Privacy Policy

1) Who we are

This Privacy Policy explains how Taleva AI S.L. (“Taleva”, “we”, “us”, “our”) processes personal data when you visit taleva.io or use our talent-sourcing platform (the “Services”).

• Data Controller: Taleva AI S.L.

• Registered Address: Carrer del Comte d'Urgell, 221, L'Eixample, 08036 Barcelona, Spain.

• Contact: support@taleva.io

2) Scope and Roles

We act as a Data Controller for our website, app accounts, billing, support, and for our aggregated professional-profile dataset that powers the Sourcing Engine.

We act as a Data Processor when Clients (recruitment agencies or companies) sync their own data from third-party systems (e.g., ATS/CRM integrations) into Taleva. In these cases, our Data Processing Addendum (DPA) applies.

3) What we collect and where it comes from

• A. Account Data: Name, work email, password (hashed), company, and billing details.

• B. Usage & Device Data: Log data, IP address, and browser type used to secure and improve the Service.

• C. The Sourcing Engine (Aggregated Data): We aggregate professional information from:

  • Publicly Available Sources: Professional networking sites, public registries, and directories.

  • Commercial Data Partners: Providers who verify that data is collected in compliance with privacy laws.

  • Data Points: Strictly limited to names, professional titles, employment history, skills, and business contact details.

  • Strict Data Exclusion (Privacy by Design): Taleva does not collect, store, or process "special categories" of personal data. We do not have data regarding gender, age, race, ethnicity, or religious beliefs. Our database is built exclusively on professional merit-based criteria.

• D. Client-provided Identifiers (Matching Cache): If a Client enables an ATS/CRM integration, we cache a limited set of identifiers (LinkedIn URL, Name, Company) strictly for matching and deduplication.

4) Why we use personal data (Legal Bases)

• For Candidates (Sourcing & Matching): We facilitate professional employment connections.

  • Legal Basis: Legitimate Interests. We balance our interest against the privacy of individuals who have shared their profiles publicly for professional purposes.

• For Our Clients (Account & Billing): To manage your subscription.

  • Legal Basis: Performance of a Contract (Terms of Service).

• For Integrations (Deduplication): To flag existing records in your own database.

  • Legal Basis: Performance of a Contract (as a Processor).

5) Data Isolation and Security

• Tenant Isolation: Client-provided data used for deduplication is strictly isolated and never shared between clients.

• Encryption: All data is encrypted at rest using AES-256 and in transit via TLS 1.3.

• Minimization: We only cache the specific identifiers required for matching; we do not store full CVs or internal notes from your CRM.

6) AI & Model Providers (EU AI Act Compliance)

• Human Oversight: In compliance with the EU AI Act (2026), our tools provide suggestions, but all final recruitment decisions are made by the human user.

• No Training: We do not permit AI providers to use Client or candidate data to train their models.

• Bias Prevention by Exclusion: Because Taleva does not collect or store protected characteristics (gender, age, race, etc.), our AI models are technically unable to use these variables for ranking.

7) Who we share data with

• Service Providers: Infrastructure and cloud hosting providers (primarily EEA-based).

• Client Integrations: Data is shared with your ATS/CRM only when you initiate a "Sync" or "Export."

• No Sale of Data: We do not sell personal data. Access is provided via subscription for recruitment purposes only.

8) International Transfers

Taleva is based in Spain (EEA). If any sub-processors process data outside the EEA, we use Standard Contractual Clauses (SCCs) and technical safeguards as required by the AEPD.

9) Data Retention

• Account Data: Retained for the life of the account.

• Matching Cache: Purged within 30 days of account termination or integration disconnection.

• Sourcing Data: Retained as long as relevant for professional matching or until a removal request.

10) Your Rights (EEA/UK)

Under GDPR, you have the right to access, correct, or delete your data. In Spain, the authority is the Agencia Española de Protección de Datos (AEPD).

• Candidate Opt-out: To be permanently removed from our sourcing engine, contact support@taleva.io.

11) Google API Services

Taleva’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including its Limited Use requirements.

Taleva requests the Gmail “modify” scope to:

• Send candidate outreach emails on behalf of the user from their Gmail account; and

• Read and process replies to those outreach emails so users can continue the conversation directly from Taleva.

Taleva’s systems access only the specific email threads that originate from outreach messages sent through the Service. We do not read, scan, or analyze unrelated emails, and do not use Google Workspace data to train generalized AI/ML models. Users may revoke access at any time via Google Permissions.

12) Microsoft API Services

If you connect your Microsoft 365 or Outlook account, Taleva may request permission to:

• Send candidate outreach emails on your behalf; and

• Read and process replies to those emails to display the conversation thread inside Taleva.

Taleva only accesses email messages and threads originating from outreach sent through the Service. We do not use Microsoft data to train generalized AI/ML models, and we do not use it for advertising. You may revoke access at any time via Microsoft Account Management.

13) Changes to this Policy

We update this Policy to reflect changes in our Service or EU regulations. The "Last Updated" date reflects the most recent revision.

14) Contact

Questions or requests about privacy?
Email: support@taleva.io