Candidate Privacy &
Consent Framework
Visage is built on a foundation of informed consent. Every candidate we engage has explicitly opted in before any contact information is shared with an employer. This page explains exactly how that works — for candidates, for recruiters, and for your compliance team.
End-to-End Process
How Visage Sources and Engages Candidates
Every role follows a structured, auditable workflow. Human judgment is embedded at every critical decision point — AI scales the search, humans validate the fit.
Process Diagram — End-to-End Candidate Consent Flow
Role Submission
Human-Led AI Sourcing
Candidate Outreach & Consent Gate
Data Sharing & Hiring Pipeline
Candidate Experience
What Candidates See and Control
Candidates are never contacted without their knowledge. Every touchpoint is transparent, opt-in, and includes a clear path to opt out.
Example outreach email sent to a candidate via Visage.jobs
Transparent Outreach Email
Outreach emails are sent either from Visage on behalf of the employer, or directly from the employer using Visage's platform — depending on how the account is configured. In both cases, the email describes the opportunity and identifies the employer. A link to the employer's Applicant Privacy Policy is included when the account is set up to do so.
Reply = Explicit Consent
Consent is captured through a direct reply to the outreach email. The email states clearly: "If you choose to connect directly, you consent to Visage.jobs sharing your contact information with [Employer]." There is no hidden opt-in. Replying is an affirmative action.
Clear Opt-Out at Every Step
Every email includes a direct opt-out link: "If you no longer want to hear about future career opportunities, click here." Candidates who do not respond or who opt out are removed from consideration immediately. No contact data is shared with the employer under any circumstances.
Privacy Policy Access
Candidates can access Visage's full privacy policy directly from the outreach email. The email also explains how their contact information was originally collected, providing full transparency about data sourcing.
Recruiter Experience
What Recruiters See in the Platform
Recruiters interact only with candidates who have already consented. The platform provides full visibility into outreach status, consent state, and pipeline progression.
1Consent-Gated Candidate Profiles
Recruiters only see full candidate profiles — including contact details — after the candidate has replied to the Visage outreach email. Pre-consent, only publicly available information is visible. This is enforced at the platform level, not just by policy.
2Real-Time Outreach Status
The platform shows the exact status of every outreach touchpoint: First Email sent, Follow-Up 1, Follow-Up 2. Recruiters can see at a glance whether a candidate has been contacted, has responded, or has not yet engaged — without needing to manage the outreach themselves.
3Structured Hiring Pipeline
Once a candidate consents and is marked "Interested," the recruiter advances them through a structured pipeline: New → Contacted → Interested → Interviewed → Hired. Every stage transition is logged with a timestamp, creating a complete audit trail.
Recruiter view: candidate consent status, outreach tracking, and pipeline management
Data Handling
What Data Is Shared and When
Visage enforces a strict data minimization principle. The type of data shared with an employer is directly tied to the candidate's consent status.
| Data Type | Before Consent | After Consent | Source |
|---|---|---|---|
| Name | Publicly available | ||
| Current job title | Publicly available | ||
| Current employer | Publicly available | ||
| Location / time zone | Publicly available | ||
| LinkedIn / social media URL | Publicly available | ||
| Seniority level | Publicly available | ||
| Email address | Shared post-consent only | ||
| Contact details | Shared post-consent only | ||
| CV / resume | Shared post-consent only | ||
| Consent timestamp & record | Logged by Visage |
Compliance & Standards
Built for Enterprise Privacy Requirements
Visage's consent framework is designed to satisfy the requirements of enterprise privacy teams, legal counsel, and data protection regulators.
GDPR Compliance
Visage operates as a data controller for candidate data collected from public sources, and as a data processor when handling employer-provided data. Candidates in the EU and UK have full rights under GDPR, including the right to access, rectify, and erase their data. Consent is obtained in accordance with Article 6 lawful basis requirements.
CCPA Readiness
California residents have the right to know what personal information is collected, to request deletion, and to opt out of data sharing. Visage's opt-out mechanism is present in every outreach email and honored immediately upon request.
SOC 2 Type II
Visage has completed SOC 2 Type II certification, covering security, availability, and confidentiality controls. The full report is available to enterprise customers upon request through the Trust Center.
Data Processing Agreement
Visage provides a standard Data Processing Agreement (DPA) that governs how candidate data is processed on behalf of employers. The DPA is available immediately from the Trust Center and can be executed as part of the enterprise onboarding process.
Have privacy or compliance questions?
Our security and compliance team is available to answer specific questions, complete vendor security questionnaires, or provide additional documentation.