Privacy Policy

1.1 Information You Provide

• Account Information: Name, email address, company name, and job title when you create an account
• CVs and Resumes: Candidate CVs uploaded for evaluation (includes personal information, work history, education, skills)
• Job Descriptions: Job postings and requirements you upload for candidate evaluation
• Payment Information: Billing details processed securely through our payment provider

1.2 Automatically Collected Information

• Usage Data: How you interact with our platform, features used, and evaluation history
• Device Information: IP address (hashed for privacy), browser type, operating system
• Cookies: We use essential cookies for authentication and session management

• Provide Services: Process CV evaluations using AI, generate match scores, and provide recruitment insights
• Improve Platform: Analyze usage patterns to enhance our AI models and user experience
• Communication: Send service updates, evaluation results, and account notifications
• Security: Detect fraud, prevent abuse, and enforce our terms of service
• Legal Compliance: Comply with applicable laws and regulations

3.1 Free CV Checker

Before using our free CV evaluation tool, you must:

• Explicitly consent to AI processing of your CV and job description
• Acknowledge that data will be automatically deleted after 30 days
• Understand that we use Anthropic's Claude AI for evaluation
• You can withdraw consent by requesting immediate deletion at privacy@tanova.com

3.2 Job Applications

When applying to public job postings:

• You consent to the recruiting agency processing your CV
• The agency uses Tanova's AI (powered by Anthropic Claude) for evaluation
• Your data is subject to both the agency's and Tanova's privacy policies
• Data is automatically deleted after 30 days unless the agency converts you to a candidate

3.3 Agency Users

When agencies upload candidate CVs:

• The agency confirms they have obtained candidate consent
• The agency is responsible for informing candidates about AI processing
• Tanova processes data on behalf of the agency as a data processor

4.1 Anthropic Claude AI

• The content is sent to Anthropic's API for AI analysis
• Anthropic processes the data according to their Privacy Policy and our Data Processing Agreement (DPA)
• Anthropic does not train models on your data per their commercial terms
• Data transfers are protected by Standard Contractual Clauses (SCCs) for GDPR compliance

4.2 Other Third Parties

• Amazon S3 (Singapore): Secure storage of CV files (encrypted at rest and in transit)
• Supabase (Singapore): Authentication and user management
• Railway (Singapore): PostgreSQL database hosting
• Umami Analytics: Privacy-first, self-hosted analytics (no cookies, GDPR-compliant)
• We do not share candidate personal information with other third parties for marketing

5.1 Data Location

• Primary Infrastructure: Singapore (Asia-Pacific region) - Database (Railway), Authentication (Supabase), File Storage (Amazon S3)
• AI Processing: United States (Anthropic Claude API)
• Data Transfers: All data transfers between regions are encrypted and protected by Standard Contractual Clauses (SCCs) for GDPR compliance
• No EU Storage: We do not currently operate infrastructure in the European Union

5.2 Security Measures

• Encryption: All data encrypted at rest and in transit using industry-standard protocols (TLS 1.3, AES-256)
• Free CV Tool: Personal data in public evaluations automatically deleted after 30 days (see Section 10 for details on anonymization)
• Recruiter Accounts: You control your data and can delete evaluations at any time
• IP Addresses: Stored as SHA-256 hashes for rate limiting (not reversible to original IP)
• Access Controls: Only authorized personnel can access stored data
• Anonymized Data: Stored separately from personal data with no identifiable information

• With Your Consent: When you explicitly authorize sharing (e.g., sharing evaluation links)
• Service Providers: Anthropic (AI processing), hosting providers, payment processors
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In case of merger, acquisition, or sale of assets

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your data (subject to legal obligations)
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing of your personal data
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at privacy@tanova.com

• Contractual Necessity: To provide our recruitment services
• Legitimate Interest: To improve our platform and prevent fraud
• Consent: Where you have explicitly agreed (e.g., marketing emails)
• Legal Obligation: To comply with applicable laws

• Essential Cookies: Authentication, session management, security
• Analytics: Understanding how users interact with our platform (aggregated data only)

You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.

11.1 Free CV Checker (No Account)

When you use our free CV checker without creating an account:

• Personal Data Deletion: Your CV text, job description, candidate names, and all personally identifiable information (PII) are automatically deleted after 30 days
• Anonymized Data Retention: We retain anonymized, aggregated data to improve our AI and service quality. This includes:
• • Evaluation scores (aggregate numbers only)
• • Feedback signals (thumbs up/down)
• • General job category (e.g., "Software Engineer", "Marketing Manager")
• • Experience level (e.g., "Junior", "Mid", "Senior")
• • Industry category (e.g., "Technology", "Healthcare")
• Important: This anonymized data cannot be used to identify you or recreate your CV. It contains no names, contact information, or personal details.
• Legal Basis: We process anonymized data under GDPR Article 6(1)(f) - Legitimate Business Interest for service improvement and AI training
• Immediate Deletion: You can request immediate deletion of your evaluation at any time by contacting privacy@tanova.com

11.2 Registered Accounts (Recruitment Agencies)

• Account Data: Retained while your account is active and you control your data
• Candidate Evaluations: Agencies can configure data retention policies:
• • Keep Forever: Evaluation data retained indefinitely (default)
• • 90 Days: Automatic deletion after 90 days
• • 180 Days: Automatic deletion after 180 days
• • 365 Days: Automatic deletion after 365 days
• Before Deletion: Evaluation data is anonymized (same process as Section 10.1) before deletion to preserve analytics
• Manual Deletion: You can delete evaluations at any time through your dashboard
• Account Deletion: All personal data permanently deleted within 90 days of account closure
• Anonymized Analytics: Account activity may be aggregated (anonymously) for platform improvement

11.3 Legal & Compliance

• Legal Holds: Data may be retained longer if required by law, regulation, or legal proceedings
• Fraud Prevention: Anonymized fraud detection data may be retained indefinitely

11.4 Why We Anonymize Instead of Deleting Everything

Anonymized data helps us:

• • Improve AI accuracy and evaluation quality for all users
• • Understand which features are most valuable
• • Identify and fix issues in our platform
• • Provide social proof ("Based on 10,000+ evaluations")
• Your Privacy is Protected: Anonymized data is exempt from GDPR deletion requests because it cannot identify individuals

• Email: privacy@tanova.com
• Support: support@tanova.com