← Startup Roles

Privacy Policy

Effective May 18, 2026

1. Who we are

Startup Roles ("we", "us", "our") operates the Startup Roles platform at startuproles.co. We act as the data controller for personal data we collect about visitors and Client users of the Service, and as a data processor for candidate personal data that our Clients submit or that sourcing partners deliver through the Service.

2. Data we collect

We collect:

  • Account data — name, email, password hash, role, organization.
  • Mandate data — job descriptions, criteria, swipes, feedback, notes you submit.
  • Candidate data — profiles, public links, summaries, and assessments submitted by Clients or sourcing partners.
  • Usage data — pages viewed, actions, device, browser, IP address, approximate location, timestamps, referrer.
  • Communications — messages you send us, including support requests.
  • Cookies & similar tech — strictly-necessary cookies for authentication and session, and limited analytics cookies.

3. How we use data

We use personal data to:

  • provide, secure, and improve the Service;
  • authenticate users and prevent abuse;
  • process AI-assisted generation of personas, criteria, and summaries;
  • communicate with you about your account, updates, and support;
  • comply with legal obligations and enforce our Terms;
  • aggregate de-identified usage to evaluate and improve product quality.

4. Legal bases (EEA/UK)

Where GDPR or UK GDPR applies, we rely on: (a) contractto provide the Service; (b) legitimate interests to secure, support, and improve the Service and prevent fraud; (c) consent for optional analytics or marketing where required; and (d) legal obligation for tax, accounting, and compliance purposes.

5. AI processing

The Service uses large language models to generate suggestions, summaries, and personas. Prompts and outputs may be transmitted to model providers under contractual confidentiality obligations. We do not authorize model providers to train their foundation models on your inputs or outputs. AI output may be inaccurate; review before relying on it.

6. Sharing

We share personal data only with:

  • Sub-processors that operate the Service, including hosting (Cloudflare), database and auth (Supabase), and AI inference providers, each under a written data-processing agreement;
  • Sourcing partners ("Agents") you engage through the platform, limited to the mandate context required to deliver candidates;
  • Authorities when required by law, valid legal process, or to protect rights, safety, and security;
  • Successors in a merger, acquisition, or asset transfer, subject to confidentiality.

We do not sell personal data.

7. International transfers

Personal data may be processed in countries other than your own. Where required, we rely on Standard Contractual Clauses, the UK IDTA, or equivalent safeguards.

8. Retention

We keep personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Account data is retained for the life of your account and a reasonable post-termination period. Mandate and candidate data is retained per Client instructions, subject to legal minimums.

9. Security

We use industry-standard administrative, technical, and physical safeguards including encryption in transit, encryption at rest, least-privilege access, row-level security, and audit logging. No system is perfectly secure; you use the Service at your own risk.

10. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent. To exercise these rights, email privacy@startuproles.co. You may also lodge a complaint with your local supervisory authority. For California residents, we do not sell or "share" personal information as defined by the CCPA/CPRA.

11. Candidates

If you are a candidate and a Client or sourcing partner has submitted your data through the Service, please contact that Client first, as they control the data. We will assist Clients in responding to verified requests.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

13. Changes

We may update this Policy from time to time. Material changes will be notified by updating the Effective Date and, where appropriate, by in-product notice.

14. Contact

Privacy questions: privacy@startuproles.co.

← Back to home