← Back to HRHandle

Privacy Policy

Last updated: April 22, 2026

1. Who We Are

HRHandle is operated by Aleksandre Merabishvili, Individual Entrepreneur, registration number 01019062001, Tbilisi, Georgia ("we", "us", "our").

We are the data controller for the personal data of our customers (account holders and their team members). For candidate data that you enter into the Service, you are the data controller and we act as a data processor on your behalf.

Contact: hrhandle26@gmail.com

2. What Data We Collect

2.1 Account and Organization Data

  • Name and email address of account holders and team members
  • Organization name and configuration settings
  • Subscription and billing information (processed by our payment provider — we do not store card details)
  • Usage activity within the Service (e.g. actions taken, features used)

2.2 Vacancy Data

  • Job titles, descriptions, departments, locations, and requirements
  • Salary information and hiring timelines

2.3 Candidate Data

You enter candidate data into HRHandle as part of your recruitment process. This may include:

  • Full name, email address, and phone number
  • Date of birth
  • Current company and position, years of experience
  • LinkedIn profile URL
  • CVs, resumes, cover letters, and other uploaded documents
  • Recruiter notes and interview records
  • Application status and history

Some of this data may be imported by your recruiters directly from LinkedIn. You are responsible for ensuring you have a lawful basis to collect and store this data under applicable law.

3. How We Use Your Data

  • To provide, operate, and improve the Service
  • To manage your subscription and process payments
  • To send transactional emails (account invitations, password resets)
  • To monitor for errors and technical issues (via Sentry)
  • To comply with legal obligations

We do not use your data or your candidates' data for advertising or marketing purposes, and we do not sell data to third parties.

4. Legal Basis for Processing

  • Contract performance: processing necessary to deliver the Service under our Terms
  • Legitimate interests: monitoring service health, preventing abuse
  • Legal obligation: complying with applicable laws
  • Consent: where you have explicitly provided it (e.g. marketing communications, if any)

5. Third-Party Services

We use the following sub-processors to provide the Service:

ProviderPurposeLocation
Supabase (AWS us-east-1)Database and file storageUSA
ResendTransactional email deliveryUSA
SentryError monitoringUSA
VercelHosting and deploymentUSA / Global CDN

All sub-processors are contractually obligated to process data only as instructed and to maintain appropriate security measures.

6. International Data Transfers

Your data is stored on servers located in the United States (AWS us-east-1, North Virginia). If you are located in the European Economic Area or Georgia, this constitutes a transfer of personal data outside your jurisdiction. We rely on standard contractual clauses and the data processing agreements of our sub-processors to ensure an adequate level of protection.

7. Data Retention

We retain your account and organization data for as long as your account is active and for up to 90 days after account termination to allow for recovery requests.

Candidate data is retained as long as you maintain an active subscription. Upon account deletion, all associated candidate data is permanently deleted within 30 days, except where we are required by law to retain it longer.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict certain processing
  • Receive your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at hrhandle26@gmail.com. We will respond within 30 days.

9. Cookies

HRHandle uses only essential cookies required for authentication and session management (set by Supabase Auth). We do not use tracking, advertising, or analytics cookies.

10. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted data transmission (TLS), row-level security on all database tables, role-based access controls, and signed URLs for document access.

11. Children

The Service is not directed at persons under 18. We do not knowingly collect personal data from anyone under 18.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice within the Service. The "last updated" date at the top of this page reflects the most recent revision.

13. Contact

Data controller: Aleksandre Merabishvili, Individual Entrepreneur
Tbilisi, Georgia
hrhandle26@gmail.com

Terms and ConditionsRefund Policy