LEGAL
Privacy Policy
Last updated July 3, 2026
Handshake is the career network for the AI economy, connecting job seekers, schools, employers, researchers and leading AI labs to make finding work and careers easier and more successful—from first internships to full-time roles, freelance work to gig work, and beyond. In our AI work, we connect talent and opportunity with organizations to help shape the AI industry through high-quality trusted human intelligence.
This Privacy Policy (“Policy”), together with the Handshake AI Contractor Agreement and Terms of Service, describes the Personal Data that we collect, how we use and share it, and details on how you can reach us with privacy-related inquiries. The Policy also outlines your rights and choices as a data subject, including the right to object to certain uses of your Personal Data. Unless otherwise stated, defined terms used in this Privacy Policy have the meanings associated with them in our Terms of Service.
Defined Terms
In this Policy, “Handshake”, “we”, “our,” or “us” refers to Stryder Corp. d/b/a Handshake and its affiliates and subsidiaries. Depending on your jurisdiction and the ways in which you use the Services, the specific Handshake entity accountable for your Personal Data might vary. Please see the Contact Information section for more detail.
“Personal Data” refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and that we collect about you during your interaction with our Services.
“Services” refers to the products, services, and applications that we provide under our Master Services Agreement or our Terms of Service; websites (“Sites”) including without limitation, joinhandshake.com and joinhandshake.com/ai; tools, data, documentation, and other Handshake applications and online services.
Depending on the context, “you” might be a Student, Contractor, Educational Partner, Employer Partner, AI Lab, Research Study Operator, Data Partner or Visitor:
- Student. When you use Handshake to look for a job or internship, connect with employers, or receive career advice, we refer to you as a “Student.” As a Student, you may have a Handshake account (i) via the Educational Partner who created it for you, (ii) the Handshake account you claimed from your Educational Partner, or (iii) because you signed up for a Handshake account directly with us.
- Contractor. When you use Handshake as a contractor seeking to contribute to improve AI models, we refer to you as a “Contractor.”
- Educational Partner. When you use Handshake as a career center professional at an educational institution such as a college or university, we refer to you as an “Educational Partner.”
- Employer Partner. When you use Handshake representing an employer working with Handshake to find talent on behalf of your organization, we refer to you as an “Employer Partner.”
- AI Lab. When you use Handshake to help get connected with human data expertise, we refer to you as an “AI Lab”.
- Research Study Operator. When you use Handshake representing an organization that wishes to conduct research studies with the help of Contractors, we refer to you as a “Research Study Operator”.
- Data Partner. When you use Handshake to share your business information with Handshake to contribute to improve AI models, we refer to you as a “Data Partner”
- Visitor. When you visit one of our websites or interact with Handshake by visiting our platform (without being logged into your Handshake account), such as by viewing a public profile, sending us a support inquiry about our Services, or when your interaction with us does not qualify as you being a Handshake User, we refer to you as a “Visitor”.
Students and Contractors are jointly referred to as “Members”.
Educational Partners, Employer Partners, AI Labs, Research Study Operators and Data Partners are jointly referred to as “Organizations”. Members and Organizations together are the Handshake “Users” of the Handshake platform and its Services.
Personal Data We Collect
To fully access the Services some Users, such as Members, Educational Partners or Employer Partners, can create an account on Handshake.
Our collection of Personal Data when onboarding with us differs based on what kind of User you are, and the specific Service that you are using
- Student Personal Data.
- Information You Provide. When Students of Education Partners claim their pre-populated account (“Claimed Student Account”) by logging in for the first time, or when Students of non-partner institutions create an account we collect name, email, phone number, affiliated school, major, degree level and profile picture. Students also have the option to upload documents such as resumes and transcripts. Students can also provide information about their location and interests including industry, job type (full or part time) and job role.
- Information From Educational Partners. When Educational Partners sign up for Handshake, they send us certain Personal Data about their students so that Handshake may pre-populate accounts to provide the Services (“Pre-Claimed Student Account”). It is up to each Educational Partner to choose what information it shares, but this data may include the student’s first and last name, mailing address, email address, major, and/or GPA. Where the Family Educational Rights and Privacy Act (“FERPA”) applies to data shared by Educational Partners, it is processed in compliance with the statute. Learn more.
- Contractor Personal Data.
- When you create a Handshake account as a Contractor, we collect contact information such as first and last name, date of birth, phone number, and email address.
- To populate your Contractor profile, we will request information about (i) your domain expertise, including sub-domains, (ii) educational background such as the institution(s) that you attend or attended, and year of or expected year of graduation, (iii) teaching experience you may have, (iv) where you are based, (v) the languages you speak, and other similar information that can describe your domain expertise.
- As a participant in a research study conducted by the Research Study Operator, we will request information to determine your eligibility to participate in a research study. The eligibility criteria are set by the Research Study Operator. Handshake may process your demographic information, such as your name, contact details and other basic profile information to surface other research opportunities to you.
- As part of the Know-Your-Customer (“KYC”) onboarding experience, we may collect an image of your government-issued ID, a selfie, and a selfie liveness check via a third party service provider.
- As part of your onboarding as a Contractor or during your engagement with us, we may conduct additional background checks using third-party service providers to further verify your identity, credentials and eligibility to work on specific projects. Background checks may include identity verification, criminal records checks and other screening relevant to the nature of your interactions with the Handshake platform. We will provide you with appropriate notice and, where required by applicable law, obtain your written authorization before initiating any background check.
- You may be asked to participate in an AI interview to provide more information about your background or to assess your fit for a project. Typically, AI interviews are optional, but they may be required by Organizations or Handshake for some projects. By participating in an AI interview, you acknowledge that Handshake will store and process the content and recordings of any AI interview. If we use a third-party video and/or communications service provider to facilitate an AI interview, that service provider may not use your Personal Data or the content of the communications for any purpose other than to provide the service to us.
- When you are working on active projects for Organizations as a Contractor, we may monitor your session activity using third-party tools or features built into the Handshake platform. This may include capturing periodic screenshots, recording application and keyboard activity levels and tracking time spent on project tasks. This information is used solely to verify task completion, maintain platform integrity, detect and manage fraudulent activity, and to facilitate payments. We will inform you at the point of project onboarding if monitoring is in use for a project. Monitoring is limited to your activity during active work sessions on Handshake-related projects.
- To facilitate Contractor payments, we collect your date of birth, SSN or TIN, payment, tax, citizenship and proof of work authorization information via a third-party service provider.
- Educational Partners Personal Data. When career center professionals of Educational Partners create a Handshake account, we collect basic contact information, including first and last name, email address and telephone number.
- Employer Partner Personal Data. When representatives of Employer Partners create a Handshake account, we collect basic contact information, including first and last name, email address and telephone number.
Through your use of the Services, Handshake may process the following:
- Member Resume Data. When you upload or revise a resume on your profile or for a job application, we process the information you choose to include in your resume, such as name, contact information, education history, work experience, skills, and any other information you provide to describe your qualifications. We use this information to help you connect with Employer Partners, AI labs, career centers, and other opportunities available through the use of the Services. Your resume data may also be used to recommend relevant roles and to improve job-matching functionality. If you so choose, Handshake’s tools may assist you in improving your current resume or creating a new one. We may combine information from multiple resumes you have uploaded to build a more complete profile of your skills and experience, which we use to improve the accuracy of job matching and recommendations. Where your profile is set to public, this combined profile data may also be used to surface you as a candidate to Employer Partners posting relevant roles on the platform. Students with accounts set to 'private' are excluded from employer sourcing features. Resumes sometimes include information that may be considered sensitive Personal Data under applicable law. For example, organizational memberships, leadership roles, or activities that reflect aspects of your background or identity. The decision to include such information is yours. Where it appears in your resume, we will process it only to the extent necessary to deliver the relevant features and will not use it for any other purpose.
- Geolocation Data. We may collect or infer your approximate location (for example, from your IP address or device settings) to help protect the security and integrity of our platform and to enable your Rights and Choices. We may use geolocation data to detect and prevent fraudulent activity, ensure compliance with applicable laws and regional requirements, and maintain the overall safety and reliability of our Services. For additional information, please see our Cookie Policy and Help Center.
- Communication with you. When you reach out to us for support, request information from us, respond to forms or questionnaires, participate in surveys, provide feedback, or otherwise contact us, we collect communications that we exchange with you which may contain Personal Data. We may use third-party survey tools to conduct user research and to gather product feedback. When we actively recruit participants for specific research projects, we explain the purpose of the research, what data we collect and how it will be used. Participation in research activities is voluntary. We collect Personal Data you choose to include in employer reviews, even if the review is not published or made public. We process Personal Data when you participate in a video or audio meeting or call or webinar initiated through the Services or when you choose to communicate with other users by way of video, audio, or messaging during any video or audio conference or call.
- Content Contributions. We process Personal Data when Users provide information to be published or displayed through publicly accessible community features, including, but not limited to text, video, images, and audio posted to the feed or comments made using the commenting feature.
- Payment and Billing Data. The data needed to complete your orders in connection with the Services, although we do not have access to, or store, your payment information. Our payment processors will collect the information necessary to process your payments in accordance with their respective services agreements and privacy policies. Handshake claims no responsibility or liability for payment transactions.
- Marketing Data. Your preferences for receiving marketing communications and details about your engagement with such communications.
- Chatbot Data. If you engage with any virtual chatbots in connection with the Services, we will collect the information you provide during the chat, including transcripts of your conversation with the chatbot. We use this information to provide and improve the support experience and, where needed, to escalate your query. Chatbot conversations may sometimes include information that may be considered sensitive Personal Data under applicable law. The decision to share such information is yours. Where your conversation includes information that may be considered sensitive under applicable law, we will process it only as necessary to deliver the Services and will not use it for unrelated purposes. You can access our Help Center Support Chatbot Terms here.
- Information We Automatically Collect. If you choose to connect your account to a separate account associated with a third-party service, we may receive or be granted access to information from such third-party service, including Personal Data. You can generally control the information that we receive from third-party platforms using the privacy controls provided to you by such third-parties, or you may remove our access to that platform. To better understand how you interact with our Services, we and our third-party partners may use cookies, web beacons, pixels, tags, scripts, or other technologies to automatically collect certain information. For more information about how we use cookies, and to learn how to manage your cookie preferences, please visit our Cookie Policy.
- Information We Receive From Third Parties. We may collect or receive information about you from third-party data providers. This may include professional information such as job title, employer name and contact details that are publicly available or otherwise made accessible through those third-party sources.
- Job Applicants. For more information about how we collect job applicant data, please see our Applicant Privacy Notice here.
How We Use Your Personal Data
We may use information that we collect about you, including Personal Data, as described below.
- Communications. We use your information to communicate with you about the Services or other services you might be interested in, including by sending notifications, updates, alerts, announcements, or other messages, subject to your Account settings and communication preferences. You may opt out of receiving promotional communications at any time by clicking the unsubscribe link or updating your Account preferences. We may also send text messages (SMS) to Members and other Users who have provided a mobile phone number and, where required by applicable law, have given prior express written consent to receive such messages. You can opt out of marketing text messages at any time by replying STOP to any such message, or by updating your Account preferences.
- Providing and Improving the Services. We use your information to provide the Services, including, but not limited to: (1) allow Students to contact Employer Partners, and Employer Partners to contact Students, through the Services, including by way of messaging, audio and video conferencing, and webinars; (2) allow Students to make appointments with career center professionals or sign up for career fairs and other events; (3) enable Students to post reviews and other content about Employer Partners and employment experiences; (4) personalize the Services by, for example, improving profile accuracy and suggesting Employer Partners based on the information in a resume, or suggesting Students with public profiles to Employer Partners based on search criteria; and (5) determine your eligibility to participate in research studies based on the Research Study Operator’s parameters. We may, from time to time, use information to research new ways to improve the Services or to better understand how the Services are being used. This may include testing new features, diagnosing technical issues, or analyzing usage trends to enhance user experience. We may use de-identified or aggregated data in order to improve the Services.
- Compliance and Safety. We may use your Personal Data to promote the safety and security of the Services, our users, and other parties. This may include responding to law enforcement requests; protecting against fraud, abuse, or other illegal acts; complying with or enforcing our legal or contractual obligations; resolving disputes; and conducting audits.
- Marketing and Advertising. We may use Personal Data for marketing and advertising purposes, including showing relevant content or promotional offers within the Services or on third-party platforms. Where required under applicable law, we will only engage in such activities with your consent. This includes measuring the effectiveness of our marketing campaigns through conversion attribution, which may involve transmitting hashed identifiers derived from your information to advertising platforms such as LinkedIn and Meta via server-side data connections. You can manage your preferences for this use through our Privacy Center. Please see our Cookie Policy for more information.
- Fraud Detection. We may use your information to detect, investigate, and prevent fraudulent or suspicious activity within the Services, including attempts to gain unauthorized access, misuse of accounts, or other behavior that may violate our Terms of Service or applicable law.
- AI-Powered Features. We may use Personal Data in connection with some AI-powered features of the Services. These features help connect you with relevant opportunities by bringing your profile to the attention of Employer Partners who are hiring, adding to the ways you can be discovered while you always remain free to search and apply for opportunities yourself. They assist the Employer Partner who decides whom to contact, interview, or hire. Where your profile is set to public, you may be surfaced to Employer Partners as a potential applicant through these features. You may opt out of this type of processing at any time by setting your account visibility to private in your privacy settings.
- Security. We use Personal Data to maintain and strengthen the security and integrity of our systems and the Services. This includes monitoring activity, managing access controls, identifying vulnerabilities, and protecting against potential security incidents.
- Customer Support. We may use your information to provide customer support and respond to inquiries, requests, or complaints. This includes troubleshooting technical issues, verifying user identities, and ensuring users receive appropriate assistance.
- Data shared with us by Data Partners. In addition to the Personal Data we collect from Members, Organizations, and Visitors through our Services, Handshake acquires data from businesses and other organizations and makes data available to AI labs and similar partners to support the development, training, and evaluation of AI models and related data environments. Before this data is made available, we apply technical and operational processes intended to identify and remove or obscure information that may directly identify individuals.
- Other Uses. We may use your information to manage our business operations, maintain internal records, or perform other functions as described to you at the time of collection, subject to your consent where legally required.
How We May Share Personal Data We Collect
We may share Personal Data with Users and third parties in the following ways:
- Personal Data Sharing with Users.
- Educational Partners. If a Student account is associated with an Educational Partner, that Educational Partner will be able to access and view Personal Data uploaded by you even when your account is set to “private” status. Educational Partners are required to safeguard any Personal Data they receive. Learn More.
- Employer Partners. Student information is only shared with Employer Partners through the Services when the Student’s profile is public, or when the Student chooses to apply to a job, in which case we will share your profile information, resume and transcript with the Employer Partners you choose. Employer Partners are required to only use this data to provide employment opportunities and to safeguard any Personal Data they receive.
- AI Labs. We may share Personal Data with AI Labs to connect individuals with human data expertise projects and for platform and service integrity purposes. In some cases, we host the human data expertise projects on the Handshake platform; in other cases, AI Labs may host their own environments for the same purpose.
- Other Users. Personal Data is only shared with Users (other than as discussed above) where the individual’s profile is public or the individual uses our community features and social tools. Student profiles are public by default when the account is created. Public Student profiles are available to specific audiences to help Students grow their professional brand and network. Please note that when posting an employer review or other related content, you may choose to publish your name and profile alongside the content publicly, or you may choose to post the content without any directly identifying information (i.e. you may post “pseudonymously”). Even when posting pseudonymously, it may be possible to infer your identity from the content, and we share the identities of both public and pseudonymous content with Education Partners that you are associated with.
- Shareable Profile Link. In addition to having a public profile or using community features and social tools within the Handshake platform, Students may also make a version of their profile viewable to anyone with access to a unique profile link (“Profile Link”) created for them, including Visitors to the Handshake platform who do not have a Handshake account and/or are not logged in to the Services. You may preview the publicly available version of the profile that appears when the Profile Link is clicked, including the categories of Personal Data that will be visible, by opening the link in an incognito browser tab. When the shareable Profile Link feature is enabled, you may copy and share the Profile Link as desired. However, you should always remember that the information contained in the public version of your profile, including any Personal Data contained within the profile, will be visible to anyone with access to the Profile Link. The Profile Link can be reshared and Handshake cannot selectively restrict access to the Profile Link once it is shared. You can access your privacy settings at any time to opt-out of the shareable Profile Link feature and/or deactivate the Profile Link.
- Authorized Agents. If you are using the Services on behalf of an Employer Partner or Educational Partner, we may share information within your account with an authorized agent of your company or institution. If you are using the Services as a Contractor, we may share information within your Account with an authorized agent of any AI Labs, including any audio or visual interview and transcription thereof, and also an AI-powered analysis of such information.
- Company affiliates and subsidiaries. We may share Personal Data with our corporate affiliates and subsidiaries, if any, for purposes consistent with this Privacy Policy.
- Service providers. We sometimes contract with third parties to assist us with providing the Services and communicating with you. Examples include cloud service providers, IT services and data management, communications-related services, and other services for maintaining our systems, including AI model providers and large language model (LLM) services used to power AI-driven features of the platform. Before engaging with a third party service provider, we have a due diligence process. Our third party service providers are subject to contractual terms designed to cover the Personal Data processing operations with appropriate purpose limitation and in accordance with our commitment to our Users and applicable data protection laws. Our service provider list is available via the Handshake Trust Center.
- Advertising and Attribution Partners. We may share limited Personal Data, such as hashed email addresses or other hashed identifiers, with advertising platforms including LinkedIn and Meta for the purpose of measuring the effectiveness of our advertising campaigns (conversion attribution). This sharing occurs via server-side connections and does not involve placing cookies on your device. We do not share this data for the purpose of targeting you with ads on behalf of third parties. You may opt out of this sharing through our Privacy Center or by submitting a "Do Not Sell or Share" request under applicable law.
- Law enforcement. We may share Personal Data with relevant law enforcement bodies if we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request; to enforce applicable terms in this Privacy Policy or the Terms of Service; to protect the security or integrity of the Services, and/or to protect the rights, property, or safety of Handshake, its employees, Users, or others; to detect, prevent, or otherwise address security or technical issues, illegal, or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding. If we are going to release your information, we will do our best to provide you with notice in advance by email, unless we are restricted from doing so.
- Corporate Transactions. If we enter or intend to enter a transaction that modifies the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or part of our business, assets, or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity that buys us or part of our business will have the right to continue to use your Personal Data, subject to the terms of this Policy.
Data Security, Third Party Links and Retention
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical, and administrative measures designed to protect the Personal Data covered by this Policy from unauthorized access, destruction, loss, alteration, or misuse. Learn More.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. We encourage you to assist us in protecting your Personal Data. If you hold a Handshake account, you can do so by using a strong password, safeguarding your password against unauthorized use, and avoiding using identical login credentials you use for other services or accounts for your Handshake account. If you suspect that your interaction with us is no longer secure (for instance, you believe that your Handshake account's security has been compromised), please email security@joinhandshake.com immediately.
The Services may contain links to and from third-party websites and applications, and any access to and use of such linked websites and applications is not governed by this Privacy Policy. If you follow a link to any of these websites or applications, please note your access to and use of the same is governed by their own privacy policies, and we do not accept any responsibility or liability for those policies or the practices set forth in them. Please check their individual policies before you submit any information to those websites.
We retain Personal Data for as long as necessary to provide the Services, to perform our legitimate business purposes, or for other essential purposes such as complying with our legal obligations, maintaining records, resolving disputes, maintaining security and preventing harm, detecting and preventing fraud and abuse, and enforcing our agreements. We may continue to retain Personal Data after this period to comply with legal requirements, to monitor against fraud and other misuse, and to comply with compliance obligations. If we retain Personal Data, we do so in accordance with applicable law, and considering record retention obligations and limitations such as legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements, and industry standards.
International Data Transfers
Handshake is a global business, and as such, we sometimes need to transfer information across borders. We process data both inside and outside of the United States. Some countries may have data protection and privacy laws that are different from those in your country. Where required by applicable law, we rely on international data transfer mechanisms to transfer Personal Data across borders, which may include EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the UK Information Commissioner’s Office, and the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Please find our Data Privacy Framework Notice here.
Age Restrictions
Minors under 16 are not permitted to use our site as a Student, Employer Partner, or Educational Partner without express parental consent to both use the Services and be bound by our Terms of Service and this Policy. Minors under 18 are not permitted to use our Services as a Contractor.
Your Rights and Choices
Depending on your location and subject to applicable law, you may have choices regarding our collection, use, and disclosure of your Personal Data:
Opting out of receiving electronic communications from us.
If you wish to stop receiving marketing-related emails from us, you can opt-out by clicking the unsubscribe link included in such emails. We'll try to process your request(s) as quickly as reasonably practicable. However, it's important to note that even if you opt out of receiving marketing-related emails from us, we retain the right to communicate with you about the Services you receive (like support and important legal notices), and our Employer Partners and Educational Partners might still send you messages or instruct us to send you messages on their behalf. Where you have opted-in to receive text messages (SMS), you can opt out of marketing text messages at any time by replying STOP to any such message, or by updating your Account preferences.
Exercising your rights and choices.
Depending on your location and subject to applicable law, you may have the following rights regarding the Personal Data we process about you as a data controller:
- The right to request confirmation of whether Handshake is processing Personal Data associated with you, and if so, the right to request access to the Personal Data Handshake processes about you. Under California’s Shine the Light provisions, California residents are entitled to request and obtain from us once per calendar year certain information regarding our disclosure of personal information to third parties for their own direct marketing purposes. Handshake does not disclose personal information to third parties for their direct marketing purposes;
- The right to request that Handshake rectify or update your Personal Data if it's inaccurate, incomplete, or outdated;
- The right to request that Handshake erase your Personal Data in certain circumstances as provided by law. Learn More.
- The right to request that Handshake restrict the use of your Personal Data in certain circumstances, such as while Handshake is considering another request you've submitted (for instance, a request that Handshake update your Personal Data);
- The right to request that we export the Personal Data we hold about you to another company, provided it's technically feasible;
- The right to withdraw your consent if your Personal Data is being processed based on your previous consent;
- The right to object to the processing of your Personal Data if we are processing your data based on our legitimate interests; unless there are compelling legitimate grounds or the processing is necessary for legal reasons, we will cease processing your Personal Data upon receiving your objection;
- The right not to be discriminated against for exercising these rights; and
- The right to lodge a complaint against any decision by Handshake relating to your rights with the relevant supervisory authorities, depending on your jurisdiction.
We do not sell Personal Data we process through the Services. No mobile information will be shared, rented, or sold to third parties for marketing purposes. Subject to the preferences you indicate to us, we may, in honoring your choices, share Personal Data for purposes of cross-context behavioral advertising such as online identifiers, IP address and other electronic network activity information, such as browsing history, online behavior, transaction data, interest data, and interactions with our and other websites, applications, systems, and advertisements. Please see our Cookie Policy for more information, including how to indicate and update your preferences.
Process for exercising your data protection rights.
To exercise your data protection rights related to Personal Data we process, visit our Privacy Center or contact us as outlined below.
We will respond to requests in as timely a fashion as possible. In the event of delays over thirty (30) days for EU individuals and forty-five (45) days for California individuals, we will inform you of the reason and extension period in writing.
For any disclosures to California individuals, we provide data for the twelve (12) month period preceding the verifiable receipt of a California Resident’s request unless you request otherwise and that time period meets the regulatory requirements. The response we provide will explain the reasons we cannot comply with a request, if applicable.
Contact Information
If you have any questions about this Privacy Policy, need to access it in an alternative format due to having a disability, or have a privacy-related question about Handshake’s practices, please contact us via email at privacy@joinhandshake.com.
You may also contact us by mail at:
Stryder Corp. dba Handshake
225 Bush St
12th Floor
San Francisco, CA 94104
Attn: Privacy
Handshake’s Data Protection Officer can be reached by sending an email to dpo@joinhandshake.com or by addressing a letter to our mailing address (please add “Attn: Data Protection Officer”).
For the United Kingdom, you may address questions to the above-provided contact details or to dpo@joinhandshake.com.
For the European Union, you may address questions to the above-provided contact details or to dpo@joinhandshake.com.
Updates and Notifications
We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last materially revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law. We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them in our Help Center.
This European Privacy Policy ("Policy") provides additional information to all Users located in the European Union (EU), the European Economic Area (EEA), Switzerland and the United Kingdom (UK).
1. Legal Basis for Processing
We process Personal Data only where we have a lawful basis to do so. Some of our processing purposes are:
Consent
| Processing activity | Categories of Personal Data | Comment |
|---|---|---|
Marketing communications to subscribers | Email address, name | Art. 6(1)(a) GDPR — consent. As required by applicable law, we only send marketing communications to Users where you have given consent. Where permitted, Art. 6(1)(f) GDPR — legitimate interest applies. You may withdraw consent at any time via the unsubscribe link or by contacting privacy@joinhandshake.com. |
Push notifications and in-app alerts | Device token (Apple) or registration ID (Google) | Art. 6(1)(a) GDPR — consent. We will only send push notifications where you have enabled them in your device or app settings. You may withdraw consent at any time by disabling notifications in your settings. |
Shareable Profile Link | Profile information as determined by your privacy settings | Art. 6(1)(a) GDPR — consent. The feature is only active where you have chosen to enable it. You may disable it at any time in your privacy settings. |
Video meetings — recordings and transcripts | Username, meeting information and recordings, audio and video data where camera/microphone enabled, chat messages; audio and video recordings and written transcriptions where enabled | Art. 6(1)(a) GDPR — consent. (for recordings and transcripts only). Consent is obtained from all participants before a meeting is recorded or transcribed. You may withdraw consent at any time by contacting privacy@joinhandshake.com. Art. 6(1)(b) GDPR — contract. Facilitating video meetings, i.e. between students, employers and universities is part of the career services we provide. |
Contract Performance
| Processing activity | Categories of Personal Data | Legal basis |
|---|---|---|
User account registration and receiving core Services under Handshake’s Terms of Service | Name, email address, password, affiliated institution or employer, profile content (major, skills, work experience, graduation year, interests), usage and activity data, device and technical data | Art. 6(1)(b) GDPR — contract performance. Creating and maintaining your account and providing the platform and its features is necessary to perform the contract we have with you. |
Connecting Members with opportunities on the platform | Profile data (major, skills, work experience, graduation year); resume, cover letter, transcript and other application materials submitted by you | Art. 6(1)(b) GDPR — contract performance. Enabling students to apply for jobs and be found by employers is a core purpose of the Service. Where you voluntarily provide special category data (e.g. ethnicity), processing is additionally based on Art. 9(2)(a) GDPR — explicit consent. You may withdraw consent at any time by removing this data from your profile. |
Single Sign-On | Name, email address and other data as determined by your account settings with the provider (Apple or Google) | Art. 6(1)(b) GDPR — contract. We process data received from the provider to authenticate you and create or access your account. Art. 6(1)(f) GDPR — legitimate interests. We have an interest in offering a seamless and secure login experience. We have carried out a balancing test and consider that users benefit from having a simple and secure login option. |
Event registration and check-ins | Name, email address; graduation date, school, major; profile data where profile is set to Community | Art. 6(1)(b) GDPR — contract performance. (event registration) — registering for career events is part of the career services platform. Art. 6(1)(f) GDPR — legitimate interests. (employer check-in) — We have an interest in facilitating direct career networking between students and employers at events. Students actively choose to check in at employer booths. We consider that students benefit directly from this visibility. |
Customer support | Content of your inquiry, contact details, account information as needed to resolve the inquiry | Art. 6(1)(b) GDPR — contract performance. (existing users) — responding to your support requests is necessary to provide the service. Art. 6(1)(f) GDPR — legitimate interests. (visitors and prospective users) — We have an interest in responding effectively to enquiries from people who have not yet created an account, and in managing our customer and contact relationships. |
AI Chatbot support | Email address; institution role; content of chat messages which may include Personal Data voluntarily provided by the user | Art. 6(1)(b) GDPR — contract performance. Responding to your support enquiries and, where necessary, creating or escalating support tickets is necessary to provide the service. Art. 6(1)(f) GDPR — legitimate interests. We have an interest in improving the quality of our support service through review of de-identified transcripts. Raw chat transcripts are retained for up to 60 days. User input is processed by our chatbot provider and, where a ticket is created, our support ticketing platform. |
AI-powered resume assistance | Resume content you upload and information you provide in the chat (name, contact details, education history, work experience, skills, and any other information you choose to include) | Art. 6(1)(b) GDPR — contract performance. When you choose to use this feature, processing the resume content you submit to generate the suggestions you have requested is necessary to provide the service to you. For further details see here. |
Legal obligation — Art. 6(1)(c)
| Processing activity | Categories of Personal Data | Legal basis |
|---|---|---|
Compliance with legal obligations | Such Personal Data as is required to comply with the specific legal obligation | Art. 6(1)(c) GDPR — legal obligation. Processing is necessary to comply with applicable laws and lawful requests from regulatory and law enforcement authorities. |
Legitimate interests — Art. 6(1)(f)
| Processing activity | Categories of Personal Data | Legal basis |
|---|---|---|
Personalising the platform experience — recommending relevant jobs and content based on your profile and activity | Profile data; activity data (job views, saves, applications, content interactions, career fair engagement) | Art. 6(1)(f) GDPR — legitimate interests. We have an interest in providing Users with relevant job recommendations and content using Handshake's own recommendation systems, based on platform activity and experience. We consider that users benefit directly from a personalised experience and that this processing does not override their interests and rights. Art. 6(1)(a) GDPR — consent. Where users have opted in to personalised features, we process data on that basis. You may withdraw consent at any time in your account settings. |
Analytics and service improvement | Profile data; activity data (such as job views, saves, applications, content interactions, search queries, feature usage); device and technical data (IP address, browser type, operating system); aggregated usage and performance data | Art. 6(1)(f) GDPR — legitimate interests. We have an interest in understanding how our platform is used in order to evaluate product performance, identify and resolve technical issues, and improve the quality and effectiveness of our services. This includes producing aggregated internal reports and metrics on feature usage and user engagement. |
AI-assisted platform features | Profile data; application materials; platform activity data; where applicable, resume and screening question responses processed via third-party AI provider | Art. 6(1)(f) GDPR — legitimate interests. We use AI features to improve the relevance and effectiveness of our career platform — helping users discover opportunities that match their skills and experience, and helping Organizations to source suitable candidates more efficiently. All AI-assisted features support human decision-making — no AI feature makes decisions about hiring, applications, or access to opportunities without human review. |
Security, fraud prevention and bot management | IP address, device and browser identifiers, usage patterns, approximate geolocation | Art. 6(1)(f) GDPR — legitimate interests. We have an interest in protecting our platform, our users and third parties from fraud, abuse, bot activity and malicious traffic, and in maintaining the integrity and reliability of our services. We consider this processing fundamental to a safe and trustworthy platform. We may also use AI systems to detect and prevent harmful content on your feed and train and improve our AI systems for trust, account integrity and security-related purposes. Art. 6(1)(c) — legal obligation. |
Marketing communications to existing Users | Email address, name, engagement history with prior communications | Art. 6(1)(f) GDPR — legitimate interests. As an existing User of our platform, we may send you marketing communications about similar Handshake features and services that may be relevant to you. We have an interest in keeping registered User informed about developments on the platform that are relevant to the services they already use. You may opt out at any time using the unsubscribe link or by contacting privacy@joinhandshake.com. |
Visiting our website (non-logged-in users) | IP address; browser type and version; operating system; pages visited; referrer URL; date and time of visit; device identifiers | Art. 6(1)(f) GDPR — legitimate interests. We have an interest in ensuring the security, availability and integrity of our website, detecting and preventing attacks, bots and unauthorised access, and improving the quality and performance of our website. Art. 6(1)(c) GDPR — legal obligation. |
2. Storage Duration
Unless stated otherwise, we will retain your Personal Data only as long as necessary for the processing purposes outlined. As such, we will delete your data once it is no longer required for these purposes, provided there are no legitimate interests or legal obligations that necessitate further retention.
If you wish to no longer be visible on the Handshake platform, you may choose to deactivate your account or make your account private. You may also request that Handshake delete information about you, however we may be obligated as a service provider to your Educational Partner to retain certain data about you. This means that if they re-send us your Personal Data to process on their behalf, we will retain it unless they request we delete it. You can request deactivation or deletion by sending a message to privacy@joinhandshake.com or by contacting your Educational Partner to ask them to delete your information.
3. Account Claiming
Educational Partners may provide Handshake with the names and email addresses of their current, former, and prospective Students to facilitate the creation of Student accounts on the Handshake App ("Pre-claimed Student Accounts"). The processing of this Personal Data is subject to a Data Processing Agreement executed between Handshake and the universities.
Upon their first login, Students can claim these Pre-claimed Accounts, thereby gaining complete access to all platform features as per the Handshake’s Terms of Use to which they consent ("Claimed Student Account"). The processing of Student Personal Data for Claimed Accounts is subject to a Joint Controller Agreement concluded between Handshake and the university (see below under “Joint Controllership”).
It is important to note that once an account is claimed, the student has exclusive control over all Personal Data associated with their Claimed Account (“Student Data”). This means that the Student alone can exercise their data subject rights related to their Student Data, and the Educational Partner no longer has any rights with respect to the Student information initially provided to Handshake.
4. Joint Controllership
Where your account is associated with an Educational Partner, Handshake and that Educational Partner jointly determine how certain Personal Data in your account is processed, in accordance with Art. 26 GDPR. Details of this arrangement are available on request at privacy@joinhandshake.com.
5. Your Rights as a Data Subject
Under the (UK) GDPR, you have the following rights, subject to conditions and exceptions under applicable law:
- Access (Art. 15 GDPR) — request confirmation of whether we process your Personal Data and obtain a copy.
- Rectification (Art. 16 GDPR) — request correction of inaccurate or incomplete Personal Data.
- Erasure (Art. 17 GDPR) — request deletion in certain circumstances, for example where Personal Data is no longer necessary for the purpose collected.
- Restriction (Art. 18 GDPR) — request that we limit processing in certain circumstances.
- Portability (Art. 20 GDPR) — where processing is based on consent or contract and carried out by automated means, receive your data in a machine-readable format.
- Withdraw consent (Art. 7(3) GDPR) — withdraw consent at any time for consent-based processing, without affecting the lawfulness of prior processing.
- Object (Art. 21 GDPR) — object to processing based on legitimate interests (Art. 6(1)(f)), including aright to object to direct marketing.
- Right to File a Complaint (Art. 77 GDPR): If you believe the processing of your Personal Data violates the GDPR, you have the right to submit a complaint with a supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR).
6. Regional Contact Information
Handshake’s Data Protection Officer can be reached by sending an email to dpo@joinhandshake.com or by addressing a letter to our mailing address (please add "Attn: Data Protection Officer”).
As outlined in our global Privacy Policy, the data controller is Stryder Corp., established outside the EU/EEA and the UK. You may contact the designated regional representatives by reaching out to:
| EU / EEA representative | UK representative |
|---|---|
Handshake International UK Ltd Birchin Court, 5th Floor 19–25 Birchin Lane London EC3V 9DU, UK |