.

Service providers (processors):

  • Webflow – hosting and CMS.
  • Google Workspace – email, documents, storage.
  • Typeform – client intake.
  • n8n GmbH – workflow automation.
  • Apollo.io – licensed professional data.
  • OpenAI – AI assistance.
  • Canva – design and deliverables.
  • Xero – invoicing and accounting.

We require all processors to protect data under contract. We do not sell personal data.

7. International transfers

Some providers process data outside the UK or EEA, including the US. Where possible, we rely on the EU-US Data Privacy Framework and UK Extension. Otherwise, we use Standard Contractual Clauses with additional safeguards.

8. Retention

We keep data only as long as needed and then delete or anonymise it.

  • Client records: up to 6 years.
  • Prospective clients: up to 24 months.
  • Candidate research: project lifecycle plus 12–24 months.
  • Website logs: retained only for security.
  • Backups: temporary persistence only.
  • Suppression lists: retained to honour objections.

9. Your rights

You have the right to:

  • access your data;
  • rectify inaccurate data;
  • erase data in certain circumstances;
  • restrict processing;
  • object to processing where we rely on legitimate interests;
  • withdraw consent where we rely on consent;
  • data portability (where applicable);
  • not be subject to solely automated decisions with legal or similarly significant effects.

Email info@longlisted.ai to exercise your rights. We may need to verify your identity.

Complaints: You can complain to the UK ICO: www.ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

10. Security

We use technical and organisational measures including encryption, least-privilege access controls, secure cloud providers and regular reviews. If a data breach is likely to result in risk to individuals, we will notify the ICO within 72 hours and affected people where required.

11. Children

Our services target organisations and professionals. We do not knowingly collect data about children under 16.

13. Changes to this policy

We may update this policy from time to time. The latest version will always appear here with the updated date at the top.

14. Contact

Questions or requests: info@longlisted.ai

Postal address: Longlisted Limited, 8 Jermyn Avenue, Bury St. Edmunds, England, IP32 7LJ