Privacy Policy

At Shortlists, we value your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our services. We are committed to complying with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

1. Who We Are

Shortlists.io is a trading name of Venture Studio Operations LtD, a company incorporated in the United Kingdom of Great Britain and Northern Ireland, with registered office at 128 City Road, London, United Kingdom, EC1V 2NX. We act as a Data Controller for client and user information, and as a Data Processor when handling candidate data on behalf of clients.

2. Contact Information

For any questions or data requests, please contact:

• Email: [email protected]

• EU Representative: Sophus Blom-Hanssen

• UK Representative: Sophus Blom-Hanssen

3. What Personal Data We Collect

Depending on how you interact with us, we may collect:

• Clients & Users: Name, email, company, job title, billing details, login credentials, communication data

• Candidates (via clients): CVs, LinkedIn URLs, interview transcripts, call recordings, assessment scores

• Website Visitors: IP address, browser type, cookies, usage analytics

4. How We Collect Personal Data

• Directly from you (form submissions, onboarding)

• From clients who use our platform to process candidate data

• Automatically through cookies and similar technologies

5. Legal Basis for Processing
We process your data on the following bases:

• Contract performance

• Legitimate interests (e.g., platform improvement, security)

• Consent (e.g., marketing communications)

• Legal obligations

6. How We Use Your Data

• To provide our services and operate the platform

• To generate candidate reports and transcriptions

• To communicate with you (support, updates)

• To monitor and improve our services

7. Data Sharing and Subprocessors We share data only with subprocessors essential for service delivery, including:

• Hosting & infrastructure: Supabase, Lovable

• AI and transcription services: Gladia, Meetingbass, OpenAI

• Document processing: PDF.co

• Optical character recognition: Google Vision

• Email delivery: Resend

All subprocessors are subject to DPAs and appropriate safeguards.

8. International Data Transfers
We use Standard Contractual Clauses (SCCs) and other safeguards when transferring personal data outside the EEA/UK.

9. Data Retention
We retain data only as long as necessary:

• Client accounts: While active + 12 months

• Candidate data: Based on client instructions or up to 12 months after inactivity

• Website logs: Up to 6 months

10. Data Security
We implement appropriate technical and organizational measures, including:

• End-to-end encryption for data transmission

• Secure cloud storage with access controls

• Regular security audits and updates

• Employee access restrictions and training

• Multi-factor authentication support

11. Your Rights
You have the right to:

• Access your data

• Correct inaccuracies

• Delete your data

• Restrict or object to processing

• Withdraw consent at any time

• Port your data to another provider

To exercise your rights, contact [email protected]. We respond within 30 days.

12. Cookies and Tracking Technologies
We use cookies to improve user experience and analyze usage. You can manage preferences via our cookie banner. See our Cookie Policy for more.

13. Automated Decision-Making and Profiling
If AI-assisted scoring or recommendations are used, we ensure human oversight and allow you to contest decisions or request explanation.

14. Changes to This Policy
We may update this policy periodically. We will notify users of material changes via email or dashboard.

Thank you for trusting Shortlists.io. Your privacy matters to us.