Privacy Policy – RecruitMatch AI

    Effective Date: January 1, 2026

    Last Updated: January 1, 2026

    Version: 1.0

    1. Introduction

    RecruitMatch AI is a platform operated by Digital Rebel BV, a private limited liability company incorporated under the laws of the Netherlands. Digital Rebel BV is the data controller responsible for the processing of personal data as described in this Privacy Policy.

    We are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you access or use RecruitMatch AI via https://recruitmatch.ai (the "Service").

    By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

    2. Personal Data We Collect

    2.1 Information You Provide Directly

    Account Information

    • Name and email address
    • Password (securely encrypted)
    • Profile information, such as job title and company name (for recruiters)
    • Billing information (processed securely via Stripe)

    Resume and Application Data (Candidates)

    • Resume files (PDF, DOCX)
    • Resume text content
    • Work experience, education, and skills
    • Cover letters
    • Profile photos (optional)

    Candidate Data (Recruiters)

    • Uploaded candidate resumes
    • Candidate contact details
    • Parsed candidate information such as skills, experience, and education
    • Job listings and job descriptions
    • Match results and internal notes

    Support Communications

    • Support ticket content
    • Email correspondence
    • Attachments you provide

    2.2 Information Collected Automatically

    Usage Data

    • IP address
    • Browser type and version
    • Device information
    • Pages visited and features used
    • Date and time of access
    • Time spent on pages
    • Referring URLs

    Cookies

    • Essential cookies for authentication and security
    • Analytics cookies, such as Google Analytics if enabled
    • Preference cookies for user settings

    2.3 Information from Third Parties

    Payments

    • Payments are processed by Stripe
    • We receive confirmation of successful payments
    • We do not store full credit card details

    Job Data

    • When using job URL import features, we retrieve publicly available job posting information

    3. Legal Basis for Processing (GDPR Article 6)

    We process personal data based on the following legal grounds:

    3.1 Performance of a Contract (Article 6(1)(b))

    • Account creation and authentication
    • Resume analysis and optimization
    • Candidate-to-job matching
    • Subscription and billing management
    • Customer support

    3.2 Legitimate Interests (Article 6(1)(f))

    • Fraud prevention and platform security
    • Service improvement and analytics
    • Limited direct marketing with opt-out
    • Network and information security

    3.3 Legal Obligations (Article 6(1)(c))

    • Tax and accounting obligations (7-year retention)
    • Legal requests from authorities

    3.4 Consent (Article 6(1)(a))

    • Marketing communications
    • Non-essential cookies
    • Data sharing beyond core service delivery

    Consent may be withdrawn at any time.

    3.5 Special Categories of Personal Data

    We do not intentionally collect special categories of personal data. If such data appears in uploaded resumes, it is processed only:

    • with your explicit consent under Article 9(2)(a) GDPR, and
    • to the extent necessary to provide the Service.

    4. How We Use Personal Data

    4.1 For Candidates

    • Analyze and score resumes
    • Match resumes to job descriptions
    • Provide optimization suggestions
    • Generate cover letters
    • Enable document export

    4.2 For Recruiters

    • Manage candidate databases
    • Perform candidate-to-job matching
    • Generate match scores and reports
    • Enable team collaboration features
    • Monitor usage and billing

    4.3 Service Improvement

    • Analyze usage trends
    • Develop new features
    • Improve AI models using anonymized data only

    4.4 Communications

    • Transactional emails
    • Support responses
    • Service and security notifications

    5. Sharing of Personal Data

    We do not sell personal data.

    Personal data may be shared only with:

    Service Providers

    • Supabase (database and authentication)
    • Stripe (payment processing)
    • Resend (email delivery)
    • AI service providers (anonymized where possible)
    • Cloud storage providers

    All processors are contractually required to protect personal data.

    Recruiter Teams

    Authorized team members may access shared candidate data

    Legal Requirements

    When required by law or court order

    Business Transfers

    In connection with a merger, acquisition, or asset sale, with prior notice

    6. Data Security

    We implement appropriate technical and organizational security measures, including:

    • SSL/TLS encryption
    • Secure password hashing
    • Role-based access controls
    • Logging and monitoring
    • Automated backups

    Additional safeguards apply to recruiter accounts handling candidate data.

    7. Data Retention

    Personal data is retained while accounts remain active

    Upon account deletion:

    • Profile data deleted within 30 days
    • Uploaded documents permanently deleted
    • Billing records retained for 7 years
    • Backup data retained for up to 90 days

    8. Your Rights

    You have the right to:

    • Access your personal data
    • Correct inaccurate data
    • Request deletion
    • Restrict processing
    • Data portability
    • Object to processing
    • Withdraw consent

    Requests may be submitted to hello@recruitmatch.ai.

    9. International Data Transfers

    RecruitMatch AI is operated by Digital Rebel BV, based in the Netherlands (EU). Personal data is primarily stored within the EU/EEA.

    Where transfers outside the EU/EEA occur, we rely on:

    • Standard Contractual Clauses approved by the European Commission
    • Other GDPR-compliant safeguards

    10. Cookies

    We use:

    • Essential cookies
    • Analytics cookies, subject to consent
    • Preference cookies

    Cookie preferences can be managed via browser settings.

    11. AI and Automated Processing

    AI is used for:

    • Resume analysis
    • Matching and scoring
    • Optimization recommendations

    We do not make fully automated decisions with legal or similarly significant effects. All final decisions remain under human control.

    12. Recruiters and Data Processing Roles

    Recruiters uploading candidate data act as data controllers. RecruitMatch AI acts as data processor on their behalf.

    Use of the Service constitutes agreement with our Data Processing Addendum.

    13. Supervisory Authority

    You may lodge a complaint with your supervisory authority, including:

    Netherlands

    Autoriteit Persoonsgegevens

    https://autoriteitpersoonsgegevens.nl

    14. Contact Information

    Data Controller

    Digital Rebel BV

    Trade Name: RecruitMatch AI

    Chamber of Commerce (KvK): 95626980

    VAT Number: NL867212007B01

    Registered Address: Moormannstraat 118 6663 RM, Lent, the Netherlands

    Email: hello@recruitmatch.ai

    We aim to respond within 30 days.

    By using RecruitMatch AI, you acknowledge that you have read and understood this Privacy Policy.