Terms of Service

Version 2026-05-16

These Terms of Service (the "Terms") govern your use of RecruitIn (the "Service"). By creating an account or using the Service you agree to these Terms. If you do not agree, do not use the Service.

Annex A to these Terms is a Data Processing Agreement (DPA) that applies whenever you process personal data of third parties (job applicants, candidates) through the Service. By agreeing to these Terms you also agree to the DPA.

1. The Service

RecruitIn is a recruitment-operations platform that lets companies publish job postings, receive applications, manage candidate pipelines, schedule interviews, and run AI-assisted evaluation.

2. Eligibility

You must be at least 16 years old, able to enter a binding contract under the laws of your jurisdiction, and not barred from using the Service under applicable law.

3. Your account

You are responsible for keeping your credentials secure and for activity on your account. If you are using the Service on behalf of a company, you confirm you have authority to bind that company to these Terms.

4. Acceptable use

You may not use the Service to: (a) violate any law; (b) infringe another party's rights; (c) send spam or unsolicited marketing; (d) upload malware; (e) attempt to circumvent rate limits, security controls, or RLS; (f) misrepresent your identity or affiliation; (g) discriminate unlawfully against applicants; (h) use the AI evaluation features as the sole basis for an adverse employment decision (it must be a decision-support tool with human review).

5. Fees and billing

Paid plans bill in advance for the billing cycle you select (monthly or yearly), via Stripe. Fees are non-refundable except where required by law. We may change pricing on 30 days' notice for the next renewal.

6. Content and ownership

You retain all rights to data you submit (your profile data, job posts you create, candidate data you process). You grant us a worldwide, non-exclusive licence to host, store, and process that data solely to provide the Service. We do not claim ownership of your data. We do not use customer data to train models.

7. Confidentiality

Each party will protect the other's confidential information with reasonable care and not use it for purposes other than performance of these Terms.

8. Suspension and termination

We may suspend or terminate your account for material breach (acceptable-use violations, unpaid invoices after notice, security risk). You can terminate at any time by deleting your account from Account Settings; on termination we delete or return your data per the retention timelines in our Privacy Policy.

9. Warranties and disclaimers

The Service is provided "as is". We do not warrant that the Service will be uninterrupted or error-free, or that AI evaluations are free from bias or inaccuracy. You must apply human judgment.

10. Limitation of liability

To the maximum extent permitted by law, our aggregate liability for any claim arising out of or related to these Terms or the Service is limited to the fees you paid us in the 12 months before the claim. We are not liable for indirect, incidental, or consequential damages.

11. Indemnity

You will defend and indemnify us against third-party claims arising from your misuse of the Service, your violation of these Terms, or your processing of candidate personal data in breach of applicable law.

12. Governing law

These Terms are governed by the laws of the jurisdiction of our registered office, excluding conflict-of-law principles. The courts of that jurisdiction have exclusive venue for disputes, unless mandatory consumer-protection law specifies otherwise.

13. Changes

We may update these Terms. Material changes will be notified by email or in-product, and the version string at the top will increment. Continued use after the effective date constitutes acceptance.

14. Contact

support@recruitin.app.

Annex A: Data Processing Agreement

This DPA forms part of these Terms and applies whenever Customer (defined as the account holder) processes personal data of third-party candidates / applicants ("Candidate Personal Data") through the Service.

A.1 Roles

Customer is the data controller of Candidate Personal Data. RecruitIn is the data processor. Each party will comply with the applicable data-protection laws (including GDPR, UK GDPR, and the California CCPA where applicable).

A.2 Scope, duration, and purpose

We process Candidate Personal Data for the duration of the subscription (or until the data is deleted) and only to provide the Service: receive job applications, store and display them in the Customer's workspace, run AI-assisted evaluation when the Customer triggers it, send transactional notifications, and apply retention rules the Customer configures.

A.3 Categories of data and data subjects

Categories of data subjects: applicants, sourced candidates, and interviewers nominated by the Customer. Categories of data: identity (name, email, phone, country of residence), professional history (LinkedIn URL, resume text, cover letter), application responses (custom answers), workflow data (pipeline stage, ratings, interview notes, AI evaluations).

A.4 RecruitIn obligations

  • Process Candidate Personal Data only on the Customer's documented instructions (these Terms and the in-product configuration).
  • Ensure that personnel with access to Candidate Personal Data are bound by confidentiality.
  • Implement appropriate technical and organisational measures (see Section A.7).
  • Notify the Customer without undue delay (and in any case within 48 hours) on becoming aware of a personal data breach involving Candidate Personal Data.
  • Assist the Customer with data-subject requests, data protection impact assessments, and prior consultations with supervisory authorities, on the same plan.
  • On termination or on Customer request, delete or return all Candidate Personal Data, save for any retained for legal compliance.

A.5 Sub-processors

Customer authorises us to engage the sub-processors listed at /subprocessors. We will give the Customer prior notice (by updating that page) of any new sub-processor, and the Customer may object on reasonable data-protection grounds. If we cannot resolve a legitimate objection, the Customer may terminate the affected portion of the Service.

A.6 International transfers

Where Candidate Personal Data is transferred outside the EU/EEA or UK, we rely on the European Commission's Standard Contractual Clauses (Module 2 — controller to processor) and additional safeguards where required. Module 3 (processor to sub-processor) applies between us and our sub-processors.

A.7 Security measures

  • Encryption in transit (TLS 1.2+) and at rest.
  • Row-level security on all workspace-scoped tables.
  • Audit logging of access to candidate data and sensitive admin actions; logs retained 12 months.
  • Principle of least privilege for staff access. Service-role keys are never exposed to client-side code.
  • Vulnerability disclosure process at /.well-known/security.txt.
  • Documented incident-response runbook with a 72-hour breach-notification commitment.

A.8 Audit rights

The Customer may, no more than once per 12-month period and on reasonable notice, request a written summary of our security posture and the results of any independent audits we may have completed. On-site audits are not included; if a regulator mandates one, the Customer will bear reasonable cost.

A.9 Enterprise counter-signed copy

Enterprise customers who require a counter-signed PDF of this DPA can request one from support@recruitin.app.