Skip to content

Privacy Policy

Last updated: 2026-03-15

1. Purpose of This Policy

This policy describes how Recroute ("we", "us", "our") collects and uses personal data in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act, and other applicable data protection legislation.

2. Data Controller

Recroute is the data controller for the personal data described in this policy. We are responsible for deciding how we hold and use personal data about you.

3. Information We Collect

From Hiring Organisations

When you create an account, we collect:

  • Name and email address
  • Organisation name
  • Password (stored as a salted hash — we never store plaintext passwords)
  • Billing information (processed by Stripe; we do not store card details)

From Candidates

When a candidate completes an assessment, we collect:

  • Name and email address (as provided by the hiring organisation)
  • Text responses to assessment questions
  • Video and audio recordings (if the assessment includes video questions)
  • Browser and device metadata (for security and fraud prevention)

Automatically Collected

  • IP address and approximate location
  • Browser type and version
  • Pages visited and actions taken within the Service
  • Cookies and similar tracking technologies (see Section 8)

4. How We Use Your Data

We use personal data to:

  • Provide, maintain, and improve the Service
  • Process candidate assessments and generate AI-scored evaluations
  • Manage subscriptions and process payments
  • Send transactional emails (assessment invitations, account notifications)
  • Ensure security and prevent fraud
  • Comply with legal obligations

We do not sell your personal data to third parties.

5. AI Processing

Candidate responses are processed by artificial intelligence systems to generate scores and analysis. This processing is carried out as part of the Service on behalf of the hiring organisation (the data controller for candidate data in the recruitment context). AI scoring is a decision-support tool; automated decisions are not made without human oversight.

6. Data Retention

  • Account data: Retained for the duration of your account plus 30 days after deletion.
  • Candidate responses and recordings: Retained according to your subscription plan's retention period (45–90 days, or custom for Enterprise plans), then automatically deleted.
  • Audit logs: Retained for the period defined by your plan (up to 365 days for Enterprise).
  • Billing records: Retained as required by applicable tax and financial regulations.

7. Data Sharing

We share personal data only with:

  • Service providers: Stripe (payments), Resend (email delivery), Vercel (hosting), Anthropic (AI processing). Each provider processes data under contractual obligations.
  • Legal requirements: When required by law, regulation, or valid legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.

8. Cookies

We use essential cookies for authentication and security (session cookies, CSRF tokens). We do not use third-party advertising or tracking cookies.

9. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing of your data

To exercise these rights, contact us at privacy@recroute.com.

10. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit (TLS) and at rest
  • Encrypted candidate access tokens (AES-256-GCM)
  • HTTP-only session cookies with CSRF protection
  • Role-based access controls
  • Audit logging of data access

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the Service or by email. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related enquiries, contact us at privacy@recroute.com.