Co-pilot is a set of features in Teamtailor, powered by OpenAI's GPT AI models, that helps you in your daily recruiting tasks.
Co-pilot is provided as an Add-on feature, meaning that only Company Admins can activate it. This is in order to facilitate an active decision-making process when beginning to use the feature, and to ensure that you at any time can disable it. When activated, the admins of your company account can decide which tasks Co-pilot should be supporting you in. Please see the full list of task specific features in our Co-pilot overview.
Now, let's provide you with answers to the questions that brought you to this article 🤗
If we use Co-pilot, will our personal data be transferred outside the EU?
Yes, OpenAI will process the personal data worldwide. We have entered into so-called Standard Contractual Clauses with OpenAI to protect the personal data in transfer.
We have also assessed the risks of transfers outside the EU when deciding to use OpenAI as our sub processor, in our so-called Transfer Impact Assessment.
We can share this assessment with you if you like. Please just reach out to support@teamtailor.com or your dedicated Customer Success Manager.
You can find Open AI’s list of sub-processors and processing locations here.
How does Teamtailor protect the information shared when using Co-pilot?
Security standards
We have reviewed OpenAI's data protection and data security measures, based on the information they provide in their Trust Portal. It states, among other things, that OpenAI operates according to a structured security program, and that their security program and controls are audited by an external party according to the SOC 2 standard.
We have chosen to only use OpenAI's Enterprise API (meaning the public version of Chat GPT is not being used) to ensure that OpenAI processes all the data they receive from us as a data processor, and does not use it for any of their own purposes (e.g. training their AI models).
We have entered into an agreement with OpenAI regarding our use of their service, including a DPA that meets the GDPR’s requirements. Please see the DPA here.
Encryption
All communication between Teamtailor and OpenAI is encrypted with TLS v1.2, and all data is encrypted at rest with AES-256.
Retention
We have ensured that there is a reasonable limitation in how long OpenAI retains the data they receive from us. Chat/completions and /embeddings are retained by Open AI for 30 days. /Files and /batches are deleted as soon as they have been processed by Open AI.
Results received by Teamtailor from OpenAI will be stored in Teamtailor for as long as the Candidates in questions are stored (which is fully controlled by you as customer).
Architecture
The ChatGPT API is stateless, meaning no data or context is retained between requests, which ensures that responses are generated based solely on the current input without influence from prior interactions.
In practice, this means that each prompt/call OpenAI is made in separate http-requests. A prompt/call to OpenAI from Teamtailor will only contain information associated with one customer. OpenAI API does not share any information or state between different requests/calls. I.e customer data is isolated on request/call level. Each interaction or request made to OpenAI does not retain any memory of previous interactions.
Optional feature
Last but very important - Co-pilot features are offered as opt-in features, meaning that you (as a customer) need to take active actions to use the features and can at any time disable the functions, all to ensure that no user "accidentally" starts using these features.
If we use Co-pilot, will our data be used to train other companies’ AI?
No. Open AI will be acting as Teamtailor’s subprocessor. This means that they have committed to only use the data they receive to provide the relevant Co-pilot service to you, and not for their own purposes, such as training their AI models. Similarly, Teamtailor will not use the data provided by one customer to train any AI model of its own. Data that is received from one Teamtailor customer will not be used for / impact another Teamtailor customer.
How does Teamtailor ensure Co-pilot's results are relevant and models are up-to-date?
For Co-pilot, we use OpenAI’s pre-trained GPT models through their Enterprise API. (For more information about the API see here and here). We don’t train the models ourselves, we just create prompts to generate the content needed for the Co-pilot features.
For this reason, it is not Teamtailor but OpenAI who actually manage the AI deliveries, and trains and updates the model. To access information from Open AI about their development practices see here and here.
How does Teamtailor ensure Co-pilot doesn't deliver false information?
We are formulating our prompts in a way that minimizes the risk of Co-pilot delivering incorrect information.
It's also worth noting that issues with false information will likely decrease over time, with new and updated AI models. As the Large Language Models (LLMs) improve in general, they become better at identifying and reducing false information.
However, as it’s not possible to guarantee that the information created in Co-pilot is always correct and complete, we strongly encourage our customers to verify the accuracy of the feature’s output. This, and other legal and quality assurance aspects, is highlighted when a customer activates the service.
Does Co-pilot support and/or have the option of human supervision?
Open AI applies human intervention in the design and development of its models, for more information about this see https://openai.com/index/our-approach-to-alignment-research/.
Regarding human intervention in relation to the results of the model, it's up to each Teamtailor customer to decide to what extent they want to rely on the suggestions made by the service. In this context, we want to highlight that, as the AI-based features in Co-pilot look today, they:
Do not include any automatic exclusion of candidates.
Are intended to be used as support for communication with candidates and for decision making in the hiring process - but don’t involve actual decisions that significantly affect a candidate. A decision that significantly affects a candidate (such as whether to disqualify or hire them) is not made by the function, it’s made by the person hiring, and not solely based on these features.
What personal data will OpenAI be processing if we use Co-pilot?
OpenAI will be processing different types of personal data depending on which Co-pilot feature you decide to use. Many of them will involve both candidate- and user data.
Please be aware that Co-pilot, like all of our services, is under continuous development, and the data points shared are likely to change over time. However, please see below table to get an overview of the data shared per feature:
Co-pilot feature: | Candidate data | User data |
name, transcribed version of the interview generated from Rev.ai or Hyperdoc. | transcribed version of the interview generated from Rev.ai or Hyperdoc. | |
none | potential data that exists in already existing job descriptions | |
name, interview information, scores, stage, reject reason, job applied for, potential data in previously sent messages | email, name and titles of all meeting attendees, potential data in previously sent messages | |
candidate resume (in text form) | potential data that exists in the job ad | |
none | none | |
candidate ID, job applications, answers, resume text, messages, locations, reviews, notes, scores, video meeting summaries | none | |
none | potential data that exists in the job description | |
none | potential data that exists in the job description | |
none | potential data that exists in the job description | |
none | potential data that exists in already existing questions | |
name, transcribed version of the interview generated from Rev.ai or Hyperdoc. | name, transcribed version of the interview generated from Rev.ai or Hyperdoc. |
Can a candidate choose whether their personal data will be used in Co-pilot?
For many of the Co-pilot features, candidate personal data is not at all processed when the feature is used - as you can see above. In the features where candidate personal data is used, the following applies:
Generate resume summary: When an application is received, the resume is automatically summarized by Co-pilot. A candidate can not opt out from this, but you can delete an already generated summary.
Suggest existing candidates: If you let candidates choose whether to give a “future jobs permission” or not, only candidates who have given a future jobs permission will be suggested in the feature.
Answer interview kit questions: Candidates can choose not to give their consent for an interview to be recorded. When an interview is not recorded, the interview kit will questions will not be completed by Co-pilot. You can delete an already generated summary.
Video meeting summary: Candidates can choose not to give their consent for an interview to be recorded. When an interview is not recorded, it will not be transcribed or summarized by Co-pilot. You can delete an already generated summary.
Draft reject message: The candidate can’t choose whether to receive a Co-pilot drafted message or not. But your users can decide whether to send a Co-pilot drafted message to particular candidates or not.
Still having questions? Please reach out to support@teamtailor.com or your dedicated Customer Success Manager 💘