Legal

Privacy Policy

Last updated: March 2025

Shortlists (“we”, “us”, “our”) operates the Shortlists platform at shortlists.io. This policy explains how we collect, use, and protect personal data when you use our service. We are committed to GDPR compliance and privacy by design.

1. Who we are

Shortlists is the data controller for personal data processed through our platform. Our servers are hosted in the EU (Stockholm, Sweden). We do not transfer personal data outside the EEA without appropriate safeguards in place.

2. What data we collect

Account data

When you create a Shortlists account, we collect your name, email address, company name, and payment information (processed securely via Stripe — we never store card details).

Candidate and client data you add to Shortlists

You are the data controller for any candidate, client, or contact data you enter into Shortlists. We process this data on your behalf as a data processor, under the terms of our Data Processing Agreement.

Usage data

We collect anonymised usage analytics to improve the product — pages visited, features used, error reports. We do not sell or share this data with third parties.

3. How we use your data

  • To provide and improve the Shortlists service
  • To send transactional emails (account setup, invoices, feature announcements)
  • To respond to support requests
  • To comply with legal obligations

We do not use your data to train AI models. We do not sell data to third parties.

4. Data retention

We retain your account data for as long as your account is active. When you cancel, your data is retained for 30 days (so you can export it) and then deleted. You can request immediate deletion at any time by contacting privacy@shortlists.io.

5. Your rights under GDPR

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Export your data in a portable format
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@shortlists.io.

6. Cookies

We use essential cookies required for the platform to function, and anonymised analytics cookies to understand usage. We do not use advertising or tracking cookies.

7. Third-party services

Shortlists integrates with third-party services including Zoom, Microsoft Teams, Google Meet, and Stripe. Each has their own privacy policy governing their data processing.

8. Contact

For privacy questions or to exercise your data rights, contact us at privacy@shortlists.io.