How we handle
your information.
Vetti Labs Pty Ltd (“Vetti”, “we”) operates the Vetti recruitment platform. This notice explains how we collect, use, and disclose personal information under the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).
Last updated: 19 May 2026
Vetti and the hiring agency
When you apply for a role or are imported into the platform, the recruitment agency you applied to (the “agency”) is the primary handler of your information. Vetti operates the technology that the agency uses. We process your information on the agency’s behalf and also operate the cross-agency marketplace where, with your consent, your profile can be discovered by other agencies in our network.
For privacy questions specific to a particular application, contact the agency directly. For platform-level questions, reach Vetti at the addresses at the bottom of this page.
Information we hold about you
Depending on how you interact with the platform, we may collect: your name, contact details, work history and education, resume and supporting documents, skills and certifications, location and right-to-work information, answers to screening questions, interview recordings (audio) and transcripts, scorecards and assessment results, communication history with agencies, and platform usage data.
We collect this from you directly (forms, uploads, interviews), from the agencies that import your profile, and from public sources (e.g. a public LinkedIn profile) where lawful.
Purposes of processing
We use your personal information to:
- •Assess your suitability for specific roles you have applied to.
- •Match your profile against other open roles within the agency that imported you, and (with your consent) other agencies in the Vetti network.
- •Conduct AI-assisted interviews and produce advisory scorecards.
- •Communicate with you about your applications, interview invitations, and account.
- •Operate, secure, and improve the platform.
- •Comply with our legal obligations, including responding to lawful requests from regulators.
We do not sell your personal information. We do not use your interview recordings, transcripts, or assessment results to train generative AI models — neither our own models nor those of the AI providers listed below.
Service providers outside Australia
We use the following overseas service providers to deliver the platform. Each operates under a written data processing agreement with confidentiality, security, and data-handling obligations that align with the Australian Privacy Principles. This list is the current state — if it changes, this page is updated.
| Provider | Location | Purpose | Data | Safeguards |
|---|---|---|---|---|
| Anthropic (Claude API) | USA | AI processing — match scoring, screening, interview assessment | Candidate skills, work history, interview responses (sanitised) | DPA in place; provider does not retain or train on customer data |
| Hume AI | USA | AI voice interview agent (Empathic Voice Interface) and emotional-tone analysis | Audio recordings and transcripts of interview responses | DPA with processing-only terms; not used for provider model training |
| Deepgram | USA | Speech-to-text transcription for the legacy Vetti AI voice stack | Audio recordings (transient processing) | DPA with processing-only terms; no retention |
| ElevenLabs | USA / EU | Text-to-speech synthesis for the legacy Vetti AI voice stack | Text prompts only (no candidate PII in synthesis input) | DPA with processing-only terms; no retention |
| LiveKit | USA | WebRTC media routing for video / voice interviews | Video and audio media streams (transient routing only) | Media routing only; no content storage at the provider |
| Auth0 | USA / EU | Authentication and identity verification | Authentication tokens, email address (for login) | SOC 2 Type II certified; token lifecycle only |
| SendGrid | USA | Transactional and notification email delivery | Email address, email body (transient processing) | Transient processing; content not retained beyond delivery window |
| Stripe | USA | Payment processing for subscription billing | Payment instrument data — recruiter billing only; not candidate data | PCI DSS Level 1; DPA in place |
AI-assisted decisions
We use AI to assist recruiters in evaluating candidates. AI output is advisory in every case. A human recruiter makes the actual decision and can override any AI recommendation at any time. You are entitled to request a human review of any decision affecting you that involved automated processing.
AI match scoring
- Personal information used
- Skills, work history, education, location preferences
- How it works
- An AI system compares your skills and experience against a job description to produce an advisory compatibility score. Protected attributes (name, age, gender, ethnicity) are removed before processing.
- Human role
- The score is advisory only. A human recruiter reviews scores and makes shortlisting decisions. You are never automatically rejected based solely on this score.
AI screening evaluation
- Personal information used
- Skills, qualifications, work history, answers to screening questions
- How it works
- An AI system evaluates your application against screening criteria defined by the recruiter, returning a pass / fail recommendation with reasoning.
- Human role
- Advisory. A recruiter reviews all evaluations — including those flagged as not meeting criteria — before any decision.
AI interview assessment
- Personal information used
- Interview transcript content, response completeness, voice recording, and (when the Hume voice stack is used) emotional-tone signals derived from your speech
- How it works
- An AI system evaluates the content of your interview responses against role-specific criteria. The transcript is the primary input. Appearance and video are never analysed — interviews are voice-only.
- Human role
- Produces an advisory scorecard. A human recruiter reviews the full transcript and scorecard before any hiring recommendation.
How we protect your data
We take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access. These include: AES-256 encryption at rest, TLS 1.2+ in transit, role-based access control with multi-factor authentication for staff, tenant-level data isolation enforced at the database row level, audit logging on sensitive operations, and network isolation of our production infrastructure.
Despite these measures, no internet-connected system can be guaranteed secure. If a breach occurs that we assess as likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals in accordance with the Notifiable Data Breaches scheme.
Retention
Application data is retained while you remain an active candidate and for a reasonable period afterwards so the agency can contact you about future opportunities you may have consented to. You can request deletion at any time (see “Your rights” below).
Some data may be retained beyond a deletion request where the law requires it — for example, financial records that must be kept under tax legislation. In those cases, the data is restricted and accessed only for the legal purpose.
Access, correction, and complaints
Under the Australian Privacy Principles you have the right to:
- •Access the personal information we hold about you (APP 12).
- •Request that we correct information you believe is inaccurate or out of date (APP 13).
- •Withdraw any consent you have given (e.g. consent to AI-assisted interviewing, marketing communications, or cross-agency profile sharing) at any time.
- •Request deletion of your data, subject to legal retention obligations.
- •Request human review of any decision affecting you that involved automated processing.
- •Complain to us if you believe we have mishandled your information — and to the OAIC if you are not satisfied with our response.
The candidate portal includes self-service controls for most of these rights at candidate.vetti.work/privacy. For anything that isn’t available there, contact us using the details below.
Privacy enquiries
For any privacy enquiry — access, correction, withdrawal of consent, or complaint — contact our privacy officer at privacy@vetti.work. We aim to respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner: oaic.gov.au/privacy/privacy-complaints.
Vetti Labs Pty Ltd · Sydney, Australia