Privacy Policy
TalentRiver AB • Effective: May 2026 • Version 1.0
This policy describes how TalentRiver AB collects, uses, and protects personal data in connection with our platform and website.
1. Who We Are
TalentRiver AB is the data controller for personal data processed in connection with the use of our platform (talentriver.ai), our website, and our marketing and sales activities. We are a Swedish company providing a SaaS-based recruitment and talent sourcing platform.
Company: TalentRiver AB
Registration number: 559455-0005
Address: C/O SSE Business Lab, Box 6501, 113 83 Stockholm, Sweden
Email: hello@talentriver.ai
Data Protection Officer: hello@talentriver.ai
Where TalentRiver AB processes personal data on behalf of a client (for example candidate data managed within a client's ATS), TalentRiver AB acts as a data processor and the client is the data controller. That processing relationship is governed by our Data Processing Agreement, not this Privacy Policy.
2. Who This Policy Applies To
This Privacy Policy applies to:
Users of the TalentRiver platform, including HR professionals, recruiters, and team members who access the Software on behalf of a subscribing organisation
Job candidates whose publicly available professional information is included in TalentRiver's candidate database
Visitors to our website (talentriver.ai)
Business contacts: individuals we engage with for sales, marketing, or partnership purposes
3. What Personal Data We Collect and Why
3.1 Platform Users
When an individual registers or is given access to TalentRiver, we process the following data:
Full name and work email address
Job title and employer organisation
Login credentials (managed via Firebase Authentication)
Platform usage data (features accessed, actions taken, session timestamps)
Support communications
Legal basis: Performance of contract (Article 6(1)(b) GDPR). Where we process usage data to improve the platform, we rely on our legitimate interest (Article 6(1)(f)).
3.2 Website Visitors
When you visit talentriver.ai, we automatically collect:
IP address and approximate location
Browser type and device information
Pages visited, time spent, and referral source
Cookie identifiers (see Section 8)
Legal basis: Legitimate interest (Article 6(1)(f)) for analytics and security purposes. Cookie-based tracking that is not strictly necessary requires your consent (Article 6(1)(a)).
3.3 Marketing and Business Contacts
When we engage with prospective customers, partners, or event attendees, we process:
Name and work email address
Job title and organisation
Communication history (emails, meeting notes)
Legal basis: Legitimate interest (Article 6(1)(f)): we have a legitimate interest in marketing our services to relevant business contacts. Where required by applicable law, we rely on consent (Article 6(1)(a)). You can opt out at any time.
3.4 Publicly Sourced Candidate Profiles
TalentRiver processes personal data by collecting information from third-party data providers that are considered public web sources. These public sources operate under agreements with data subjects, in which data subjects consent to making their profiles visible to search engines and third parties, provided that such third parties have a clearly defined purpose of processing and ensure lawful, transparent, and secure handling of the data.
TalentRiver uses this data solely to help our customers identify and connect with relevant candidates for open roles, in accordance with the purpose limitation under which the data was made available.
Legal basis: Legitimate interest (Article 6(1)(f)). TalentRiver and its customers have a legitimate interest in identifying suitable candidates for relevant job opportunities using publicly available professional information.
Your rights: If you would like to review, correct, or remove your information from our candidate database, please contact us at hello@talentriver.ai. We will handle your request promptly and in accordance with applicable law.
4. Platform Integrations
TalentRiver offers optional integrations that users can connect to their accounts. When a user connects an integration, data from that source may be processed through the platform on the client's instruction. TalentRiver acts as a data processor for that data, not as a controller.
LinkedIn integration: When a user connects LinkedIn via our integration, TalentRiver can access and process LinkedIn messaging data (message content, sender and recipient information, timestamps) on behalf of the client. This data is processed solely to provide the platform's outreach and candidate communication features.
Email integration: When a user connects their own Gmail or Outlook account via OAuth, TalentRiver accesses email data (subject lines, message content, sender and recipient addresses, timestamps) on behalf of the client. TalentRiver uses this data to surface relevant email threads within the platform. The user's own email provider (Google or Microsoft) remains the user's independent service provider; TalentRiver does not add them as subprocessors.
Recipients of messages or emails that appear in these integrations are data subjects whose data is processed on the client's instruction. Those individuals may exercise their rights by contacting the client directly.
5. AI-Assisted Features
TalentRiver uses artificial intelligence to assist with candidate matching, scoring, and ranking. AI-generated scores and rankings are used as decision support tools only. A human reviewer always evaluates AI-generated outputs before any action is taken. No solely automated decision-making with legal or similarly significant effects is performed.
AI features are powered by Microsoft Azure OpenAI Service and Google Cloud Vertex AI, both hosted within the EU.
6. Sharing of Personal Data
We do not sell personal data. We share personal data only with trusted subprocessors needed to deliver our services, and only to the extent necessary.
Supplier | Location | Purpose | Transfer Safeguard |
|---|---|---|---|
Microsoft Azure | Germany (EU) | Database & AI infrastructure | EU/EEA |
Datadog | Germany (EU) | User analytics | EU/EEA |
Posthog | Germany (EU) | Product analytics | EU/EEA |
Sentry | Germany (EU) | Error tracking | EU/EEA |
Plain | United Kingdom | Customer support | EU-UK adequacy decision |
Unipile | France (EU) | Outreach and chat | EU/EEA |
Google Cloud | EU | AI services & authentication | EU/EEA |
7. Data Retention
We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law. When data is no longer needed, it is securely deleted or anonymised.
Data Category | Legal Basis | Retention Period |
|---|---|---|
User account data | Performance of contract | Duration of subscription + 30 days |
Website analytics & usage data | Legitimate interest | 13 months from collection |
Marketing & sales contact data | Legitimate interest or consent | Until opt-out or 2 years from last interaction |
Customer support communications | Legitimate interest | 2 years |
Financial and invoicing records | Legal obligation | 7 years (Swedish Bookkeeping Act) |
Cookie & consent records | Legal obligation | 3 years |
8. Cookies
Our website uses cookies and similar technologies. We use:
Strictly necessary cookies: required for the website to function. No consent needed.
Analytics cookies: these help us understand how visitors use the site (via tools such as Posthog and Datadog) and are set only with your consent.
You can manage your cookie preferences at any time via the cookie consent banner on our website or by adjusting your browser settings.
9. Your Rights
Under the GDPR, you have the following rights in relation to your personal data:
Right of access: you may request a copy of the personal data we hold about you.
Right to rectification: you may ask us to correct inaccurate or incomplete data.
Right to erasure: you may ask us to delete your personal data in certain circumstances.
Right to restriction of processing: you may ask us to limit how we use your data.
Right to data portability: you may request your data in a structured, machine-readable format.
Right to object: you may object to processing based on legitimate interest, including for direct marketing.
Right to withdraw consent: where we process data based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at hello@talentriver.ai. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
10. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Swedish supervisory authority:
Authority: Integritetsskyddsmyndigheten (IMY)
Website: www.imy.se
Email: imy@imy.se
Phone: +46 8 657 61 00
You may also lodge a complaint with the supervisory authority in the EU member state where you reside or work.
11. Security
TalentRiver AB implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include encryption of data at rest and in transit, access controls, logging, and regular security reviews.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify users via email or a prominent notice on our platform before the changes take effect. The effective date at the top of this document reflects the most recent version.
The current version of this policy is always available at talentriver.ai/articles/privacy-policy.
13. Contact Us
For any questions or requests relating to this Privacy Policy or the processing of your personal data, please contact us:
Email: hello@talentriver.ai
Post: TalentRiver AB, C/O SSE Business Lab, Box 6501, 113 83 Stockholm, Sweden