Smart Recruiting with AI - Find Top Talent Faster

Privacy Policy

Last updated: 17.1.2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

[FIRMENNAME]
[Straße und Hausnummer]
[PLZ] [Stadt]
[Land]
E-Mail: [kontakt@example.com]
Telefon: [+49 XXX XXXXXXX]

We have appointed a Data Protection Officer for our company:

Data Protection Officer
[Name des Datenschutzbeauftragten]
E-Mail: [datenschutz@example.com]

2. Scope and Purpose of Data Processing

We only process personal data of our users to the extent necessary to provide a functional website and our content and services.

a) Hosting and Platform Provision

Our platform is hosted by Google Cloud / Vercel. Each time you access our website, the system automatically collects data and information from the computer system of the accessing device (IP address, browser type, operating system, referrer URL, time). This data is technically necessary to display the website and ensure stability and security.

The legal basis for temporary data storage and log files is Art. 6(1)(f) GDPR (legitimate interest in providing a functional website).

b) Registration and User Account

Users can register on our platform to use the full range of functions. We collect personal data (name, email address) and, for companies, additional company-related data (company name, address, industry). This data is used to manage your account and provide our services. The legal basis is Art. 6(1)(b) GDPR (contract performance).

c) Application and Recruiting Process

The core of our service is processing applicant data on behalf of companies registered on our platform. This includes resumes, cover letters, qualifications, references, and communication histories. Companies (our customers) are the data controllers for this applicant data. We act as a processor pursuant to Art. 28 GDPR.

Applicants provide their data so that companies can find suitable job offers and contact them. The legal basis is Art. 6(1)(b) GDPR (initiation of an employment relationship).

d) Payment Processing

For paid services, we process payment data through our payment service provider Stripe (Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA). We do not store complete credit card data ourselves. Stripe is PCI-DSS certified. The legal basis is Art. 6(1)(b) GDPR.

e) Contact

When you contact us (e.g., by email or contact form), your information is stored for processing the request and for follow-up questions. We do not share this data without your consent. The legal basis is Art. 6(1)(f) GDPR.

3. Use of Artificial Intelligence (AI)

We use AI technologies (Google Gemini API) to improve the efficiency of the recruiting process. This includes: analysis of job descriptions for inclusivity, anonymization of candidate profiles, creation of summaries, assistance with text formulation, and AI-supported matching.

AI serves as an assistant. Decisions about hiring or rejecting applicants are made exclusively by the human users (HR managers) of the companies. There is no automated individual decision-making pursuant to Art. 22 GDPR.

When using AI functions, text data is transmitted to Google. Processing takes place in the EU region (europe-west3). Google processes this data solely to provide the service and not for its own purposes.

The content generated by AI are suggestions. We do not guarantee the accuracy, completeness, or timeliness of this content. The final responsibility for the content lies with the user.

4. Use of Third-Party Services

We use the following third-party providers to deliver our services:

a) Hosting (Vercel / Google Cloud)

Our platform is hosted by Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA). Vercel processes data in European data centers. Data transfer is based on EU Standard Contractual Clauses.

b) Email Delivery (Resend)

We use Resend (Resend Inc., USA) for sending transactional emails. This includes registration confirmations, password resets, and system notifications. Processing is based on EU Standard Contractual Clauses.

c) Analytics Services

We currently do not use third-party tracking or analytics tools. All analyses are based on aggregated, anonymized data stored on our own servers.

d) AI Services (Google Cloud Vertex AI)

For AI functions, we use Google Cloud Vertex AI with servers in the EU (region europe-west3 Frankfurt). A data processing agreement exists with Google. Processing is GDPR compliant.

5. Use of Cookies

Our platform uses technically necessary cookies to ensure the functionality of user login and the security of the site.

We do not use third-party tracking or marketing cookies without your explicit consent through our cookie banner.

Cookie NamePurposeStorage Duration
session_tokenAuthentication and session managementSession end
cookie_consentStorage of your cookie preferences1 year
localeStorage of your language setting1 year

6. Data Sharing

Your data will only be shared in the following cases:

  • You have given your explicit consent (Art. 6(1)(a) GDPR)
  • Disclosure is necessary for contract performance (Art. 6(1)(b) GDPR)
  • Disclosure is necessary to fulfill a legal obligation (Art. 6(1)(c) GDPR)

Where third-party providers are used as processors, we have concluded appropriate data processing agreements.

7. Storage Duration and Deletion Periods

We only store your data for as long as necessary to fulfill the purposes or as required by legal retention periods:

  • Applicant data: 6 months after completion of the application process (unless longer consent is given)
  • Customer data: For the duration of the business relationship plus statutory retention periods (6-10 years)
  • Billing data: 10 years according to tax regulations
  • Log files: 7-30 days (depending on security relevance)

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Access (Art. 15 GDPR): You have the right to request information about your personal data processed by us.
  • Rectification (Art. 16 GDPR): You have the right to request immediate correction of inaccurate data or completion of your data.
  • Erasure (Art. 17 GDPR): You have the right to request deletion of your data, provided no legal retention obligations apply.
  • Restriction (Art. 18 GDPR): You have the right to request restriction of processing of your data.
  • Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used and machine-readable format.
  • Objection (Art. 21 GDPR): You have the right to object to processing on grounds relating to your particular situation.
  • Withdrawal of Consent (Art. 7(3) GDPR): You may withdraw your consent at any time with effect for the future.
  • Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority.

To exercise your rights, please contact our Data Protection Officer.

9. Data Security

We take extensive technical and organizational security measures pursuant to Art. 32 GDPR:

  • Encryption of all data transfers using TLS/SSL
  • Encrypted storage of sensitive data (passwords are hashed with bcrypt)
  • Regular security updates and penetration tests
  • Access control and logging of all system access

10. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements. The current version can be found on our website. We will notify you by email of significant changes.

11. Contact for Privacy Inquiries

For questions about data protection, please contact us at:

E-Mail: [datenschutz@example.com]
Postal address: [Ihre Adresse]

    REQUD - AI-powered Recruiting Platform