Privacy Policy

Last updated 5/25/2018

Welcome to Koru, Inc.’s (“Koru” / “we” / ”our”/ “us”) Privacy Policy (“Policy”). We’re so glad you’re here and we take your privacy very seriously. In the many words below, we’ll inform you about how we collect, use, share, and protect the information obtained by the  website (the “Site”) as well as from our former, current and prospective clients and other individuals that use our products and services or communicate with us. Please understand that this Policy only applies to us but not to any third-party websites that may process your personal information or other data. In this Policy, “Personal Information” means any information that identifies or could be used to identify an individual person.

If you are an EU resident, Koru processes your Personal Information in accordance with the EU data protection legislation, including national or international legislation implementing the EU General Data Protection Regulation (“GDPR”).



Koru provides predictive hiring services on behalf of our business customers (“Clients”) to assess the fitness of a job applicant, and to facilitate the Client’s hiring process (the “Services”). We may process Personal Information in order to provide our Services (the “Client Data”) to clients. Koru will only process Client Data on behalf of and under the instructions of our Clients, as set out in our client agreements, or where otherwise required by applicable laws.  In these cases, our Clients are the data controllers of their respective Client Data, and we are the data processor for such data. We process Client Data in order to identify job-relevant strengths and competencies, fit between job applicants and job opportunities, and potential areas of learning and development. Subject to our client agreements, we may use aggregate data and anonymized information in order to improve our Services and for research, analytics and other purposes, provided such information does not identify a particular individual.



We may collect Personal Information directly from you or third parties, and automatically through the use of our Site. You do not have to provide us with your personal information to access much of our Site. However, if you choose not to disclose certain information, you may be unable to access certain options, offers, and services that require our interaction with you.

Information collected directly. We may collect personal information about you directly from you or from your company.   For example, when you fill out a ‘Contact Us’ form, register for an account, signup for our mailing lists, register for events we host or sponsor, post comments on our Sites, or otherwise provide us information through the Sites.

  • name, company name, and title/position
  • payment and billing information
  • email address, phone number, mailing address and contact details
  • job title, other company information (such as country and industry sector)
  • employment, leadership, and educational experience
  • preferences and interests
  • business affiliations
  • customer (and authorized user) account information (to access various parts of the Services, and to create events and webinars) – name, email address, telephone number, company name, and other information necessary to confirm that you are an authorized user of a client (where relevant)
  • other information related to your request or inquiry

Automatically-collected information. We use cookies, log files, pixel tags, local storage objects, and other tracking technologies to automatically collect information when users access or use the Services or visit our Site, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider (“ISP”), referring/exit URLs, operating system, language, clickstream data, and other information about the links clicked, features used, size of files uploaded, streamed or deleted, and similar device and usage information.  For more information, see the “Cookies and similar devices” section below.

Information from Third Parties.  We may collect name, company, position applied for, education history, employment history, contact details and other details from third parties, such as our clients, in order to provide the Services.  Subject to applicable law and where clients have instructed us to, we may also obtain such information from public sources and social networking platforms. As noted above, however, this information is Client Data, for which we are a processor.



We use your information, including your personal information, primarily to provide our services to you and to communicate with you (including for marketing purposes). In particular, we may use your information as follows:

  • Providing Support and Services: to provide and operate our Site and services, communicate with you about your use of the Site and our services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.
  • Responding to Your Requests: for the purpose for which you provided the information to us, such as to respond to your inquiries and to provide information in response to your request.
  • Analytics and Improvement: To better understand how users access and use our services, both on an aggregated and individualized basis, to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes.
  • Personalization: to tailor the content and information that we may send or display to you, to offer location customization (where permitted by applicable law), and to otherwise personalize your experiences while using our website.
  • Marketing and Promotional Purposes: for example, where permitted by law, we may use your information, such as your email address, phone number, or mailing address to contact you about services or information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages or calls, we will only contact you for direct marketing if you have opted-in.
  • Advertising: to advertise our services on third party sites and social media services.
  • Protect Our Legal Rights and Prevent Misuse: to protect our customers, employees or property — for instance, to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this policy and our applicable terms of service and agreements.
  • Comply with Legal Obligations: To comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
  • General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping and legal functions.
  • Koru Job Rematching: Users outside of the EEA may have the opportunity to choose to participate in the Koru job rematching program, to receive notifications and suggestions about other open positions for which they are a good match, and to have us share information with the employers for those positions; we only do this if and individual has consented to participate.

We also create and use anonymous and de-identified information to assess, improve and develop our business, products and services, and for similar research and analytics purposes.  This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.


Purpose of Processing (see above)Legal Bases of Processing (EU Users)*
Providing Support and Services

Responding to Your Requests

·      Necessary to Enter into or Perform a Contract with You (upon your request, or as necessary to make the Services available)

·      Our Legitimate Business Interests*

Analytics and Improvement·      Our Legitimate Business Interests**

·      Establish, defend or protect our legal interests

Personalization·      Our Legitimate Business Interests**
Marketing & Promotional Purposes


·      Our Legitimate Business Interests**

·      With Your Consent

Protect Our Rights and Prevent Misuse

Comply with Legal Obligation

·      Compliance with law

·      Establish, defend or protect our legal interests

General Business Operations·      Our Legitimate Business Interests**

·      Establish, defend or protect our legal interests

·      Compliance with law


*For the personal data from the EU that we process, this column describes the relevant legal bases for such processing under GDPR (and local implementing laws of EU member states); this does not limit or modify the obligations, rights and requirements under the privacy laws of non-EU jurisdictions.

** For the personal data from the EU, the processing is in our legitimate interests, which are not overridden by your interests and fundamental rights.  Our legitimate interests include assessing and improving our products and services, understanding our clients’ needs and interests so that we can make our services more useful to clients, providing clients with news, information and marketing materials that are more relevant, providing training opportunities for employees, improving how we analyze and assess the success of client campaigns, developing trend and benchmark reports, and similar purposes.

Users in some jurisdictions outside the EU may be able to opt-in to the Koru job re-matching network. This service provides users the opportunity to be connected to additional employers with whom they are a good job match.



We do not sell your personal information to third parties.  In general, we disclose the personal information we collect as follows:

  • Affiliates.We may disclose the information we collect from you to our affiliates (companies related by common ownership or control), whose handling of your personal information is subject to this Policy.
  • Service Providers.We may disclose the information we collect from you to third party service providers who perform functions on our behalf. Third party service providers will only process your personal data in accordance with our instructions and will implement adequate security measures to protect your personal data.
  • Enterprise users. If you use access or communicated with us about our Services on behalf of your company (our client), we may share personal information about your access, and your communications or requests, with the relevant enterprise client. We also share all Client Data with the relevant client on whose behalf we have collected it.
  • In Response to Legal Process.We may disclose the information we collect from you in order to comply with the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena.
  • To Protect Us and Others.We may disclose the information we collect from you where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this policy, to respond to claims asserted against us or, or as evidence in litigation in which we are involved.
  • Business Transfers.We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.

We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.



We also collect information automatically by using cookies, pixel tags, log files, and similar tracking technologies when you visit our Site. Read more about that in 3, 2, 1 …

When you visit our Site, we and our third-party service providers use cookies, pixels, java script, and other tracking mechanisms to track information about your use of our Site and Services. For more detailed information about the use of cookies on our Site and how you can manage your cookie preferences, you can review our Cookie Policy.

Cookies.  Cookies are identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes and make it easier for us to provide a better experience for you when using the Site during future visits. Some cookies allow us to make it easier for you to navigate our Site, while others are used to enable a faster log-in process or to allow us to track your activities while using our Site.  Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them.  For more information please visit our Cookie Policy.

Clear GIFs, pixel tagsClear GIFs are tiny graphics with a unique identifier, similar in function to cookies but are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities users of our Services, help us manage content, and compile statistics about usage of our Services. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Log FilesMost browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. Such information is gathered automatically and stored in log files.

Do-Not-Track SignalsOur Site does not respond to so-called ‘do-not-track’ signals. For more information about do-not-track signals, please click here. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and set out in our Cookie Policy.

Third-Party Analytics.  We use automated tools, such as Google Analytics and GA Audiences (more info here) to evaluate use of our Services. We use these tools to gather non-personal data about users to help us improve our Services and user experiences. These analytics providers may use cookies and other technologies to perform their services, and may combine the information they collect about you on our Sites with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.



Koru works with different third party ad networks, analytics companies, measurement services and. We and these third party ad companies may use automatic web-tracking tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content.

For more information on these third parties that we work with, and how you can opt-out of ads from them please visit our Cookie Policy.  For more information about third party ad networks and to opt-out of interest based ads from many ad networks please click:






We may send you promotional emails from time to time, but we will obtain your consent where required by law to do so. If you wish, you may opt-out of such communications by following the opt-out instructions contained in the respective email.  If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or Services you have requested or received from us.



Koru is headquartered in the United States, and has operations, entities and service providers in the United States and other jurisdictions. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions (including the United States, Ireland and Costa Rica) that may not provide adequate levels of data protection as your home country. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements, by putting in place Standard Contractual Clauses as approved by the European Commission. You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact us” section below.



Access, Amend and Correct. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information.  If you are a registered member of the Site, you may review and update most of your Personal Information by clicking the “Update My Profile” icon on your membership page. You may also send your request to  We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.

Direct Marketing.  You can let us know if you do not want us to send you information by clicking the unsubscribe link at the bottom of the email; you may also let us know about your communication preferences (email, phone, and postal mail), by shooting an email to Please identify all the email addresses, postal address information, and phone numbers that you would like to unsubscribe.

Third-Party-SharingIf you have opted in to Koru job re-matching network, and you no longer want us to share your personal information with potential employers, you can let us know if you do not want us to share your personal information with other companies by either emailing

Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information.  You also have the right to raise a complaint with the privacy regulator in your jurisdiction.

Users in the European Economic Area.

Individuals in the EEA have the below rights with respect to their personal information.

  • Access. You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
  • Correction. You can ask us to rectify inaccurate Information. We may seek to verify the accuracy of the data before rectifying it.
  • Erasure. You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
  • Restriction. You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
  • Right to object. You can ask us to stop processing your personal information, and we will do so (i)  to the extent that we are relying on our legitimate interests to use your personal information, you have the right to object to such use, unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims, and (ii) where we are processing your personal information for direct marketing purposes.
  • Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
  • Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data that is based upon a consent, which you have previously provided.

Please contact us as set out in the “Contact Us” section below to exercise one of these rights.  If we receive any requests from an individuals related to the Client Data, we will forward the request to the relevant clients.



The security of your Personal Information is very important to us. We employ security measures to protect your information both online and offline from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage. Unfortunately, the Internet is the Internet, and you acknowledge that we cannot guarantee the complete security of the information you provide us.



We will retain your Personal Information as long as necessary for purposes for which the personal data was collected by us, as explained in this Policy or as required to comply with legal obligations or resolve claims and disputes. In general, we will retain relevant Personal Information of clients and Site visitors for at least three years from the date of our last interaction with you and in compliance with our obligations under applicable laws.  Our clients instruct us on how long to retain Client Data, which we handle as a data processor.  We may retain personal data for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.



We do not knowingly collect or solicit Personal Information from anyone under the age of sixteen (16) or knowingly allow such persons to register. If we become aware that we have collected Personal Information from a child under the relevant age without parental consent, we will take steps to delete that information.



Koru may update this Privacy Policy from time to time. Any changes to this Privacy Policy in the future will be posted to our Site. If the changes will materially affect the way we use or disclose your personal information, we will endeavor to notify you in advance of the change, such as by sending a notice to the primary email address associated with your account or by posting a notice on our Site. We encourage you to review periodically this Policy for the latest information on our privacy practices.



California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to



Have a comment or question about our Privacy Policy or want to exercise your rights? How about a query? We can be best reached by email at:

Or by mail at: 200 1st Avenue W, Suite 240, Seattle, WA 98119