← Back to Recberry

Privacy Policy

Recberry Job Seeker Space | Effective Date: 20 February 2026 | Last Updated: 20 February 2026

1. Introduction

This Privacy Policy describes how Recberry s.r.o. ("we," "us," "our," or "Recberry") collects, uses, processes, and protects your personal data when you use the Recberry Job Seeker Space platform (the "Service").

This policy is issued in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR")
  • Act No. 110/2019 Coll., on the processing of personal data (Czech Republic)
  • Act No. 480/2004 Coll., on certain information society services

By using our Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.

2. Data Controller Identification

Data Controller:

Company Name: Recberry s.r.o.
Company ID (IČO): 04972236
Tax ID (DIČ): CZ04972236
Registered Office: Tupolevova 741, Prague 9 - Letňany, 199 00, Czech Republic
Mailing Address: Jana Zajíce 2016, 258 01 Vlašim, Czech Republic
Email: barbora@recberry.com
Telephone: +420 702 080 993

Commercial Register: Municipal Court in Prague, Section C, File No. 256441

The Data Controller has not appointed a Data Protection Officer (DPO) as it is not required under Article 37 GDPR for the scale and nature of our operations. However, we maintain strict data protection practices and can be contacted at the email address above for all data protection matters.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6(1) GDPR:

a) Consent (Article 6(1)(a) GDPR):

  • Processing resume content for AI-powered analysis
  • Sending marketing communications
  • Processing interest form data for future service development
  • Processing non-essential cookies

b) Contractual Necessity (Article 6(1)(b) GDPR):

  • Creating and managing your user account
  • Providing the resume analysis services you requested
  • Processing payments for paid services
  • Communicating with you about the Service

c) Legal Obligation (Article 6(1)(c) GDPR):

  • Maintaining records required by Czech tax and accounting law
  • Responding to lawful requests from authorities
  • Complying with data retention obligations

d) Legitimate Interests (Article 6(1)(f) GDPR):

  • Preventing fraud and ensuring platform security
  • Improving and developing our services
  • Internal analytics and service optimisation
  • Responding to user inquiries and support requests

4. Categories of Personal Data Collected

4.1 Account Information

When you create an account using OAuth authentication:

  • Name (from OAuth provider)
  • Email address (from OAuth provider)
  • Profile picture (from OAuth provider)
  • OAuth provider identifier
  • Account creation date
  • Last login date
  • User tier (free/paid)
  • Credit balance

4.2 Resume Content

When you use our resume analysis service:

  • Resume text (job history, skills, education, achievements)
  • Analysis results and recommendations
  • Service usage history
  • Timestamps of service usage

IMPORTANT: We strongly recommend that you remove or redact the following information from your resume before analysis:

  • Full legal name (use initials)
  • Complete address (city/country is sufficient)
  • Telephone number
  • Email address
  • Social media profile URLs
  • National identification numbers
  • Photographs

4.3 Interest Form Data

When you express interest in our paid services or request urgent help:

  • Job search duration
  • Challenges faced in job search
  • Current job seeking strategy
  • Additional situation details you voluntarily provide
  • Urgency flag
  • Submission timestamp

4.4 Payment Information

For paid services (processed by third-party payment processors):

  • Transaction ID
  • Payment amount and currency
  • Payment date
  • Payment method type (no card details stored by us)
  • Billing country

4.5 Technical and Usage Data

Automatically collected when you use our Service:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent
  • Referral source
  • Session data
  • Error logs and diagnostics

4.6 Cookies and Tracking Technologies

We use essential and analytical cookies. See Section 12 for details.

5. How We Use Your Personal Data

5.1 Service Delivery

  • Creating and maintaining your user account
  • Authenticating your identity via OAuth providers
  • Processing and delivering resume analysis results
  • Managing your service credits and tier status
  • Providing customer support

5.2 AI-Powered Analysis

  • Sending your resume content to Anthropic Inc. (USA) for AI processing
  • Generating comprehensive resume analysis and recommendations
  • Improving resume quality scores
  • Providing ATS compatibility insights

5.3 Communications

  • Sending service-related notifications
  • Responding to your inquiries and support requests
  • Sending updates about service availability
  • Marketing communications (with your consent)
  • Notifying you when paid services become available (if you expressed interest)

5.4 Business Operations

  • Processing payments and maintaining financial records
  • Preventing fraud and abuse
  • Ensuring platform security
  • Complying with legal obligations
  • Enforcing our Terms of Service

5.5 Service Improvement

  • Analyzing usage patterns to improve the Service
  • Developing new features and services
  • Conducting internal research and analytics
  • Testing new functionality

6. Data Sharing and Third-Party Processors

6.1 Artificial Intelligence Provider

Anthropic, Inc.
Purpose: AI-powered resume analysis
Data Shared: Resume text content (we recommend you redact personal contact information)
Location: United States of America
Legal Basis: Standard Contractual Clauses (SCCs) approved by the European Commission
Privacy Policy: https://www.anthropic.com/legal/privacy
Retention: Anthropic does not retain data beyond processing

IMPORTANT NOTICE: By using our resume analysis service, you explicitly consent to the transfer of your resume content to the United States for AI processing by Anthropic. This transfer is protected by Standard Contractual Clauses. You may withdraw this consent at any time, but this will prevent us from providing the resume analysis service.

6.2 Authentication Providers

Google LLC – OAuth ("Sign in with Google"); Data: Authentication tokens, email, name, profile picture; Location: USA; Privacy Policy

GitHub, Inc. – OAuth ("Sign in with GitHub"); Data: Authentication tokens, email, name, profile picture; Location: USA; Privacy Policy

LinkedIn Corporation – OAuth ("Sign in with LinkedIn"); Data: Authentication tokens, email, name, profile picture; Location: USA; Privacy Policy

6.3 Database and Hosting Services

MongoDB, Inc. (MongoDB Atlas) – Database hosting; Data: All user account data, service usage history; Location: EU; Privacy Policy

Vercel Inc. – Application hosting; Data: Technical data, access logs; Location: EU and USA; Privacy Policy

6.4 Payment Processors (when paid services launch)

Stripe, Inc. – Payment processing; Data: Transaction data (no card details stored by us); Location: USA and EU; Privacy Policy

6.5 Other Service Providers

We may share data with: Legal and accounting advisors (professional secrecy obligations); IT security and infrastructure providers; Customer support tools (if implemented); Analytics providers (anonymised data only).

6.6 Legal Disclosures

We may disclose your personal data when required by law: To comply with court orders or legal processes; To respond to lawful requests from public authorities; To protect our rights, property, or safety; To enforce our Terms of Service; To prevent fraud or illegal activity.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States.

7.1 Safeguards

For transfers to the United States, we rely on: Standard Contractual Clauses (SCCs) approved by the European Commission; Adequacy decisions (where applicable); Explicit consent for specific transfers (resume content to Anthropic).

7.2 Your Rights

You have the right to: Obtain information about the safeguards we have in place; Obtain a copy of the Standard Contractual Clauses; Object to transfers to specific countries; Withdraw consent for transfers (may limit service availability). Contact us at barbora@recberry.com to exercise these rights.

8. Data Retention Periods

8.1 Account Data: Active accounts: Retained while active. Inactive accounts: Deleted after 3 years of inactivity. Deleted accounts: Permanently deleted within 30 days of deletion request.

8.2 Resume Analysis Data: Resume content: NOT permanently stored after analysis completion. Analysis results: Retained for 2 years or until account deletion. Usage history: Retained for 3 years for service improvement.

8.3 Interest Form Data: Stored for 2 years from submission date. May be deleted earlier upon request.

8.4 Payment Data: Transaction records: 10 years (Czech accounting law). Invoice data: 10 years (Czech tax law).

8.5 Technical Logs: Server logs: 90 days. Error logs: 1 year. Security logs: 2 years.

8.6 Marketing Data: Until consent withdrawal + 30 days. Maximum retention: 5 years from last interaction.

After the retention period expires, we will securely delete personal data, anonymise data for statistical purposes (where applicable), and archive data required by law in secure, access-restricted storage.

9. Your Rights as a Data Subject

9.1 Right of Access (Article 15 GDPR) – Confirm whether we process your data; obtain a copy; receive information about processing. Email barbora@recberry.com with subject "Data Access Request". Response: Within 30 days.

9.2 Right to Rectification (Article 16 GDPR) – Correct inaccurate or complete incomplete data. Update account settings or email us. Response: Within 30 days.

9.3 Right to Erasure / "Right to Be Forgotten" (Article 17 GDPR) – Request deletion when data is no longer necessary, you withdraw consent, you object and no overriding grounds exist, or data was unlawfully processed. Email barbora@recberry.com with subject "Account Deletion Request". Response: Within 30 days. Exceptions: We may retain data when required by law.

9.4 Right to Restriction of Processing (Article 18 GDPR) – Restrict processing when contesting accuracy, processing is unlawful but you oppose deletion, we no longer need data but you need it for legal claims, or you objected (pending verification). Email barbora@recberry.com. Response: Within 30 days.

9.5 Right to Data Portability (Article 20 GDPR) – Receive your data in structured, machine-readable format (JSON); transmit to another controller. Applies to data provided by consent or contract, processed by automated means. Email barbora@recberry.com with subject "Data Portability Request". Response: Within 30 days.

9.6 Right to Object (Article 21 GDPR) – Object to direct marketing (absolute right; we stop immediately). Object to processing based on legitimate interests; we cease unless we demonstrate compelling grounds. Contact us to exercise.

9.7 Right to Withdraw Consent (Article 7(3) GDPR) – Withdraw consent at any time. Withdrawal does not affect lawfulness of processing before withdrawal. May limit service availability. Email barbora@recberry.com or use account settings.

9.8 Right to Lodge a Complaint (Article 77 GDPR)

Czech Supervisory Authority: Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic. Website: https://www.uoou.cz | Email: posta@uoou.cz | Phone: +420 234 665 111

9.9 Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR) – We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our AI analysis is advisory only.

10. Data Security Measures

Technical: Encryption in transit (TLS/SSL); Encryption at rest; Secure authentication (OAuth 2.0, JWT tokens); Regular security updates; Access controls; Firewall and intrusion detection; Secure data disposal.

Organisational: Access limited to authorised personnel; Staff training on data protection; Confidentiality agreements; Data processing agreements with third parties; Incident response procedures; Privacy by design and by default.

Data Breach Notification: In the event of a breach that poses a risk: We will notify the Czech supervisory authority within 72 hours; We will notify affected users without undue delay; We will provide information about the breach and remedial actions.

11. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect data from children under 16. If we discover we have collected data from a child under 16, we will delete it immediately. Parents/guardians may contact us to request deletion of a child's data. If you are under 16, please do not use our Service.

12. Cookies and Tracking Technologies

Essential Cookies (No Consent Required): Authentication cookies (recberry_session); Security cookies (CSRF tokens); Session management. Purpose: Technical functionality. Retention: Session or 30 days. These cannot be disabled.

Analytics Cookies (Consent Required): Usage statistics; Performance monitoring. Purpose: Understanding how users interact with our Service. Retention: 13 months.

Managing Cookies: You can control cookies through browser settings, our cookie consent banner, or opt-out tools. Disabling essential cookies will prevent you from using the Service. We honor Do Not Track signals where technically feasible.

See our Cookie Policy for full details.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or service features. When we make material changes: We will update the "Last Updated" date; We will notify you by email (if you have an account); We will display a notice on our website; We may require you to review and accept the new policy. Continued use constitutes acceptance. We encourage you to review this policy periodically.

14. Contact Information

Email: barbora@recberry.com
Phone: +420 702 080 993
Mail: Recberry s.r.o., Jana Zajíce 2016, 258 01 Vlašim, Czech Republic

Response time: Within 30 days (may be extended by 2 months for complex requests)

For supervisory authority complaints: Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Prague 7, Czech Republic. Website: https://www.uoou.cz

15. Legal Framework

This Privacy Policy is governed by: Regulation (EU) 2016/679 (GDPR); Act No. 110/2019 Coll., on personal data processing; Act No. 480/2004 Coll., on certain information society services; Act No. 89/2012 Coll., Civil Code; Other applicable Czech and EU legislation.

By using the Recberry Job Seeker Space, you acknowledge that you have read, understood, and agree to this Privacy Policy. Last updated: 20 February 2026.