Statement on Coresignal’s Compliance and Data Collection Practices

Introduction

We are pleased to provide insights into Coresignal’s compliance framework for public data collection practices, as outlined on our dedicated compliance page, the “Data Privacy and Transparency Hub.” We encourage you to visit this page at Data Transparency and Privacy | Coresignal to learn more about our principles of web data collection, information security, privacy matters, and answers to frequently asked questions.

Web data collection

In its web data collection practices, Coresignal gathers information that is explicitly publicly available from online sources and widely distributed online media. These sources primarily encompass professional social networks and other business-related platforms. The collected data generally includes business-related information, including details about companies (such as firmographics, startup information, funding details, job postings, and product reviews) and individual professionals (employees). Coresignal engages in transparent data scraping practices, refraining from any form of scraping that involves unauthorized access, like using fake accounts for data aggregation. Importantly, Coresignal never accesses or collects any sensitive data or any information designated as private and/or stored within login-protected areas, where it remains confidential and or private by the decision of the individual or entity. Furthermore, Coresignal does not gather any information from personal, non-work /non-business oriented social media accounts, such as Instagram, Facebook, YouTube, or TikTok, even if this information is publicly accessible.

Limited personal data

Within the scope of Coresignal's data lies a limited set of publicly available professional data related to individual persons. While publicly available information is excluded from the definition and scope of personal data under certain privacy laws globally – such as most comprehensive U.S. state privacy laws – other regulations, like those in Europe, may still consider publicly available data to be personal data. We place the utmost at tention on s feguarding personal data, ensuring security, and maintaining adherence to data privacy laws and regulations. Personal data-related matters are systematically addressed in Coresignal's operational framework. Although Coresignal may collect personal data, this is done in strict compliance with the principle that such data must be publicly disclosed by the individuals and publicly accessible. Examples of personal data collected may include names, surnames, publicly available profile information, public profile URLs, job titles, industry information, certifications, courses, languages spoken, volunteering experiences, country (if specified by the individual). Coresignal never accesses or collects any sensitive data or any information designated as private. Comprehensive information regarding Coresignal’s personal data collection practice s is available in our Privacy Policy and on our dedicated compliance page, the Data Privacy and Transparency Hub.

Coresignal has proactively taken steps to align with the best practices in global data protection regulations to ensure enforcement of individuals‘ data protection rights. In addition to our well-aligned internal procedure s for handling privacy- related matters, we have also established a publicly accessible Privacy Rights website. This platform allows individuals worldwide to easily check whether their publicly available data has been collected by Coresignal, exercise their data protection rights, demonstrate ownership of their data, and provide us with instructions regarding its use.

Regulatory compliance, best industry standards, and evolving case law

While the web data collection industry is not governed by sector-specific regulations, Coresignal remains committed to upholding the highest standards of compliance by aligning its practices with established industry best practices and relevant case law. Coresignal is firmly committed to upholding the highest standards of regulatory compliance, ethical conduct, and data responsibility across its operations and partnerships. Our Code of Ethics serves as a foundational framework guiding employees in ethical decision-making and professional behavior. Central to this framework is a strong emphasis on the ethical use of data, responsible data stewardship, and strict adherence to global data protection standards. Employees are expected to safeguard personal and confidential information, act in the best interests of clients and the company, and uphold robust information security practices. The Code also fosters a culture of compliance by promoting proactive risk management and the timely reporting of any ethical or legal concerns.

In parallel, our Supplier Code of Conduct outlines the expectations for third parties who collaborate with Coresignal. It requires suppliers and partners to adhere to all applicable legal and regulatory obligations, including those related to data protection and information security. Additionally, all third parties are expected to maintain ethical business practices, ensure fair labor conditions, and minimize environmental impact. Coresignal strictly adheres to ethical web data collection practices by gathering publicly available information from accessible online sources. We continuously monitor legal developments impacting the web data collection industry and ensure our practices align with established case law. Notably, legal precedents, such as HiQ Labs, Inc. v. LinkedIn Corp. and Meta (Facebook) v. Bright Data, confirm that scraping publicly available data does not violate laws like the Computer Fraud and Abuse Act (CFA A) or terms of service agreements, provided it does not involve unauthorized access to protected data. These rulings support Coresignal's approach, reinforcing that our web scraping activities are in line with the current legal framework.

Active membership in global web data collectors consortium

Coresignal is a founding and certified member of the Ethical Web Data Collection Initiative (EWDCI), a glob al consortium committed to promoting responsible web data collection, advancing online safety, supporting commercial innovation, and providing guidance on ethical resources and tools used in data collection. The proof of certification is provided below for reference.

‍