RecDesk
RecDesk
Sign inStart free trial

Privacy Policy

Last updated: February 12, 2026

RecDesk AI ("RecDesk," "we," "us," or "our") is a hiring intelligence platform operated by RecDesk. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website at recdesk.io and our services (collectively, the "Service").

By using RecDesk, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, and password (or OAuth identity if signing in via Google or Microsoft). If you sign up with a social provider, we receive your profile name, email, and avatar URL from that provider.

Candidate Data

When you upload CVs or when our system imports them from your connected email, we collect the candidate's name, email address, phone number, education history, work experience, skills, and other information contained in the CV file. This data is parsed using AI to provide structured candidate profiles and scoring.

Email Data

When you connect your Gmail account, we access email metadata (sender, subject, date) and attachments from incoming emails to detect job applications. We do not read the full body content of emails that are not identified as job applications. See Section 2 for detailed information about Gmail data usage.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other payment credentials on our servers. We only store your Stripe customer ID and subscription status.

2. Gmail Data Usage

RecDesk integrates with Gmail to automatically detect and import job application emails sent to your hiring inbox. Here is exactly what we access and why:

gmail.readonly

We read incoming email metadata (sender, subject line, date, and attachments) to identify which emails are job applications with CV attachments. Emails that are not job-related are discarded without storing their content.

gmail.modify

We mark processed emails as read to prevent duplicate processing and to help recruiters track which applications have already been captured by RecDesk. We do not delete, send, or compose emails on your behalf.

userinfo.email

We use this scope to identify which Gmail account is connected for email monitoring, so we can display the correct account in your integration settings.

You can disconnect your Gmail account at any time from the Settings > Integrations page. Disconnecting immediately stops all email monitoring and revokes our access to your Gmail data.

3. Google API Limited Use Disclosure

RecDesk's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Gmail data to provide and improve the recruitment-related features described in this policy.
  • We do not use Gmail data for advertising purposes.
  • We do not sell Gmail data to third parties.
  • We do not use Gmail data to build user profiles for purposes unrelated to the Service.
  • Human access to Gmail data is limited to investigating security incidents, complying with applicable law, or obtaining user consent.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Parse CVs, score candidates against job requirements, manage hiring pipelines, and send recruitment emails on your behalf.
  • Email Monitoring: Automatically detect and import job application emails from your connected Gmail account.
  • AI Processing: Extract structured data from CVs, generate candidate scores and recommendations using AI models.
  • Account Management: Manage your account, process payments, send transactional emails (password resets, invitations).
  • Service Improvement: Monitor usage patterns to improve performance, fix bugs, and develop new features.

5. Data Storage & Security

We take the security of your data seriously and employ industry-standard measures to protect it:

  • Encryption at rest: OAuth tokens are encrypted using AES-256 before storage. Passwords are hashed using bcrypt.
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
  • File storage: CV files are stored in AWS S3 with server-side encryption in the EU (Frankfurt) region.
  • Database: Structured data is stored in PostgreSQL with encrypted connections and regular backups.
  • Access control: Role-based access control ensures only authorized team members can access company data.

6. Third-Party Services

We use the following third-party services to operate RecDesk. Each service only receives the minimum data necessary for its function:

ServicePurposeData Shared
Google Gmail APIEmail monitoringOAuth tokens, email access
AI Providers (Groq / OpenAI)CV parsing, scoring, classificationCV text content (not file attachments)
StripePayment processingEmail, subscription plan selection
SendGridTransactional & bulk emailRecipient email, email content
AWS S3File storageCV files (encrypted at rest)

We do not sell, rent, or trade your personal information or candidate data to any third party for marketing or advertising purposes.

7. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion, all account data is permanently deleted within 30 days.
  • Candidate data & CVs: Retained for as long as your account is active or until you delete individual candidates. You can export all candidate data via CSV at any time before deletion.
  • Skipped emails: Emails that our system identifies as non-job-applications are automatically deleted from our records after 30 days.
  • Payment records: Invoices and payment history are retained as required by applicable financial regulations.

8. Your Rights

You have the following rights regarding your data:

  • Access: You can view all your data through the RecDesk dashboard and export candidate data to CSV.
  • Deletion: You can delete individual candidates, disconnect email integrations, or request full account deletion by contacting us.
  • Portability: You can export your candidate data in CSV format at any time, including in formats compatible with other ATS platforms.
  • Revoke email access: You can disconnect your Gmail account from Settings > Integrations at any time. You can also revoke access directly from your Google Account permissions.
  • Correction: You can update your account information and company details from the Settings page.

9. Cookies & Authentication

RecDesk uses a minimal set of cookies and local storage tokens strictly necessary for the Service to function:

  • Authentication tokens: JWT access and refresh tokens stored in browser cookies to maintain your login session.
  • Theme preference: Your light/dark mode preference is stored locally.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

10. Children's Privacy

RecDesk is a business-to-business service intended for use by companies and their authorized employees. The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service. Your continued use of RecDesk after the changes take effect constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

RecDesk AI

Email: contact@recdesk.io

Website: recdesk.io