HomeLabs
RecruiterTalent

Privacy Policy

Make sure to take the time to check our Privacy Policy
Privacy Illustration

Last updated: February 2025

1. Introduction

This Privacy Policy describes how Scalyz, a simplified joint-stock company (SAS) with a share capital of €1,000, registered under SIREN number 930 123 989, headquartered at 24 Rue de Clichy, 75009 Paris, France, processes personal data.

For any data protection inquiry: dpo@scalyz.com

Scalyz is committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Scalyz’s Role Under GDPR

Depending on the context:

A. When you are a recruiter or business client

Your company acts as the Data Controller.
Scalyz acts strictly as a Data Processor.

B. When you use the public website (scalyz.com)

Scalyz acts as the Data Controller.

C. Scalyz does not act as a joint controller.

3. Personal Data Collected

A. Public Website Users

We may collect:

  • First name and last name
  • Email address
  • Phone number (for demo requests)
  • Messages submitted via contact forms
  • Newsletter subscription data
  • Data collected via HubSpot chatbot

Purposes:

  • Responding to inquiries
  • Scheduling demos
  • Sending newsletters
  • Improving services

B. Recruiter / Business Accounts

We collect:

  • Professional email address
  • First name and last name
  • Phone number
  • Job title
  • Billing information
  • Activity logs

Purposes:

  • Providing the platform services
  • Usage analytics
  • Platform improvement

C. Candidates

We process:

  • First name and last name
  • Email address
  • Evaluation results
  • Technical execution logs

Candidate accounts are temporary and automatically expire within 7 days after invitation.

D. Payment Data

Payment information is processed exclusively by:

  • Stripe
  • Chargebee

Scalyz does not store any banking or credit card data.

4. Cookies & Tracking Technologies

Scalyz uses:

  • Google Analytics
  • Amplitude
  • Microsoft Clarity
  • HubSpot
  • LinkedIn Pixel
  • Facebook Pixel

Cookies are activated only after user consent through Silktide Consent Manager.

You may modify your cookie preferences at any time.

5. Use of Artificial Intelligence

Scalyz uses the OpenAI API to generate advanced evaluation analysis.

Data sent to OpenAI:

  • Is anonymized
  • Contains no identifying information
  • Does not allow identification of candidates or organizations

OpenAI is headquartered in the United States (OpenAI, L.L.C., San Francisco, California).

Any international data transfers are governed by:

  • OpenAI API contractual terms
  • Standard Contractual Clauses approved by the European Commission

AI-based analysis is activated separately and requires explicit acceptance.

6. Hosting & Security

Scalyz infrastructure is hosted on AWS (Amazon Web Services) in the eu-north-1 region (European Union).

Security measures include:

  • Encryption at rest (RDS & S3)
  • Encryption in transit (TLS/HTTPS)
  • Daily encrypted backups
  • Log retention limited to 1 year
  • Mandatory multi-factor authentication (MFA) for all employees
  • Administrator access restricted via VPN
  • Role-based access control based on least privilege principles

7. Data Retention

Data Type / Retention Period:

  • Candidate accounts: 7 days
  • Technical logs: Maximum 1 year
  • Evaluation reports: Duration of client contract
  • CRM data (HubSpot): Deleted upon request
  • Billing data: 10 years (French legal requirement)

8. Minors

Scalyz may provide services to students.

Where users are minors, parental or legal guardian consent is required in accordance with GDPR.

Recruiter accounts are intended for professional users.

9. Your Rights

Under GDPR, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Request erasure
  • Restrict processing
  • Object to processing
  • Request data portability

To exercise your rights: dpo@scalyz.com

You may also file a complaint with your local data protection authority (in France: CNIL).

10. Subprocessors

Scalyz may engage the following subprocessors:

  • Amazon Web Services (EU hosting)
  • Stripe
  • Chargebee
  • HubSpot
  • AWS SES
  • OpenAI (for anonymized AI analysis)

All subprocessors are contractually bound to comply with GDPR requirements.

11. International Transfers

Some service providers (e.g., OpenAI, Stripe) may operate outside the European Union.

Such transfers are safeguarded through:

  • Standard Contractual Clauses (SCCs)
  • Appropriate contractual and organizational safeguards

12. Security Governance

Scalyz has:

  • An internal security lead (Amine BEN ASKER)
  • An internal incident management procedure
  • A maintained record of processing activities
  • Encrypted backups
  • VPN-based administrative access control

Scalyz continuously reviews and updates its security and data protection practices to ensure compliance with European data protection standards.

Improve your skills faster & easier
while working on our best Labs
facebook iconinstagram iconyoutube icontwitter iconlinkedin icon
Join Community
Company
About usCareersPricingPrivacy
Contact
BlogCommunityContactFAQ
More
Join usTerms of UseValidation FrameworkHelp center
Copyright © 2026 Scalyz
Copyright © 2026 Scalyz