← Back to Home
EU Compliant

GDPR Compliance

How Huntwise AI B2B supports your organisation's GDPR obligations when processing EU candidate data.

Last updated: May 17, 2026

Contents

01GDPR Overview02Legal Basis for Processing03Your Rights Under GDPR04Data Protection Measures05Data Retention06International Transfers07Data Processing Agreement08Sub-Processors09Complaints10Contact Us
01

GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organisations processing personal data of individuals in the European Economic Area (EEA). Huntwise AI B2B is committed to GDPR compliance and provides tools to help your organisation meet its obligations when using our platform to process candidate data.

02

Legal Basis for Processing

Huntwise AI processes personal data on the following legal grounds:

  • Contract: To deliver the services you have subscribed to
  • Legitimate Interest: To improve our platform and prevent fraud
  • Consent: Where candidates provide explicit consent via your public apply page
  • Legal Obligation: To comply with applicable laws
03

Your Rights Under GDPR

As a data subject or on behalf of candidates in your pipeline, the following rights apply:

Right of Access
Request information about the personal data we hold about you or your candidates.
Right to Rectification
Request correction of inaccurate or incomplete personal information.
Right to Erasure
Request deletion of personal data when it is no longer necessary for its original purpose.
Right to Restrict Processing
Request that we limit how we use your personal data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format and transfer it to another controller.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
04

Data Protection Measures

We implement appropriate technical and organisational measures to protect personal data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and authentication systems
  • Regular security monitoring and audits
  • Staff training on data protection responsibilities
  • Data minimisation and purpose limitation principles
05

Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected. Candidate data is retained for the duration of your active subscription. Upon cancellation, data is available for export for 30 days before permanent deletion. You may request immediate deletion at any time.

06

International Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place such as Standard Contractual Clauses (SCCs) adopted by the European Commission. Our primary infrastructure is hosted on Google Cloud (Firebase), which provides GDPR-compliant data processing agreements.

07

Data Processing Agreement

As Huntwise AI acts as a data processor on your behalf, we offer a Data Processing Agreement (DPA) for organisations that require one under GDPR Article 28. To request a DPA, please contact us at dpa@huntwiseai.com.

08

Sub-Processors

We use the following sub-processors to deliver our service, all bound by GDPR-compliant data processing agreements:

  • Google Firebase — Database and file storage
  • OpenAI — AI candidate scoring (data not used for model training)
  • Razorpay — Payment processing
  • Resend — Transactional email delivery
  • Upstash — Rate limiting and caching
  • Microsoft Clarity — Anonymous usage analytics
09

Complaints

If you believe your GDPR rights have been violated, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can resolve your concern directly.

10

Contact Us

Email: privacy@huntwiseai.com
DPA Requests: dpa@huntwiseai.com
Address: Huntwise AI, Bangalore, India

Have questions about this policy?

Contact us at privacy@huntwiseai.com or book a call with our team.