Privacy Policy
Last updated: February 2026
This Privacy Policy complies with the EU General Data Protection Regulation (GDPR)
1. Introduction
Capabli ("we," "us," or "our") operates the Capabli platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service.
We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. Your personal data will be processed lawfully, fairly, and transparently.
Data Controller: Capabli is the data controller responsible for your personal data. For questions, contact: capabliEU+privacy@gmail.com
2. Information We Collect
2.1 Information You Provide Directly
When you create an account or use our Service, you may provide:
- Account Information: Name, email address, password, user type (employer or job seeker)
- Profile Information: Job title, work experience, education, skills, CV/resume, video introductions
- Company Information (Employers): Company name, size, industry, location, hiring preferences
- Contact Information: Phone number, LinkedIn profile, professional portfolio links
- Communication Data: Messages, inquiries, feedback, and support requests
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on platform, job views, application activity
- Device Information: IP address, browser type, operating system, device identifiers
- Cookies & Similar Technologies: Authentication tokens, preferences, analytics data (see Cookie Policy)
2.3 Information from Third Parties
- LinkedIn Integration: Profile data when you connect your LinkedIn account (with your consent)
- CV Parser Services: Extracted information from uploaded CVs/resumes
3. How We Use Your Information
We process your personal data for the following purposes, based on legal grounds defined by GDPR:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Contract Performance (Art. 6(1)(b)) |
| Match job seekers with employers using ESCO standards | Contract Performance (Art. 6(1)(b)) |
| Communicate with you (support, updates) | Contract Performance & Legitimate Interest (Art. 6(1)(f)) |
| Improve and personalize the Service | Legitimate Interest (Art. 6(1)(f)) |
| Analytics and platform optimization | Legitimate Interest (Art. 6(1)(f)) |
| Send marketing communications | Consent (Art. 6(1)(a)) - You can opt-out anytime |
| Comply with legal obligations | Legal Obligation (Art. 6(1)(c)) |
4. Consent Management & Withdrawal
Under GDPR, you have the right to withdraw your consent at any time for activities where we rely on it as the legal basis for processing your data (such as marketing communications and non-essential analytics tracking).
- Marketing & Non-Essential Tracking: You can choose whether to receive marketing emails and allow non-essential analytics tracking via our Consent Management Platform (CMP) or during signup.
- Withdrawing Consent: If you are a logged-in user, you can manage and withdraw your consent at any time by visiting the Privacy Tab or Company Profile in your dashboard and adjusting your Controls & Consents settings.
- Cookie Preferences: You can reset or withdraw your cookie preferences using the "Manage Cookie Preferences" button located in your dashboard or by clearing your browser cookies.
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent (e.g., maintaining your core account and profile functionality).
5. Third-Party Data Processors
We use the following sub-processors to operate the Service. Each processor only receives the data necessary for their specific function and is bound by a Data Processing Agreement (DPA).
| Processor | Purpose | Data Transferred | Location |
|---|---|---|---|
| Supabase | Database & file storage (profiles, CVs, job data) | All profile data, uploaded files | EU (Frankfurt) |
| Google Firebase | User authentication | Email address, user UID | EU (Belgium) / USA — SCCs apply |
| Anthropic (Claude API) | AI-assisted CV parsing and job matching | CV content submitted for parsing (not retained by processor) | USA — SCCs apply |
| Groq | AI inference for profile and matching features | Profile text submitted for inference (not retained by processor) | USA — SCCs apply |
| Resend | Transactional email (account notifications, early access) | Email address, name, message content | USA — SCCs apply |
SCCs = Standard Contractual Clauses (EU Commission approved transfer mechanism). You may request copies of relevant DPAs by emailing capabliEU+privacy@gmail.com.
6. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by applicable law.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & profile data | Duration of account + 30 days after deletion | Service provision; grace period for accidental deletion |
| Uploaded files (CV, video, documents) | Deleted immediately on account deletion | Storage cleanup runs as part of account deletion flow |
| Job applications | 2 years from submission | Legitimate interest of employers reviewing past applications |
| Early access / waitlist leads | 2 years from submission, or until opt-out | Consent basis; marketing emails only sent where consent_marketing = true |
| Contact form inquiries | 3 years from submission | Legal obligation to retain correspondence |
| Analytics & usage logs | 90 days (rolling) | Platform improvement; only processed with consent |
| Consent records | 5 years from consent date | Legal obligation to demonstrate compliance (GDPR Art. 7) |
7. Contact Us
For questions about this Privacy Policy or to exercise your GDPR rights, contact us at:
Capabli Privacy Team
- Email: capabliEU+privacy@gmail.com