Privacy Policy

Who this policy covers

Patterned is a workforce platform used by three audiences:

• Community-based organizations (CBOs) and case managers who upload, assess, and place candidates
• Employers who search candidates, run interviews, and make hiring decisions
• Candidates and jobseekers who complete intake, readiness checks, and interviews

Each role sees a different subset of data, governed by role-based access controls enforced at the database layer.

Information we collect

We collect different categories of data depending on how you use the platform.

Categories include:

• Account data — organization name, contact name, email, phone, role, and any details you provide when you sign up or are invited to a workspace.
• Candidate-provided data — full name, contact information, location, work history, education, certifications, skills, photo, resume, and professional links.
• Demographic data — race, ethnicity, gender, veteran status, disability status, and similar attributes. This is only collected when the candidate provides explicit, recorded consent through our diversity data collection flow. Demographic data is used for grant reporting and bias auditing; it is never used as a positive or negative input to AI scoring.
• Interview and assessment data — audio recordings, video recordings (only when recording consent has been recorded), transcripts, AI-generated readiness scores and rubric evaluations, interviewer notes, and lifecycle events (admit → hire → retain → exit).
• Communications — SMS and voice call metadata and content sent through our telephony providers during interviews, check-ins, and outreach.
• Behavioral and product analytics — pages visited, features used, and session events, tied to your user ID, role, and organization.

How we use information

We use information to operate the service and improve workforce outcomes:

• Match candidates to roles using AI-powered hybrid search (semantic similarity, skills, experience, certifications, and location)
• Generate readiness reports, role models, gap plans, and personalized check-ins
• Run AI-driven interviews and produce structured rubric scores with supporting evidence
• Detect barriers, route candidates to case managers, and track retention at 30, 60, 90, and 180 days post-hire
• Produce outcome reports for grant funders, including uplift and employment savings calculations
• Audit AI scoring for adverse impact, calibration drift, and bias
• Provide customer support and respond to your requests

AI features and automated employment decisions

Patterned uses artificial intelligence to assist with screening, scoring, and assessment of candidates. Under New York City Local Law 144 and similar laws, these are sometimes called Automated Employment Decision Tools (AEDTs).

Our AI practices:

• Every score requires evidence. The Daisy Conversation Engine enforces that no score is produced without supporting evidence drawn from the candidate's own answers. We do not allow "vibes-based" scoring.
• Bias monitoring runs continuously. We apply the EEOC four-fifths rule across protected classes and flag any program whose score distribution falls more than two standard deviations from the system mean for human review.
• A human reviews flagged outcomes. Anomalies are surfaced to a person, not auto-suppressed.
• Patterned does not warrant any specific hiring outcome and is not a replacement for an employer's own EEO obligations.
• Candidates may request human review of any automated decision, request reasonable accommodations under the ADA, and decline to participate in AI-driven assessments.
• Employers using Patterned in jurisdictions with AEDT laws (such as NYC Local Law 144) are responsible for the candidate-facing notice and bias-audit publication required of them as employers; Patterned provides the underlying tooling to support those obligations.

Patterned is bias-monitored and structured — not bias-free. Our goal is auditability and human oversight, not the illusion of perfection.

Categories of third-party processors

We use a limited set of vetted service providers to operate the platform. We share data with them strictly to deliver the Service, and none of them receive your data to sell or market to you.

The categories of processors we use include:

• Cloud infrastructure providers — for database, file storage, application hosting, and edge compute
• AI and machine-learning providers — for language models, embeddings, speech-to-text, and text-to-speech used in matching, scoring, and assessment
• Conversational voice AI providers — for voice-based interviews and questionnaires
• Real-time communications providers — for live audio and video during interviews, conducted only when consent has been recorded
• Telephony providers — for SMS and voice outreach, including retention check-ins
• Product analytics providers — for pseudonymous usage data tied to your user ID, role, and organization
• Public-sector data sources — for occupational classification data used to ground role definitions; these receive no personal data

All processors operate under contractual data-processing terms. A current list of named sub-processors is available to Customers on request. If a candidate withdraws consent, we cease sending their data to optional processors going forward.

How long we keep data

We retain data for as long as it is needed to operate the service, comply with funder and legal obligations, and produce the workforce outcomes our customers rely on.

Lifecycle:

• Active program data — kept while the candidate is enrolled with a CBO or being considered by an employer
• Post-hire retention data — kept through the 180-day check-in window required by most funders
• Outcome and grant reporting data — retained in aggregated form for the period required by the funder
• Recordings and transcripts — retained for the period agreed with the originating organization, then deleted on request

Candidates and customer organizations may request deletion at any time, subject to legal retention obligations.

Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or object to our use of your personal information, and to withdraw consent you previously gave.

For region-specific rights (GDPR, CCPA, and similar laws), see our GDPR & CCPA page.

How we protect data

We follow industry-standard security practices appropriate for a production platform processing sensitive workforce data. At a high level:

• Role-based access controls and per-organization data isolation
• Encryption of data in transit, and at rest where supported by the underlying infrastructure
• Authentication and integrity checks on inbound integrations
• Least-privilege access for personnel and service-to-service communication
• Audit logging for sensitive actions and lifecycle events
• Ongoing review of access, dependencies, and operational practices

For security reasons, we do not publish specific implementation details. Customers with security-review obligations may request additional information under NDA. Suspected vulnerabilities can be reported through our responsible disclosure process.

Children's privacy

Patterned is not directed at children under 16 and we do not knowingly collect data from them. If you believe a minor has provided data through the platform, contact us and we will remove it.

Changes to this policy

We may update this Privacy Policy as the platform evolves. When we make material changes, we will update the "Last updated" date and, where appropriate, notify customers and active candidates.

Contact us

Questions about this policy, requests to exercise your rights, or security concerns can be sent to: