Effective date: May 8, 2026
Last updated: May 8, 2026
This California Applicant & Personnel Privacy Notice (“CAAP Notice”) describes how NEUROSCALE LLC (“Neuroscale,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information about California-resident job applicants, employees, directors and officers, contractors, consultants, interns, and other personnel and their emergency contacts and beneficiaries (collectively, “Personnel”). This Notice is provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), and applies in addition to our general Privacy Notice. Where there is a conflict for processing of Personnel personal information, this CAAP Notice governs. This Notice does not apply to Candidate data that Neuroscale processes on behalf of customers of the Arbi platform — that processing is governed by the customer’s privacy notice and our agreement with that customer.

1. Personnel covered

This Notice applies to:
  • Applicants for employment, internships, and contractor roles with Neuroscale.
  • Employees, including former employees.
  • Directors and officers of Neuroscale.
  • Independent contractors and consultants engaged by Neuroscale.
  • Emergency contacts, dependents, and beneficiaries identified by Personnel.

2. Categories of personal information we collect

Within the past 12 months, we have collected the following CCPA categories of personal information about Personnel. Not every category applies to every individual, and the categories collected vary by role and stage (applicant vs. employee).
CCPA categoryExamples in the Personnel contextCollected
IdentifiersName, alias, postal address, email, phone, IP address, employee ID, online identifiersYes
Customer-records information (Cal. Civ. §1798.80(e))Signature, physical characteristics or description, address, phone, education, employment, employment history, bank account, credit card, debit cardYes
Protected classificationsAge (DOB), race, color, ancestry, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (incl. gender, gender identity, gender expression, pregnancy, sexual orientation), veteran/military status, genetic informationYes — limited, where voluntarily provided or required by law (e.g., EEO-1 reporting, accommodation requests)
Commercial informationRecords of products or services purchased, obtained, or considered (e.g., expense-report items)Limited
Biometric informationImagery of iris, retina, fingerprint, face, hand, palm, vein patterns, voice, keystroke patterns, gaitNo (currently)
Internet or other electronic network activityBrowsing history, search history, interactions with internal websites, applications, and systemsYes
Geolocation dataGeneral (city/region) location derived from IP; precise geolocation only where required for company-issued mobile devices and disclosedYes (general)
Audio, electronic, visual, thermal, olfactory, or similar informationPhotographs, security-camera footage at offices, voicemail, recorded video meetings (where notice given)Limited
Professional or employment-related informationJob title, employment history, performance records, disciplinary records, leave records, compensation, benefits, training recordsYes
Education informationEducation history, transcripts, certifications, licensesYes
InferencesProfiles reflecting preferences, characteristics, predispositions, behavior, attitudes (e.g., performance evaluations)Limited
Sensitive personal informationGovernment identifiers (SSN, driver’s license, state ID, passport, immigration status); financial-account login or full account number; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; contents of mail/email/text messages where Neuroscale is not the intended recipient; genetic data; biometric for unique identification; health information; sex-life or sexual-orientation informationYes — limited, only as described in Section 5

3. Sources of personal information

We collect Personnel personal information from:
  • You directly — application forms, interviews, onboarding paperwork, in-app inputs, communications with HR, IT, managers, or executives.
  • Recruiting and screening sources — recruiters, recruiting agencies, applicant-tracking systems, public profiles (e.g., LinkedIn) where consistent with applicable law, and job-board referrals.
  • Reference and background-check providers — including our consumer reporting agency (Checkr, Inc.) and references you authorize.
  • Educational institutions and prior employers — where you authorize or where required for verification.
  • Government agencies — for tax, immigration, and similar reporting.
  • Service providers — payroll, benefits, equity administration, learning-management, IT, security, and similar vendors.
  • Devices and systems — endpoints, networks, applications, and physical security systems Personnel use to perform their duties.
  • Other Personnel — for example, peer feedback, manager assessments, references, or emergency-contact disclosures.

4. Purposes of collection and use

We collect and use Personnel personal information for the following business and commercial purposes:
  • Recruitment, hiring, and onboarding — evaluating applications, conducting interviews, performing background checks (under the Background Checks Procedure), verifying eligibility to work, completing onboarding paperwork.
  • Employment administration — payroll, expense reimbursement, benefits administration, leave administration, travel, time tracking, performance management, promotions, transfers, terminations, succession planning.
  • Compensation and equity — administering salary, bonus, commission, and equity programs; reporting under Insider Trading Policy where applicable.
  • Training and development — delivering, tracking, and recording mandatory and elective training.
  • Workplace safety, health, and security — administering health and safety programs, workplace-violence prevention (see Workplace Violence Policy), accident response, and emergency management.
  • IT and information security — provisioning and managing access, authentication, monitoring for security threats and policy violations, investigating incidents, securing assets and data per the Information Security Policy and Operations Security Policy.
  • Compliance with law and legal process — tax reporting, EEO-1 and other government reporting, immigration compliance, sanctions screening (per the Trade Compliance Policy), responding to subpoenas, audits, and investigations, defending against legal claims.
  • Internal investigations and discipline — investigating reports of misconduct (including those under the Whistleblower Policy and Code of Conduct).
  • Communication — providing internal and external communications, distributing notices and policies, surveying engagement.
  • Business operations — financial planning, budgeting, mergers/acquisitions, due diligence, corporate restructuring, and other corporate transactions.
  • Improvement and analytics — analyzing workforce composition, retention, hiring funnels, and program effectiveness, in aggregated or de-identified form where feasible.

5. Sensitive personal information — purposes

We collect or process the categories of sensitive personal information identified in Section 2 only for the following permitted purposes (per Cal. Civ. §1798.121 and CPRA regulations):
  • to perform services or provide goods (e.g., processing payroll, benefits, equity);
  • to detect security incidents and protect against malicious, deceptive, fraudulent, or illegal action;
  • to ensure physical safety;
  • to verify or maintain the quality or safety of our services;
  • to comply with federal, state, or local laws (including tax, immigration, anti-discrimination, leave, and benefits laws) and respond to legal process; and
  • for short-term, transient use as permitted by law.
We do not use or disclose sensitive personal information for the purpose of inferring characteristics about Personnel for marketing, advertising, or non-employment purposes.

6. Disclosures of personal information

We disclose Personnel personal information to the following categories of recipients for the purposes described in Section 4:
  • Service providers and contractors — including Checkr (background checks); our payroll, benefits, equity-administration, and HRIS providers; our cloud, security, and IT providers; auditors, accountants, and legal counsel; learning-management and recruiting tools; expense, travel, and reimbursement providers. Service providers process personal information on our documented instructions under contracts that meet CCPA/CPRA requirements.
  • Affiliates — entities under common control with Neuroscale, for the purposes described in this Notice.
  • Government and regulatory bodies — for tax, immigration, EEO-1, OSHA, unemployment, workers’ compensation, and similar reporting; in response to lawful subpoenas, court orders, or other legal process; in connection with audits and investigations.
  • Acquirers and counterparties — in connection with due diligence, mergers, acquisitions, financings, reorganizations, or asset sales (subject to confidentiality).
  • Insurance providers — for benefits, workers’ compensation, and risk-management purposes.
  • Banking and financial institutions — for payroll, expense reimbursement, and equity-administration purposes.
  • References and verifying parties — where you have authorized us to disclose information for reference or verification.
  • Other third parties with your consent or at your direction.
We do not sell Personnel personal information and do not share Personnel personal information for cross-context behavioral advertising. We have not done so in the preceding 12 months.

7. Retention

We retain Personnel personal information only for as long as necessary to fulfill the purposes set out above, subject to legal and contractual retention obligations (including tax, employment, immigration, and benefits law). Retention periods are documented in the Records Retention Schedule. Where information is no longer needed, we delete or de-identify it. Information subject to a legal hold is retained until the hold is released.

8. Automated decision-making and AI in employment

Neuroscale may use automated tools to support recruiting and personnel functions — for example, to filter applications, schedule interviews, or detect insider-threat or security signals. We do not use automated tools as the sole basis for hiring, termination, promotion, compensation, or similar legally significant decisions about Personnel. Where automated tools are used in employment contexts subject to laws regulating automated employment decision tools (including, where applicable, NYC Local Law 144 of 2021, the Illinois AI Video Interview Act, Illinois HB 3773 (effective Jan 1, 2026), Maryland HB 1202, the Colorado AI Act (C.R.S. §§6-1-1701 et seq., effective Feb 1, 2026), the Texas Responsible AI Governance Act, the Utah AI Policy Act, and the California Automated Decision-Making Technology regulations), Neuroscale provides notice consistent with those laws and, where Neuroscale is the developer of an AI feature, performs the developer-side bias audit, public bias-audit summary, and algorithmic-discrimination disclosure obligations under the Employment-AI Bias-Audit and Disparate-Impact Testing Procedure. Per-model bias-audit summaries and training-data documentation are published at the AI Training-Data Transparency Notice. California Personnel may opt out of automated decision-making and profiling under CPRA §1798.185(a)(16) by writing to privacy@neuroscale.ai; see Privacy Notice → Your rights and choices. You may request additional information about Neuroscale’s use of automated tools by contacting privacy@neuroscale.ai.

9. Your California privacy rights

As a California resident, you have the rights below with respect to your Personnel personal information. To exercise a right, see Section 11.
  • Right to know / access — request that we confirm whether we process your personal information and obtain a copy of the categories and specific pieces collected, the categories of sources, the business or commercial purposes, and the categories of recipients to which we have disclosed it.
  • Right to delete — request that we delete personal information we have collected from you, subject to exceptions (including legal-retention requirements, ongoing employment, security, fraud prevention, internal uses reasonably aligned with your expectations as Personnel, and compliance with law).
  • Right to correct — request that we correct inaccurate personal information.
  • Right to portability — receive a copy of certain personal information in a portable format.
  • Right to limit use of sensitive personal information — direct us to limit our use of sensitive personal information to those purposes specified in Section 5; we already limit our use to those purposes.
  • Right to opt out of sale or sharing — Neuroscale does not sell or share Personnel personal information; this opt-out applies if our practices change.
  • Right to non-discrimination and non-retaliation — we will not discriminate or retaliate against you for exercising your rights, including in employment decisions.
  • Right to appeal — if we decline a request in whole or in part, you may appeal by replying to our response or emailing privacy@neuroscale.ai with the subject line “Privacy Rights Appeal.”
These rights are subject to verification of your identity and to exceptions provided under the CCPA/CPRA and other applicable law. We may decline a request where required or permitted by law (for example, where deletion would defeat a legal retention requirement, interfere with an investigation, or compromise the rights of others).

10. Other California notices

Shine the Light (Cal. Civ. §1798.83)

California residents may request information about disclosures (if any) of personal information to third parties for those parties’ direct marketing purposes. To make a Shine the Light request, email privacy@neuroscale.ai with the subject line “Shine the Light.”

Background checks (FCRA / California ICRAA)

If we conduct a background check on you, we provide a separate disclosure and obtain your written authorization before doing so, and we follow the adverse-action process described in the Background Checks Procedure and the Adverse-Action Letter template. California also entitles you to receive a copy of your investigative consumer report at no charge upon request to the consumer reporting agency.

Drug testing

Where applicable, separate notice will be provided.

Genetic privacy (CalGINA / GINA)

We do not request, require, or purchase genetic information from Personnel except as expressly authorized by law (for example, in connection with the Family and Medical Leave Act).

Electronic monitoring

Neuroscale may monitor electronic communications, devices, and accounts on its systems for security, compliance, and operational purposes, consistent with the Acceptable Use Policy and the Operations Security Policy. Personnel should have no expectation of privacy in business systems.

11. How to exercise your rights

  • Email: privacy@neuroscale.ai with a description of your request and the personal information you want us to act on.
  • Postal: NEUROSCALE LLC, 46175 Westlake Dr Ste 300, Sterling, VA 20165 — Attn: Privacy.
You may use an authorized agent to submit a request, subject to verification of identity and the agent’s authority. We will not charge a fee for most requests; for repetitive or excessive requests, we may charge a reasonable fee or decline as permitted by law. We will respond within the timeframes required by the CCPA/CPRA — generally within 45 days, with one possible 45-day extension if reasonably necessary (we will notify you in writing of any extension).

12. Changes to this Notice

We may update this Notice from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Where required by law, we will provide notice of material changes through the Service or by other reasonable means.

13. Contact