Crocova Logo
Crocova

Privacy Policy

Last Updated: December 3, 2025

1. Introduction

At Crocova ("we", "us", or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI-powered recruitment platform.

This policy applies to all users of our Service, including organizations, recruiters, team members, and job candidates. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data Controller

Crocova acts as the data controller for personal information collected through our Service. For candidate data processed on behalf of organizations, we act as a data processor, with the organization being the data controller.

Crocova Inc.

Email: privacy@crocova.com

3. Information We Collect

We collect several types of information to provide and improve our Service:

Personal Information

  • Name and contact information (email address, phone number)
  • Company name and job title
  • Profile information from authentication providers (e.g., Google profile data)
  • Communication preferences

Account Information

  • Login credentials and authentication tokens
  • Organization membership and role information
  • Account settings and preferences

Recruitment Data

  • Resumes, CVs, and application materials uploaded to the platform
  • Job postings and recruitment workflow configurations
  • Candidate evaluation data and notes
  • Email templates and communication history

Technical Data

  • IP address and device information
  • Browser type and version
  • Usage patterns and interaction data
  • Authentication event logs (for security purposes)

4. How We Use Your Information

We use the collected information for the following purposes:

  • Providing, operating, and maintaining our recruitment platform
  • Processing and analyzing resumes using AI technology
  • Facilitating communication between organizations and candidates
  • Authenticating users and securing accounts
  • Sending service-related notifications and updates
  • Improving and optimizing our Service
  • Complying with legal obligations and protecting our rights

5. AI Processing and Automated Decision-Making

Our Service uses artificial intelligence to process recruitment data. Specifically, we use AI for:

  • Analyzing and screening resumes/CVs to identify qualified candidates
  • Matching candidate profiles with job requirements
  • Generating insights and recommendations for hiring teams

Important: Our AI systems provide recommendations only. No automated decisions that produce legal effects or similarly significant impacts are made without human oversight. Organizations are responsible for final hiring decisions.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent for specific processing activities
  • Contract Performance: Processing necessary to fulfill our contractual obligations to you
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services and ensuring security
  • Legal Compliance: Processing necessary to comply with applicable laws and regulations

7. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • Within Your Organization: Team members within your organization may access shared recruitment data based on their roles and permissions
  • Service Providers: We use trusted third-party providers to help deliver our Service, including cloud hosting, email delivery, and authentication services. These providers are bound by data protection agreements.
  • Legal Requirements: We may disclose information when required by law, court order, or to protect our rights and safety

We do not sell your personal information to third parties.

8. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

  • Google OAuth: Used for secure authentication. Google's privacy policy governs the use of your Google account data.
  • Email Service Provider: We use third-party email services to send notifications and communications.
  • Cloud Infrastructure: Our Service is hosted on secure cloud infrastructure with appropriate data protection measures.

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Active account data is retained while your account remains active
  • Deleted data is removed within 30 days, though backups may be retained for up to 90 days
  • Audit logs for security purposes are retained for up to 2 years

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, please contact us at privacy@crocova.com. We will respond within 30 days.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by relevant authorities.

When transferring data from the EEA to countries without an adequacy decision, we implement additional protections as required by GDPR.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments and monitoring
  • Access controls and audit logging

13. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve our Service:

  • Essential Cookies: Required for basic functionality, such as authentication and session management
  • Functional Cookies: Used to remember your preferences and settings

14. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will take steps to delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after such notification constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer: privacy@crocova.com

General Inquiries: support@crocova.com

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

This Privacy Policy should be read in conjunction with our Terms and Conditions.