Last updated: February 28, 2026
TalentLens ("we", "us", "our") is committed to protecting the privacy and personal data of our users and the individuals whose data is processed through our platform. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the TalentLens recruiting intelligence platform ("the Service").
This policy applies to two categories of individuals: (a) Users — recruiters and talent acquisition professionals who use the Service; and (b) Candidates — individuals whose personal data is processed by Users through the Service.
2.1 User Account Data
When you create an account, we collect your email address and an encrypted password. We may also collect usage data such as login times, feature usage, and browser information for service improvement purposes.
2.2 Candidate Data (Processed on Behalf of Users)
Users upload and manage candidate data through the Service. This may include: full name, email address, phone number, location (city and country), professional headline, employment history, education records, skills, LinkedIn and other professional profile URLs, resume/CV content, salary expectations, availability, visa status, relocation preferences, and any additional information the User chooses to input.
We process candidate data solely as a data processor acting on instructions from our Users, who are the data controllers for candidate data.
2.3 AI-Generated Data
The Service uses artificial intelligence to generate evaluations, match scores, recommendations, and other analytical outputs based on data provided by Users. This AI-generated data is stored within the User's account and is treated with the same privacy protections as other data.
3.1 User Data — We use User account data to: provide and maintain the Service; authenticate access; send important service notifications; improve the Service; and comply with legal obligations.
3.2 Candidate Data — We process candidate data solely to provide the Service to our Users, including: storing and organizing candidate profiles; running AI-powered evaluations and matching; generating outreach templates; and providing analytics and reporting features.
We do not use candidate data for any purpose other than providing the Service to the User who uploaded it. We do not sell, rent, or share candidate data with third parties. We do not use candidate data to train AI models.
For Users in the European Economic Area (EEA), we process data under the following legal bases:
User account data: Contract performance (necessary to provide the Service you signed up for) and legitimate interest (service improvement and security).
Candidate data: We process this as a data processor under Article 28 of the GDPR, based on the Data Processing Agreement with the User (data controller). The User is responsible for establishing their own legal basis for processing candidate data, which is typically legitimate interest in recruitment activities (Article 6(1)(f) of the GDPR).
Data is stored securely using Supabase (hosted on AWS infrastructure) with encryption at rest and in transit. Our infrastructure is located in secure data centers with industry-standard physical and technical safeguards.
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including: TLS/SSL encryption for data in transit; AES-256 encryption for data at rest; role-based access controls; regular security audits; and secure authentication with hashed passwords.
We use the following third-party services to operate the platform:
Supabase — Database hosting and authentication (processes all stored data).
Anthropic (Claude API) — AI processing for candidate evaluations and matching. Candidate data is sent to Anthropic's API for processing but is not retained by Anthropic beyond the API request lifecycle and is not used to train their models.
Vercel — Application hosting (processes data in transit).
All third-party providers are bound by data processing agreements and comply with applicable data protection standards. We do not sell, rent, or share personal data with any other third parties except as required by law.
As our infrastructure providers operate globally, personal data may be transferred to and processed in countries outside the EEA, including the United States. When such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, and reliance on adequacy decisions where applicable.
User data: We retain User account data for as long as the account is active. Upon account deletion, User data is permanently removed within 30 days.
Candidate data: Candidate data is retained for as long as the User maintains their account and chooses to keep the data. We provide Users with tools to delete candidate records at any time. Users are responsible for implementing appropriate data retention policies in accordance with applicable law.
Upon termination of a User's account, all associated candidate data is permanently deleted within 30 days.
9.1 Users — If you are a User located in the EEA, you have the right to: access, correct, or delete your account data; restrict or object to processing; data portability; withdraw consent where processing is based on consent; and lodge a complaint with your local supervisory authority.
9.2 Candidates — If you are a candidate whose data has been uploaded to TalentLens by a recruiter, you should contact the recruiter (data controller) directly to exercise your data protection rights. If you are unable to reach the recruiter or need our assistance, you may contact us at the address below, and we will assist in facilitating your request.
Under the GDPR, candidates have the right to: access their personal data; rectification of inaccurate data; erasure ("right to be forgotten"); restriction of processing; data portability; and objection to processing.
The Service uses AI to generate candidate evaluations, match scores, and recommendations. These automated outputs are provided as decision-support tools for recruiters and are never used as the sole basis for decisions that produce legal or similarly significant effects on candidates.
All hiring decisions are made by human recruiters using their professional judgment, with AI outputs serving only as one input among many.
TalentLens uses only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics that track individual users across websites.
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered Users of material changes via email or through the Service. The "Last updated" date at the top indicates the most recent revision.
For privacy-related questions, data subject requests, or concerns, please contact us at:
Email: privacy@talentlens.app
Data Protection Inquiries: dpo@talentlens.app
If you are in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.