Privacy Policy

Last updated: 14 March 2026

1. Data Controller

RecruiterRank ("we", "us", "our") is the data controller responsible for your personal data. We operate the website rec-rank.com.

If you have any questions about this privacy policy or our data practices, please contact us at privacy@rec-rank.com.

2. What Personal Data We Collect

We collect the following categories of personal data:

LinkedIn Profile Data (via OpenID Connect)

  • Full name
  • Email address
  • Profile photo URL
  • LinkedIn member ID

User-Generated Content

  • Review content (ratings, text, pros, cons)
  • Company claim information (for company representatives)

Payment Data

Payment information is collected and processed directly by Stripe. We do not store your card details. We receive only a Stripe customer ID, subscription status, and billing history from Stripe.

Analytics Events

We use Cloudflare Analytics Engine for aggregated, cookieless analytics. No personally identifiable information (PII) is tracked. Analytics data includes page views, referrer information, and country-level geolocation — all processed in aggregate form.

3. Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by UK GDPR:

  • Legitimate interests (Article 6(1)(f)): To operate and improve the platform, display reviews, prevent fraud, and ensure platform integrity.
  • Contract (Article 6(1)(b)): To provide subscription services to paying customers and fulfil our contractual obligations.
  • Consent (Article 6(1)(a)): For optional communications such as marketing emails. You can withdraw consent at any time.

4. Data Sharing and Third-Party Processors

We share your personal data with the following third-party processors, each of which processes data on our behalf under appropriate data processing agreements:

  • Supabase — Database hosting and storage
  • Cloudflare — Website hosting, CDN, security, and analytics
  • Stripe — Payment processing for subscriptions
  • Resend — Transactional email delivery
  • LinkedIn — Authentication via OpenID Connect

We do not sell your personal data to any third party. We do not share your data with advertisers.

5. International Data Transfers

Some of our third-party processors are based outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Adequacy decisions where applicable
  • Additional technical and organisational measures as required

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained for the lifetime of your account and deleted within 30 days of account deletion.
  • Reviews: Retained for the lifetime of the platform unless you request deletion. Anonymised reviews may be retained for aggregate statistics.
  • Payment records: Retained for 7 years to comply with UK tax and accounting obligations.
  • Session data: Automatically expires after 24 hours.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to restrict processing: Request that we limit how we use your data.

To exercise any of these rights, please email us at privacy@rec-rank.com. We will respond to your request within one month, as required by UK GDPR.

8. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at privacy@rec-rank.com.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • All data transmitted over HTTPS (TLS encryption in transit)
  • Data encrypted at rest in our database
  • No passwords stored — authentication is handled entirely via LinkedIn OIDC
  • Session cookies are HttpOnly, Secure, and SameSite=Strict
  • Row Level Security (RLS) enforced on all database tables
  • Regular security reviews and monitoring

10. Children's Data

RecruiterRank is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "last updated" date. We encourage you to review this policy periodically.