Data Processing Agreement

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Use between you ("User" or "Data Controller") and RecruiterConnect ("Service Provider" or "Data Processor") and governs the processing of personal data in connection with the Service.

2. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person, including names, email addresses, phone numbers, and LinkedIn profile URLs
• Processing: Any operation performed on personal data, including collection, storage, retrieval, disclosure, or deletion
• GDPR: The General Data Protection Regulation (EU) 2016/679
• CCPA: The California Consumer Privacy Act

3. Scope and Purpose of Processing

RecruiterConnect processes personal data for the following purposes:

• Providing recruiter search and contact information lookup services
• Storing and caching recruiter profile information
• Managing user accounts and authentication via Google OAuth
• Processing credit transactions and maintaining usage records
• Logging user activity for security and service improvement

4. Types of Personal Data Processed

The Service processes the following categories of personal data:

User Data:

• Name and email address (from Google OAuth)
• Account credentials and session tokens
• Credit balance and transaction history
• Search queries and activity logs
• IP addresses

Recruiter Data:

• Full name
• Job title and company affiliation
• Geographic location
• LinkedIn profile URLs
• Email addresses (when unlocked)
• Phone numbers (when unlocked)

5. Data Sources

Personal data is obtained from publicly available sources, including LinkedIn profiles and other professional networking platforms, through our third-party data provider (Datagma). RecruiterConnect does not directly collect data from LinkedIn but relies on aggregated public information.

6. Data Processor Obligations

RecruiterConnect undertakes to:

• Process personal data only in accordance with documented instructions from users
• Ensure that persons authorized to process personal data are bound by confidentiality
• Implement appropriate technical and organizational measures to secure personal data
• Assist users in responding to data subject requests (access, deletion, rectification)
• Delete or return personal data upon termination of services, unless required by law to retain
• Make available information necessary to demonstrate compliance with data protection obligations

7. Security Measures

RecruiterConnect implements industry-standard security measures including:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication using OAuth 2.0
• Access controls and authentication mechanisms
• Regular security monitoring and logging
• Secure cloud infrastructure (Appwrite Cloud)
• API key protection for third-party services

8. Sub-Processors

RecruiterConnect engages the following sub-processors:

• Appwrite Cloud: Database and authentication services
• Datagma: Recruiter data aggregation and lookup services
• Google OAuth: User authentication services
• Stripe: Payment processing (when applicable)

Users consent to the use of these sub-processors. RecruiterConnect will notify users of any changes to sub-processors and provide an opportunity to object.

9. International Data Transfers

Personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or the user's country of residence. RecruiterConnect ensures that such transfers comply with applicable data protection laws through standard contractual clauses or other approved transfer mechanisms.

10. Data Retention

Personal data is retained as follows:

• User Account Data: Retained while the account is active and for 30 days after deletion
• Cached Recruiter Data: Retained for up to 90 days or until updated
• Activity Logs: Retained for 12 months for security and compliance purposes
• Transaction Records: Retained for 7 years for accounting and tax compliance

11. Data Subject Rights

Users have the right to:

• Access their personal data
• Rectify inaccurate personal data
• Request erasure of personal data ("right to be forgotten")
• Restrict processing of personal data
• Object to processing
• Data portability
• Withdraw consent at any time

To exercise these rights, contact us at support@recruiterconnect.app

12. Data Breach Notification

In the event of a personal data breach, RecruiterConnect will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable law.

13. Audit Rights

Users have the right to audit RecruiterConnect's compliance with this DPA upon reasonable notice, subject to confidentiality obligations and reasonable security procedures.

14. Limitation of Liability

Each party's liability under this DPA shall be subject to the limitations and exclusions of liability set forth in the Terms of Use.

15. Term and Termination

This DPA will remain in effect for as long as RecruiterConnect processes personal data on behalf of users. Upon termination, RecruiterConnect will delete or return all personal data as instructed.

16. Contact Information

For questions about data processing, please contact:
Data Protection Officer
Email: support@recruiterconnect.app