Privacy Policy

Tener.ai, Inc. ("Tener," "we," "us," or "our") operates as an AI powered recruiting agency. This Privacy Policy describes how we collect, use, store, and protect personal data in the course of providing our recruitment services. It applies to candidates whose data we process and to our clients.

Effective Date: March 17, 2026

This policy is issued in compliance with the EU General Data Protection Regulation (GDPR), in particular Articles 13 and 14, and applicable data protection legislation.

1. Data Controller

2. Categories of Personal Data We Process

In the course of providing recruitment services, we may process the following categories of personal data:

• Candidate Data: Name, contact details, location, professional experience, skills, qualifications, education history, public professional profile information, AI conducted screening interview responses, assessment scores, salary expectations, and availability.
• Client Data: Contact details of client representatives, job descriptions, role requirements, and company information provided for recruitment purposes.

We do not intentionally collect special categories of data, such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation, unless voluntarily provided by candidates or required for diversity sourcing at the explicit request of a client in compliance with applicable law.

3. Purposes and Legal Basis for Processing

• Recruitment services: Sourcing, screening, evaluating, and presenting candidates to our clients. Legal basis: legitimate interest under Art. 6(1)(f) GDPR and or performance of a contract under Art. 6(1)(b) GDPR.
• AI powered candidate assessment: Using automated tools to evaluate candidate fit based on skills, experience, and role requirements. Legal basis: legitimate interest, with human review safeguards before any hiring decision.
• Communication: Contacting candidates regarding opportunities and clients regarding recruitment progress. Legal basis: legitimate interest and or consent.
• Compliance and legal obligations: Retaining records as required by applicable law. Legal basis: legal obligation under Art. 6(1)(c) GDPR.

4. Sources of Personal Data

Where we have not collected personal data directly from the individual, we may obtain it from:

• Publicly available professional networking platforms such as LinkedIn public profiles
• Publicly available professional directories, portfolios, and repositories such as GitHub
• Referrals from our client organizations
• Job boards where candidates have published their profiles

5. Automated Decision Making

Tener uses AI to assist in candidate evaluation, including scoring and ranking candidates based on role requirements. This processing involves profiling within the meaning of Art. 22 GDPR.

• No candidate is rejected or hired solely based on automated processing. All shortlisted candidates are reviewed by human recruiters at the client organization before any hiring decision is made.
• Candidates have the right to request human review of any automated assessment, to express their point of view, and to contest the outcome.
• Our algorithms are regularly tested for bias across protected characteristics including gender, age, and ethnicity.

6. Data Sharing and Recipients

We share candidate data only with the client organization for which recruitment services are being performed, and only to the extent necessary for the recruitment process.

We may also share data with the following recipients:

• Cloud infrastructure providers for data hosting and processing, within the EEA or with appropriate safeguards
• AI model providers under Enterprise API agreements only, where data is not used for model training
• Professional advisors, including legal and accounting, where required

We do not sell personal data. We do not share candidate data with any party other than the client for the specific role in question.

7. Data Residency and International Transfers

Personal data is processed and stored within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or equivalent mechanisms approved under GDPR.

All LLM processing is conducted through Enterprise API agreements that contractually prohibit the use of input data for model training.

8. Data Retention

Candidate data is retained for the duration of the active recruitment engagement plus a maximum of 12 months, unless the candidate provides consent for longer retention for future opportunities.

Candidates may request deletion of their data at any time. Client contractual data is retained for the duration of the business relationship plus the period required by applicable law.

9. Your Rights

Under GDPR, individuals have the following rights regarding their personal data:

• Right of access (Art. 15): Obtain a copy of your personal data and information about how it is processed.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17): Request deletion of your personal data.
• Right to restriction of processing (Art. 18): Request that we limit how we use your data.
• Right to data portability (Art. 20): Receive your data in a structured, machine readable format.
• Right to object (Art. 21): Object to processing based on legitimate interest, including profiling.
• Right not to be subject to solely automated decisions (Art. 22): Request human review of automated assessments.

To exercise any of these rights, contact us at privacy@tener.ai. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence or place of work.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data at rest (AES 256) and in transit (TLS 1.2+)
• Access controls with role based permissions
• Regular security assessments of our infrastructure
• Employee and contractor confidentiality obligations

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through our website or directly to affected individuals. The effective date at the top of this document reflects the latest revision.

12. Contact