Terms of Service

Last updated: May 20, 2026

PLEASE READ THESE TERMS OF SERVICE CAREFULLY. BY USING THE SERVICES, CUSTOMER AGREES TO THESE TERMS.

These Terms of Service constitute an agreement (this "Agreement") between Needle, Inc., a Delaware corporation ("Needle," "we," "us," or "our") and the entity or individual entering into this Agreement ("Customer," "you," or "your"). This Agreement is effective as of the date Customer first completes a purchase with Needle or first accesses the Services (the "Effective Date"). Customer's use of, and Needle's provision of, the Services are governed by this Agreement.

The person entering into this Agreement on Customer's behalf represents that they have the authority to bind Customer to these Terms.

1. Definitions

1.1 "AI Features" means the artificial intelligence and machine-learning functionality of the Services, including candidate sourcing, candidate summarization, candidate ranking and scoring, candidate evaluation signals, drafted communications, interview question generation, and any other functionality that generates content or signals using AI models. AI Features are integral to the Services.

1.2 "AI Input" means Customer Data and other inputs submitted by Customer or Authorized Users to AI Features.

1.3 "AI Output" means content and signals generated by AI Features based on AI Input, including candidate summaries, sourced candidate profiles, drafted communications, ranked candidate lists, candidate evaluation signals, and similar outputs.

1.4 "Authorized User" means an employee or contractor of Customer designated by Customer to access the Services under Customer's account.

1.5 "Customer Data" means information, data, and content in electronic form that is collected, uploaded, transmitted, or otherwise received, directly or indirectly, from Customer, an Authorized User, or Customer's candidates by or through the Services. Customer Data does not include Service Usage Data or AI Output.

1.6 "Documentation" means Needle's standard documentation related to use of the Services, made available within the Services or at needle.so.

1.7 "Model Provider" means a third-party provider of artificial intelligence models that powers, in whole or in part, an AI Feature.

1.8 "Order" means a written or online order for access to the Services specifying the Services purchased, subscription term, and fees.

1.9 "Services" means Needle's AI-native applicant tracking system and related features, including the website at needle.so (the "Site"), the web application (the "App"), and the AI Features.

1.10 "Service Usage Data" means statistical, technical, and operational data and information derived from Needle's operation of the Services and Authorized Users' use of the Services, including performance metrics, feature usage patterns, model performance signals, and aggregated behavioral data, in each case in a form that does not identify Customer, any Authorized User, or any candidate.

1.11 "Third-Party Integration" means any third-party product, service, job board, identity provider, or other service that interoperates with the Services at Customer's election and is not acting as Needle's subprocessor.

2. The Services

2.1 Use of the Services. Subject to this Agreement and any applicable Order, Customer may access and use the Services during the Term.

2.2 Service Availability. Needle will use commercially reasonable efforts to make the Services available 24/7, except for: (a) planned maintenance; and (b) unavailability caused by circumstances beyond Needle's reasonable control, including force majeure events, third-party service provider failures, and denial-of-service attacks.

2.3 Service Revisions. Needle may revise features or functionality of the Services at any time, including by adding, modifying, retiring, or replacing AI Features and underlying models. If a revision materially reduces functionality provided under a then-current Order, Customer may terminate the affected Order upon 30 days' written notice.

2.4 Third-Party Integrations. Customer may enable Third-Party Integrations in connection with the Services. Any such integrations are activated at Customer's direction, and Customer authorizes Needle to transmit Customer Data to the applicable Third-Party Integration as necessary to facilitate the integration. For these transfers, Customer is the controller and the Third-Party Integration acts as an independent controller, not as Needle's subprocessor. Customer is solely responsible for ensuring it has all rights and a lawful basis to disclose Customer Data to any Third-Party Integration, including providing required notices and obtaining required consents. Needle is not responsible for, and has no liability arising from, the acts or omissions of any Third-Party Integration.

3. Accounts and Authorized Users

3.1 Eligibility. Customer must be at least 18 years old and capable of forming a binding contract to use the Services.

3.2 Account Security. Customer is responsible for maintaining the confidentiality of account credentials and for all activity occurring under its account, whether or not authorized. Customer will notify Needle promptly of any known or suspected unauthorized access.

3.3 Authorized Users. Each account may be accessed and used only by the specific Authorized User for whom it was created; account credentials may not be shared. Customer is responsible for: (a) ensuring each Authorized User complies with this Agreement; (b) all acts and omissions of its Authorized Users; and (c) any use of the Services through Customer's account.

4. Customer Data

4.1 Ownership and License. As between the parties, Customer retains all right, title, and interest in and to Customer Data. Customer grants Needle a non-exclusive, worldwide, royalty-free license to host, store, process, transmit, display, and otherwise use Customer Data solely as necessary to: (a) provide, maintain, and support the Services for Customer; (b) prevent or address technical, security, or fraud issues; and (c) comply with applicable law.

4.2 Customer Representations. Customer represents and warrants that: (a) it owns or has all necessary rights to Customer Data and to grant the license in Section 4.1; (b) it has provided all required notices to, and obtained all required consents from, individuals (including candidates) whose personal information is included in Customer Data; and (c) its provision of Customer Data and use of the Services will not violate any law or third-party right.

4.3 Excluded Data. Customer represents and warrants that Customer Data will not include, and Customer will not upload or transmit through the Services: (a) protected health information regulated by HIPAA; (b) information about minors regulated by COPPA; (c) educational records regulated by FERPA; (d) consumer report information regulated by the Fair Credit Reporting Act ("FCRA"); (e) cardholder data regulated by PCI-DSS; or (f) other categories of data subject to heightened regulatory protection (collectively, "Excluded Data"). The Services are not designed for and are not intended to be used to manage Excluded Data. Needle disclaims all liability arising from Customer's submission of Excluded Data in violation of this Section.

4.4 FCRA. The Services are not a "consumer reporting agency" and AI Output is not a "consumer report" as those terms are defined in the FCRA. Customer will not use the Services or AI Output as a substitute for a background check performed by a consumer reporting agency or for any purpose requiring FCRA compliance.

4.5 Candidate Data Accuracy and Authenticity. Needle has no responsibility or liability for the accuracy of Customer Data, the authenticity of any candidate, or any damages arising from inaccurate Customer Data or fraudulent candidate activity, including AI-generated candidates, deepfake interviews, or fabricated credentials.

4.6 Data Deletion. Customer is responsible for exporting Customer Data prior to termination. Needle may permanently delete Customer Data 30 days following termination or expiration of this Agreement, or sooner if Customer's account is delinquent or suspended for 30 days or more.

4.7 Service Usage Data. Needle owns all Service Usage Data and may use it to: (a) operate, secure, maintain, and improve the Services, including the AI Features; (b) develop new Needle products and features; (c) develop and publish aggregated benchmarks and industry insights; and (d) operate Needle's business. Any Service Usage Data shared externally will be aggregated and de-identified such that Customer, Authorized Users, and candidates cannot reasonably be identified.

4.8 Security. Needle implements and maintains commercially reasonable administrative, technical, and physical safeguards designed to protect Customer Data. Customer acknowledges that no system is impenetrable and that hosting data online involves inherent risk.

4.9 Data Processing Addendum. To the extent Needle processes personal information on Customer's behalf that is subject to the California Consumer Privacy Act, the California Privacy Rights Act, or other applicable US state privacy laws, the parties will enter into Needle's Data Processing Addendum ("DPA"), which is incorporated into this Agreement by reference. The current form of DPA, including Needle's sub-processor list, is available on request to legal@needle.so. Where the DPA applies, its terms govern with respect to such personal information; otherwise, this Agreement controls.

5. AI Features

5.1 Integral to Services. The Services are AI-native. AI Features are integral to the Services and are not separately opt-in. By using the Services, Customer accepts the terms of this Section 5.

5.2 Model Providers. AI Features are powered in part by third-party Model Providers, which act as sub-processors of Customer Data. A current list of Model Providers and other sub-processors is included in Needle's Data Processing Addendum, available on request to legal@needle.so. By using the Services, Customer authorizes Needle to transmit AI Input to Model Providers solely as necessary to provide the AI Features. Needle may add, remove, or change Model Providers from time to time and will provide notice of material changes in accordance with the DPA.

5.3 No Model Training on Customer Data. Neither Needle nor any Model Provider will use Customer Data or AI Input to train, fine-tune, or otherwise improve any foundation model, general-purpose model, or model made available to other customers. Needle maintains contractual commitments with each Model Provider reflecting this restriction. Needle may use Service Usage Data to evaluate and improve the AI Features in accordance with Section 4.7.

5.4 Ownership of AI Input and AI Output. As between the parties: (a) Customer retains all right, title, and interest in AI Input; and (b) subject to Needle's underlying rights in the Services and the models, Needle assigns to Customer all right, title, and interest Needle may have in AI Output generated for Customer. Customer acknowledges that AI Output is generated probabilistically and that similar or identical inputs may produce similar or identical outputs across customers; Needle makes no representation that AI Output is unique.

5.5 Nature of AI Output. AI Output is generated by AI models and: (a) may be inaccurate, incomplete, biased, or fabricated; (b) may include incorrect or invented facts about real individuals, including invented employment history, education, credentials, publications, or contact information; (c) may reflect biases present in training data or AI Input; (d) is probabilistic and non-deterministic; and (e) is not a substitute for human judgment.

5.6 Human Review for Adverse Decisions. Customer agrees that AI Output will not be used as the sole basis for any adverse employment-related decision regarding a candidate, including rejection, disqualification, adverse ranking, screening-out, or any decision that materially limits a candidate's employment opportunity. A qualified human reviewer must meaningfully review the AI Output and the underlying candidate information before any such decision is made or communicated.

5.7 Verification Obligations. Customer will independently verify AI Output against authoritative sources before using AI Output to contact, evaluate, communicate with, or make decisions about any candidate. Without limiting the foregoing, Customer will verify the accuracy of sourced candidate profiles — including employment history, education, and contact information — before initiating outreach.

5.8 Compliance with AI-in-Hiring Laws. Customer is solely responsible for determining whether its use of the Services or any AI Feature constitutes an "automated employment decision tool," "automated decision system," "high-risk artificial intelligence system," or similar regulated system under applicable law, and for complying with all related obligations. These obligations include but are not limited to:

(a) New York City Local Law 144 — bias audit, summary publication, and candidate notice requirements;

(b) Illinois Artificial Intelligence Video Interview Act — disclosure, consent, and data deletion requirements;

(c) Illinois Human Rights Act, as amended — restrictions on use of AI in employment decisions;

(d) Colorado AI Act — deployer obligations for high-risk AI systems, including impact assessments, candidate notices, and adverse-action notices;

(e) Maryland's facial recognition consent law, where applicable;

(f) California Civil Rights Council regulations on automated decision systems in employment;

(g) EEOC guidance under Title VII and the Americans with Disabilities Act regarding selection procedures and reasonable accommodations; and

(h) other applicable federal, state, or local laws governing AI or automated tools in employment.

Needle may make tools and features available to assist Customer with compliance (such as audit logs, candidate notice templates, or adverse-action workflows). Provision of such tools does not transfer to Needle, or constitute Needle's assumption of, any of Customer's compliance obligations.

5.9 Non-Discrimination. Customer will not use AI Features or AI Output to discriminate against any candidate on the basis of any characteristic protected by federal, state, or local law, whether intentionally or through disparate impact, including through automated or algorithmic means. Customer is responsible for periodically reviewing its use of AI Features for disparate impact and taking corrective action as required by applicable law.

5.10 AI-Assisted Communications. If Customer uses AI Features to draft or send communications to candidates, Customer is responsible for: (a) reviewing communications before transmission; (b) ensuring communications comply with the CAN-SPAM Act, the Telephone Consumer Protection Act, and applicable state communication and consumer protection laws; (c) honoring opt-out and do-not-contact requests; and (d) disclosing AI involvement in communications to the extent required by applicable law.

5.11 Recording and Transcription Features. If Customer uses any AI Feature that records, transcribes, or summarizes interviews or conversations with candidates: (a) Customer is solely responsible for providing all legally required disclosures to, and obtaining required consents from, participants before recording or transcription, including under federal and state wiretap and two-party consent laws; (b) Customer will honor any participant's request to opt out of recording or AI processing; (c) Customer will configure retention settings consistent with its legal obligations; and (d) Customer is responsible for compliance with any applicable biometric information privacy laws (including the Illinois Biometric Information Privacy Act, Texas CUBI, and similar laws) if Customer enables features involving voice analysis, facial analysis, or other biometric processing.

6. Acceptable Use

Customer and its Authorized Users will not:

(a) use the Services in violation of any applicable law, including employment, anti-discrimination, consumer protection, privacy, and anti-spam laws (including the CAN-SPAM Act and the Telephone Consumer Protection Act);

(b) use the Services to discriminate against candidates on the basis of any legally protected characteristic, including through automated or algorithmic means;

(c) upload or transmit content that is unlawful, defamatory, infringing, or violates any third-party right;

(d) submit personal information about any individual without a lawful basis to do so;

(e) attempt to gain unauthorized access to the Services, other accounts, or related systems;

(f) reverse engineer, decompile, or attempt to extract the source code, model weights, prompts, or system instructions of the Services or any AI Feature;

(g) use the Services or AI Output to develop, train, fine-tune, evaluate, or benchmark any AI model that competes with the Services;

(h) use the Services for service bureau or time-sharing purposes, or to allow access by any party other than Authorized Users;

(i) circumvent or disable any security, rate-limiting, safety filter, or technological feature of the Services;

(j) use AI Features to make a sole-source automated decision adverse to a candidate where prohibited or restricted by law;

(k) misrepresent AI Output as human-generated where disclosure of AI involvement is required by law;

(l) interfere with or disrupt the Services or the experience of other users; or

(m) resell, sublicense, or commercially exploit the Services without Needle's prior written consent.

Needle may monitor use of the Services to verify compliance with this Section and may suspend or terminate access for suspected violations.

7. Fees and Payment

7.1 Fees. Customer will pay all fees set forth in the applicable Order. Fees are non-refundable except as expressly stated in this Agreement or required by law.

7.2 Taxes. Fees are exclusive of all sales, use, excise, and similar taxes (other than taxes on Needle's net income). Customer is responsible for all such taxes.

7.3 Price Changes. Needle may change pricing with reasonable advance notice. Price changes take effect at the start of the next renewal term.

8. Intellectual Property

8.1 Needle IP. Needle and its licensors retain all right, title, and interest in and to the Services, the AI Features, the underlying models, the Documentation, and all related intellectual property. This Agreement grants Customer no rights other than the limited rights expressly set forth herein.

8.2 Feedback. If Customer provides Needle with any suggestions, ideas, or feedback regarding the Services ("Feedback"), Needle may use such Feedback without restriction or obligation to Customer. Feedback is not Customer Confidential Information.

9. Confidentiality

9.1 Confidential Information. "Confidential Information" means non-public information disclosed by one party to the other that is identified as confidential or that a reasonable person would understand to be confidential, including the Services, Documentation, and pricing (Needle's) and Customer Data (Customer's).

9.2 Obligations. The receiving party will: (a) use Confidential Information only as necessary to exercise rights or perform obligations under this Agreement; (b) protect it with at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care; and (c) not disclose it except to employees, contractors, and advisors bound by confidentiality obligations no less protective than this Section.

9.3 Exceptions. The obligations in this Section do not apply to information that: (a) was lawfully known prior to disclosure; (b) is independently developed without use of Confidential Information; (c) becomes publicly available through no fault of the receiving party; or (d) is required to be disclosed by law, provided the receiving party gives prompt notice (where lawful) and reasonable cooperation.

10. Term, Suspension, and Termination

10.1 Term. This Agreement begins on the Effective Date and continues for the term set forth in the Order, or if none, for one year, and renews automatically for successive one-year terms unless either party gives written notice of non-renewal at least 30 days before the end of the then-current term. Month-to-month subscriptions renew monthly and may be cancelled at any time before the next renewal date.

10.2 Termination for Cause. Either party may terminate this Agreement upon written notice if the other party materially breaches this Agreement and fails to cure within 30 days after written notice of the breach.

10.3 Suspension. Needle may suspend access to the Services immediately if Customer's use poses a security risk, violates Section 6 (Acceptable Use), or if Customer's account is delinquent.

10.4 Effect of Termination. Upon termination: (a) Customer's right to access the Services ends; (b) Customer remains responsible for all fees incurred prior to termination; (c) Needle may delete Customer Data as set forth in Section 4.6; and (d) Sections 1, 4.2–4.7, 4.9, 5.3–5.11, 6, 8, 9, 11, 12, 13, and 14 survive.

11. Warranties and Disclaimers

11.1 Mutual. Each party represents and warrants that it has the authority to enter into and perform this Agreement.

11.2 Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICES, AI FEATURES, AND AI OUTPUT ARE PROVIDED "AS IS" AND "AS AVAILABLE," AND NEEDLE DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, NEEDLE DOES NOT WARRANT THAT: (A) THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE; OR (B) ANY AI OUTPUT WILL BE ACCURATE, COMPLETE, RELIABLE, OR FIT FOR ANY PARTICULAR PURPOSE.

12. Limitation of Liability

12.1 Cap. NEEDLE'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE GREATER OF (A) $1,000 USD; OR (B) THE FEES PAID OR PAYABLE BY CUSTOMER TO NEEDLE IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

12.2 Exclusion. IN NO EVENT WILL NEEDLE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUES, DATA, GOODWILL, OR HIRING OUTCOMES, REGARDLESS OF THE THEORY OF LIABILITY.

12.3 Application. The limitations in this Section apply: (a) regardless of the form of action; (b) even if Needle has been advised of the possibility of such damages; and (c) even if any remedy fails of its essential purpose.

13. Indemnification

Customer will defend, indemnify, and hold harmless Needle and its officers, directors, employees, and agents from and against any third-party claim, suit, or proceeding arising out of or relating to: (a) Customer Data, including any allegation that Customer Data infringes any third-party right or that Customer lacked the rights or consents to provide it; (b) Customer's use of the Services, AI Features, or AI Output, including any claim that an employment decision or candidate communication violated applicable law; (c) Customer's failure to comply with Section 5 (AI Features) or Section 6 (Acceptable Use); (d) Customer's violation of any AI-in-hiring, anti-discrimination, privacy, biometric, or anti-spam law; (e) any claim by a candidate, Authorized User, or other individual relating to Customer's hiring process; and (f) Customer's use of any Third-Party Integration. Customer will pay all damages, settlements, and reasonable attorneys' fees awarded against Needle in connection with any such claim.

14. General

14.1 Governing Law and Disputes. This Agreement is governed by the laws of the State of Delaware, without regard to its conflict-of-laws principles. Any dispute will be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, seated in Wilmington, Delaware, except that either party may seek injunctive relief in any court of competent jurisdiction. Each party waives any right to a jury trial and to participate in any class or collective action.

14.2 Notices. Needle may provide notices to the email address associated with Customer's account; such notices are deemed received 24 hours after sending. Customer may provide notices to legal@needle.so.

14.3 Force Majeure. Neither party is liable for delays or failures (other than payment obligations) caused by events beyond its reasonable control.

14.4 Assignment. Customer may not assign this Agreement without Needle's prior written consent. Needle may assign this Agreement freely, including in connection with a merger, acquisition, or sale of assets.

14.5 Publicity. Customer grants Needle the right to use Customer's name and logo on Needle's customer list and in sales and marketing materials, subject to any trademark guidelines Customer provides in writing.

14.6 Amendment. Needle may amend this Agreement by posting an updated version. Amendments take effect 30 days after posting, or at the start of Customer's next renewal term for material adverse changes, unless Customer objects in writing or terminates before the effective date. Continued use of the Services after the effective date constitutes acceptance.

14.7 Entire Agreement; Severability; Waiver. This Agreement, together with any Orders and the DPA (where applicable), is the entire agreement between the parties regarding its subject matter. If any provision is unenforceable, it will be modified to the minimum extent necessary and the remainder will continue in effect. No waiver is effective unless in writing.

14.8 Export Compliance. Customer will not access or use the Services in violation of US export controls or sanctions, including from any country or region subject to US embargo.

14.9 Independent Contractors. The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship.

15. Contact

Questions about this Agreement: legal@needle.so