Legal & compliance at Airwork
Legal & compliance at Airwork
Legal & compliance at Airwork
Your privacy matters to us at Airwork AI. To make our policies easy to understand and access, we’ve organized our documentation into the sections below.
Terms of services
Privacy policy
Refund policy
GDPR compliance
Data deletion policy
Airwork GDPR Compliance Statement
Last updated: May 1, 2026
Our compliance posture
We follow GDPR principles and are working toward full certification. We are not currently GDPR certified. Our current company size does not yet support formal certification. This page describes how we apply GDPR principles today and what mechanisms we have in place.
For full detail on data collection, use, sharing, and retention, see our Privacy Policy at airwork.ai/privacy.
Who this applies to
This statement applies to personal data we process about users in the European Economic Area, the United Kingdom, and Switzerland. References to GDPR include the EU General Data Protection Regulation (EU) 2016/679 and the UK General Data Protection Regulation as it forms part of UK law.
Data controller
The data controller for personal data processed through airwork.ai is:
Remotely Technologies Inc. 600 North Broad Street, Suite 5 Middletown, DE 19709, USA
Data Protection Officer
Our Data Protection Officer is Sayem Faruk, CEO. You can reach the DPO at privacy@airwork.ai.
How candidate and client data are governed
Candidate profiles are part of the Airwork talent network. We are the controller for candidate profile data. Profiles do not transfer to client accounts when candidates apply to jobs. Candidates exercise their GDPR rights directly with Airwork.
Client data (company information, job posts, pipeline notes, billing, custom assessments) is controlled by the client. Clients can request deletion at any time.
The full description of this two-layer model is in the Privacy Policy.
Legal bases for processing
We process personal data only when one of the following GDPR legal bases applies.
Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect processing carried out before withdrawal.
Your rights under GDPR
If you are in the EEA, UK, or Switzerland, you have the following rights:
Right of access. Request a copy of the personal data we hold about you.
Right to rectification. Ask us to correct data that is inaccurate or incomplete.
Right to erasure. Ask us to delete your data, subject to legal exceptions.
Right to restrict processing. Ask us to pause processing while a dispute is resolved.
Right to data portability. Receive your data in a structured, machine-readable format, or have it transmitted to another controller where technically feasible.
Right to object. Object to processing based on legitimate interest, including direct marketing.
Right to withdraw consent. Withdraw consent at any time where processing is based on consent.
Right to lodge a complaint. File a complaint with your local data protection authority.
How to exercise your rights
Most rights can be exercised directly through your account settings. You can update your profile, export your data, or delete your account from there.
If you cannot complete a request through the account, email support@airwork.ai. We will respond within 30 days. If we need more time or cannot fulfil the request, we will tell you why.
We may ask you to verify your identity before we act on a request, to protect your data from unauthorised access.
International data transfers
Airwork is a US company. Our production infrastructure runs on AWS in Singapore. Our core team is based in Bangladesh. Personal data of users in the EEA and UK is transferred outside those regions.
We rely on Standard Contractual Clauses approved by the European Commission as the transfer mechanism for these flows. We supplement SCCs with technical and organisational measures including encryption in transit using TLS 1.2 or higher, encryption at rest using AES-256, role-based access controls, and confidentiality obligations on every employee and contractor who can access personal data.
Sub-processors
We work with sub-processors to deliver the services. Each sub-processor is bound by a written agreement to protect personal data and use it only for the purposes we instruct. The full list, including provider names, purposes, and regions, is published in the Privacy Policy at airwork.ai/privacy and updated when sub-processors change.
Data retention
We keep personal data only for as long as we need it. Specific retention periods by data category are listed in the Privacy Policy. Some data is retained longer where law, contract enforcement, or defence of legal claims requires it.
Security
We protect personal data with administrative, technical, and physical safeguards. Data is encrypted in transit and at rest. Access to production data is restricted to authorised personnel and logged. Our cloud infrastructure provider, AWS, holds independent security certifications including SOC 2 and ISO 27001.
We are not currently certified under SOC 2, ISO 27001, HIPAA, or PIPEDA.
Breach notification
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, in line with GDPR Article 33. We will notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Children
The services are intended for users aged 16 and older. We do not knowingly collect personal data from anyone under 16.
Cookies
We use cookies and similar technologies on airwork.ai. EEA and UK users see a cookie banner that allows granular consent for analytics and marketing categories. Strictly necessary cookies are used without consent because they are required to operate the site. Detail on categories and durations is in the Privacy Policy.
Data Processing Agreement
We make a Data Processing Agreement available to enterprise clients on request. Contact support@airwork.ai to begin the process.
Changes to this statement
We may update this statement from time to time. The Last updated date at the top reflects the current version. Material changes are communicated to active users by email or in-product notification at least 14 days before they take effect.
Contact
For GDPR questions, requests, or complaints:
Email: support@airwork.ai
Postal address: Remotely Technologies Inc., 600 North Broad Street, Suite 5, Middletown, DE 19709, USA
If you are in the EEA or UK and you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Purpose
Legal basis
Operating accounts, providing the services, processing applications
Performance of a contract
Sending transactional notifications
Performance of a contract
Sending marketing communications you can opt out of
Legitimate interest, or consent where required
Personalising candidate matching and search results
Legitimate interest
Detecting fraud, abuse, and security threats
Legitimate interest, legal obligation
Complying with tax, accounting, and other laws
Legal obligation
AI features (Aria search and matching)
Legitimate interest, or consent where required
Use of name, logo, photo for promotion and job circulation
Consent, withdrawable at any time
Terms of services
Privacy policy
Refund policy
GDPR compliance
Data deletion policy
Airwork GDPR Compliance Statement
Last updated: May 1, 2026
Our compliance posture
We follow GDPR principles and are working toward full certification. We are not currently GDPR certified. Our current company size does not yet support formal certification. This page describes how we apply GDPR principles today and what mechanisms we have in place.
For full detail on data collection, use, sharing, and retention, see our Privacy Policy at airwork.ai/privacy.
Who this applies to
This statement applies to personal data we process about users in the European Economic Area, the United Kingdom, and Switzerland. References to GDPR include the EU General Data Protection Regulation (EU) 2016/679 and the UK General Data Protection Regulation as it forms part of UK law.
Data controller
The data controller for personal data processed through airwork.ai is:
Remotely Technologies Inc. 600 North Broad Street, Suite 5 Middletown, DE 19709, USA
Data Protection Officer
Our Data Protection Officer is Sayem Faruk, CEO. You can reach the DPO at privacy@airwork.ai.
How candidate and client data are governed
Candidate profiles are part of the Airwork talent network. We are the controller for candidate profile data. Profiles do not transfer to client accounts when candidates apply to jobs. Candidates exercise their GDPR rights directly with Airwork.
Client data (company information, job posts, pipeline notes, billing, custom assessments) is controlled by the client. Clients can request deletion at any time.
The full description of this two-layer model is in the Privacy Policy.
Legal bases for processing
We process personal data only when one of the following GDPR legal bases applies.
Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect processing carried out before withdrawal.
Your rights under GDPR
If you are in the EEA, UK, or Switzerland, you have the following rights:
Right of access. Request a copy of the personal data we hold about you.
Right to rectification. Ask us to correct data that is inaccurate or incomplete.
Right to erasure. Ask us to delete your data, subject to legal exceptions.
Right to restrict processing. Ask us to pause processing while a dispute is resolved.
Right to data portability. Receive your data in a structured, machine-readable format, or have it transmitted to another controller where technically feasible.
Right to object. Object to processing based on legitimate interest, including direct marketing.
Right to withdraw consent. Withdraw consent at any time where processing is based on consent.
Right to lodge a complaint. File a complaint with your local data protection authority.
How to exercise your rights
Most rights can be exercised directly through your account settings. You can update your profile, export your data, or delete your account from there.
If you cannot complete a request through the account, email support@airwork.ai. We will respond within 30 days. If we need more time or cannot fulfil the request, we will tell you why.
We may ask you to verify your identity before we act on a request, to protect your data from unauthorised access.
International data transfers
Airwork is a US company. Our production infrastructure runs on AWS in Singapore. Our core team is based in Bangladesh. Personal data of users in the EEA and UK is transferred outside those regions.
We rely on Standard Contractual Clauses approved by the European Commission as the transfer mechanism for these flows. We supplement SCCs with technical and organisational measures including encryption in transit using TLS 1.2 or higher, encryption at rest using AES-256, role-based access controls, and confidentiality obligations on every employee and contractor who can access personal data.
Sub-processors
We work with sub-processors to deliver the services. Each sub-processor is bound by a written agreement to protect personal data and use it only for the purposes we instruct. The full list, including provider names, purposes, and regions, is published in the Privacy Policy at airwork.ai/privacy and updated when sub-processors change.
Data retention
We keep personal data only for as long as we need it. Specific retention periods by data category are listed in the Privacy Policy. Some data is retained longer where law, contract enforcement, or defence of legal claims requires it.
Security
We protect personal data with administrative, technical, and physical safeguards. Data is encrypted in transit and at rest. Access to production data is restricted to authorised personnel and logged. Our cloud infrastructure provider, AWS, holds independent security certifications including SOC 2 and ISO 27001.
We are not currently certified under SOC 2, ISO 27001, HIPAA, or PIPEDA.
Breach notification
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, in line with GDPR Article 33. We will notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Children
The services are intended for users aged 16 and older. We do not knowingly collect personal data from anyone under 16.
Cookies
We use cookies and similar technologies on airwork.ai. EEA and UK users see a cookie banner that allows granular consent for analytics and marketing categories. Strictly necessary cookies are used without consent because they are required to operate the site. Detail on categories and durations is in the Privacy Policy.
Data Processing Agreement
We make a Data Processing Agreement available to enterprise clients on request. Contact support@airwork.ai to begin the process.
Changes to this statement
We may update this statement from time to time. The Last updated date at the top reflects the current version. Material changes are communicated to active users by email or in-product notification at least 14 days before they take effect.
Contact
For GDPR questions, requests, or complaints:
Email: support@airwork.ai
Postal address: Remotely Technologies Inc., 600 North Broad Street, Suite 5, Middletown, DE 19709, USA
If you are in the EEA or UK and you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.