Privacy Policy
Effective Date: April 15, 2026
Last Updated: April 15, 2026
This Privacy Policy describes how Talantrix (“we,” “us,” or “our”) collects, uses, and protects your personal information when you use our website at talantrix.com and our applicant tracking system (collectively, the “Service”). The Service is operated by the entity identified in Section 13 (“Operator Information”) of this Policy.
1. Information We Collect
1.1 Information You Provide
Account Information. When you create an account using LinkedIn or Google authentication, we receive your name, email address, profile picture, and LinkedIn profile URL (if authenticating via LinkedIn). We do not receive or store your LinkedIn or Google password.
Payment Information. When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full credit card number, CVV, or billing details on our servers. Stripe may share with us your card type, last four digits, and billing address for record-keeping purposes.
Candidate Data. As a user of the Service, you may upload and store candidate information including resumes, contact details, interview notes, skills assessments, and hiring pipeline data. You are the data controller for this information, and we process it on your behalf solely to provide the Service.
Communications. When you contact us at hello@talantrix.com or through the Service, we collect the content of your messages and any information you choose to provide.
Resource Downloads. When you download PDF resources from our free ebook library, we collect the information provided through your LinkedIn or Google authentication.
1.2 Information Collected Automatically
Usage Data. We collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, and session duration.
Device and Browser Information. We collect your IP address, browser type and version, operating system, device type, and screen resolution.
Cookies and Similar Technologies. We use cookies and similar tracking technologies as described in Section 6 below.
1.3 Information from Third Parties
Authentication Providers. We receive basic profile information from LinkedIn and Google when you sign in, as described in Section 1.1.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service: To operate, maintain, and deliver the features of the Service, including account management, candidate tracking, resume parsing, and AI-powered hiring tools.
- Payment Processing: To process subscriptions and manage billing through Stripe.
- Communications: To respond to your inquiries, send transactional emails (account confirmations, billing receipts, service notifications), and deliver product updates.
- Analytics and Improvement: To understand how users interact with the Service, identify issues, and improve functionality and user experience.
- Session Recording: To record user sessions for debugging, error tracking, and product improvement purposes.
- Security: To detect and prevent fraud, abuse, and unauthorized access.
- Legal Compliance: To comply with applicable laws and respond to lawful requests from authorities.
We do not sell your personal information to third parties. We do not use candidate data uploaded by our users for any purpose other than providing the Service. We do not use candidate data to train AI models.
3. Third-Party Service Providers
We share information with the following service providers, who process data on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, candidate data, uploaded files |
| Render | Application and website hosting | Usage data, IP addresses |
| Stripe | Payment processing | Billing details, email, subscription data |
| LinkedIn (via Supabase Auth) | Authentication | Name, email, profile URL, profile picture |
| Google (via Supabase Auth) | Authentication | Name, email, profile picture |
| Google Analytics | Website and product analytics | Usage data, device info, IP address (anonymized) |
| LogRocket | Session recording, error tracking | Usage data, device info, session recordings |
| Mailgun | Transactional emails | Email address, name, email content |
Each provider processes data in accordance with their own privacy policies:
- Supabase: supabase.com/privacy
- Render: render.com/privacy
- Stripe: stripe.com/privacy
- LinkedIn: linkedin.com/legal/privacy-policy
- Google: policies.google.com/privacy
- LogRocket: logrocket.com/privacy
- Mailgun: mailgun.com/legal/privacy-policy
We may engage additional service providers in the future. When we do, we will update this section accordingly.
4. Data Retention
Account Data. We retain your account information for as long as your account is active. If you cancel your subscription or delete your account, we will delete your personal data within 30 days, unless we are required by law to retain it longer.
Candidate Data. Candidate data you upload is retained for as long as your account is active. You may export your data at any time using the export tools available in the Service. Upon account deletion, all candidate data is permanently deleted within 30 days.
Usage and Analytics Data. Aggregated and anonymized usage data may be retained indefinitely for product improvement purposes.
Payment Records. We retain billing records as required for tax and accounting compliance, typically for 7 years.
5. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- All data is transmitted using TLS/SSL encryption.
- Candidate data is stored with row-level security policies that ensure users can only access their own data.
- Payment information is handled exclusively by Stripe, a PCI DSS Level 1 certified processor.
- Access to production systems is restricted and monitored.
- Authentication is handled by industry-standard OAuth 2.0 protocols via LinkedIn and Google.
No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and any applicable authorities without undue delay and no later than 72 hours after becoming aware of the breach.
6. Cookies and Tracking Technologies
6.1 Essential Cookies
Required for the Service to function. You cannot opt out of essential cookies.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| Authentication token | Supabase | Maintains your login session | Session |
| CSRF token | Talantrix | Prevents cross-site request forgery | Session |
6.2 Analytics Cookies
Used to understand how visitors interact with our website and Service.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users | 2 years |
| _ga_[ID] | Google Analytics | Maintains session state | 2 years |
| _gid | Google Analytics | Distinguishes unique users | 24 hours |
Google Analytics collects anonymized usage data. We have enabled IP anonymization so your full IP address is never stored by Google.
6.3 Session Recording
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _lr_tabs_-[ID] | LogRocket | Session recording and replay | Session |
| _lr_env_src_ats | LogRocket | Identifies recording environment | Session |
LogRocket captures user sessions including mouse movements, clicks, and page interactions for debugging and product improvement. LogRocket is configured to not capture: passwords, credit card numbers, or other sensitive form fields.
6.4 Managing Cookies
Most browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being set. Disabling essential cookies may prevent the Service from functioning properly.
You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On at tools.google.com/dlpage/gaoptout.
7. Your Rights
7.1 All Users
Regardless of your location, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate personal information.
- Delete your account and associated personal data.
- Export your data in a machine-readable format.
- Withdraw consent for optional data processing (such as analytics cookies).
To exercise any of these rights, contact us at hello@talantrix.com. We will respond within 30 days.
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To submit a request, email hello@talantrix.com with the subject line “CCPA Request.”
7.3 Other US State Privacy Laws
Residents of Virginia, Colorado, Connecticut, Utah, and other states with consumer privacy laws may have similar rights to access, correct, delete, and opt out of certain data processing. Contact us at hello@talantrix.com to exercise these rights.
8. International Data Transfers
The Service uses infrastructure located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.
9. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from someone under 18, we will take steps to delete that information promptly.
10. Do Not Track
Some browsers offer a “Do Not Track” (DNT) signal. There is currently no industry standard for how companies should respond to DNT signals. We do not currently respond to DNT signals, but we do honor the opt-out mechanisms described in Section 6.4.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The “Last Updated” date at the top of this page reflects the most recent revision.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
Email: hello@talantrix.com
Website: talantrix.com
13. Operator Information
Talantrix is operated by:
Talantrix
[Full Legal Name], Trabajador Autónomo
Spain
For formal legal inquiries requiring full business identification details (including registered address and tax identification), please contact us at hello@talantrix.com.