Candidates Privacy

FRAME CANDIDATES PRIVACY NOTICE

Last updated: February 16, 2026

Please note that any reference in this notice to “Frame”, “we”, “us”, “our” refers to Frame Inc., and Frame Labs Ltd., together “Frame Group”. Frame has prepared this Candidate Privacy Notice (“Notice”) to be provided to you as Frame’s job candidate. 

In connection with your application for a position with Frame, Frame needs to process certain personal data in order to assess your application, communicate with you during the recruitment process, and comply with legal and regulatory obligations. There are also statutory and other requirements we have to comply with in relation to your application. If we are not able to carry out certain processing activities described in this Notice, we may not be able to process your application. 

This Notice is intended to inform you about the types of personal data Frame may collect, process, and use about you as a candidate, the circumstances in which your data may be used, and your rights regarding your personal data and how you can exercise them. 

As with many other company policies, this document is not part of your potential contract of employment, and we may update it from time to time, for example if we implement new systems or processes that involve the use of personal data. With respect to Israeli law, the provision of your personal data is voluntarily, and its provision is subject to your consent and free will. If you choose not to provide us with personal data for which your consent is required, this may affect our ability to review and assess your candidacy and we will not be able to carry out certain processing activities described in this Notice, and therefore may not be able to process your application. 

Frame acts as the controller of the relevant database(s) in which candidates’ personal data is stored and processed. The database is used to review applications for positions at Frame and to manage our screening and recruitment processes. 

Important note: Nothing in this privacy notice is intended to limit in any way your statutory rights, including your rights to a remedy or means of enforcement.

1. WHAT PERSONAL DATA WE COLLECT AND PROCESS

The types of personal data we collect include, among others: your full name, address, email address, phone number, date of birth, CV/resume, LinkedIn profile URL, personal website, cover letter, portfolio, employment and education history, academic records, professional qualifications, references, and other information you provide during interviews or assessments that you would like to share about yourself (e.g., military service). We may also collect information generated during the recruitment process, such as interview notes, assessment results, communications with you, and background check results (where permitted by law). If you receive and accept an offer of employment with Frame, you may be asked to provide additional proof of your identity and, in some jurisdictions, proof of your right to work (failure to provide this will mean that the company is unable to hire the applicant).     

2. FOR WHAT PURPOSE WE PROCESS THE PERSONAL DATA     

• Frame collects and uses the candidates’ personal data for the purpose of considering and verifying your suitability for employment. You are not obligated to provide us with the above-mentioned information, and you may refuse to do so.
• Any offer and commencement of employment is conditional on the verification, to the satisfaction of Frame, of the information the applicant provides as part of their application and Frame being able to obtain satisfactory references. If the applicant receives and accepts an offer of employment with Frame, they will undergo pre-employment screening involving verification of the details as specified below.
• Frame or an independent agent acting on behalf of Frame, may verify the information provided by you and carry out further inquiries which may include, a CV check (e.g., to call your previous employers) and gap analysis, a verification of your highest education, a reference check, proof of relevant qualifications, a professional membership check, or a media search (which may include social media and search engine searches). If the applicant fails to supply personal data which Frame requires in order to satisfy these checks, Frame might be unable to employ the applicant.
• Where the applicant’s personal history requires verifications to be carried out for countries where they have worked and resided, their data may be sent and processed in those relevant jurisdictions, subject to applicable data security and transfer requirements. 
• If the applicant is successful in obtaining employment at Frame, relevant personal data will be retained by Frame in order to facilitate the employment. 

• If the applicant is not successful then any personal documents that they have submitted to Frame or background check vendors (if applicable) will be destroyed in accordance with Frame’s data retention and deletion policy.
• To improve our recruitment processes and candidate experience. 
• If the applicant has any questions, they can contact privacy@framesecurity.com 

3. HOW DO WE COLLECT THIS INFORMATION?

In most cases, Frame collects personal data directly from you during the recruitment process. Additionally, Frame may also collect personal data from other members of the Frame Group, recruitment agencies, background check providers or criminal wanted lists (to the extent permitted by law), or publicly available sources (e.g., LinkedIn). Our recruitment process is not intended for individuals under the age of 18.

4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

In certain cases, your personal data may be shared with other entities of the Frame Group, which may be in other countries (e.g., Israel or the US). Frame may also share your personal data with third parties such as regulators, courts, banks or competent authorities where required by law, to comply with any legal obligation, or to protect its legitimate rights, property, or the safety of its employees, candidates, customers, or others, provided there is no legal reason preventing such sharing. Furthermore, Frame may share or allow access to your personal data by its vendors and service providers assisting Frame in the recruitment and employment process, including, without limitation, applicant tracking systems and artificial intelligence tools as detailed in our trust center. If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your personal data to such third party (whether actual or potential) in connection with the foregoing events (including, without limitation, our current or potential investors). In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your personal data in connection with the foregoing events. Frame will use commercially reasonable efforts to ensure that equivalent data protection applies, or that suitable safeguards are in place to protect your data, such as through the use of appropriate contractual measures.

5. HOW LONG WILL FRAME KEEP PERSONAL DATA FOR?

The applicant’s information will be handled in accordance with Frame’s data retention and deletion policy. Your personal data will be stored until we proactively delete it from our records, or until you send a valid deletion request. If you are not hired, we may retain your information for a limited period to consider you for future opportunities, unless you request deletion. Please note that in some circumstances we store your personal data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, and/or (iii) if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

6. DATA SECURITY. 

Frame implements appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures are designed to ensure a level of security appropriate to the risks presented by the processing of your personal data. Access to your personal data is limited to those who have a business need to know and are subject to confidentiality obligations.

7. DATA TRANSFERS.

If we transfer your personal data outside of your country of residence, we will take appropriate measures to ensure that your personal data is protected in accordance with applicable privacy laws. With respect to Israeli law, in certain cases, third parties to whom your personal data may be transferred as described above may be located outside of Israel, including in the United States. You hereby acknowledge and consent that personal data relating to you may be transferred to and stored outside the borders of Israel, in accordance with applicable law and for the purposes set out above.

8. WHAT RIGHTS DO I HAVE IN RESPECT OF MY PERSONAL DATA? 

The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by specific laws): 

1. You have the right to request access to your personal data held by us, along with details on how it is processed, subject to certain conditions. You have the right to demand rectification of inaccurate personal data about you. We will promptly correct any information found to be incorrect.
2. You have the right to object to unlawful data processing under certain conditions.
3. You have the right to the erasure of past personal data about you (your “right to be forgotten”) under certain conditions.
4. You have the right to demand that we restrict the processing of your personal data, under certain conditions, if you believe we have exceeded the legitimate basis for processing, the processing is no longer necessary, or if you believe your personal data is inaccurate.
5. You have the right to data portability of personal data concerning you that you provided us in a structured, commonly used, and machine-readable format, subject to certain conditions.

If you wish to exercise your privacy rights under applicable law, or if you have concerns or questions regarding this Notice, you can send an email to privacy@framesecurity.com. We will review and respond to your request in accordance with applicable laws and within the timeframes required by law. Please note that, in order to verify your identity or the authority of your request, we may need to request additional information from you before processing your request.  We will not discriminate against you for exercising any of your privacy rights. 

9. CAN FRAME UPDATE THIS NOTICE? 

We reserve the right to update this Notice at any time, and we will provide you with a new Notice when we make any substantial updates and take any additional steps as required by applicable law. 

10. WHO CAN I CONTACT ABOUT THIS?

If you have concerns or questions regarding this Notice or if you would like to exercise your rights as a data subject, you can send an email at privacy@framesecurity.com. 

‍