Privacy Policy

Version 2026-05-16

This Privacy Policy explains how RecruitIn ("we", "us") collects, uses, and shares personal data when you use our recruitment platform. We aim to give you a complete picture; if anything is unclear, write to support@recruitin.app.

1. Who we are

RecruitIn is the trading name of the company operating this service. Our registered office and contact details are published in the footer of the site. For privacy questions: support@recruitin.app.

2. Two types of personal data, two relationships

RecruitIn is a B2B hiring platform. We process two distinct categories of personal data, and our role under data-protection law is different for each.

  • Recruiter / account-holder data. When you create a RecruitIn account we are the data controller. You decide whether to give us your data, and we decide how it's used.
  • Candidate / applicant data.When recruiters use RecruitIn to receive job applications, manage candidates, schedule interviews, and run AI evaluations, the recruiter is the data controller for that candidate data. We act as the recruiter's data processor. We only process candidate data on their documented instructions, governed by the Data Processing Agreement embedded in our Terms of Service.

If you are a candidate and want to exercise a right with respect to your data, please contact the company you applied to in the first instance. They can action your request directly using tooling we provide them. You can also contact us at support@recruitin.app and we will pass the request on without undue delay.

3. Personal data we collect

3.1 From recruiters

  • Identity: first name, last name, work email, phone number, company name.
  • Authentication: password hash (we never see your password); session tokens.
  • Profile metadata: timezone, locale, optional referral-source field.
  • Subscription: Stripe customer reference. We never see card numbers; Stripe holds them.
  • Consent records: which version of these Terms and Privacy Policy you accepted, and whether you opted in to product-update emails. Timestamped.
  • Operational data: IP address, user agent, audit-log entries for sensitive actions (sign-in, exports, deletions, role changes).

3.2 From candidates (on behalf of recruiters)

  • Identity: name, email, phone, country of residence, nationality.
  • Professional history: LinkedIn URL, resume file contents (extracted text), cover letter, custom application answers.
  • Workflow data: pipeline stage, interview notes (written by recruiter team members), ratings, comments, AI evaluation results.
  • Consent records: privacy-notice acknowledgment timestamp; whether the applicant opted in to being retained for future roles.

4. How we use your data and our legal bases

We rely on the following legal bases under GDPR Article 6:

  • Performance of a contract. Operating the service for you (provisioning your workspace, processing your subscription, sending transactional emails about activity on your account).
  • Legitimate interest. Securing the service (audit logging, abuse prevention, rate limiting), improving the product, and AI-assisted evaluation of applications submitted to your workspace. We balance this against your interests; you can object at any time.
  • Consent. Marketing emails (opt-in only), non-essential cookies and analytics (only after you accept in the cookie banner). You can withdraw consent at any time without affecting prior processing.
  • Legal obligation. Retaining invoice and tax records for the periods required by applicable tax law (typically 7 years).

5. AI processing and automated decision-making

We use Anthropic's Claude API to generate structured evaluations of job applications. The applicant's resume text, cover letter, and custom answers are sent to Anthropic; Anthropic processes the data to return a verdict and reasoning, then discards the prompt under its standard zero-retention policy where available.

Important.AI evaluation is a decision-support tool. A human reviewer on the recruiter's team must review before any hiring decision is made. Under GDPR Article 22 you have the right not to be subject to a decision based solely on automated processing; that right is preserved because human review is part of the workflow.

6. Sharing and subprocessors

We do not sell personal data. We share data only with the subprocessors required to deliver the service. Our current list is published at /subprocessors. We will give customers reasonable notice of new subprocessors so they can object before they begin processing.

7. International transfers

Our primary database is hosted in the European Union. Some subprocessors (notably Anthropic, Stripe, Resend, Vercel, and analytics providers) are based in the United States. Where personal data is transferred outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses and adequacy decisions where applicable.

8. Retention

  • Recruiter account data: kept while your account is active; deleted within 30 days of you deleting your account.
  • Job applications:applications archived 12 months after rejection or withdrawal, and permanently deleted at 24 months. Workspace owners can shorten or extend within reasonable limits in workspace settings. Applicants who opt in to "keep my application on file for future roles" extend their own retention.
  • Audit logs: 12 months.
  • Invoice / tax records: 7 years (legal obligation).

9. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate personal data.
  • Erasure of your personal data.
  • Restriction of processing in certain cases.
  • Portability — a machine-readable copy of your data.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time for processing based on consent.
  • Lodge a complaint with a supervisory authority.

You can delete your account yourself from the Account Settings page. To exercise any of the other rights — including a copy of your data — write to support@recruitin.app and we will respond within 30 days.

10. Cookies and analytics

We use a small number of essential cookies to keep you signed in and secure the site. With your consent we also use analytics cookies. See our Cookie Policyfor the full list, and use the "Cookie settings" link in the footer to change your choice at any time.

11. Security

We follow industry-standard security practices: encryption in transit (TLS) and at rest, row-level security in the database, principle-of-least-privilege access for staff, audit logging of sensitive actions, and a documented incident-response process. No system is perfectly secure; if you discover a vulnerability please report it to support@recruitin.app or via our security.txt.

12. Children

RecruitIn is not directed at people under 16, and we don't knowingly collect data from them. If you believe we have collected data from a child, please contact us so we can delete it.

13. Changes to this policy

When we make material changes we will publish a new version here, bump the version string at the top, and re-prompt logged-in users to review.

14. Contact

Privacy questions: support@recruitin.app
Security disclosure: support@recruitin.app
Support: support@recruitin.app