1. Who we are
Kapek provides AI-assisted recruiting and candidate-screening software for organizations and their authorized users (for example, talent acquisition teams, recruiters, and hiring managers). Depending on your relationship with us, we may act as a business (processing data on behalf of customer organizations) or, where you interact with us directly (for example, creating a Kapek account), as a controller of certain account and usage data.
For privacy inquiries, contact us at privacy@kapek.app. For security reports, use security@kapek.app.
2. Scope
This policy applies to personal information we process in connection with:
- The Kapek web application, dashboards, and recruiter tools;
- Candidate-facing experiences delivered through Kapek (for example, interview links, chat, voice sessions where enabled, and embeddable widgets);
- Marketing sites, demos, waitlists, and lead forms;
- Support, billing, analytics, and communications related to the Services.
Customer organizations that use Kapek to process candidate or employee data may have their own privacy notices and obligations. Where we process personal data on behalf of a customer, their instructions and our agreement with them also apply.
3. Personal information we collect
We collect information in the following categories (not all categories apply to every user):
3.1 Account and profile data
Name, work email, organization, authentication identifiers, role, preferences, and similar account fields you or your administrator provide.
3.2 Customer content and recruiting data
Job descriptions, screening criteria, interview transcripts, messages, attachments (for example, CVs where uploaded), ratings, notes, pipeline stages, and other content submitted through the Services.
3.3 Candidate and visitor data
Identifiers and contact details candidates or visitors submit (for example, name, email, phone), responses to interview questions, technical metadata about sessions (device type, approximate location derived from IP where available), and fraud-prevention signals. Where optional voice-based screening is enabled by a customer, voice audio or derived transcripts may be processed to deliver that feature and may be subject to additional notices provided by the customer to its users.
3.4 Technical and usage data
IP address, device and browser type, timestamps, pages viewed, feature usage, diagnostics, error logs, and similar telemetry needed to operate and secure the Services.
3.5 Communications
Information you send when you contact support, book a demo, subscribe to updates, or correspond with us.
3.6 Payment data
Where billing applies, payment details are typically processed by our payment processor; we may receive limited billing metadata (for example, subscription status and partial identifiers).
4. Sources of information
- Directly from you when you register, configure agents, upload files, or message us;
- From your organization when an administrator provisions access or integrates systems;
- Automatically through cookies, pixels, SDKs, and server logs when you use the Services;
- From service providers that assist with hosting, analytics, communications, or security;
- From integrations you or your organization authorize (for example, calendar or HR tools where connected).
5. How we use personal information
We use personal information to:
- Provide, maintain, improve, and secure the Services;
- Authenticate users, prevent fraud and abuse, and enforce our terms;
- Operate AI-assisted features (for example, generating interview prompts, summaries, or scoring assistance) in line with customer configuration and applicable law;
- Communicate about the Services, including transactional messages, product updates, and (where permitted) marketing;
- Analyze usage in aggregated or de-identified form to understand product performance;
- Comply with law, respond to lawful requests, and establish or defend legal claims.
Where required, we rely on appropriate legal bases such as performance of a contract, legitimate interests (for example, securing our network and improving the product, balanced against your rights), consent (for optional cookies or marketing where applicable), or legal obligation.
6. AI processing and automated outputs
Kapek may use machine learning and large language models to generate or structure recruiting-related outputs. Outputs can be imperfect; customers remain responsible for hiring decisions. We design the Services so that meaningful employment decisions are reviewed by qualified humans at the customer organization unless you choose otherwise in line with law.
We may log prompts and outputs where needed for safety, debugging, billing, and quality, subject to retention limits and access controls described below.
7. Cookies and similar technologies
We use cookies and similar technologies for authentication, preferences, security, and analytics. Where required, we obtain consent before non-essential tracking. You can control cookies through your browser settings; disabling certain cookies may limit functionality.
8. Legal roles: controllers, processors, and your organization
Where a company or team uses Kapek to evaluate candidates or employees, that organization is typically the controller of candidate/employee personal data, and Kapek processes such data as a processor or service provider under instructions and contractual terms (including data protection commitments where applicable). Where we determine the purposes and means of processing (for example, account administration for individual sign-ups, product analytics tied to your Kapek login, or direct marketing to you as a prospect), we act as a controller.
Customer administrators can configure roles, retention, and exports within the product subject to their own policies and employment law obligations.
9. How we share personal information
We do not sell your personal information. We may share data with:
- Service providers and subprocessors who host infrastructure, deliver email, process payments, provide analytics, or support security operations, bound by confidentiality and processing terms;
- Your organization and its authorized users, as part of normal product behavior (for example, recruiters viewing candidate submissions);
- Professional advisers (lawyers, auditors) where necessary;
- Authorities when required by law or to protect rights, safety, and integrity.
We may disclose or transfer information in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and continuity commitments.
10. Subprocessors and infrastructure
We use vetted cloud and software partners for hosting, databases, authentication, observability, email delivery, payment processing, and—where enabled—AI inference and related tooling. Subprocessors are subject to security reviews and written obligations consistent with this policy and our customer agreements. A current list may be provided upon request to privacy@kapek.app or in your enterprise order form.
11. Data minimization and purpose limitation
We collect personal information that is adequate, relevant, and limited to what is reasonably necessary for the purposes described here. We discourage customers from uploading sensitive categories of data (for example, government ID numbers, health information, or financial account details) unless strictly necessary and lawful for their recruiting process; customers are responsible for lawful bases and notices to their own applicants.
12. International transfers
We may process and store information in the United States and other countries where we or our providers operate. Where we transfer personal data from regions with cross-border transfer rules, we implement appropriate safeguards (for example, standard contractual clauses or equivalent mechanisms) as required.
13. Retention
We retain personal information only as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting requirements. Retention periods vary by data category and customer configuration (for example, workspace retention settings). When data is no longer needed, we delete or irreversibly anonymize it in accordance with our internal schedules, subject to limited exceptions (for example, backups or legal holds).
14. Security and incident response
We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, least-privilege engineering practices, logging and monitoring, vulnerability management, and employee training. No method of transmission or storage is completely secure; we encourage customers to use strong authentication and role-based access within their organizations.
We maintain incident response procedures designed to detect, contain, and remediate suspected unauthorized access, and—where required by law or contract—to notify affected customers and regulators without undue delay.
15. Anonymization and aggregate data
We may create aggregated or de-identified datasets that do not reasonably identify individuals, and use them for analytics, benchmarking, model evaluation, and product improvement. We take steps designed to prevent re-identification of de-identified data except as permitted by law.
16. Profiling and significant decisions
Some product features may score, rank, or summarize candidates using automated means to assist recruiters. Unless expressly configured and permitted under applicable law, Kapek is not intended to make solely automated decisions that produce legal or similarly significant effects on individuals without human review. Customers remain responsible for fairness, anti-discrimination obligations, and lawful use of screening tools in their jurisdiction.
17. Your privacy rights
Depending on your location, you may have rights to access, correct, delete, or export personal information; to object to or restrict certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. To exercise rights, email privacy@kapek.app. We may need to verify your request and may be unable to fulfill requests that adversely affect others’ rights or conflict with legal obligations.
17.1 European Economic Area, United Kingdom, and Switzerland
If you are located in the EEA, UK, or Switzerland, you may have the rights described in applicable data protection law, including to access, rectify, erase, restrict, port, or object to processing, and to lodge a complaint with your local supervisory authority. Where Kapek acts as processor, we assist our customers in responding to individuals’ requests as required by contract and law.
17.2 United States (state privacy laws)
Residents of certain U.S. states may have additional rights regarding personal information under applicable state laws. We do not “sell” personal information as commonly defined under U.S. state privacy statutes, and we do not use or disclose sensitive personal information for inferring characteristics in a manner that would trigger opt-out rights beyond service operation. You may designate an authorized agent where permitted by law.
18. Children
The Services are not directed to children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.
19. Third-party links and integrations
The Services may link to third-party sites or allow integrations with third-party systems. Their privacy practices are governed by their own policies; we are not responsible for them.
20. Changes to this policy
We may update this policy from time to time. We will post the revised version with a new effective date and, where changes are material, provide additional notice (for example, by email or in-product banner).
21. Contact
Questions about this policy: privacy@kapek.app
Security issues: security@kapek.app