ZyvernoZyverno

Terms of Use

Last updated: February 2026

These Terms of Use (“Terms”) govern your access to and use of the Zyverno cloud-based recruitment and applicant tracking platform (the “Service”). They are entered into between Zyverno Limited (“Zyverno”, “we”, “us”) and you, the customer or user (“you”, “the Customer”). By accessing or using the Service you agree to be bound by these Terms. If you do not agree, do not access or use the Service.

These Terms apply globally subject to the jurisdiction-specific schedules in Section 21 of these Terms. Where a Section 21 schedule conflicts with a provision of these Terms, the schedule prevails for customers and candidates connected to that jurisdiction.

1. Definitions

In these Terms of Use, the following terms have the meanings set out below:

  • "AI Features" means the artificial-intelligence-powered functionalities within the Service, including Lina AI screening interviews (voice and chat), CV parsing, candidate scoring, scheduling automation, and automated communication drafting.
  • "Candidate" means any natural person whose personal data is processed through the Service in connection with a Customer’s recruitment activities.
  • "Customer" means any legal entity or natural person acting in a professional capacity that subscribes to the Service.
  • "Customer Data" means all data, including personal data of Candidates and Users, that is uploaded, entered, or otherwise transmitted to the Service by or on behalf of the Customer.
  • "Data Protection Laws" means all applicable laws relating to the protection of personal data and privacy, including the EU GDPR, UK GDPR, the Data Protection Act 2018, Quebec Law 25, the Personal Information Protection and Electronic Documents Act (Canada), the California Consumer Privacy Act and California Privacy Rights Act, the Australian Privacy Act 1988, UAE PDPL, and equivalents.
  • "DPA" means the Data Processing Addendum entered into between Zyverno and the Customer that governs Zyverno’s processing of personal data on the Customer’s behalf.
  • "EU AI Act" means Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence.
  • "High-Risk AI System" has the meaning set out in the EU AI Act, including AI systems intended to be used for the recruitment or selection of natural persons.
  • "Lina AI" means Zyverno’s proprietary AI hiring agent, which conducts structured screening interviews and produces compatibility scorecards.
  • "Service" means the Zyverno cloud-based recruitment and applicant tracking platform, including all features, updates, integrations, and related documentation.
  • "Sub-Processor" means any third party engaged by Zyverno to process personal data in connection with the provision of the Service.
  • "Subscription" means the contractual arrangement under which the Customer gains access to the Service for a defined period and plan tier.
  • "User" means any individual authorised by the Customer to access the Service under the Customer’s account.

2. Zyverno Entity & Contracting Parties

The Service is provided by Zyverno Limited, a private limited company registered in England and Wales under company number 16987963, with registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

For data subject queries from any jurisdiction, contact privacy@zyverno.app.

3. Acceptance & Modifications

By accessing or using the Service, the Customer and each User agree to be bound by these Terms. The Customer represents that the individual accepting these Terms has authority to bind the Customer entity.

We may modify these Terms. Material changes will be notified at least thirty (30) days in advance by email and via in-Service notification. Continued use of the Service after the effective date of the change constitutes acceptance. The Customer may terminate the Subscription if it does not accept a material change, subject to Section 17.

4. Service Description

The Service is a cloud-based applicant tracking system and recruitment management platform that provides:

  • Applicant tracking: pipeline management, candidate profiles, duplicate detection, and candidate history.
  • AI-powered screening: Lina AI structured interviews in chat and voice modes, CV parsing, and candidate scoring against Customer-configured criteria.
  • Communication tools: email and SMS outreach, customisable templates, and invitation management.
  • Calendar & scheduling: interview scheduling, calendar integration, and availability management.
  • Analytics & reporting: pipeline analytics, recruitment metrics, and performance dashboards.
  • Team collaboration: multi-user accounts, role-based access control, and organisational settings.
  • Billing & subscription management.

5. Account Registration & Security

The Customer must register an account and provide accurate, complete information. The Customer is responsible for:

  • Maintaining the confidentiality of all authentication credentials issued to its Users.
  • All activities that occur under the Customer’s account, whether or not authorised.
  • Promptly notifying Zyverno of any unauthorised access, suspected security breach, or compromise of credentials, by email to security@zyverno.app.
  • Ensuring its Users comply with these Terms, the Confidentiality Charter, and the DPA.

Authentication is by one-time passcode (OTP) delivered to the registered email address. Sessions and access tokens are issued and revoked through the Service. Tenant isolation is enforced at the application layer.

6. Subscription, Fees & Payment

  • Plan tiers. The Service is offered in plan tiers with differing feature sets, usage limits, and pricing as published on the Zyverno website or as agreed in a Subscription order form.
  • Billing cycle. Fees are billed in advance on a monthly or annual basis as selected by the Customer.
  • Auto-renewal. Subscriptions automatically renew for successive periods of equivalent length unless cancelled before the renewal date in accordance with Section 17. Where required by applicable consumer or commercial law in the Customer’s jurisdiction, additional cancellation rights are set out in the relevant Section 21 schedule.
  • Automatic payment. By saving a payment method, the Customer authorises Zyverno to charge the default payment method on file for each renewal. The Customer may update or remove saved payment methods at any time from the billing settings page.
  • Non-refundable. Fees are non-refundable except as required by applicable law or as expressly provided in these Terms.
  • Price changes. We will give the Customer at least thirty (30) days’ prior notice of price changes; new prices take effect at the next renewal.
  • Taxes. Fees are exclusive of VAT, GST, sales tax, and any other applicable taxes, which the Customer is responsible for paying. Where Zyverno is required to collect tax in the Customer’s jurisdiction, it will be added to the invoice.

7. Permitted Use & Restrictions

The Customer may use the Service solely for lawful recruitment and talent management activities. The Customer shall not, and shall procure that its Users shall not:

  • Reverse-engineer, decompile, disassemble, or attempt to derive the source code of the Service.
  • Copy, modify, translate, or create derivative works of the Service.
  • Sublicense, sell, rent, lease, or otherwise distribute access to the Service.
  • Use the Service in violation of any applicable law, including data protection law, employment law, anti-discrimination law, telecommunications law, and AI-specific regulation.
  • Use the Service in a manner that exceeds usage quotas, interferes with the Service, or attempts to gain unauthorised access to other Customers’ data.
  • Upload malicious code, viruses, ransomware, or harmful data.
  • Use the Service to process special-category personal data (as defined under GDPR Article 9 or equivalent) as a primary screening criterion, except where the Customer has a valid legal basis under applicable law.
  • Use the Service to make solely automated decisions producing legal or similarly significant effects on Candidates without the human review described in Section 8.
  • Use the Service in connection with hiring of children below the minimum employment age in the relevant jurisdiction, or for under-18 Candidates without the additional safeguards described in the applicable Section 21 schedule.

8. AI-Powered Features

8.1 Status of AI outputs

All outputs of AI Features, including Lina AI screening scores, compatibility scorecards, and assessment recommendations, are advisory. They do not constitute employment decisions or commitments. Outputs may contain errors, biases, or inaccuracies.

8.2 Mandatory human oversight

The Customer shall ensure that a qualified human reviewer reviews all AI-generated assessments before any decision is communicated to a Candidate that produces legal or similarly significant effects, including without limitation the rejection of an application, the offer of an interview, or the offer of employment.

The Service includes configurable controls to enforce human review at the rejection-communication stage. The Customer shall enable and use these controls. Disabling these controls is permitted only where the Customer has a documented legal basis under applicable Data Protection Laws and where doing so is consistent with the Customer’s obligations under the EU AI Act, GDPR Article 22, Quebec Law 25 Article 12.1, and equivalent instruments.

8.3 Customer responsibility for outputs

The Customer is responsible for the use it makes of AI outputs and for verifying their accuracy and appropriateness for the role and Candidate. Zyverno does not warrant that AI outputs are accurate, unbiased, or fit for any particular purpose, save as expressly set out in these Terms or applicable law.

8.4 EU AI Act

Lina AI, when used for the recruitment or selection of natural persons, is a high-risk AI system under Annex III(4) of the EU AI Act. Zyverno is the provider of Lina AI within the meaning of Article 3 of the EU AI Act. The Customer is the deployer of Lina AI when it uses the Service to screen Candidates.

Zyverno will use commercially reasonable efforts to comply with provider obligations under Articles 9 to 21 of the EU AI Act as they come into force, including risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy and robustness, conformity assessment, CE marking, and post-market monitoring. The current status of these obligations is published available on request and updated on a quarterly basis.

The Customer shall comply with deployer obligations under Article 26 of the EU AI Act when using Lina AI for Candidates connected to the European Union, including assigning appropriate human oversight, ensuring input data is relevant and sufficiently representative, monitoring operation, retaining logs for at least six months, informing affected workers and worker representatives where required, conducting a fundamental rights impact assessment under Article 27 where applicable, and cooperating with competent authorities.

Zyverno will provide the Customer with an instructions-for-use document, a fundamental rights impact assessment template, a worker notification template, and a Candidate transparency notice template, available on request.

8.5 Bias monitoring

Zyverno conducts periodic disparate-impact testing on Lina AI screening outcomes across protected characteristics where data is available, in accordance with a documented methodology. Testing methodology and aggregate results are documented in our AI Act technical documentation, summarised in our published bias audit summary, and available to enterprise Customers in greater detail under non-disclosure agreement.

Where local law imposes specific bias audit requirements (including New York City Local Law 144, EEOC guidance, and equivalents), the relevant Section 21 schedule sets out additional disclosures and Customer obligations.

8.6 Right to explanation

Candidates may request information about how their Lina AI assessment was produced. Such requests should be directed first to the Customer, which holds the role-specific scoring criteria. Where a Candidate’s request is escalated to Zyverno, Zyverno will respond within thirty (30) days with information about the categories of input considered, the structure of the scoring, and the human review applied to the outcome, subject to the Customer’s confidentiality interests.

9. SMS & Electronic Communications

Where the Customer uses the Service to send SMS or other electronic messages to Candidates:

  • The Customer is responsible for obtaining all consents required under applicable law before sending such messages, including the Telephone Consumer Protection Act (United States), Canada’s Anti-Spam Legislation (CASL), the Privacy and Electronic Communications Regulations 2003 (United Kingdom), the ePrivacy Directive (European Union), the Spam Act 2003 (Australia), and equivalents.
  • Recipients may opt out by replying STOP to any message. Opt-outs are honoured platform-wide for the relevant Customer and Candidate combination.
  • Zyverno provides opt-out, opt-in (START), and help (HELP) handling and delivery status logging.
  • The Customer indemnifies Zyverno from claims by Candidates or regulators arising from the Customer’s failure to obtain required consents or to comply with applicable law in connection with electronic communications, save where the claim arises from a defect in the Service itself.

10. Customer Data & Ownership

The Customer retains all ownership rights, including intellectual property rights, in Customer Data. The Customer grants Zyverno a limited, non-exclusive, worldwide, royalty-free licence to host, process, transmit, display, and otherwise use Customer Data solely as necessary to provide the Service, comply with applicable law, and as further described in the DPA.

  • Processor role. Zyverno processes Customer Data as a processor on behalf of the Customer under the DPA. The Customer is the controller. Detail is set out in the Confidentiality Charter and the DPA.
  • Service improvement. Zyverno may use anonymised, aggregated data derived from Customer Data for the purpose of improving the Service, training and evaluating AI models in accordance with applicable law and the DPA, and producing aggregate industry analytics. Such use does not extend to the disclosure of Customer Data or the identification of any individual Candidate or User.
  • Data export. The Customer may export its Customer Data through the Service interface at any time during the Subscription. Following termination, an export window applies as set out in Section 17.
  • Candidate-initiated rights. Notwithstanding the Customer’s contractual rights, Candidates retain rights under applicable Data Protection Laws to access, rectify, and erase their personal data. Where Zyverno receives a Candidate request directly, Zyverno will route it to the Customer where the Customer is the controller; where the request relates to data for which Zyverno is the controller, Zyverno will action it directly. Customer-instructed retention does not override Candidate erasure rights save where retention is required by law.

11. Intellectual Property

All intellectual property rights in the Service, including the Lina AI agent, the platform software, AI models, scoring algorithms, brand assets, trade marks, trade names, and documentation, are and remain the exclusive property of Zyverno or its licensors. No rights are granted to the Customer by implication, estoppel, or otherwise.

Feedback, suggestions, and ideas provided by the Customer or its Users may be used by Zyverno without obligation. The Customer retains its own brand assets, customer relationships, and any proprietary workflows it develops independently of the Service.

12. Third-Party Integrations

The Service may integrate with third-party services chosen by the Customer (calendar, email, identity, ATS, communication tools). Such integrations are governed by the third party’s own terms. Zyverno is not responsible for the availability, performance, or security of third-party services. The Customer is responsible for compliance with third-party terms.

13. Service Availability & SLA

Zyverno will use commercially reasonable efforts to maintain the availability of the Service. Standard uptime targets are available on request and may be modified by a separately agreed Service Level Agreement (SLA) for enterprise Customers.

Scheduled maintenance windows will be notified at least seventy-two (72) hours in advance and conducted outside primary business hours where reasonably practicable.

Where downtime is caused by a Sub-Processor outage, Zyverno will use commercially reasonable efforts to recover service and to pursue remedies available against the Sub-Processor. Zyverno’s liability for Sub-Processor outages is limited to the SLA credits set out in any agreed enterprise SLA. Force majeure events, Customer misuse, and third-party network outages outside Zyverno’s reasonable control are excluded from availability commitments.

14. Warranties & Disclaimers

Zyverno warrants that the Service will perform materially in accordance with its published documentation. As a remedy for breach of this warranty, Zyverno will use commercially reasonable efforts to correct the non-conformity at no charge or, where correction is not commercially feasible, terminate the affected Subscription and refund pre-paid unused fees.

Save as expressly stated in these Terms, the Service is provided “as is” and “as available”. To the maximum extent permitted by applicable law, Zyverno disclaims all other warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and uninterrupted availability.

Where applicable consumer protection law in the Customer’s jurisdiction provides warranties that cannot be excluded, those warranties apply. Specific warranty modifications for Australia, the Gulf states, and EU consumer Customers are set out in the relevant Section 21 schedules.

15. Limitation of Liability

To the maximum extent permitted by applicable law:

  • Neither party shall be liable to the other for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, or loss of business opportunity, regardless of the basis of liability.
  • Each party’s aggregate liability arising out of or related to these Terms shall not exceed the fees paid by the Customer to Zyverno in the twelve (12) months preceding the event giving rise to the claim.

The limitations in this Section do not apply to: liability for death or personal injury caused by negligence; liability for fraud or fraudulent misrepresentation; liability that cannot be limited or excluded under applicable law; or liability arising from a party’s indemnification obligations under Section 16.

Specific modifications to the limitation of liability under EU consumer law, US state consumer protection law, Australian Consumer Law, and Gulf state law are set out in the relevant Section 21 schedules.

16. Indemnification

16.1 By the Customer

The Customer shall indemnify, defend, and hold Zyverno harmless from claims, damages, liabilities, and reasonable costs (including legal fees) arising from:

  • The Customer’s use of the Service in breach of these Terms, the DPA, or applicable law.
  • The Customer’s failure to obtain required consents from Candidates.
  • Claims by Candidates or regulators arising from the Customer’s hiring decisions, including discrimination claims, save where the claim arises from a defect in Zyverno’s provider obligations under Section 8.4 or a breach by Zyverno of these Terms.
  • The Customer’s breach of telecommunications or anti-spam law in connection with electronic communications sent through the Service.
  • Customer Data infringing third-party rights.

16.2 By Zyverno

Zyverno shall indemnify, defend, and hold the Customer harmless from claims, damages, liabilities, and reasonable costs (including legal fees) arising from:

  • Claims that the Service, when used as permitted by these Terms, infringes the intellectual property rights of a third party.
  • Claims by EU national market surveillance authorities arising from a failure of Zyverno’s provider obligations under Articles 9 to 21 of the EU AI Act, where the Customer has complied with its deployer obligations under Article 26.

16.3 Procedure

The indemnified party shall: promptly notify the indemnifying party of the claim; permit the indemnifying party to control the defence and settlement of the claim, provided that no settlement adversely affecting the indemnified party shall be made without consent (not unreasonably withheld); and reasonably cooperate at the indemnifying party’s expense.

17. Term & Termination

  • Term. These Terms remain in effect while the Customer maintains an active Subscription.
  • Termination for convenience. The Customer may terminate the Subscription at the end of the then-current billing period through the Service interface or by notice to billing@zyverno.app.
  • Termination for cause. Either party may terminate immediately on written notice if the other party (a) commits a material breach of these Terms or the DPA that is not cured within thirty (30) days of written notice, (b) becomes insolvent or enters insolvency proceedings, or (c) ceases to operate as a going concern.
  • Effect of termination. On termination, the Customer’s right to use the Service ends. The Customer may export Customer Data through the Service interface for thirty (30) days following termination, after which Customer Data may be deleted in accordance with the DPA. Candidate-initiated erasure rights and any longer retention obligations imposed by law are unaffected.
  • Survival. Sections 10 (Customer Data), 11 (Intellectual property), 14 (Warranties), 15 (Limitation of liability), 16 (Indemnification), 17 (this Section), 18 (Confidentiality), and 20 (General) survive termination.

18. Confidentiality

Each party agrees to treat as confidential all non-public information disclosed by the other party that is marked or reasonably understood to be confidential (“Confidential Information”). The receiving party shall use Confidential Information only as necessary to perform under these Terms and shall protect it with at least the same degree of care it uses for its own confidential information, but no less than reasonable care.

Confidential Information does not include information that: is publicly available without breach of these Terms; was known to the receiving party prior to disclosure without confidentiality obligation; is independently developed by the receiving party without use of the other party’s Confidential Information; or is required to be disclosed by law, court order, or regulatory authority, provided the receiving party gives prompt notice to the disclosing party where legally permitted.

Confidentiality obligations survive termination for a period of five (5) years, except that obligations relating to trade secrets continue for as long as the information remains a trade secret.

19. Data Protection

Zyverno processes personal data in compliance with applicable Data Protection Laws. Detailed processing terms are set out in the Confidentiality Charter and the DPA. The Customer is the controller of Candidate personal data; Zyverno is the processor. Zyverno is the controller of User account data and operational data.

The DPA forms an integral part of the agreement between the parties and is incorporated by reference. The DPA template is available on request; an executed DPA is provided to enterprise Customers as part of the Subscription onboarding process.

20. General Provisions

20.1 Governing law and jurisdiction

These Terms are governed by the laws of England and Wales, without regard to conflict of laws principles. The courts of England and Wales have exclusive jurisdiction over disputes, save that:

  • Where the Customer is a consumer in the European Union, the Customer retains the protection of the mandatory provisions of the law of the Customer’s habitual residence.
  • Where the Customer is established in the United States, Canada, Australia, or a Gulf state, the governing law and jurisdiction are modified by the relevant Section 21 schedule.
  • Either party may seek interim or injunctive relief in any court of competent jurisdiction.

20.2 Force majeure

Neither party is liable for failure to perform where the failure results from events beyond reasonable control, including acts of God, war, terrorism, civil unrest, government action, pandemic, prolonged power or telecommunications failure, internet outages outside the party’s network, and material Sub-Processor outages. The affected party shall use reasonable efforts to mitigate the effect of the force majeure event and to resume performance.

20.3 Severability

If any provision of these Terms is found unenforceable, the remaining provisions continue in full force. The unenforceable provision shall be modified to the minimum extent necessary to make it enforceable consistent with the parties’ original intent.

20.4 Entire agreement

These Terms, together with the Confidentiality Charter, the DPA, the relevant Section 21 schedule, and any signed Subscription order form, constitute the entire agreement between the parties and supersede all prior representations and agreements relating to the subject matter.

20.5 No waiver

Failure to enforce any provision of these Terms is not a waiver of that provision or of any other provision.

20.6 Assignment

The Customer may not assign or transfer rights under these Terms without Zyverno’s prior written consent. Zyverno may assign these Terms in connection with a merger, acquisition, reorganisation, or sale of substantially all assets, on notice to the Customer.

20.7 Notices

Notices to Zyverno shall be sent to legal@zyverno.app, with a copy by post to the registered office. Notices to the Customer shall be sent to the email address designated in the account settings, or where none, the most recent email address used to communicate with Zyverno.

20.8 Relationship of the parties

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship.

21. Jurisdiction Schedules

This Section contains the schedules that supplement or override the foregoing for users connected to specific jurisdictions. A user is “connected to” a jurisdiction where the user is established in, resident in, or where the data subject’s data is processed in connection with that jurisdiction. A Customer with operations in multiple jurisdictions is subject to the schedules for each. Where a schedule conflicts with a provision of Sections 1-20, the schedule prevails for users connected to that jurisdiction.

21.1 United Kingdom

  • Governing law: English law and the courts of England and Wales (no modification).
  • Applicable data protection law: UK GDPR, Data Protection Act 2018, Privacy and Electronic Communications Regulations 2003 (PECR).
  • Supervisory authority: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; www.ico.org.uk; +44 (0)303 123 1113.
  • International transfers: UK International Data Transfer Agreement or the IDTA Addendum to the EU SCCs.
  • AI in recruitment: the UK has not enacted a comprehensive AI Act. Lina AI is operated in line with ICO guidance on AI and data protection, the Equality Act 2010, and ICO guidance on automated decision-making and profiling. Article 22 UK GDPR safeguards apply.
  • Equality Act 2010: Customers must comply with duties on indirect discrimination, reasonable adjustments for disabled Candidates, and equal pay.
  • PECR: the Customer is responsible for compliance with PECR consent requirements for marketing electronic communications.
  • Children: minimum employment age generally 16; for Candidates under 18, working time and age-restricted role rules apply.
  • Consumer Customers: Consumer Rights Act 2015 may modify warranty and limitation of liability terms; statutory rights are not excluded.

21.2 European Union (general)

  • Lead supervisory authority: Zyverno does not have a main establishment in the EU; the one-stop-shop mechanism (Art. 56) does not apply. EU national supervisory authorities each have jurisdiction.
  • EU AI Act provider obligations: Lina AI is a high-risk AI system under Annex III(4). Zyverno is the provider under Article 3. Provider obligations under Articles 9-21 are addressed in Zyverno’s AI Act compliance documentation. Status updated quarterly.
  • EU AI Act deployer obligations (Article 26): Customers using Lina AI for EU candidates are deployers and must use the system per the instructions for use, assign human oversight, ensure input data is relevant and representative, monitor operation, retain logs at least six months, inform workers and worker representatives where required, conduct a Fundamental Rights Impact Assessment under Article 27 where applicable, and cooperate with authorities. Zyverno provides the supporting templates on request.
  • GDPR Article 22: solely automated decisions with legal or similarly significant effects are prohibited save where Article 22(2) applies. Lina AI does not produce solely automated decisions; the platform requires human review.
  • ePrivacy Directive: Customers must comply with ePrivacy as transposed in each member state for marketing communications.
  • Cross-border transfers from the EU/EEA: European Commission Standard Contractual Clauses (Decision (EU) 2021/914) plus the technical and organisational measures in the Confidentiality Charter and Transfer Impact Assessments.
  • EU Whistleblower Directive (Directive (EU) 2019/1937): Customers using the Service for whistleblower-relevant roles are responsible for compliance.
  • Consumer protection: for natural-person consumer Customers, mandatory consumer protection law in the country of habitual residence applies and modifies warranty / liability terms as required.

21.3 EU Member States — specific provisions

  • France: CNIL as supervisory authority. Loi Informatique et Libertés applies in addition to the GDPR. Toubon Law requires consumer-facing documents in French. Customers subject to Comité Social et Économique consultation must consult the works council before introducing AI-driven recruitment tools.
  • Germany: BfDI for federal matters, Land authorities for state matters. BDSG Section 26 (employee data protection) applies. Betriebsverfassungsgesetz gives the Betriebsrat co-determination rights over technical devices that monitor employee performance, including AI-driven recruitment tools. German-language Candidate-facing materials are made available.
  • Spain: AEPD as supervisory authority. LOPDGDD applies. Rider Law’s algorithmic transparency obligations extended to broader employment contexts. Catalan, Basque, and Galician at Customer request.
  • Belgium: APD/GBA as supervisory authority. Materials in Dutch, French, or German depending on region.
  • Netherlands: Autoriteit Persoonsgegevens (AP) as supervisory authority. Uitvoeringswet AVG applies.
  • Sweden: IMY as supervisory authority. Co-Determination Act (Medbestämmandelagen) gives unions consultation rights on AI-driven recruitment changes.

21.4 United States (general)

  • Governing law: for US Customers, default forum is the State of New York and federal courts located therein, with non-exclusive personal jurisdiction. Parties waive jury trial. Different forum may be agreed in writing.
  • Federal law: TCPA (47 U.S.C. § 227), CAN-SPAM Act, Title VII, ADA, ADEA, GINA, EEOC guidance, COPPA where applicable.
  • EEOC and AI hiring: Customers must validate selection criteria against the Uniform Guidelines on Employee Selection Procedures (29 CFR Part 1607), provide reasonable accommodations including alternative formats for AI screening on request, and periodically review outcomes for adverse impact.
  • State privacy laws: nineteen US states have enacted comprehensive privacy laws as of the date of these Terms. Where a Candidate or User is a resident of a state with applicable privacy law not specifically addressed below, the rights and obligations under that law apply.
  • No sale or share: Zyverno does not sell or share personal information for cross-context behavioural advertising. Opt-out mechanisms required by applicable law are still provided.
  • Sensitive personal information: heightened protections under several state laws are honoured per Section 21.5 below.

21.5 California

  • CCPA / CPRA rights: right to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, non-discrimination, and access information about automated decision-making.
  • Notice at collection in accordance with section 1798.100 of the California Civil Code.
  • Sensitive personal information under section 1798.140(ae): processed only to provide the Service; not used for inferring characteristics about the Candidate.
  • ADMT regulations: Lina AI is identified as ADMT for the purposes of CPPA regulations on automated decision-making technology where applicable.
  • FEHA and CRD: Customer responsibility; Zyverno’s Service supports compliance through bias monitoring, audit logs, and human-review controls.
  • Global Privacy Control: Zyverno honours GPC signals from California residents’ browsers as a valid opt-out request (Cal. Code Regs. tit. 11, § 7026).
  • Exercising rights: privacy@zyverno.app. Authorised agent requests accepted with appropriate written authorisation. Response within 45 days, with one 45-day extension where reasonably necessary.

21.6 New York City — Local Law 144

  • Lina AI is an Automated Employment Decision Tool (AEDT) under NYC Administrative Code § 20-870 et seq. when used by a Customer for hiring in NYC.
  • Bias audit: annual bias audit by an independent auditor in accordance with the Department of Consumer and Worker Protection rules (35 RCNY § 5-300 et seq.). A public summary is available on request including selection rates, impact ratios, and the auditor’s identity.
  • Candidate notice: the Customer must notify the Candidate at least 10 business days before use of the AEDT, make available the job qualifications used, and the data sources / retention. Zyverno provides a Candidate notice template.
  • Alternative process: the Customer must provide an alternative selection process or accommodation upon request.

21.7 Illinois

  • AI Video Interview Act (820 ILCS 42): the Customer must (i) notify the Candidate that AI may be used to analyse the video interview, (ii) provide information about how the AI works and the characteristics it uses, (iii) obtain consent, (iv) delete video interviews within 30 days of Candidate request, and (v) not share video interviews beyond persons whose expertise/technology is necessary.
  • BIPA (740 ILCS 14): where Lina AI’s voice processing constitutes the collection of voiceprints, the Customer must obtain BIPA-compliant written informed consent. Zyverno provides a BIPA-compliant consent template; the Customer must integrate it into the application flow.

21.8 Colorado

  • Colorado AI Act (SB 24-205, in force February 2026): Lina AI is a high-risk AI system under the Colorado AI Act.
  • Developer obligations (Zyverno): reasonable care to protect Colorado consumers from algorithmic discrimination; provide deployers with documentation for impact assessments; publish a public statement summarising high-risk systems; notify the Colorado Attorney General within 90 days of discovering causation/likelihood of algorithmic discrimination.
  • Deployer obligations (Customer): risk management policy; impact assessments for each high-risk system; consumer notification when a high-risk AI system is used to make a consequential decision; right of correction and appeal.
  • Colorado Privacy Act: profiling opt-out for legal/significant effects. Where exercised, the Customer must provide an alternative selection process.

21.9 Other US states

  • Texas (TDPSA): rights of access, correction, deletion, portability, opt-out of sale or targeted advertising; opt-in for sensitive data. Texas Capture or Use of Biometric Identifier Act applies to biometric processing.
  • Virginia, Connecticut, Utah, Oregon, Tennessee, Indiana, Iowa, Montana, Delaware, New Jersey, New Hampshire, Kentucky, Rhode Island, Minnesota, Maryland: comprehensive privacy laws with broadly similar rights structures. Zyverno responds to data subject requests in accordance with each state’s timing and verification requirements.
  • Maryland Online Data Privacy Act (in force October 2025): stricter data minimisation, opt-in consent for sensitive data.
  • Maryland HB 1202: restricts facial recognition in pre-employment interviews unless Candidate consents.

21.10 Canada (federal)

  • Governing law: Ontario law; non-exclusive jurisdiction of Ontario courts. Quebec Customers are governed by Section 21.11.
  • PIPEDA: ten fair information principles apply. Provincial laws (Quebec, Alberta PIPA, BC PIPA) may apply in lieu where substantially similar.
  • CASL: express consent required before sending most commercial electronic messages. Zyverno provides unsubscribe handling and delivery logging; Customer is responsible for consents.
  • AIDA (proposed): Zyverno will adapt its compliance posture if and when AIDA becomes law.
  • Supervisory authority: Office of the Privacy Commissioner of Canada (OPC), www.priv.gc.ca; toll-free 1-800-282-1376.
  • Bilingualism: French-language Candidate-facing materials provided where the Customer’s operations involve federally regulated workplaces or operations in Quebec.

21.11 Quebec

  • Quebec Law 25 (Act respecting the protection of personal information in the private sector, as modernised) applies.
  • Article 12.1 — automated decisions: where a Quebec resident is the subject of a decision based exclusively on automated processing, the controller must inform the person of the use, the personal information used, the principal factors and parameters, the right to correction, and provide an opportunity to submit observations to a member of the personnel who can review the decision. Lina AI does not produce decisions exclusively automated; the platform requires human review. Where a Customer triggers Article 12.1, the Customer is responsible for serving the notice. Zyverno provides a French/English template.
  • Privacy Impact Assessment (Art. 3.3): required for any project of acquisition, development, or redesign of an information system involving personal information. Zyverno provides a template.
  • Article 17 cross-border transfer: Zyverno maintains a documented assessment for transfers of Quebec residents’ personal information outside Quebec, including to AI Sub-Processors in the US.
  • Charter of the French Language (Bill 96): Customer-facing and Candidate-facing materials, including the Article 12.1 notice template, the Candidate transparency notice, and Lina AI voice/chat are made available in French. The French version prevails for Quebec residents.
  • Supervisory authority: Commission d’accès à l’information du Québec (CAI), www.cai.gouv.qc.ca.

21.12 Australia

  • Governing law: New South Wales; non-exclusive jurisdiction of NSW courts.
  • Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) Schedule 1 apply. Where Zyverno is an APP entity, Zyverno complies with the APPs in respect of personal information it controls.
  • APP focus areas: APP 1 (open management), APP 3 (collection), APP 5 (notification), APP 6 (use/disclosure), APP 8 (cross-border disclosure), APP 11 (security), APP 12 (access), APP 13 (correction).
  • Sensitive information: processed in accordance with section 5.4 of the Confidentiality Charter and APP 3.3.
  • Cross-border disclosure (APP 8): reasonable steps to ensure overseas recipients do not breach APPs.
  • Notifiable Data Breaches scheme (Part IIIC): eligible breaches notified to the OAIC and affected individuals as required.
  • Spam Act 2003: Customer responsible for consents. Zyverno provides unsubscribe handling.
  • Anti-discrimination: Sex Discrimination Act 1984, Racial Discrimination Act 1975, Age Discrimination Act 2004, Disability Discrimination Act 1992, and state equivalents.
  • Supervisory authority: Office of the Australian Information Commissioner (OAIC), GPO Box 5288, Sydney NSW 2001; www.oaic.gov.au; 1300 363 992.

21.13 Gulf states (general)

  • Governing law alternatives: DIFC Courts, ADGM Courts, DIFC-LCIA Arbitration, ICC Arbitration, or national courts where required by mandatory local law — agreed on a per-deal basis.
  • Sharia-influenced interpretation: liability caps, liquidated damages, force majeure, and good faith obligations may be subject to judicial discretion in Gulf jurisdictions.
  • Nationality-based screening: UAE (Emiratisation), Oman (Omanisation), Bahrain, Qatar, Kuwait quotas. The platform supports configuration to enable nationality-based filtering where required by law; the Customer is responsible for ensuring such filtering is strictly within the relevant national quota scheme.
  • Arabic-language materials: Customer-facing and Candidate-facing materials made available in Arabic for Gulf operations.

21.14 United Arab Emirates

  • Three concurrent regimes: federal PDPL (Federal Decree-Law No. 45 of 2021), DIFC Data Protection Law (DIFC Law No. 5 of 2020), ADGM Data Protection Regulations 2021. The applicable regime depends on the Customer’s establishment.
  • Cross-border transfers require adequacy determination, contractual safeguards, or limited exceptions.
  • Emiratisation: nationality-filtering configuration available.
  • Supervisory authorities: UAE Data Office (federal), DIFC Commissioner of Data Protection, ADGM Office of Data Protection.

21.15 Other Gulf states — Qatar, Bahrain, Kuwait, Oman

  • Qatar: PDPL Law No. 13 of 2016. Cross-border transfers require adequate protection or safeguards. Qatarisation framework. Supervisory authority: Compliance and Data Protection Department, Ministry of Communications and Information Technology.
  • Bahrain: PDPL Law No. 30 of 2018, GDPR-influenced. Supervisory authority: Personal Data Protection Authority.
  • Kuwait: no comprehensive data protection law; sectoral rules apply (telecommunications, banking, health). Counsel review required for Kuwaiti deployments.
  • Oman: PDPL Royal Decree 6/2022. Supervisory authority: Ministry of Transport, Communications and Information Technology.

21.16 Other major markets

  • Switzerland: revFADP (in force September 2023), GDPR-aligned. Adequacy with EU. Supervisory authority: FDPIC. German, French, and Italian materials per canton.
  • Norway, Iceland, Liechtenstein: EEA members; GDPR via EEA Agreement. National authorities: Datatilsynet, Persónuvernd, Datenschutzstelle.
  • Singapore: PDPA (2012, amended 2020). Cross-border transfers require comparable protection or consent. Supervisory authority: PDPC.
  • Japan: APPI. Mutual adequacy with EU; transfers unrestricted. Supervisory authority: PPC.
  • South Korea: PIPA — among the strictest globally. Cross-border transfers subject to specific consent and notice. Supervisory authority: PIPC.
  • Brazil: LGPD, GDPR-aligned. Supervisory authority: ANPD. Portuguese-language materials required.
  • Mexico: Federal Law on the Protection of Personal Data Held by Private Parties. Supervisory authority: INAI.
  • South Africa: POPIA. Supervisory authority: Information Regulator.
  • India: Digital Personal Data Protection Act 2023 (in force progressively). Supervisory authority: Data Protection Board of India.
  • Other markets: Zyverno applies the principles of the most analogous law and complies with applicable local law as it becomes known. Customers operating in markets not specifically addressed should notify Zyverno before deployment.