Effective date: May 10, 2026
Last updated: May 10, 2026
NEUROSCALE LLC (“Neuroscale,” “we,” “us,” “our”) obtained your personal data from sources other than yourself for use in our Arbi AI recruiting platform. This notice satisfies our obligations under Article 14 of the EU GDPR (Regulation (EU) 2016/679) and Article 14 of the UK GDPR. If you are a resident of the European Economic Area, the United Kingdom, or Switzerland and you would prefer not to be in our Sourcing Database, see Section 10 below for the removal procedure. This notice supplements (and does not replace) our general Privacy Notice. Where the two conflict with respect to Sourcing Database processing, this notice controls.

1. Who we are

NEUROSCALE LLC is a Virginia limited liability company. We operate the Arbi recruiting platform and the Neuroscale Sourcing Database.
Privacy contactprivacy@neuroscale.ai
PostalNEUROSCALE LLC, 46175 Westlake Dr Ste 300, Sterling, VA 20165, USA
Neuroscale has not appointed an EU or UK Article 27 representative at this time. EU/UK/Swiss residents may contact us at the email above; if a representative is appointed, this notice will be updated.

2. What data we hold

The categories of personal data we hold in the Sourcing Database typically include:
  • Name and any aliases publicly associated with you in a professional context.
  • Business contact information (work email, work phone, employer, role, location at the city / region level — not precise GPS).
  • Employment and education history derived from your public professional profiles.
  • Skills and certifications publicly listed.
  • Compensation expectations only where you have published them yourself or a Customer has provided them to us with your authorization.
  • Publicly available professional-profile attributes (e.g., bio, summary text, public posts).
  • Inferences derived from the foregoing for recruiting purposes (e.g., seniority bands; suggested role categories).
The full categories list mirrors Section 3 of our general Privacy Notice. We do not knowingly ingest into the Sourcing Database: special-category data within the meaning of GDPR Art. 9 (including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, sex life, or sexual orientation); criminal-conviction data; data of children under 16; or data from sources whose Terms of Service prohibit such ingestion.

3. Where we obtained it

We obtained your personal data from one or more of the following sources:
  • Public sources — your public professional profiles on platforms that permit such use, and public bios or directory listings.
  • Licensed business-information vendors, including (as of the effective date) People Data Labs, RocketReach, Kickbox (email validation), and NumVerify (phone validation). The current full list of sourcing partners is maintained at /public/sourcing-partners (or, where individual sources are competitively sensitive, in a categorized summary refreshed within 30 days of any material change).
  • Customer-authorized integrations. When a Customer-employer (or an applicant tracking system, CRM, calendar, or email integration that Customer connects) makes professional-contact information available to us with the necessary authorization, that data may be ingested into the Sourcing Database.

4. Why we process it (lawful basis)

We process your personal data on the basis of our legitimate interests (GDPR Art. 6(1)(f); UK GDPR Art. 6(1)(f)) in operating an AI-powered recruiting platform that helps employer-customers identify and engage potential candidates. Neuroscale has documented the interests at stake, the necessity of the processing, the balancing against your rights and freedoms, the source-vetting steps applied to each source, and the safeguards Neuroscale employs (suppression list, opt-out path, deidentification before training, retention ceiling) in a written Legitimate-Interest Assessment (LIA) maintained by our General Counsel. A high-level summary of the LIA is available on request at privacy@neuroscale.ai.

5. Recipients

We share Sourcing Database personal data with:
  • Our employer-customers (each, a “Customer”) who use the Arbi service to identify, engage, and (with separate authorization on their side) recruit candidates.
  • Our sub-processors as listed at /public/subprocessor-list.
  • Legal, regulatory, and law-enforcement recipients where required by law, court order, or in response to a lawful request from a public authority.
We do not sell your personal data and we do not share it for cross-context behavioral advertising.

6. Cross-border transfers

We transfer personal data to the United States, where Neuroscale is headquartered, and to the locations of our sub-processors. The transfer mechanisms we rely on are described in the Cross-Border Transfers Procedure and Section 10 of the Privacy Notice. They include:
  • The European Commission’s Standard Contractual Clauses (Implementing Decision (EU) 2021/914);
  • The UK International Data Transfer Addendum;
  • Swiss FDPIC modifications to the SCCs where applicable;
  • The EU-U.S. Data Privacy Framework, the UK Extension to the DPF, and the Swiss-U.S. DPF for sub-processors that are currently certified; Neuroscale’s own DPF certification is in progress as of the effective date of this notice.
Supplementary measures include encryption in transit and at rest, access controls, and contractual confidentiality obligations.

7. Retention

Sourcing Database records are retained for 24 months from the last-verified-public-source date, unless extended for legal hold, an active dispute, or a written legitimate-interest extension signed by the General Counsel. On expiry, records are deleted or further deidentified. Suppression-list entries (hashed identifiers of Candidates who have opted out) are retained indefinitely so the suppression can be enforced against future re-ingestion. See the Records Retention Schedule for the full retention rows.

8. Your rights

Subject to the GDPR and UK GDPR, you have:
  • Right of access (Art. 15) — confirm whether we process your data and obtain a copy.
  • Right to rectification (Art. 16) — correct inaccurate data.
  • Right to erasure (Art. 17) — see also the Sourcing Database removal procedure in Section 10.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object (Art. 21) — including a right to object to processing for direct marketing and to processing based on legitimate interests, in which case Neuroscale must demonstrate compelling legitimate grounds that override your interests or stop the processing.
  • Right not to be subject to a decision based solely on automated processing (Art. 22) — see Section 9.
  • Right to withdraw consent (Art. 7(3)) where applicable; our lawful basis for Sourcing Database processing is legitimate interests, so this right primarily applies where you have separately given consent (e.g., for marketing communications).
  • Right to lodge a complaint with your local supervisory authority. A list of EU/EEA supervisory authorities is available from the European Data Protection Board at edpb.europa.eu/about-edpb/about-edpb/members_en. The UK supervisory authority is the Information Commissioner’s Office (ico.org.uk). The Swiss authority is the Federal Data Protection and Information Commissioner (edoeb.admin.ch).
To exercise a right, write to privacy@neuroscale.ai describing the right you wish to exercise. We will respond within one month of receiving a verified request (extendable up to two further months for complex requests).

9. Automated decision-making

Neuroscale’s Arbi product provides AI-assisted ranking, screening, and outreach features used by employer-customers in their recruiting workflows. The Customer (employer) is the deployer of these features and is responsible for any consequential decisions affecting you. Neuroscale’s developer-side bias-audit summaries and per-model training-data documentation are published at the AI Training-Data Transparency Notice; the developer-side bias-audit procedure is documented at /procedures/employment-ai-bias-audit. If you have questions about a specific automated assessment, ranking, or hiring decision, the appropriate first point of contact is the Customer (employer) using Arbi to recruit for the relevant role. Neuroscale will assist verified Customers in responding.

10. Sourcing Database removal (opt-out)

You may direct Neuroscale to remove your personal data from the Sourcing Database — and to suppress future re-ingestion of your information — through any of the following channels:
  • Email: privacy@neuroscale.ai with the subject line “Sourcing Database — Removal.”
  • Reply to an outreach. If you receive an outreach communication from Arbi initiated on behalf of one of our Customers, you may reply with a removal request (e.g., “remove me,” “delete my information”); our agents recognize the intent and route the request to the removal queue.
  • Via the Customer. If you have already been contacted by a specific Customer, that Customer can forward your removal request to us.
We will action verified removal requests within 30 days, prospectively. Hashed identifiers are added to the Sourcing Database suppression list so future re-ingestion is suppressed even if a source re-emits your information later.

11. Changes to this notice

We may update this notice from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated through our public-facing channels and, where appropriate, by direct outreach.

12. Contact