Privacy Policy
Updated:
30 ago 2025
1) Who we are
This Privacy Policy explains how Taleva AI S.L. (“Taleva”, “we”, “us”, “our”) processes personal data when you visit taleva.io or use our talent-sourcing platform (the “Services”).
Data controller: Taleva AI S.L.
Registered address: Carrer del Comte d'Urgell, 221, L'Eixample, 08036 Barcelona, Spain
Contact: bruno@taleva.io
2) Scope and roles
We act as a data controller for: our website and app accounts, billing, support, product analytics, security logs, and for our own professional-profile dataset that powers the Service.
We act as a data processor when customers upload or sync their own data (e.g., candidate lists or notes) into their Taleva workspace. In those cases, our Data Processing Addendum (DPA) applies. Request it at bruno@taleva.io.
3) What we collect and where it comes from
A. Website & account data (you give us):
Name, work email, password (hashed), company, job title, preferences, communications (e.g., demo requests, support), and billing details if you become a paying customer.
B. Usage & device data (collected automatically):
Log data, IP address, device/browser type, pages viewed, session duration, and basic location (city/region) inferred from IP. We use cookies or similar technologies for essential operations and product analytics (see “Cookies” below).
C. Professional data (public/business context):
We process professional information such as name, role/title, employment history, education, skills, links to professional pages, and (where available) business contact details. This information is obtained from publicly available sources and other legally obtained professional data relating to individuals in their professional capacity.
We do not intentionally collect special-category data (e.g., health, religion, political opinions). If your professional information appears in our dataset, you may exercise your rights (see “Your rights”) or contact us at bruno@taleva.io.
D. Customer-provided data (you or your company upload):
If you import candidate lists, notes, or communications, we process this solely to provide the Services to your organization.
4) Why we use personal data (legal bases)
We use personal data for the purposes below, relying on the corresponding GDPR legal bases:
Provide and secure the Services (account creation, authentication, delivering features, troubleshooting, preventing abuse, fraud, or misuse): Contract and Legitimate Interests.
Customer support and communications (answering requests, product notices, service updates): Contract and Legitimate Interests.
Product improvement & analytics (understanding feature usage to improve reliability and UX, security testing): Legitimate Interests.
Professional-profile search & matching (enabling customers to discover relevant candidates): Legitimate Interests. Candidates may object at any time (see “Your rights”).
Marketing to business contacts (emails about features, events, content): Consent where required; otherwise Legitimate Interests with opt-out.
Billing, accounting, compliance (tax, invoices, audits, legal requests): Legal Obligation and Contract.
Legitimate Interests Assessment (summary)
We balance:
our interest in providing efficient professional search tools,
the professional nature of the data (public/business context), and
safeguards we apply (limited scope, opt-out, access rights, security).
We believe the impact on individuals is minimal and proportionate. A high-level summary is available on request.
5) AI & model providers
We use third-party AI providers to power parts of the Service (e.g., search, ranking, message drafting).
We do not permit providers to use customer data or candidate data to train their foundation models.
We take steps (contractual and technical) to ensure limited retention, access controls, and data security.
If you prefer to opt out of specific AI features where feasible, contact us at bruno@taleva.io.
6) Who we share data with
We share personal data only as needed to run our business:
Service providers (cloud hosting, security, email delivery, analytics, CRM, payment processing).
Customer-directed sharing (e.g., when you connect integrations).
Advisers & authorities (lawyers, auditors, regulators) where necessary.
Corporate transactions (merger, acquisition, financing, or sale of assets) subject to confidentiality and continuing protections.
Law enforcement or regulators when required by law or to protect rights, safety, and security.
We do not sell personal data.
7) International transfers
We are based in the EU (Spain). Some providers may process data outside the EEA/UK (e.g., the United States). When transfers occur, we use adequacy decisions (where available) or Standard Contractual Clauses (SCCs) and apply additional safeguards when appropriate.
8) Data retention
We keep personal data only as long as necessary for the purposes above, then delete or anonymize it. Typical examples:
Account, workspace, and usage data: for the life of the account plus a reasonable period for queries/disputes and backups.
Support tickets and communications: a reasonable period after resolution.
Billing and tax records: retained as required by applicable law.
Logs and security data: short, defined periods unless needed to investigate issues.
Exact retention periods may vary by system and legal requirement.
9) Security
We apply technical and organizational measures to protect personal data (access controls, encryption in transit, least-privilege policies, monitoring). No system is 100% secure; we continuously improve our safeguards.
10) Your rights (EEA/UK)
Depending on your location, you may have the right to:
Access your personal data and obtain a copy.
Correct inaccurate or incomplete data.
Delete your data (in certain cases).
Restrict or object to processing (notably to processing based on Legitimate Interests, including profiling related to our matching features).
Portability (receive your data in a machine-readable format).
Withdraw consent where processing relies on consent.
You also have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).
Candidate opt-out
If your professional profile appears in Taleva’s dataset and you’d like to access, correct, limit, or remove it contact us at bruno@taleva.io. We’ll verify your identity and respond in line with GDPR timelines.
11) Cookies & similar technologies
We use cookies and similar technologies to:
keep you signed in and secure the Service (strictly necessary), and
understand aggregate product usage for improvements (analytics).
Where required, we’ll ask for your consent via a banner. You can manage preferences in your browser and, where available, via our cookie settings.
12) Children’s privacy
Taleva is intended for business use. We do not knowingly collect data from children. In Spain, digital consent typically requires a minimum age; if you believe a child has provided data, contact us and we’ll delete it.
13) Changes to this Policy
We’ll update this Policy when needed. We’ll post the revised version with a new “Last updated” date and, where appropriate, notify you via the Service or email.
14) Contact
Questions or requests about privacy?
Email: bruno@taleva.io