Privacy Policy
Last updated: 4/3/2026
1) Data controller identity
The data controller for personal data under the GDPR is:
Neoskill SAS (HiLucy brand)
Registered office: 60 rue François 1er, 75008 Paris, France
Email: contact@hilucy.ai
2) Neoskill vs. client recruiting companies (depending on processing)
When your application is handled by a client company using the HiLucy platform, that company determines the recruitment purposes that concern it (e.g., assessing profiles, organizing interviews, making selection decisions). In those cases, the client company acts as a data controller for its own processing.
Neoskill SAS provides the platform and, depending on the processing activities, acts as a controller for its own obligations (e.g., security, maintenance, service improvement) and/or as a processor within the meaning of Article 28 of the GDPR when data is processed on behalf of the client.
3) Categories of personal data collected
- Identification and contact data: first name, last name, email address, phone number, and data you provide during exchanges (e.g., contact form).
- Application data: information provided by the client company and/or by you as part of the recruitment process.
- Interview-related data: audio recordings, transcriptions (if applicable), typed text, and interview metadata (duration, timestamps, etc.).
- Assessment data: AI-generated summaries, analyses, and scores, plus outcomes and comments from human review.
- Technical data: logs, IP addresses, technical identifiers, security data, access logs, and information needed to operate the platform properly.
4) Purposes of processing and legal basis
We process personal data for specific purposes. The legal basis depends on each purpose, in accordance with Articles 6 and following of the GDPR.
| Purpose | Main data categories | Legal basis (GDPR) |
|---|---|---|
| Provide the platform and manage access (registration, accounts, maintenance) | Account identifiers, account data, technical data | Article 6(1)(b) (contract performance / pre-contract steps) and/or Article 6(1)(f) (legitimate interests) |
| Conduct automated interviews (voice/text) and generate assessment reports | Audio, transcripts, text, assessment outputs, interview metadata | Article 6(1)(b) (necessary to provide the requested service in the context of recruitment) and/or Article 6(1)(f) |
| Enable recruitment-related communication (notifications, feedback, follow-up) | Contact data, application data, messages | Article 6(1)(b) and/or Article 6(1)(f) |
| Security, fraud prevention, anti-abuse and system protection | Technical data, logs, identifiers | Article 6(1)(f) and/or Article 6(1)(c) (legal obligations) |
| Compliance with legal obligations (accounting, responding to authorities’ requests) | Data required for legal compliance | Article 6(1)(c) |
| Establishing, exercising or defending legal claims (handling GDPR requests, litigation) | Data needed to process your request and provide evidence | Article 6(1)(c) and/or Article 6(1)(f) |
5) Recipients of personal data
Depending on the purpose, your data may be shared with the following categories of recipients:
- Client companies using the platform to process your applications (they determine the recruitment-related purposes).
- Technical service providers (hosting, maintenance, IT support, infrastructure services).
- AI-related providers and suppliers (data processing required to run interviews and generate assessments).
- Authorities and other parties where required by law.
6) Retention periods
We store personal data only for as long as necessary to fulfil the purposes set out above and/or to meet applicable legal obligations.
- Interview and assessment data: during the recruitment process and for follow-up handling, then deletion or anonymization when possible.
- Security and platform operation data: for as long as necessary to detect/track incidents and remain compliant.
- Data related to GDPR requests: until the request is handled and, if needed, for evidence-related retention deadlines.
- Data kept to comply with legal obligations: for the duration imposed by applicable regulations.
7) Transfers outside the European Union
As part of the platform’s operation and the use of AI, some data may be transferred outside the European Union and/or the European Economic Area.
Where such transfers occur, we implement appropriate safeguards under the GDPR (for example, Standard Contractual Clauses (SCC) where required) to ensure an adequate level of protection.
8) Your rights (GDPR)
Under the GDPR, you have the following rights:
- Right of access (Article 15).
- Right to rectification (Article 16).
- Right to erasure (Article 17), subject to legal retention obligations.
- Right to restriction of processing (Article 18).
- Right to object (Article 21) when applicable.
- Right to data portability (Article 20) when applicable.
- Right to withdraw consent where processing is based on consent (if applicable to certain purposes).
- Right to lodge a complaint with a supervisory authority, including the CNIL.
Where certain assessments are automated, we ensure the final decision rests with human review. You may request additional information about how your data is processed.
9) How to contact us
For requests related to your personal data, contact us at:
contact@hilucy.ai
(please include “GDPR” in the subject line)
10) Right to lodge a complaint with the CNIL
You have the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés), in particular if you believe that your personal data processing does not comply with the GDPR.
11) AI processing during interviews
When you participate in an interview through the HiLucy platform, you interact with an AI system (voice and/or text). Your exchanges are used to run the interview, analyze your responses, and generate summaries, scores, or recommendations intended to assist recruiters.
AI-generated analyses and assessments are decision support. The final recruitment decision remains subject to human review by the recruiter.
Despite the technical and organizational measures in place, AI systems may have limitations (including errors, bias, or inaccuracies). If you have concerns, you can exercise your GDPR rights (see section 8).