Privacy Policy
This Privacy Policy explains how personal data is processed in connection with the ReCo product, sold and provided by Recruiter Companion Labs PSA ("Company"). It covers two distinct contexts: (1) how we process data about recruiters who use ReCo, and (2) how candidate data flows through ReCo when recruiters use the product.
1. Data Controller
1.1 Recruiter data.
For data relating to recruiters ("ReCo Users") — including registration, billing, and account data — the data controller is Recruiter Companion Labs PSA, with its registered office at ul. Pilotów 2a/13, 31-462 Kraków, Poland (EU). Contact: contact@recruitercompanion.com.
1.2 Candidate data.
When a recruiter uses ReCo to process personal data of candidates (including transcripts of interviews, CV/resume content, job descriptions, notes, and chat messages), the recruiter acts as the primary data controller of that candidate data. Recruiter Companion Labs PSA acts as a data processor on behalf of the recruiter, to the extent that candidate data is transmitted through the ReCo platform for AI-assisted processing (see Section 5 below). The legal basis for this processing by Recruiter Companion Labs PSA is the performance of the contract with the recruiter (Article 6(1)(b) GDPR).
Finished reports and locally stored files remain on the recruiter's device. Recruiter Companion Labs PSA does not retain access to those files.
2. Responsibility for Data Processing
ReCo is a tool that enables recruiters to manage and document their recruitment workflow. However, certain obligations lie with the recruiter directly, under both the GDPR and the EU AI Act.
2.1 GDPR
As the primary controller of candidate data, the recruiter is responsible for:
- Collecting, processing, and storing candidate data lawfully.
- Ensuring an appropriate legal basis for each processing purpose under Article 6 GDPR.
- Informing candidates of their rights and how their data is processed.
- Implementing appropriate technical and organizational security measures.
- Complying with all applicable data protection regulations, including the GDPR.
ReCo provides in-product reminders to recruiters about their data protection obligations (for example, when recording transcripts or uploading CVs). These reminders do not transfer legal responsibility to Recruiter Companion Labs PSA.
Recruiters are also required under our Terms & Conditions to inform candidates about AI-assisted data processing prior to any interview conducted using ReCo. A ready-to-use consent template is provided there for recruiters to copy and share with candidates.
2.2 EU AI Act
In the context of the EU AI Act (Regulation (EU) 2024/1689), Recruiter Companion Labs PSA acts as a provider of an AI-assisted tool. Recruiters who use ReCo to conduct interviews and generate candidate assessments act as deployers of that tool within the meaning of the AI Act. Recruitment-related AI systems may fall within the scope of high-risk AI systems under Annex III of the AI Act.
Deployer obligations under the AI Act are addressed in our Terms & Conditions.
3. Personal Data Processed by Recruiter Companion Labs PSA
3.1 Recruiter account data
We collect and process the following data about recruiters who register and use ReCo:
- Name and email address
- Billing and payment information
- Usage data and product interaction logs
- Communications with our support team
Legal basis: performance of a contract (Article 6(1)(b) GDPR) and legitimate interests (Article 6(1)(f) GDPR).
3.2 Candidate data processed through the platform
ReCo captures text-based closed captions generated by the video conferencing platform (Google Meet or Microsoft Teams). No audio or video is recorded, captured, or transmitted by ReCo at any point.
When recruiters use ReCo's AI-assisted features, the following categories of candidate data may be transmitted through the ReCo platform to OpenAI's API for processing:
- Interview transcripts
- CV/resume content (including anonymized/blinded versions)
- Job description content
- Recruiter notes
- Chat messages within ReCo
This data is processed solely to generate AI-assisted outputs (such as candidate reports) on behalf of the recruiter. Recruiter Companion Labs PSA does not use this data for its own purposes, does not sell it, and does not retain it beyond what is technically necessary for the processing operation.
4. Data Retention
Recruiter account data is retained for the duration of the active account and for up to 3 years after account termination, as required for legal and billing purposes.
Candidate data transmitted via the API is processed transiently. OpenAI retains API input data for a maximum of 30 days before deletion, in accordance with their data retention policy. Recruiter Companion Labs PSA does not maintain a separate copy of this data.
Locally stored files (transcripts, reports) remain on the recruiter's device and are subject to the recruiter's own retention policies.
Usage log data (including user identifier, feature usage, AI token consumption, and associated costs) is retained indefinitely on the ReCo server. This data contains no transcript, CV, or candidate content — only technical metrics used for billing and service monitoring purposes.
5. Sub-processors and Third-Party Services
Recruiter Companion Labs PSA uses the following sub-processors in connection with the ReCo service:
OpenAI Ireland Ltd — AI text generation via API. Candidate data (transcripts, CV content, notes, chat) is transmitted to OpenAI for processing. OpenAI acts as a sub-processor under a Data Processing Addendum (DPA) in accordance with Article 28 GDPR. OpenAI does not use API data to train its models. Data is deleted within 30 days. See: openai.com/policies/data-processing-addendum
Mixpanel, Inc.— Product analytics. We use Mixpanel to collect anonymized usage data about how recruiters interact with ReCo (e.g. feature usage, session activity). Mixpanel does not receive candidate personal data. Data is processed in accordance with Mixpanel's privacy policy. See: mixpanel.com/legal/privacy-policy
Auth0 (by Okta) — Identity and access management. Auth0 stores recruiter account data including email address, name, user role, and subscription status. No candidate data is processed by Auth0. Data is processed in EU region servers. See: auth0.com/privacy
Stripe, Inc. — Payment processing. Stripe handles subscription payments and stores payment card data. The ReCo server never receives or stores payment card details. Stripe does not receive any candidate data. See: stripe.com/privacy
Additional sub-processors may be engaged (e.g. infrastructure or operational services). An up-to-date list is available on request at contact@recruitercompanion.com.
If the recruiter independently chooses to use third-party services in connection with candidate data, the recruiter is solely responsible for ensuring compliance with applicable data protection law.
6. International Data Transfers
OpenAI Ireland Ltd. is the contracting entity for EEA-based customers. To the extent that candidate data is transferred to OpenAI's infrastructure outside the EEA, such transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, as incorporated into OpenAI's DPA.
7. Data Security
Recruiter Companion Labs PSA implements appropriate technical and organizational measures to protect data processed through the ReCo platform, including encrypted data transmission (TLS) and access controls.
Recruiters are responsible for the security of data stored on their own devices and for any third-party services they independently connect to ReCo.
8. Rights of Data Subjects
Candidates whose data is processed through ReCo should direct any requests to exercise their rights (access, rectification, erasure, portability, objection) to the recruiter, who is the primary data controller of that data.
Recruiters who wish to exercise their rights in relation to their own account data held by Recruiter Companion Labs PSA may contact us at contact@recruitercompanion.com.
You also have the right to lodge a complaint with the competent supervisory authority (in Poland: the President of the Personal Data Protection Office, UODO).
9. Cookies and Analytics
The ReCo website and application may use cookies and similar tracking technologies. We use the following:
Essential cookies — required for the service to function (e.g. session management, authentication). These cannot be disabled.
Analytics cookies (Mixpanel) — we use Mixpanel to collect anonymized data about how users interact with ReCo (e.g. pages visited, features used, session duration). This data helps us improve the product. No candidate personal data is included in analytics tracking.
You may disable non-essential cookies through your browser settings. Note that disabling cookies may affect the functionality of the service.
10. Changes to This Privacy Policy
Recruiter Companion Labs PSA may update this Privacy Policy periodically. The updated version will be posted with a revised date. For changes that materially affect the processing of recruiter data, we will notify users directly (e.g. by email).
11. Contact
Recruiter Companion Labs PSA
ul. Pilotów 2a/13, 31-462 Kraków, Poland (EU)
Email: contact@recruitercompanion.com