Candidate data and deletion.

Help center

HelpCandidate experienceCandidate data and deletion.

What we store on a candidate, how long, how the candidate can export or delete it, and what the hiring side keeps.

Last reviewed 20 August 20263 min read

Candidate data is stored in EU and UK regions (Supabase London for structured data, Cloudflare R2 EU for transcript audio, Resend EU for outbound mail). The candidate is the data subject; the hiring company is the data controller for the role-specific data they hold.

What we store, by data class.

Profile: name, contact, work eligibility, salary expectation, optional self-reported demographics on the fairness consent screen.
Application history: which roles the candidate applied to, the state at each role, the timestamps.
Vetting artefacts: AI screen transcript, role-fit assessment answers, first-round interview transcript, score sheet.
System metadata: device, browser, IP at sign-up (for fraud prevention), audit-log entries.

Retention and deletion.

Default retention is 24 months from the last application activity, then automatic erasure. The candidate can export everything as a single zip from their dashboard at any time, and request immediate erasure under UK GDPR Article 17. Erasure removes the candidate from every hiring company that held them.

The hiring company can keep its own copy of the data it pulled out via ATS export, subject to its own retention policy. We are not the controller of data held by the hiring company in its own systems.

See /trust/privacy for the full data-subject rights catalogue and the request flow.

What to do next: nothing on the hiring side. Erasure requests are handled by Picked under the GDPR timeline.

datadeletionGDPRexportretention