Privacy Policy

Privacy Policy

Effective date: October 1, 2025
Entity: Talentranx (ABN/ACN 27 103 683 300)
Contact: team@talentranx.com

At a glance

We collect account details, job ads/descriptions you paste, and temporarily, candidate resume text. We use these to extract requirements and compare resumes. You control candidate data; we process it for you. We don't sell personal information. We don't use your content to train models for others. Analytics cookies are opt-in. Marketing emails can be unsubscribed. We delete candidate data from active systems within 30 days of your instruction or account closure (subject to legal holds and backups). Account data is deleted within about 90 days after closure.

1. Who we are

Talentranx is a SaaS tool for hiring teams. We help you extract job requirements and compare candidate resumes to those requirements.

2. Scope

This policy covers our website, web app, and related services. It explains what we collect, why, how we share it, how long we keep it, and your choices.

3. What we collect

  1. Account and billing data: name, email, company, settings, subscription details, payment references. (Stripe, our payment provider handles card details.)
  2. Customer content: job ads/descriptions you provide; candidate resumes; notes, labels, and exported reports.
  3. Candidate personal information: contact details (name, phone number, email addresses, social media links), work and education history, skills, and anything else contained in resumes or that you add. Candidate resumes are temporary. We keep them only for the duration of the assessment and delete them from active systems once processing completes. Outputs you save (scores, explanations, extracted requirements) may remain and you have the ability to delete these at any time. Resumes may persist briefly in short-lived caches and backups per our backup/restore cycles.
  4. Usage/device data: IP address, browser/OS, timestamps, feature use, diagnostics, crash logs.
  5. API logs: We call and make use of APIs to provide our service and this results in logs with timestamps and technical data such as method, path, status, latency, request ID, IP address, user/account IDs, and error traces being created or added to. We do not log full request or response bodies by default and we apply redaction where feasible.
  6. Cookies: essential cookies for login and security; analytics/measurement cookies only if you opt in.

4. Sensitive information

We don't require ask candidates to provide sensitive attributes. If such data appears in a resume, you are responsible for having a lawful basis and for limiting unnecessary collection and use.

5. How we use data

We use data to:

  • provide, secure, and support the service;
  • extract job requirements and compare resumes;
  • anonymize resumes during scoring to reduce bias;
  • monitor performance, fix issues, and improve features;
  • send service and security messages;
  • meet legal obligations and enforce our terms;
  • use API logs to provide, secure, monitor, troubleshoot, and improve the service, and to investigate security or abuse.

You can unsubscribe at any time from Marketing emails.

6. AI and automated processing

We use machine-learning to parse text and generate scores and explanations. Outputs are informational only. We do not use Your Content to train models for other customers or partners. We may use aggregated, de-identified statistics to improve features.

7. API logs and telemetry

We use API logs and diagnostic telemetry to run, secure, support, and improve the service, detect abuse, and investigate incidents. Access is limited to personnel and sub-processors who need it and are bound by confidentiality, and to regulators or law enforcement when required.

8. Roles and legal bases

  • Candidate data: you (the customer) decide the purposes and means. You are the controller. We are your processor/service provider and act on your instructions.
  • Our own account, billing, security, and product analytics data: we are the controller. Australia: we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. If you operate in the EU/UK, we rely on contract, legitimate interests, consent (where required), and legal obligations. If you operate in California, we act as a "service provider."

9. Sharing and disclosures

We share data only to run the service or where the law requires it:

  • Sub-processors (hosting, storage, email, analytics, payments, logging, model providers).
  • Your authorized users and integrations you enable.
  • Professional advisers, auditors, regulators, or to comply with lawful requests.
  • Business transfers (e.g., merger or sale).

Sub-processors may process API logs solely to provide hosting, storage, monitoring, email, model inference, analytics, and security services. We do not sell personal information contained in logs.

10. Our current sub-processors

We use trusted providers. They may process data in Australia, the US, and the EU.

We may update this list over time. We will take reasonable steps to add appropriate safeguards and require confidentiality and security.

11. International transfers and storage locations

Data may be stored or processed in Australia, the US, and the EU. We use appropriate safeguards for international transfers and require our sub-processors to protect data. API logs may be processed in Australia, the US, and the EU with appropriate transfer safeguards.

12. Security

We use technical and organizational measures such as encryption in transit, access controls, least-privilege permissions, monitoring, and backups. We apply least-privilege access, encryption in transit, monitoring, and redaction where feasible for logs. No system is perfect. If a notifiable data breach occurs, we will contact you via email and follow the Australian Notifiable Data Breaches scheme. If a notifiable breach involves logs, we will notify you as required. Our response target is 30 days.

13. Retention and deletion

  • Candidate data: deleted or de-identified from active systems within 30 days of your instruction or account termination, subject to lawful retention, legal holds, and backup/restore cycles.
  • Account data: deleted within about 90 days after account closure, subject to backups and legal holds. Please export any data you need before deletion.

API log retention. Logs are retained for up to 7 days, unless we need to keep them longer to comply with law or to investigate a security or abuse issue. Backups may persist for up to 30 days. We may retain specific logs longer if reasonably needed to comply with law or to investigate a security or abuse issue. Candidate data and account data retention schedules remain as stated elsewhere in this policy.

14. Your choices and rights

Account owners can access, correct, or delete account data via the app or by emailing us. For candidate data, requests should go to the employer/controller. On your verified request, we will assist you where required by law and subject to authentication.

15. Cookies and analytics

We use essential cookies for login and security. Analytics/measurement cookies are opt-in. You can change your cookie choices in our banner or your browser settings.

16. Children

Our service is for business use and not for children under 13 (or older where the law requires).

17. Do Not Sell or Share

We do not sell or share personal information, including data in API logs, and we do not share it for cross-context behavioral advertising.

18. Third-party links and integrations

If you enable third-party integrations, their privacy policies apply to those services. We are not responsible for their practices.

19. Data breaches and notices

We will notify you of a notifiable data breach as required by law (the Australian Notifiable Data Breaches) and aim to do so within 30 days. We will also tell you about steps taken and how you can reduce risk.

20. Changes to this policy

We may update this policy. For material changes, we will give reasonable notice (for example, 30 days) by email or in-app. The new policy takes effect on the stated date.

21. Contact and complaints

Questions or requests: team@talentranx.com In Australia, you can also contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.