Privacy Policy

Last updated: 6 June 2026 · Controller for site data: Vladyslav Maksymenko, Poland · Contact: [email protected]

1. Overview

This policy explains how Atlas Recruit handles personal data. We distinguish two roles: (a) for our own website and account data we are the controller; (b) for candidate CVs that customers submit, we act as a processor on the customer's behalf.

2. Data we collect (as controller)

• Account / billing: name, company, email, country, and subscription details. Card data is handled directly by Stripe — we never see or store full card numbers.
• Usage: basic counts (e.g. number of screenings) to enforce plan limits.
• Communications: messages you send us.

3. Candidate CVs (as processor)

• CV text submitted for screening is sent to our AI sub-processor to generate the assessment, then discarded — not stored after analysis by default.
• If a customer enables "store results", we retain minimal fields (name, title, score, verdict — never the raw CV) for up to 30 days (configurable per customer) unless deleted earlier.
• Customers are responsible for having a lawful basis to submit candidate data.

4. Sub-processors

• Anthropic — AI model that performs the screening.
• Stripe — payment processing.
• Cloudflare — hosting / content delivery.

5. Retention

Account and billing data are kept while your account is active and as required by law (e.g. tax records). Candidate data is not retained after analysis by default; if "store results" is enabled, minimal fields are retained for up to 30 days (configurable per customer) unless deleted earlier.

6. Your rights

Subject to applicable law (incl. GDPR), you may request access, correction, deletion, restriction, or export of your personal data, and may lodge a complaint with a supervisory authority. To exercise these rights or request deletion, email us — we respond within 30 days. Candidates should contact the customer (controller) who submitted their CV; we assist customers in fulfilling such requests.

7. Security

We apply technical and organisational measures appropriate to the risk, including:

• Encrypted transmission (TLS / HTTPS).
• Role-based, least-privilege access controls.
• Logging and monitoring.
• Data minimisation — candidate documents are discarded after analysis by default.
• Regular dependency and security updates.

No method is 100% secure, but we take reasonable steps to protect data.

8. International transfers

Some sub-processors (e.g. Anthropic and Stripe) may process data outside the EEA, including in the United States. Such transfers rely on the EU Standard Contractual Clauses (SCC) and the providers’ own safeguards. Cloudflare provides EU-region hosting where configured.

9. Legal bases for processing

• Providing the Service / account — performance of a contract (Art. 6(1)(b) GDPR).
• Billing & tax records — legal obligation (Art. 6(1)(c) GDPR).
• Support, security & service improvement — legitimate interest (Art. 6(1)(f) GDPR).
• Candidate CVs — processed on the customer's instructions as processor; the customer (controller) determines the legal basis.

10. Cookies & local storage

We use only functional browser storage (for language, theme, and your access token) needed to run the Service. We do not use advertising or third-party tracking cookies. See our Cookie Policy.

11. Contact

Privacy questions or requests: [email protected].