GDPR Compliance

Last updated: 1 June 2026

This page summarises how HRGuru aligns with the EU General Data Protection Regulation (GDPR). It is an overview of our technical and organisational measures; it is being reviewed by our legal team and does not constitute legal advice.

1. Data residency

All personal data is stored in the EU (Supabase, Frankfurt region). The region is fixed at project creation and cannot be moved.

2. Lawful basis

We process candidate data on the basis of the employer’s legitimate interest in recruitment and, where required, candidate consent. Employers act as data controllers; HRGuru acts as a data processor.

3. Data retention

CV files and candidate records are retained for a default of 365 days, after which they are automatically deleted. Employers are notified 30 days before deletion.

4. Your rights

You have the right to access, rectify, export, and erase your personal data, and to object to or restrict processing. To exercise these rights, contact privacy@hrguru.work.

5. Sub-processors

We use a limited set of GDPR-compliant sub-processors (hosting, AI scoring, email). A current list is available on request.

6. Contact

Data protection enquiries: privacy@hrguru.work. We respond to GDPR requests within the statutory time limits.

HR
HRGuru
For CompaniesNewsPricing
Sign inStart free
HR
HRGuru

AI-powered hiring for IT teams.

Product

  • Features
  • Pricing
  • For Companies

Company

  • About
  • Recruiting News
  • Contact

Legal

  • Legal

© 2026 HRGuru. All rights reserved.

Built with ♥ in Moldova