Privacy Policy

---

• Version: 1.0
• Document Issued: 21/12/25
• Document Reference: PUBLIC IMS-PRIVACY v1.0

---

1. Introduction

Welcome to Quake ("we," "our," or "us"). We are a recruitment technology company and agency based in the United Kingdom. We are committed to protecting the privacy and security of your personal data.

This Privacy Policy explains how we collect, use, and protect information when you use our website, our SaaS recruitment platform, or engage with our recruitment services.

Data Controller: Quake Ventures Management Ltd.

Data Protection Officer (DPO): privacy@quake.dev

2. The Data We Collect

We collect different types of data depending on who you are:

A. If you are a Candidate (Job Seeker)

We process personal data to help you find employment. This includes:

• Identity Data: Name, date of birth.


• Contact Data: Email address, phone number, physical address.


• Professional Data: CV/Resume, employment history, education, qualifications, and LinkedIn profile URL.


• AI Input Data: Information you allow us to parse via our AI tools (e.g., auto-summarizing your CV).


• Compliance Data: Right to Work documentation (Passport/Visa), and where permitted by law, background check results.

B. If you are a Client or Website User

• Identity & Contact Data: Name, work email, job title, and company details.


• Technical Data: IP address, browser type, and usage data (via cookies/PostHog) when you use our SaaS platform.


• Integration Data: Data synced from your connected accounts (e.g., if you connect your Gmail or LinkedIn via our iPaaS integrations).


• Financial Data: Invoicing and payment details (processed via our secure payment processors; we do not store raw credit card data).

3. How We Collect Data

We collect data from:

• Directly from you: When you apply for a job, sign up for our platform, or contact us.


• Third Parties: We may source candidate profiles from public job boards (e.g., LinkedIn, Indeed) or CV databases where you have made your data public.


• Automated Technologies: Cookies, server logs, and analytics (PostHog) when you interact with our website.

4. How We Use Your Data (Legal Basis)

We will only use your data when the law allows us to. Most commonly, we use the following legal bases:

Purpose
Legal Basis (UK GDPR)




Recruitment Services: Matching candidates to jobs and sending CVs to clients.
Legitimate Interest (Necessary for our business) OR Consent (where specifically requested).


SaaS Platform: Providing access to our software.
Contract (Performance of the service agreement).


AI Features: Summarising CVs or generating Job Descriptions.
Legitimate Interest (Improving service efficiency). Note: You can opt-out of AI processing.


Compliance: Checking Right to Work or tax status.
Legal Obligation.

5. Data Sharing & Processors

We do not sell your data. We share it only with:

• Clients: For the purpose of introducing candidates for job vacancies (Candidates only).


• Service Providers: Trusted third-party processors who help us run our business. We ensure all providers adhere to GDPR standards. Key processors include:
  
  
  
  • Supabase: Core Database & Authentication (Encrypted at Rest).
  
  
  • AWS / Vultr: Cloud Infrastructure & Hosting.
  
  
  • OpenAI / Anthropic: AI processing (configured to Zero Data Retention for training).
  
  
  • Google Workspace: Internal Email and document storage.
  
  
  • Mailgun: Transactional email delivery.
  
  
  
  


• Legal Authorities: If required by law or a court order.

6. International Data Transfers

Quake operates as a "remote-first" company. While our servers (Supabase/AWS) are located in the UK/EU/US, we have authorised staff working in Malaysia and Kenya.

When our staff outside the UK access your data, we ensure it is protected by strict legal safeguards, specifically the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) embedded in their employment contracts.

Our staff access data via secure, encrypted connections (HTTPS) and do not download sensitive PII to local personal devices.

7. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

• Candidates: We generally retain candidate data for 2 years after our last meaningful contact. You may request deletion sooner.


• Clients: Account data is retained for the duration of the contract plus 6 years for tax/legal records.

8. Your Legal Rights

Under the UK GDPR, you have the right to:

• Request access to your personal data (a "Data Subject Access Request").


• Request correction of inaccurate data.


• Request erasure ("Right to be Forgotten") of your data.


• Object to processing where we rely on legitimate interest.


• Request restriction of processing.

To exercise any of these rights, please email us at [privacy@quake.dev]. We will respond within 30 days.

9. Cookies & Analytics

Our website uses essential cookies to function. We also use PostHog for product analytics to improve user experience. You can adjust your browser settings to refuse cookies, though some parts of the site may not function properly.

10. AI Transparency

We use Artificial Intelligence to enhance our services. We strictly allow AI providers (e.g., OpenAI) to process data only for the purpose of generating the requested output. We do not allow our AI providers to use your data to train their public models.

11. Contact Us

If you have any questions about this privacy policy or our data practices, please contact:

Quake Privacy Team

Email: [privacy@quake.dev]