Privacy Policy

Last updated on 17th March 2026

This Privacy Policy explains how personal data is processed in connection with the ReCo product, sold and provided by Recruiter Companion Labs PSA ("Company"). It covers two distinct contexts: (1) how we process data about recruiters who use ReCo, and (2) how candidate data flows through ReCo when recruiters use the product.

‍

1. Data Controller

1.1 Recruiter data. ‍

For data relating to recruiters ("ReCo Users") β€” including registration, billing, and account data β€” the data controller is Recruiter Companion Labs PSA, with its registered office at ul. PilotΓ³w 2a/13, 31-462 KrakΓ³w, Poland (EU). Contact: reco.startup@gmail.com.

‍

1.2 Candidate data.

When a recruiter uses ReCo to process personal data of candidates (including transcripts of interviews, CV/resume content, job descriptions, notes, and chat messages), the recruiter acts as the primary data controller of that candidate data. Recruiter Companion Labs PSA acts as a data processor on behalf of the recruiter, to the extent that candidate data is transmitted through the ReCo platform for AI-assisted processing (see Section 5 below). The legal basis for this processing by Recruiter Companion Labs PSA is the performance of the contract with the recruiter (Article 6(1)(b) GDPR).

‍

Finished reports and locally stored files remain on the recruiter's device. Recruiter Companion Labs PSA does not retain access to those files.

‍

‍

2. Responsibility for Data Processing

ReCo is a tool that enables recruiters to manage and document their recruitment workflow. As the primary controller of candidate data, the recruiter is responsible for:

  • Collecting, processing, and storing candidate data lawfully.
  • Ensuring an appropriate legal basis for each processing purpose under Article 6 GDPR.
  • Informing candidates of their rights and how their data is processed.
  • Implementing appropriate technical and organizational security measures.
  • Complying with all applicable data protection regulations, including the GDPR.

‍

ReCo provides in-product reminders to recruiters about their data protection obligations (for example, when recording transcripts or uploading CVs). These reminders do not transfer legal responsibility to Recruiter Companion Labs PSA.

‍

‍

3. Personal Data Processed by Recruiter Companion Labs PSA

3.1 Recruiter account data

We collect and process the following data about recruiters who register and use ReCo:

  • Name and email address
  • Billing and payment information
  • Usage data and product interaction logs
  • Communications with our support team

‍

Legal basis: performance of a contract (Article 6(1)(b) GDPR) and legitimate interests (Article 6(1)(f) GDPR).

‍

3.2 Candidate data processed through the platform

When recruiters use ReCo's AI-assisted features, the following categories of candidate data may be transmitted through the ReCo platform to OpenAI's API for processing:

  • Interview transcripts
  • CV/resume content (including anonymized/blinded versions)
  • Job description content
  • Recruiter notes
  • Chat messages within ReCo

‍

This data is processed solely to generate AI-assisted outputs (such as candidate reports) on behalf of the recruiter. Recruiter Companion Labs PSA does not use this data for its own purposes, does not sell it, and does not retain it beyond what is technically necessary for the processing operation.

‍

‍

4. Data Retention

Recruiter account data is retained for the duration of the active account and for up to 3 years after account termination, as required for legal and billing purposes.

‍

Candidate data transmitted via the API is processed transiently. OpenAI retains API input data for a maximum of 30 days before deletion, in accordance with their data retention policy. Recruiter Companion Labs PSA does not maintain a separate copy of this data.

‍

Locally stored files (transcripts, reports) remain on the recruiter's device and are subject to the recruiter's own retention policies.

‍

‍

5. Sub-processors and Third-Party Services

Recruiter Companion Labs PSA uses the following sub-processors in connection with the ReCo service:

‍

OpenAI Ireland Ltd β€” AI text generation via API. Candidate data (transcripts, CV content, notes, chat) is transmitted to OpenAI for processing. OpenAI acts as a sub-processor under a Data Processing Addendum (DPA) in accordance with Article 28 GDPR. OpenAI does not use API data to train its models. Data is deleted within 30 days. See: openai.com/policies/data-processing-addendum

‍

Mixpanel, Inc.β€” Product analytics. We use Mixpanel to collect anonymized usage data about how recruiters interact with ReCo (e.g. feature usage, session activity). Mixpanel does not receive candidate personal data. Data is processed in accordance with Mixpanel's privacy policy. See: mixpanel.com/legal/privacy-policy

‍

Additional sub-processors may be engaged (e.g. hosting, payments). An up-to-date list is available on request at reco.startup@gmail.com.

‍

If the recruiter independently chooses to use third-party services in connection with candidate data, the recruiter is solely responsible for ensuring compliance with applicable data protection law.

‍

‍

6. International Data Transfers

OpenAI Ireland Ltd. is the contracting entity for EEA-based customers. To the extent that candidate data is transferred to OpenAI's infrastructure outside the EEA, such transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, as incorporated into OpenAI's DPA.

‍

‍

7. Data Security

Recruiter Companion Labs PSA implements appropriate technical and organizational measures to protect data processed through the ReCo platform, including encrypted data transmission (TLS) and access controls.

‍

Recruiters are responsible for the security of data stored on their own devices and for any third-party services they independently connect to ReCo.

‍

‍

8. Rights of Data Subjects

Candidates whose data is processed through ReCo should direct any requests to exercise their rights (access, rectification, erasure, portability, objection) to the recruiter, who is the primary data controller of that data.

‍

Recruiters who wish to exercise their rights in relation to their own account data held by Recruiter Companion Labs PSA may contact us at reco.startup@gmail.com.

‍

You also have the right to lodge a complaint with the competent supervisory authority (in Poland: the President of the Personal Data Protection Office, UODO).

‍

‍

9. Cookies and Analytics

The ReCo website and application may use cookies and similar tracking technologies. We use the following:

‍

Essential cookies β€” required for the service to function (e.g. session management, authentication). These cannot be disabled.

‍

Analytics cookies (Mixpanel) β€” we use Mixpanel to collect anonymized data about how users interact with ReCo (e.g. pages visited, features used, session duration). This data helps us improve the product. No candidate personal data is included in analytics tracking.

‍

You may disable non-essential cookies through your browser settings. Note that disabling cookies may affect the functionality of the service.

‍

‍

10. Changes to This Privacy Policy

Recruiter Companion Labs PSA may update this Privacy Policy periodically. The updated version will be posted with a revised date. For changes that materially affect the processing of recruiter data, we will notify users directly (e.g. by email).

‍

‍

11. Contact

Recruiter Companion Labs PSA

ul. PilotΓ³w 2a/13, 31-462 KrakΓ³w, Poland (EU)

Email: reco.startup@gmail.com

‍