Candidate Privacy Notice

Effective Date: May 1, 2026

Last Updated: May 1, 2026

Tenex Security, Inc. (“TENEX.AI,” “we,” “our,” or “us”) respects your privacy. This Candidate Privacy Notice (“Notice”) describes how we collect, use, share, and protect personal information about individuals who apply for employment, contract, or internship roles with us, and explains your privacy rights and how to exercise them.

At a Glance

A quick summary of how we handle your information as a candidate. Please read the full Notice for details.

• We collect the information you provide in your application (contact details, resume, work history, references), information we collect from third parties (recruiters, professional networks, background check providers), and information we generate during the hiring process (interview notes, assessment results).
• We use your information to evaluate your application, communicate with you, conduct interviews and assessments, verify your qualifications, make hiring decisions, and meet legal obligations.
• We use certain AI-assisted tools to help us screen and rank applications. A human is always involved in the hiring decision.
• We share your information with service providers that support our hiring process (applicant tracking system, background check provider, skills assessment platforms) and, where required, with legal or regulatory authorities.
• If you are not selected, we keep your information for a limited period (see “How Long We Keep Your Information”). If you are hired, your information becomes part of your employee record and is handled under our Employee Privacy Notice.
• You have rights over your information, including the right to access, correct, delete, and — depending on your location — object to certain processing. See “Your Rights.”

Scope of This Notice

This Notice applies to individuals who apply for employment, contract, or internship roles with TENEX.AI — through our careers site, a recruiter, a referral, or any other channel — and to personal information we process in connection with those applications. 

This Notice does not apply to:

• Visitors to our general website and marketing activities, which are covered by our Website Privacy Notice.
• Individuals who become employees or contractors, whose information is handled under our Employee Privacy Notice once their engagement begins.
• Information processed by Tenex on behalf of our enterprise customers in our role as a service provider, which is governed by the relevant customer agreement.

Information We Collect

We collect the following categories of personal information during the application and hiring process:

Information You Provide

• Contact and identity information (name, email, phone number, mailing address, country of residence).
• Professional history and qualifications (resume/CV, cover letter, work history, education, certifications, licenses, publications, portfolio or code samples, security clearances held).
• Application details (the role you applied for, compensation expectations, availability, willingness to relocate, referral source).
• Communications content (emails, messages, interview responses, take-home assignment submissions).
• Right-to-work and immigration information, including visa status and documentation required to work in the relevant jurisdiction.
• References you choose to provide and the contact details of those references.
• Voluntary self-identification information where you choose to provide it (for example, race, ethnicity, gender, veteran status, or disability), used for equal employment opportunity reporting and diversity analytics. Providing this information is always optional, and declining to provide it will not affect the hiring decision.
• Information you make available in professional networks (e.g., LinkedIn, GitHub) that you link from your application.

Information We Generate

• Interview notes, evaluations, and scores from interviewers.
• Results of skills assessments, technical exercises, and pre-employment evaluations.
• Correspondence and scheduling records.
• Automated screening outputs (e.g., ranking or scoring signals generated by AI-assisted tools — see “Automated Decision-Making and AI-Assisted Screening”).

Information We Receive From Third Parties

• Recruiters and recruiting agencies who submit your profile.
• Employee referral sources, when you have been referred by a current TENEX.AI employee or contractor.
• Professional networking sites and public sources (for example, LinkedIn, GitHub, conference speaker pages).
• References you have identified, who respond to our reference-check inquiries.
• Background check providers, who conduct checks with your authorization (see “Background Checks”).
• Skills assessment and interviewing platform providers, who return assessment results.

Sensitive and Special-Category Information

We limit our collection of sensitive or special-category information to what is necessary and permitted by applicable law. Specifically:

• We collect equal-employment-opportunity self-identification information (race/ethnicity, gender, veteran status, disability) only where you voluntarily provide it, and we use it solely for EEO reporting, diversity analytics, and compliance with applicable law.
• We collect reasonable-accommodation information only if you request an accommodation during the application or interview process, and only to the extent necessary to evaluate and provide the accommodation.
• We collect criminal-history information only through a background check conducted with your specific authorization, after any required conditional offer, and only to the extent permitted by applicable federal, state, and local law (including “ban-the-box” and fair-chance hiring laws).
• For EEA/UK candidates, processing of special-category data under Article 9 GDPR is limited to situations where a valid Article 9(2) condition applies (e.g., explicit consent, employment-law obligations, or substantial public interest).

How We Use Your Information

We use personal information for the following purposes:

• Evaluating your application, including reviewing your qualifications for the role and for other roles that may be a fit.
• Scheduling and conducting interviews and pre-employment assessments.
• Communicating with you about your application, the hiring process, and other roles.
• Verifying information you provide, including references, employment history, education, credentials, and right to work.
• Conducting background checks where permitted by law and with your authorization.
• Making hiring decisions, including preparing and extending offers.
• Onboarding successful candidates, including creating an employee record.
• Maintaining a talent pipeline for future opportunities (where permitted by law and, in the EEA/UK, with your consent where required).
• Meeting legal, regulatory, and contractual obligations, including equal-employment-opportunity reporting, immigration and right-to-work verification (e.g., Form I-9 in the US), tax and audit obligations, and responding to subpoenas or government requests.
• Protecting the security and integrity of our systems, preventing fraud and abuse, and conducting investigations.
• Establishing, exercising, or defending legal claims.
• Improving our recruiting practices, including analytics on aggregated, non-identifying data.

Automated Decision-Making and AI-Assisted Screening

We use automated tools — including AI-assisted applicant screening, ranking, and matching technologies — to help us manage a high volume of applications. These tools may score, rank, or highlight applications based on factors such as skills, experience, and role requirements. 

Human involvement. A human recruiter, hiring manager, or hiring committee always reviews applications and makes the decision to advance, extend an offer, or reject a candidate. We do not make hiring decisions solely on the basis of automated processing without meaningful human involvement.

Your rights. If an automated tool has been used in connection with your application, you may request human review of any resulting decision, request an explanation of the logic involved, and contest the decision. To make such a request, contact [email protected].

Legal Bases for Processing (EEA/UK/Swiss Candidates)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases:

• Pre-contractual steps taken at your request under Article 6(1)(b) GDPR — processing necessary to evaluate your application and to take steps toward entering into an employment contract.
• Legitimate interests under Article 6(1)(f) GDPR — operating and improving our recruiting processes, maintaining a talent pipeline, protecting the security of our systems, and preventing fraud.
• Compliance with legal obligations under Article 6(1)(c) GDPR — including equal-opportunity reporting and record-keeping obligations.
• Consent under Article 6(1)(a) GDPR — where required by law, including for retaining your information for future roles beyond the period necessary for the current application, for processing certain types of special-category data, and where required by local law for background checks.
• For special-category data (e.g., health information for accommodations, racial or ethnic origin for EEO self-ID), we rely on the applicable Article 9(2) conditions, including explicit consent (Art. 9(2)(a)), obligations in the field of employment (Art. 9(2)(b)), and substantial public interest (Art. 9(2)(g)), as applicable.

How We Share Your Information

We share personal information with the following categories of recipients:

• Within TENEX.AI: with recruiters, hiring managers, interviewers, People Operations, Legal, and, where relevant, executive leadership — on a need-to-know basis.
• Applicant tracking system (ATS) and HR information system (HRIS) providers.
• Skills assessment, coding challenge, and interview platform providers.
• Background check, reference check, and identity verification providers (with your authorization).
• Recruiting agencies and search firms, where your application came through them.
• Professional advisors (e.g., outside counsel, auditors, insurers).
• Government authorities, regulators, and law enforcement where required by law or to protect our legal rights.
• Parties to a corporate transaction (e.g., merger, acquisition, financing, or asset sale), subject to appropriate confidentiality obligations.
• Any other party with your consent or at your direction.

We do not “sell” candidate personal information, and we do not “share” candidate personal information for cross-context behavioral advertising (as those terms are defined under US state privacy laws).

Background Checks

Where permitted by law and relevant to the role, we may conduct background checks — including verification of identity, employment history, education, professional credentials, criminal history (to the extent permitted), and, for security-cleared or financial roles, additional screening. We conduct background checks only after:

• Providing the written disclosure and obtaining the written authorization required by the Fair Credit Reporting Act (15 U.S.C. § 1681b(b)(2)(A)) and any applicable state or local law;
• Providing any pre-check notice required by law in your jurisdiction (e.g., California ICRAA notice, New York Article 23-A notice, Washington State fair-chance notice);
• Respecting the timing limits on criminal-history inquiries imposed by federal, state, and local “ban-the-box” and fair-chance hiring laws, which generally require the initial inquiry to be made after a conditional offer;
• For EEA/UK candidates, confirming that a valid legal basis exists for processing criminal-conviction data under Article 10 GDPR and applicable Member State law, and limiting inquiries to those necessary and proportionate to the role.

If we intend to take adverse action based in whole or in part on the results of a consumer report, we will provide you with the pre-adverse action notice, a copy of the report, and the Summary of Your Rights Under the Fair Credit Reporting Act before taking final action, in accordance with applicable law.

International Data Transfers

TENEX.AI is headquartered in the United States, and our service providers may process personal information in the United States and other countries. If you are located in the EEA, UK, or Switzerland, your personal information may be transferred to and processed in countries that have not been deemed to provide an adequate level of data protection. Where we make such transfers, we rely on lawful transfer mechanisms, including the European Commission’s Standard Contractual Clauses (2021), the UK International Data Transfer Addendum, Swiss FDPIC-approved clauses, and adequacy decisions where applicable. 

How Long We Keep Your Information

We retain candidate personal information for as long as necessary to fulfill the purposes described in this Notice and to comply with our legal obligations. In general:

• If you are hired, your application information becomes part of your employee record and is retained under our Employee Privacy Notice.
• If you are not hired, we typically retain your application information for 12 months after the final decision, unless a longer retention period is required by law (for example, to defend against discrimination claims) or you request deletion earlier. In the US, EEOC regulations generally require retention of employment application records for at least one year (29 C.F.R. § 1602.14).
• If you ask us to consider you for future roles and provide consent where required, we may retain your information for a longer period (typically up to three years) for talent-pipeline purposes and will delete it earlier on request.
• Background check reports are retained in accordance with FCRA retention guidance and applicable state law; they are not retained longer than necessary.
• Aggregated or de-identified data may be retained for longer for analytics and recruiting-process improvement.

Specific retention periods vary by jurisdiction and data type. 

Your Rights

Depending on where you live, you may have the following rights with respect to your personal information. To exercise these rights, email [email protected]. We may need to verify your identity before responding, and we will respond within the timeframes required by applicable law.

California Residents

California residents have the right to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising those rights. The California Consumer Privacy Act (as amended by the CPRA) applies to California job applicants as of January 1, 2023. As described above, TENEX.AI does not sell candidate personal information and does not share it for cross-context behavioral advertising.

Residents of Colorado, Virginia, Connecticut, Utah, Texas, and Other US States

You may have rights under your state’s comprehensive privacy law, including rights to access, correct, delete, and port your personal information, and to opt out of targeted advertising, sales, and certain forms of profiling. You also have the right to appeal a denial of your request by replying to our denial with “Privacy Request Appeal” in the subject line.

EEA, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have the right to:

• Access the personal information we hold about you and receive a copy;
• Request correction of inaccurate or incomplete information;
• Request erasure of your information, subject to applicable legal limits;
• Object to or restrict processing of your information, including for legitimate-interests processing;
• Receive your information in a portable format, where processing is based on consent or contract;
• Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing;
• Request human review of, and an explanation for, decisions based significantly on automated processing;
• Lodge a complaint with the supervisory authority of the EU Member State, the UK, or the Swiss Canton of your habitual residence, place of work, or place of the alleged infringement.

Data Security

We use technical and organizational measures designed to protect candidate information, including encryption in transit and at rest, access controls, employee training, and monitoring. Access to candidate information is limited to personnel who need it to perform their job duties. Our security program is validated by our completion of a SOC 2 audit focused on Security and Confidentiality. Notwithstanding these measures, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

Changes to This Notice

We may update this Notice from time to time. We will post any updates on our careers site and revise the “Last Updated” date. For material changes, we will provide additional notice where required by applicable law. This notice does not form part of your contract of employment and does not create contractual rights or obligations.

How to Contact Us

TENEX.AI. is the controller of the personal information we collect from you as a candidate. If you have questions about this Notice or how we handle your personal information as a candidate, please contact:

Tenex Security, Inc.

Attn: Privacy Officer

9401 Indian Creek Parkway, Suite #400

Overland Park, KS 66210

Email: [email protected]