Privacy Policy

Privacy Policy

Last updated: 1/31/2026

Staffer.ai AS ("Staffer.ai", "we", "us") provides an AI-powered recruitment platform used by employers to source, assess, and manage candidates.

This Privacy Policy explains how we process personal data, how we comply with the GDPR, and what rights you have.

If you have any questions, please contact privacy@staffer.ai.

1. Who We Are (Data Controller)

Staffer.ai AS

Tjuvholmen Allé 1, 0250 Oslo, Norway

Email: privacy@staffer.ai

Website: https://staffer.ai

We act as a data controller for most processing activities described here, including candidate sourcing, AI interviews, and platform analytics.

For some employer-specific processing (e.g., candidate workflow processing), we may act as a data processor under a Data Processing Agreement.

2. Who This Policy Covers

This policy applies to:

Candidates sourced by Staffer.ai

  • Profiles obtained from licensed third-party providers
  • Public professional information
  • Contact or career data shared with us

Candidates applying for jobs

  • Applications submitted directly on the platform
  • CVs, cover letters, interview data, and communications

Candidates completing AI-based interviews

  • Video/audio, transcripts, and interview scores generated by our AI interview provider

Employers & recruiters

  • Business contact details and account information

Website visitors

  • Cookies, usage data, and analytics information

3. Categories of Personal Data We Process

We may process the following types of data:

A. Data you provide

  • Name, email, phone number
  • CV/resume, education, work history
  • Skills, certificates, cover letters, portfolio links
  • Messages and communication records
  • Interview availability and scheduling information

B. Data from third-party sources

From licensed professional data providers, including:

  • Public professional profiles
  • Employment and education history
  • Skills, certifications, industry information
  • Public contact details
  • Metadata such as experience indicators

We only use data that third-party providers confirm was collected lawfully.

Staffer.ai processes this data under GDPR Art. 6(1)(f) (legitimate interest) to identify candidates for relevant job opportunities.

Because this data is collected at scale from publicly available or commercially licensed sources, providing individual notice to every data subject would involve disproportionate effort. Accordingly, Staffer.ai relies on the exemption in GDPR Art. 14(5)(b) and provides transparency through this Privacy Policy instead of direct notifications.

Individuals whose data has been sourced may at any time:

  • Access their data
  • Request deletion
  • Object to processing
  • Opt out of future sourcing

To exercise these rights, please email privacy@staffer.ai.

Staffer.ai applies:

  • Strict retention limits (typically 12–24 months)
  • Processing limited to professional information only
  • Data minimization and security controls
  • No processing of sensitive or special category data unless voluntarily provided

C. AI interview data

Collected via our third-party AI interview provider:

  • Video, audio, and transcripts
  • AI-generated summaries or interview scores
  • Technical metadata (timestamps, question flow)

D. Platform and system data

  • IP address, browser and device information
  • Log data and security information
  • Cookies and usage analytics (see Cookie Policy)

4. How We Use Personal Data (Purposes)

We process personal data to:

Provide recruitment services

  • Create and manage job postings
  • Match candidates to roles using AI
  • Process applications and manage workflows
  • Facilitate communication between employers and candidates

Source candidates from third-party data

  • Identify potential candidates for job openings
  • Enrich candidate profiles with public data

Provide and analyze AI interview features

  • Conduct structured interviews via our AI interview provider
  • Generate interview summaries and scoring insights
  • Share results with the hiring employer

Maintain and improve the platform

  • Debugging and product improvements
  • AI model improvement and fairness monitoring
  • Usage analytics and performance optimization

Ensure security and legal compliance

  • Fraud detection and prevention
  • Security monitoring and incident response
  • Compliance with laws and regulatory obligations

Marketing communications (optional)

  • Newsletters and product updates (only with consent)

5. Legal Bases for Processing (GDPR Article 6)

We rely on the following legal bases:

Employer use of the platform

  • Performance of a contract
  • Legitimate interest in efficient recruiting

Sourced candidates

  • Legitimate interest in identifying relevant candidates
  • Documented balancing tests ensure fairness and transparency

Candidates applying directly

  • Performance of a contract (to process job applications)

AI interviews and analysis

  • Legitimate interest
  • Performance of a contract when part of the selection process

Marketing

  • Consent (withdrawable at any time)

6. Automated Decision-Making & AI Transparency

Staffer.ai uses AI to assist with:

  • Candidate sourcing and ranking
  • Interview analysis and scoring

Important notes:

  • Employers make final hiring decisions.
  • Staffer.ai does not make fully automated decisions with legal or similarly significant effects (GDPR Art. 22).
  • Human oversight is always required.

Your rights include:

  • Requesting human review
  • Contesting AI-generated insights
  • Requesting an explanation of how AI contributed to your evaluation

7. How We Share Personal Data

We may share data with:

A. Service providers (processors)

Such as:

  • Licensed candidate data providers
  • AI interview providers
  • Cloud hosting providers
  • Analytics and communication tools

All processors are bound by GDPR-compliant agreements.

You may contact us at privacy@staffer.ai to request the names of specific service providers.

B. Employers

Candidate profiles and interview results are shared with the employer managing the relevant job process.

C. Authorities

Only when required by law or to protect against fraud or security threats.

We never sell personal data.

8. International Data Transfers

If personal data is transferred outside the EEA, we use:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Supplementary security measures when required

You may request copies of transfer safeguards by contacting us.

9. Data Retention

We keep personal data only as long as necessary for recruitment and compliance purposes.

Typical retention periods:

  • Sourced candidate profiles: 12–24 months
  • Direct applicants: 12–36 months
  • AI interview recordings: 12 months (configurable)
  • Employer account data: contract duration + 12 months
  • Security logs: up to 24 months
  • Legal obligations: as required by law

You may request earlier deletion at any time.

10. Your GDPR Rights

You have the right to:

  • Access your data
  • Correct inaccurate information
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent where applicable
  • Request human intervention for AI-supported decisions

To exercise your rights, contact privacy@staffer.ai.

We respond within 30 days.

11. Security Measures

We use industry-standard security controls, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Secure infrastructure and monitoring
  • Penetration testing
  • Vendor security reviews
  • Data minimization and pseudonymization where possible

12. Children's Data

Our services are not intended for individuals under 16.

We do not knowingly process children's data.

13. Changes to This Policy

We may update this policy from time to time.

Significant updates will be communicated via email or through the platform.

14. Contact Us

If you have questions about this Privacy Policy or your rights:

Staffer.ai AS

Tjuvholmen Allé 1, 0250 Oslo, Norway

Email: privacy@staffer.ai

Phone: +47 981 59 119