Remotcruite logoRemotcruite← Back to home

Last updated: 18 March 2026

Privacy Policy

Remotcruite (“we”, “us”, “our”) is a recruitment platform operated from the European Union. We are committed to protecting your personal data and complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable EU data protection laws.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. It applies to everyone who uses our platform — companies, recruiters, and job applicants.

1. Data Controller

The data controller for all personal data processed through the Remotcruite platform is Remotcruite. For privacy-related enquiries, contact us at: privacy@remotcruite.com

2. Data We Collect

2.1 Company accounts & recruiters

  • Name and email address (used to create and manage your account)
  • Company name and domain
  • Subscription and billing information (processed via Stripe — we do not store card details)
  • Activity logs (positions created, candidate stage changes)
  • Google Calendar OAuth tokens (stored encrypted, used only to schedule interviews on your behalf)

2.2 Job applicants

  • Full name and email address
  • CV / résumé and motivation letter (uploaded files)
  • Answers to custom application questions set by the employer
  • Application stage and recruiter notes
  • Consent timestamp (GDPR Article 6(1)(a))

2.3 Automatically collected data

  • IP address and browser type (via Firebase Hosting, for security and analytics)
  • Usage data such as pages visited and actions taken (anonymised)

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract performance (Art. 6(1)(b)) — processing necessary to provide the service to companies and recruiters.
  • Consent (Art. 6(1)(a)) — applicant data is collected with explicit GDPR consent at the time of application. Consent can be withdrawn at any time.
  • Legitimate interests (Art. 6(1)(f)) — security monitoring, fraud prevention, and platform improvement.
  • Legal obligation (Art. 6(1)(c)) — retaining billing records as required by EU tax law.

4. How We Use Your Data

  • Providing, operating, and improving the Remotcruite platform
  • Sending transactional emails (invitations, password resets, interview confirmations)
  • Processing subscription payments via Stripe
  • Scheduling interviews via Google Calendar (only when you connect your account)
  • Sending outbound webhooks to third-party tools you configure (e.g., Zapier)
  • Complying with legal obligations

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 5.

5. Third-Party Services

ServicePurposeLocation
Google Firebase / GCPDatabase, authentication, file storage, hostingEU (europe-west1)
StripePayment processingEU (Ireland)
Google Calendar APIInterview scheduling (opt-in per user)Google EU infrastructure
User-configured webhooksCustom integrations (Zapier, Make, etc.)Destination chosen by you

All infrastructure is hosted within the European Union. No personal data is transferred outside the EEA without appropriate safeguards.

6. Data Retention

  • Applicant data — retained for 12 months after the last activity on the application, then deleted unless the company retains it under a legal obligation.
  • Account data — retained for the duration of the account and up to 30 days after deletion.
  • Billing records — retained for 7 years as required by EU tax law.
  • Uploaded files (CV, cover letter) — deleted when the application or company account is deleted.
  • Google OAuth tokens — deleted immediately upon disconnecting Google Calendar.

7. Your Rights Under the GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate data.
  • Right to erasure (Art. 17) — request deletion of your data (“right to be forgotten”).
  • Right to restriction (Art. 18) — request that we limit how we process your data.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting prior processing.

To exercise any of these rights, email privacy@remotcruite.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

8. Cookies

Remotcruite uses only strictly necessary cookies required for authentication (Firebase Auth session cookies). We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required for strictly necessary cookies under the ePrivacy Directive.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data including:

  • AES-256-GCM encryption for stored OAuth tokens
  • HTTPS-only transport for all data in transit
  • Firebase Auth for secure authentication
  • Role-based access control — recruiter data is isolated per organisation
  • No plaintext storage of passwords or sensitive credentials

10. Children's Privacy

Remotcruite is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the most recent version.

12. Contact

For any privacy-related questions, requests, or complaints:

Remotcruite
Email: privacy@remotcruite.com

← Back to home