Privacy Policy

HikariChrome Extension. Powered byBlack Star

1. Introduction

This Privacy Policy describes how Black Star AI Ltd ("we", "us", "our") collects, uses, and protects personal data when you use our Google Chrome Extension and related services (the "Service"). We are committed to protecting your privacy and handling your data in an open and transparent manner.

Our company is registered in England and Wales under company number 15408552, with a registered address at One Coldbath Square, Farringdon, London EC1R 5HL. Our registration number with the Information Commissioner’s Office (ICO) is ZB803206. For any privacy-related questions, you can contact us at support@black-star.ai

2. Our Roles Under UK GDPR

It is important to understand our role in relation to your data. This depends on the context:

  • When you create an account with us and provide your personal details (name, email, payment info), we are the 'Data Controller' of that information. We decide how and why this data is processed.
  • When you use our Service to analyse the public profile data of candidates, you are the 'Data Controller' for that data. You are instructing us to process it on your behalf. In this context, we act as your 'Data Processor'. Our legal obligations for this are set out in the Data Protection Agreement (DPA) which is part of our Terms of Usage.
  • This Privacy Policy governs where we are the Data Controller responsible for the processing of personal data.

3. What Information We Collect

In the course of providing our Service, we collect personal data in different ways and from different sources. This includes:

3.1 Information You Provide to Us:

  • Account Information: When you sign up for the Service, including during the free trial, we collect your name and email address.
  • Payment Information: When you purchase a subscription, our payment processor, Stripe, will collect your payment card details. We do not store your full payment card details on our servers. We only store a record of the transaction.
  • Communication Information: If you communicate with us, (for example when you contact us about our Services, when you interact with our website, or when you request support) we collect your name, email address, information about your profession, the way you interact with our communication and Service, and the contents of any messages you send.
  • Social Media Information: We have pages on social media sites such as LinkedIn. When you interact with our social media pages, we collect personal data that you choose to provide to us, such as your contact details and the contents of your messages or posts.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

3.2 Information We Collect Automatically:

We may collect certain personal data indirectly, including through automated means from your computer or device. This information includes:

  • Log Data: Information that your browser or device automatically sends when you use our Service or access our website. Log data includes your IP address, browser information, the date and time of your request, and how you otherwise use certain features or interact with us.
  • Usage Data: When you interact with the Service, metadata is generated that provides additional context about your use of the Service, such as how often you visit the website, how you interact with the Service, the amount of time spent engaging with the Service, the volume of queries you submit, the type of queries you submit, and the features interacted with.
  • We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy

3.3 Information We Collect From Third Parties:

We may also receive certain information about you from third parties or the public domain, such as:

  • Technical data from analytics providers such as Google, advertising networks and search information providers.
  • Transaction data from providers of technical, payment and delivery services.
  • Identity and contact data from publicly available sources such as Companies House and the Electoral Register.

4. How and Why We Use Information (Legal Basis)

We may use personal data covered by this Privacy Policy for the following purposes:

  • To provide, maintain, develop, improve and update our Service.
  • To personalise your use of our Service and provide you with customer support, resolve bugs, issues or customer queries, and communicate with you in relation to our Service.
  • To send you information about our Service, such as new features and functionality.
  • To prevent fraud, criminal activity or misuse of our Service.
  • To protect the security of our systems and Service.
  • To comply with legal obligations and to protect the rights, privacy, safety or property of our users, us, our affiliates, or any third party.

In each case, we only use your data when the law allows us to. Most commonly, we rely on the following legal bases for processing data:

  • Where we need to do so to perform a contract we are about to enter into or have entered into, for example when we collect your Account Information in order to set up your account and allow you to use our Service, or when sending you Service-related communications to welcome you to our Service, confirm your subscription, notify you about changes to our Service, or respond to customer support requests.
  • Where it is necessary for our legitimate interests and the interests and fundamental rights of the individual whose personal information we are using do not override those interests. For example, we use certain information to improve our Service, including to ensure the Service is functioning correctly and to discover ways to remain innovative. It is in our legitimate interests to understand how our Service is being used and to explore and unlock ways to develop and grow our business.
  • Where it is necessary to comply with a legal or regulatory obligation, for example if there is a valid legal request from a regulator or court.

Generally, we do not rely on consent as a legal basis for processing personal information other than in relation to sending direct marketing communications. Consent to receiving direct marketing communications can be withdrawn at any time by contacting us.

5. Data Storage, Security, and Retention

The security of your information is important to us. We protect your personal data through technical and organisational measures designed to mitigate the risk of unlawful or unauthorised access, destruction, loss, alteration, disclosure, or use of your personal data. The measures are designed to provide a level of security appropriate to the risk of processing and include the following:

  • Data Storage: All data is stored on a database hosted by our infrastructure provider, Supabase, which utilises AWS servers located in Paris, France. This ensures your data is stored within the European Union, which is recognised as providing an adequate level of data protection under UK law.
  • Data Security: We take the security of your data seriously. We have implemented several key measures including data isolation using Row-Level Security, encryption of data both in transit (using SSL/TLS) and at rest, and strictly limited access to our databases for authorised personnel only.
  • Data Retention: We retain your personal customer data for the duration of your active subscription with us. For candidate data that we process, we retain it as necessary to provide the service to you, including for re-evaluating candidates against different roles as instructed by you. Upon a customer's request to delete their account, all associated personal data is permanently removed from our active systems in line with your 'right to be forgotten'.

6. Sharing Your Information

We do not sell your personal data. We only share it in very limited circumstances, for example with trusted third-party service providers we engage to help us operate and support our business, and subject to the agreements we have with them. These third parties may support us in respect of a variety of business purposes including website and data hosting, research, auditing, marketing, customer support and data processing.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

7. Your Data Protection Rights

Under UK GDPR, you have several important rights regarding your personal data. These include the right to:

  • Request access to the personal data we hold about you
  • Request correction of any inaccurate personal data
  • Request erasure of your personal data ('right to be forgotten')
  • Request restriction of processing of your personal data
  • Object to processing of your personal data
  • Request data portability of your personal data

To exercise any of these rights, please contact us at support@black-star.ai

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and, where appropriate, through email.

9. How to Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please do not hesitate to contact us at: support@black-star.ai

Last Updated: September 15th, 2025