Legal

Data Processing

Details on processing roles, security posture, and data handling boundaries within the platform.

This page describes the data processing model used to operate Reerac services and support recruitment workflows.

Last updated: April 28, 2026

Controller and processor context
Sub-processor and service dependency model
Security and incident coordination
Retention and deletion lifecycle
Data access governance
Contractual processing boundaries

1. Processing Roles

In most configurations, customer organizations act as controllers for candidate and recruiting decisions, while Reerac operates as a processor for service delivery functions.

Role allocation may vary based on contract structure and specific product usage scenarios.

2. Categories of Processed Data

Processing can include account metadata, candidate application records, interview content, transcripts, recruiter notes, and operational logs.

Sensitive data handling should be limited to legitimate hiring necessity and governed by customer policy.

3. Processing Purposes

Data is processed to provide recruitment workflow functionality, analytics, platform integrity, support operations, and lawful compliance tasks.

Processing for unrelated purposes is not performed without a valid legal and contractual basis.

4. Confidentiality and Access Management

Access to customer data is controlled using role-based authorization and operational need-to-know standards.

Personnel with access obligations are expected to follow confidentiality and security requirements.

5. Sub-processors and Service Dependencies

Reerac may rely on vetted infrastructure and service providers to support hosting, communication, and AI workflow operations.

Provider engagement is subject to contractual and operational controls designed to protect customer data.

6. Security Controls

Technical and organizational controls are designed to protect data confidentiality, integrity, and availability.

Control practices evolve over time based on risk review, platform updates, and emerging operational needs.

7. Incident Management

Potential security incidents are managed through detection, triage, containment, and response procedures.

Customer communication is coordinated according to severity, contractual requirements, and applicable law.

8. Retention and Deletion

Data retention aligns with service operation needs, customer settings, and legal obligations.

Upon valid request or account termination, deletion workflows are applied subject to legal and operational constraints.

9. Audit and Documentation

Processing practices are supported by internal documentation and operational process controls.

Customers may request applicable documentation through support channels based on plan and contract scope.

10. Customer Obligations

Customers are responsible for lawful use instructions, user access governance, and candidate-facing policy disclosures.

Organizations should ensure internal teams are trained on compliant and fair use of recruitment data.

Need processing documentation support?

Reach out if your procurement or compliance team needs help reviewing processing responsibilities and controls.