Privacy Policy

Controller

Kashan Humayun

Saarbruecker Str. 28

66125 Saarbruecken

Germany

Privacy contact: kashanhumayun076@gmail.com

Categories Of Data

Depending on the workflow, we may process contact details, authentication data, resume/CV content, application records, recruiter notes, job-posting data, uploaded files, audit events, and public URLs that a user explicitly includes in a resume, profile, application, or verification workflow.

Purposes And Legal Bases

Account creation, authentication, and session security: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR for security and abuse prevention

Resume/CV storage, editing, import, and application submission: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR, depending on the relationship and workflow

Evidence review, recruiter shortlisting, and hiring workflow traceability: Art. 6(1)(f) GDPR, subject to human review and proportionality

Legal compliance, dispute handling, fraud prevention, and logging: Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR

Public Evidence Checks

If a user provides public project or profile URLs, the product may access those public pages to confirm availability and extract relevance signals that support recruiter-facing explanations. These checks are intended to support human review and traceability, not to replace human decision-making.

Recruiter-facing scoring, evidence views, and rankings are decision-support tools. They must not be used as the sole basis for final employment decisions.

Candidate-facing outcomes should remain subject to human review, and candidates may request review, correction, or deletion where legally applicable.

Recipients

Hosting and infrastructure providers

Authentication, email, and operational support providers used by the controller

Recruiters, hiring managers, and authorized customer workspace users

Public artifact providers referenced by the user, such as GitHub, GitLab, or Hugging Face, when a user-submitted public URL is checked

Authorities or professional advisers where disclosure is legally required or necessary to establish, exercise, or defend legal claims

Hosting, Transfers, And Retention

The website and application are intended to be hosted on infrastructure selected and contracted by the controller.

Primary hosting for the public website is intended to be in Germany or another EU/EEA location selected by the controller.

If personal data is transferred outside the EU/EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission Standard Contractual Clauses, where required.

We keep account, application, and audit data only for as long as needed for the relevant hiring workflow, legal obligations, dispute handling, and security logging, then delete or anonymize it according to the controller retention schedule.

Your Rights

If GDPR applies, you may have rights of access, rectification, erasure, restriction, objection, portability, and the right not to be subject solely to automated decision-making where the legal conditions are met.

You can submit requests by emailing kashanhumayun076@gmail.com.

Supervisory authority: You may lodge a complaint with the supervisory authority responsible for your habitual residence, place of work, or the controller establishment.