Privacy Policy

Talentika (operated by [Company Name] S.R.L., a company registered in Romania, hereinafter "Talentika", "we", "our", or "us") operates the Talentika platform available at talentika.ai (the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our Service. It applies to all users of the platform, including recruiters, hiring managers, administrators, and job candidates.

We are committed to protecting your privacy in full compliance with the General Data Protection Regulation (GDPR), the EU AI Act (Regulation 2024/1689), and applicable Romanian data protection legislation.

2.1 Personal Data You Provide

• Account information: name, email address, company name, job title, phone number
• Payment information: billing address, payment method details (processed securely by Stripe)
• Communications: emails, support tickets, feedback, and messages you send us

2.2 Recruitment Data

• Candidate profiles: resumes/CVs, cover letters, professional qualifications
• Interview data: AI video interview recordings, assessment responses, evaluation scores
• Application data: job preferences, availability, salary expectations
• AI-generated data: parsed CV fields, matching scores, interview assessments

2.3 Usage Data

• Device and browser information, IP addresses, operating system
• Pages visited, features used, timestamps, referring URLs
• Performance data, error logs, and diagnostic information

3.1 Service Delivery

We process your data to provide, maintain, and improve the Talentika platform, including candidate screening, AI-powered interviews, CV parsing, analytics dashboards, and career page hosting.

3.2 AI Processing

Our AI features process recruitment data to generate candidate assessments, parse CVs, match candidates to positions, and provide hiring recommendations. All AI processing is subject to human oversight requirements outlined in Section 5.

3.3 Analytics & Improvement

We use aggregated and anonymized usage data to analyze platform performance, improve our algorithms, monitor for bias, and develop new features.

3.4 Communications

We may contact you regarding service updates, security alerts, support responses, and (with your consent) marketing communications. You can opt out of marketing emails at any time.

We process personal data based on the following legal grounds:

4.1 Performance of Contract (Art. 6(1)(b))

Processing necessary to fulfill our service agreement with you, including account management, billing, and platform access.

4.2 Consent (Art. 6(1)(a))

Where you have explicitly consented to specific processing activities, such as marketing communications or extended data retention for talent pools. You may withdraw consent at any time.

4.3 Legitimate Interest (Art. 6(1)(f))

Processing serving our legitimate business interests, including fraud prevention, platform security, analytics, and service improvement, where these interests do not override your fundamental rights.

4.4 Legal Obligation (Art. 6(1)(c))

Processing required to comply with applicable laws, including tax regulations, employment law, and regulatory obligations.

Talentika uses artificial intelligence for candidate screening, CV parsing, interview assessment, and matching. We are committed to responsible AI use:

5.1 Explainable AI

All AI-generated assessments include explanations of the reasoning and factors that influenced the result. Candidates and recruiters can request detailed explanations of any AI-based evaluation.

5.2 Human Oversight

AI provides recommendations only. Final hiring decisions always remain with human decision-makers. No candidate is rejected solely on the basis of automated processing without meaningful human review.

5.3 Bias Monitoring

We conduct regular audits of our AI systems for fairness and bias across protected characteristics. Results are documented and remediation measures are implemented as needed.

5.4 EU AI Act Compliance

Our AI systems used in recruitment are classified as high-risk under the EU AI Act. We maintain conformity assessments, technical documentation, risk management systems, and human oversight mechanisms as required by Regulation 2024/1689.

5.5 Right to Contest

Candidates have the right to contest AI-based decisions, request human review, and obtain an explanation of the logic involved (GDPR Art. 22).

We share personal data only as necessary to provide the Service and as described below. We do not sell your data.

6.1 Sub-processors

• AWS (Ireland) — Cloud infrastructure and data hosting
• SendGrid — Transactional email delivery
• Stripe — Payment processing
• Mixpanel — Product analytics (anonymized data)
• Backblaze — Encrypted backups

6.2 Legal Requirements

We may disclose data when required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

7.1 EU Data Residency

All primary data processing and storage occurs within the European Union, specifically in the AWS Ireland (eu-west-1) region. We are committed to keeping your data within the EU wherever possible.

7.2 Standard Contractual Clauses

Where data must be transferred outside the EU/EEA (e.g., to certain sub-processor locations), we rely on EU-approved Standard Contractual Clauses (SCCs) and conduct Transfer Impact Assessments to ensure adequate protection.

7.3 Adequacy Decisions

We transfer data to third countries only where the European Commission has issued an adequacy decision or where appropriate safeguards are in place.

We retain personal data only for as long as necessary for the purposes outlined in this policy:

You may request earlier deletion of your data at any time, subject to legal retention obligations.

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15) — Obtain confirmation of whether we process your data and request a copy.
• Right to Rectification (Art. 16) — Correct inaccurate or incomplete personal data.
• Right to Erasure (Art. 17)— Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
• Right to Restrict Processing (Art. 18) — Limit how we use your data in certain circumstances.
• Right to Data Portability (Art. 20) — Receive your data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21) — Object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decisions (Art. 22) — Request human review of decisions made solely by automated means.

To exercise any of these rights, contact us at dpo@talentika.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or the supervisory authority in your jurisdiction.

We implement comprehensive technical and organizational security measures:

• Encryption — All data encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive fields receive additional application-level encryption.
• Access Controls — Role-based access control (RBAC), multi-factor authentication for staff, principle of least privilege.
• Infrastructure — EU-hosted infrastructure with network isolation, firewalls, intrusion detection, and DDoS protection.
• Audits — Regular third-party security assessments, penetration testing, and vulnerability scanning.
• Incident Response — Documented incident response procedures with 72-hour breach notification as required by GDPR Art. 33.
• Employee Training — All personnel receive regular data protection and security awareness training.

We use cookies and similar technologies on our website:

11.1 Strictly Necessary Cookies

Essential for the website to function properly, including authentication tokens, session management, and security cookies. These cannot be disabled.

11.2 Functional Cookies

Enable enhanced functionality such as language preferences and user interface customization. Require your consent.

11.3 Analytics Cookies

Help us understand how visitors interact with our website using aggregated, anonymized data (Mixpanel). Require your consent.

11.4 Managing Cookies

You can manage your cookie preferences through our cookie banner or your browser settings. Disabling certain cookies may affect website functionality.

For any privacy-related inquiries or to exercise your data protection rights:

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or the relevant supervisory authority in your EU member state.