LGPD & GDPR Compliance

Introduction

Hirelyzer is committed to complying with the Brazilian General Data Protection Law (LGPD — Lei Geral de Proteção de Dados) and the European General Data Protection Regulation (GDPR). This page explains what data we process, why, and what rights you have.

Data We Process

In the course of providing our AI-powered candidate screening service, Hirelyzer processes the following categories of personal data:

• Job descriptions (JD) — uploaded by the recruiter as PDF files
• Candidate CVs/résumés — uploaded by the recruiter as PDF files
• Candidate information — names, contact details, skills, experience, and other data extracted from CVs
• Recruiter notes — free-text observations added by the recruiter during the screening workflow
• Analysis outputs — match scores, candidate rankings, strengths, concerns, and interview guidance generated by AI
• Account and billing metadata — name, email, subscription plan, payment identifiers (via Stripe), and usage logs

Purpose and Use of Data

All data processed by Hirelyzer is used exclusively to provide the Hirelyzer candidate screening service. We do not sell, rent, or share personal data with third parties for marketing or any unrelated purpose.

Data Retention

Uploaded files, extracted content, and analysis outputs are retained for 30 days by default. Recruiters may opt for an extended retention period to support ongoing hiring workflows. After the retention period, all data is automatically and permanently deleted.

Your Rights

Under LGPD and GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data
• Portability — request your data in a structured, machine-readable format
• Restriction — request that we limit how we process your data
• Objection — object to processing based on legitimate interests
• Revocation of consent — withdraw consent at any time, without affecting prior processing
• Information — know what data is collected, how it is used, and with whom it is shared

Legal Bases for Processing

We rely on the following legal bases under LGPD and GDPR:

• Consent — you provide explicit consent when agreeing to our Terms and Privacy Policy during account creation and before each analysis
• Contract performance — processing is necessary to provide the screening service you subscribed to
• Legitimate interests — aggregated, anonymized data may be used to improve our algorithms and service quality

Security Controls

Hirelyzer implements the following security measures to protect personal data:

• Encryption in transit (TLS/HTTPS) and at rest for all stored data
• Access controls with role-based permissions and authentication via NextAuth.js
• Secure cloud infrastructure hosted on Microsoft Azure
• Automated data deletion upon retention period expiration
• Regular security reviews and monitoring
• Data minimization — we only collect data necessary to provide the service

AI and Automated Decision-Making

Hirelyzer uses artificial intelligence to analyze candidate CVs against job descriptions. The AI generates match scores, rankings, and insights. These outputs are intended as decision-support tools for recruiters and are not used for automated final hiring decisions. The recruiter always retains full control over hiring outcomes.

Data Protection Contact

For any questions, data access requests, or concerns related to data protection, contact us at: