Privacy Policy

This Privacy Policy explains how Taleva AI S.L. ("Taleva", "we", "us", "our") processes personal data when you visit taleva.io or use our talent-sourcing platform (the "Services").

• Data Controller: Taleva AI S.L.
• Registered Address: Carrer del Comte d'Urgell, 221, L'Eixample, 08036 Barcelona, Spain.
• Contact: support@taleva.io

We act as a Data Controller for our website, app accounts, billing, support, and for our aggregated professional-profile dataset that powers the Sourcing Engine.

We act as a Data Processor when Clients (recruitment agencies or companies) sync their own data from third-party systems (e.g., ATS/CRM integrations) into Taleva. In these cases, our Data Processing Addendum (DPA) applies.

A. Account Data

Name, work email, password (hashed), company, and billing details.

B. Usage & Device Data

Log data, IP address, and browser type used to secure and improve the Service.

C. The Sourcing Engine (Aggregated Data)

We aggregate professional information from:

• Publicly Available Sources: Professional networking sites, public registries, and directories.
• Commercial Data Partners: Providers who verify that data is collected in compliance with privacy laws.
• Data Points: Strictly limited to names, professional titles, employment history, skills, and business contact details.
• Strict Data Exclusion (Privacy by Design): Taleva does not collect, store, or process "special categories" of personal data. We do not have data regarding gender, age, race, ethnicity, or religious beliefs. Our database is built exclusively on professional merit-based criteria.

D. Client-provided Identifiers (Matching Cache)

If a Client enables an ATS/CRM integration, we cache a limited set of identifiers (LinkedIn URL, Name, Company) strictly for matching and deduplication.

• For Candidates (Sourcing & Matching): We facilitate professional employment connections. Legal Basis: Legitimate Interests. We balance our interest against the privacy of individuals who have shared their profiles publicly for professional purposes.
• For Our Clients (Account & Billing): To manage your subscription. Legal Basis: Performance of a Contract (Terms of Service).
• For Integrations (Deduplication): To flag existing records in your own database. Legal Basis: Performance of a Contract (as a Processor).

• Tenant Isolation: Client-provided data used for deduplication is strictly isolated and never shared between clients.
• Encryption: All data is encrypted at rest using AES-256 and in transit via TLS 1.3.
• Minimization: We only cache the specific identifiers required for matching; we do not store full CVs or internal notes from your CRM.

• Human Oversight: In compliance with the EU AI Act (2026), our tools provide suggestions, but all final recruitment decisions are made by the human user.
• No Training: We do not permit AI providers to use Client or candidate data to train their models.
• Bias Prevention by Exclusion: Because Taleva does not collect or store protected characteristics (gender, age, race, etc.), our AI models are technically unable to use these variables for ranking.

• Service Providers: Infrastructure and cloud hosting providers (primarily EEA-based).
• Client Integrations: Data is shared with your ATS/CRM only when you initiate a "Sync" or "Export."
• No Sale of Data: We do not sell personal data. Access is provided via subscription for recruitment purposes only.

Taleva is based in Spain (EEA). If any sub-processors process data outside the EEA, we use Standard Contractual Clauses (SCCs) and technical safeguards as required by the AEPD.

• Account Data: Retained for the life of the account.
• Matching Cache: Purged within 30 days of account termination or integration disconnection.
• Sourcing Data: Retained as long as relevant for professional matching or until a removal request.

Under GDPR, you have the right to access, correct, or delete your data. In Spain, the authority is the Agencia Española de Protección de Datos (AEPD).

• Candidate Opt-out: To be permanently removed from our sourcing engine, contact support@taleva.io.

Taleva's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

If you connect a Gmail account to Taleva, we use Google API access solely to:

• send outreach emails on your behalf at your direction; and
• display and process replies related to outreach conversations managed through the Service.

Taleva's systems are designed to access and process only emails and conversation threads related to outreach activity initiated through the Service. We do not use Gmail or Google Workspace data for advertising purposes, we do not sell such data, and we do not use such data (including derived data) to train generalized AI or machine-learning models.

Human access to connected email data is limited to situations where access is necessary to provide customer support, troubleshoot technical issues, comply with legal obligations, or maintain the security and integrity of the Service.

You may revoke Taleva's access to your Google account at any time through your Google account permissions settings. Revoking access will stop future syncing of email data. Previously synced data will be deleted in accordance with Section 9.

If you connect a Microsoft 365 or Outlook account to Taleva, we use Microsoft API access solely to:

• send outreach emails on your behalf at your direction; and
• display and process replies related to outreach conversations managed through the Service.

Taleva's systems are designed to access and process only emails and conversation threads related to outreach activity initiated through the Service. We do not use Microsoft data for advertising purposes, we do not sell such data, and we do not use such data (including derived data) to train generalized AI or machine-learning models.

Human access to connected email data is limited to situations where access is necessary to provide customer support, troubleshoot technical issues, comply with legal obligations, or maintain the security and integrity of the Service.

You may revoke Taleva's access to your Microsoft account at any time through your Microsoft account permissions settings. Revoking access will stop future syncing of email data. Previously synced data will be deleted in accordance with Section 9.

We update this Policy to reflect changes in our Service or EU regulations. The "Last Updated" date reflects the most recent revision.

Questions or requests about privacy?

• Email: support@taleva.io