Reordinal (“we,” “us,” or “our”) operates the applicant tracking platform at reordinal.com. This Privacy Policy explains how we collect, use, and protect your information when you use our website, web application, and browser extension (collectively, the “Service”).
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Definitions
Recruiter
A registered user who manages hiring workflows — posting jobs, reviewing applications, and scheduling interviews.
Candidate
An individual whose resume or application data is processed through the Service.
Personal Data
Any information relating to an identified or identifiable natural person.
Processing
Any operation performed on Personal Data, including collection, storage, analysis, and deletion.
2. Data We Collect
2.1 Recruiter Account Data
When you create an account, we collect your full name and email address. We use passwordless authentication (magic links) — a unique, time-limited sign-in link is sent to your email each time you log in. We do not store passwords. If you sign in with Google, we receive your name, email, and verification status. We do not store your Google profile picture.
2.2 Candidate / Resume Data
When a Candidate applies to a job or a Recruiter uploads a resume, we process:
- Resume file (PDF)
- Name, email, phone number, address
- LinkedIn and GitHub profile URLs
- Education, work experience, skills, and projects
- Any additional information from custom application form fields
2.3 Interview & Feedback Data
If interviews are scheduled through the Service, we store scheduling details (date, time, duration, meeting link, interviewer names) and interviewer feedback (ratings, notes, recommendations).
2.4 Billing Data
Payment processing is handled entirely by Razorpay. We do not collect or store credit card numbers or bank account details. We store only Razorpay customer IDs, subscription IDs, and transaction metadata.
2.5 Usage & Technical Data
We store a JWT authentication token in your browser's local storage. We do not use cookies for authentication or tracking. We use Google Analytics to collect anonymous usage data such as page views, session duration, and general geographic region. This helps us understand how the Service is used and improve it. Google Analytics may set cookies in your browser. No personally identifiable information is sent to Google Analytics. You can opt out by installing the Google Analytics Opt-out Browser Add-on.
2.6 Browser Extension Data
The Reordinal browser extension reads the candidate's name and LinkedIn profile URL from the page you are viewing, and captures the resume PDF when you initiate a download. It stores auth tokens locally in your browser. The extension does not scrape LinkedIn in bulk, does not collect data without user action, and does not transmit data to third parties.
3. How We Use Your Data
- Providing the Service: Storing and displaying job postings, applications, resumes, and interview schedules.
- Resume parsing & ATS scoring: Extracting structured information from resumes and calculating compatibility scores using AI (see Section 5).
- Communication: Sending transactional emails only (account verification, interview notifications). No marketing emails.
- Billing: Managing subscriptions and credit balances.
- Security: Authenticating users, detecting abuse, and enforcing access controls.
4. We Do Not Sell Your Data
We will never sell, rent, or trade your Personal Data — including resume data and Candidate information — to any third party, for any purpose, under any circumstances.
5. Third-Party Services & Sub-Processors
We share data with the following service providers solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Infrastructure, file storage, message queue | All data (hosted on GCP) |
| Amazon Web Services | File storage (S3), transactional email (SES) | Resume files; email addresses & content |
| Supabase | Managed PostgreSQL database | User accounts, organizations, jobs, applications |
| Google Gemini (AI) | Resume parsing & ATS scoring | Resume text content, job descriptions |
| OpenAI (optional) | Alternative AI provider | Resume text content, job descriptions |
| Razorpay | Payment processing | Org ID, plan details |
| Google Identity Services | OAuth sign-in | Email, name, verification status |
| Google Analytics | Anonymous usage analytics | Page views, session data, general location (no PII) |
Note on AI processing: When we parse resumes or calculate ATS scores, the full text of the resume (which may contain personal details) is sent to the AI provider's API. We use these services solely for data extraction and scoring — we do not use them to train AI models on your data.
6. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, we process your data under:
Processing Recruiter account data is necessary to provide the Service you subscribed to.
Processing Candidate data on behalf of Recruiters for hiring purposes. The Recruiter acts as the data controller; Reordinal acts as the data processor.
When a Candidate submits an application through a public job listing, they consent to processing by submitting the form.
7. Data Controller & Processor Roles
Recruiter Data
Reordinal is the data controller.
Candidate Data
The Recruiter is the data controller. Reordinal is the data processor.
8. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Deleted data is soft-deleted (marked as inactive) and excluded from all queries. Soft-deleted data may be retained in backups for a reasonable period for disaster recovery.
Recruiters may request account deletion by contacting us. Upon deletion, we will remove or anonymize Personal Data within 30 days, except where retention is required by law.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
For Candidates: If your data was uploaded by a Recruiter, please contact the Recruiter directly. If they are unresponsive, contact us and we will assist.
10. Data Security
- All data in transit is encrypted using TLS/HTTPS.
- We use passwordless authentication (magic links) — no passwords are stored.
- Authentication tokens are short-lived JWTs.
- Magic link tokens are single-use and expire after a short window.
- Invite tokens are stored only as SHA-256 hashes.
- File storage uses server-side encryption at rest.
- Database access is restricted via private networks.
- No payment card data ever touches our servers.
11. International Data Transfers
Our infrastructure is hosted on Google Cloud Platform and Amazon Web Services. Data may be transferred to and processed in regions outside your country of residence. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.
12. Cookies & Local Storage
We do not use cookies for authentication or tracking. Google Analytics may set cookies to collect anonymous usage statistics (see Section 2.5). The only other client-side storage we use is browser localStorage to persist your authentication session token, which is removed when you sign out.
13. Children's Privacy
The Service is not intended for individuals under 16. We do not knowingly collect data from children. If we learn that we have, we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notice. The “Last updated” date at the top indicates when it was last revised.
15. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at: