Our Technology Pricing FAQ Support

TalentTuner Data Processing Addendum

Effective Date: April 24, 2025

1. Introduction and Scope

This Data Processing Addendum ("DPA") forms part of the Terms of Service between you ("User," "Data Subject," or "you") and TalentTuner ("Platform," "Data Processor," "we," "us," or "our").

TalentTuner is an unincorporated resume optimization platform operated by an individual owner based in Toronto, Canada. This DPA addresses how we process personal data contained in resumes and job descriptions submitted to our platform, particularly in relation to applicable data protection laws.

This DPA applies specifically to the processing of personal data contained in resume content submitted to TalentTuner for analysis and optimization.

2. Definitions

For the purposes of this DPA, the following terms shall have the meanings set forth below:

"Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to names, contact details, work history, education, and other information typically contained in resumes.

"Processing" means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, combination, restriction, erasure, or destruction.

"Data Controller" means the entity that determines the purposes and means of the Processing of Personal Data. For the purposes of this DPA, you are the Data Controller of your resume and job description data.

"Data Processor" means the entity that processes Personal Data on behalf of the Data Controller. For the purposes of this DPA, TalentTuner is the Data Processor.

"Data Subject" means an identified or identifiable natural person to whom the Personal Data relates. This includes you and may include third parties mentioned in your resume.

"Sub-processor" means any data processor engaged by TalentTuner to assist in fulfilling its obligations with respect to providing the Service.

"Applicable Data Protection Laws" means all laws and regulations applicable to the Processing of Personal Data under the Terms, which may include, without limitation, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other similar regulations.

3. Roles and Responsibilities

3.1 Processing Roles

The parties acknowledge and agree that with respect to the Processing of Personal Data under this DPA:

  • You are the Data Controller of Personal Data contained in resumes and job descriptions you submit to TalentTuner.
  • TalentTuner is the Data Processor acting on your behalf to provide resume analysis and optimization services.
  • Sub-processors (such as Firebase, OpenAI, and Stripe) process specific subsets of data as outlined in Section 4.2 of this DPA.

3.2 Your Responsibilities as Data Controller

As the Data Controller, you are responsible for:

  • Ensuring you have the legal right to submit the Personal Data to TalentTuner, including any third-party personal information contained in your resume or job descriptions.
  • Obtaining any necessary consents from third parties whose information is included in your resume.
  • Ensuring the accuracy and quality of the Personal Data you provide.
  • Responding to Data Subject requests related to Personal Data you control.
  • Determining the purposes and lawful basis for processing the Personal Data.

3.3 TalentTuner Responsibilities as Data Processor

As the Data Processor, TalentTuner will:

  • Process Personal Data only as necessary to provide the Service and in accordance with your instructions as outlined in the Terms of Service.
  • Implement appropriate technical and organizational measures to protect Personal Data.
  • Assist you, insofar as possible, in responding to Data Subject requests.
  • Notify you without undue delay upon becoming aware of a Personal Data breach.
  • Comply with the requirements of this DPA when engaging Sub-processors.
  • Delete or return Personal Data upon termination of services as outlined in our retention policies.

4. Details of Processing

4.1 Nature and Purpose of Processing

TalentTuner processes Personal Data for the following purposes:

  • To analyze resume content and generate ATS match scores against job descriptions
  • To identify keywords and skills present or missing in resumes
  • To provide recommendations for resume optimization
  • To generate reports and visualizations of resume performance
  • To improve our algorithms and service quality
  • To provide user support and troubleshoot issues
  • To maintain usage records for Free and Premium tier limitations

4.2 Categories of Personal Data

The Personal Data processed may include the following categories:

  • Identity Information: Names, professional titles, and contact information
  • Professional Experience: Employment history, job titles, employers, dates of employment
  • Educational Background: Educational institutions, degrees, certifications, dates of attendance
  • Skills and Qualifications: Technical and professional skills, languages, certifications
  • Achievements: Professional accomplishments, awards, metrics
  • References: Names and contact information of professional references (if included)
  • Other Resume Content: Any additional information typically included in professional resumes

4.3 Categories of Data Subjects

The Personal Data processed relates to the following categories of Data Subjects:

  • Users of TalentTuner who submit their resumes for analysis
  • Third parties mentioned in resumes, such as references, supervisors, or colleagues

4.4 Duration of Processing

TalentTuner will process Personal Data for the duration necessary to provide the Service and as specified in our Privacy Policy and Terms of Service. Generally, this includes:

  • For active accounts: As long as needed to provide the Service
  • After account deletion: Personal Data will be deleted or anonymized within 30 days of account closure
  • Anonymized, aggregated data: May be retained indefinitely for algorithm improvement

5. Sub-processing

5.1 Authorized Sub-processors

TalentTuner uses the following categories of Sub-processors to deliver the Service:

  • Cloud Infrastructure: Firebase/Google (database storage, file storage, authentication)
  • AI Processing: OpenAI (resume and job description analysis)
  • Payment Processing: Stripe (subscription management)
  • Analytics: Google Analytics and similar tools (usage analysis)
  • Marketing Platforms: Facebook, TikTok, LinkedIn pixels (conversion tracking)

5.2 Sub-processor Requirements

When engaging Sub-processors, TalentTuner will:

  • Conduct due diligence to ensure Sub-processors provide appropriate security and confidentiality commitments.
  • Enter into appropriate data processing agreements with Sub-processors that impose data protection obligations no less protective than those in this DPA.
  • Remain responsible for the compliance of Sub-processors with the obligations of this DPA.

5.3 Changes to Sub-processors

TalentTuner may change Sub-processors from time to time to support service delivery. If we add or replace a Sub-processor:

  • We will inform users of significant changes to our Sub-processor list by updating our Privacy Policy.
  • You may object to our use of a new Sub-processor by discontinuing use of the Service.

6. Data Security

6.1 Security Measures

TalentTuner implements appropriate technical and organizational measures to protect Personal Data, including:

  • Access Controls: Limiting access to Personal Data to authorized personnel
  • Encryption: Using encryption for data in transit (HTTPS) and at rest (Firebase encryption)
  • Authentication: Secure user authentication and authorization mechanisms
  • Firestore Security Rules: Ensuring users can only access their own data
  • Regular Updates: Keeping systems and dependencies updated to address security vulnerabilities
  • Monitoring: Systems to detect and respond to unusual activity
  • Data Minimization: Limiting collection to necessary information
  • Secure Development: Following secure coding practices

See our Security and Privacy Practices document for more details.

6.2 Personnel

TalentTuner ensures that personnel authorized to process Personal Data:

  • Are aware of the confidential nature of Personal Data
  • Have committed to confidentiality obligations
  • Have received appropriate training on their responsibilities

6.3 Data Breach Notification

In the event of a Personal Data breach affecting your data, TalentTuner will:

  • Notify you without undue delay after becoming aware of the breach
  • Provide information about the nature of the breach, categories of data affected, potential consequences, and measures taken
  • Cooperate with you to address and mitigate the breach
  • Document the facts, effects, and remedial actions taken

7. Data Subject Rights

7.1 Assistance with Data Subject Requests

TalentTuner will provide reasonable assistance to help you respond to Data Subject requests related to Personal Data we process. This includes requests for:

  • Access to Personal Data
  • Rectification of inaccurate data
  • Erasure of Personal Data
  • Restriction of processing
  • Data portability
  • Objection to processing

7.2 Direct Data Subject Requests

If TalentTuner receives a request directly from a Data Subject regarding Personal Data we process on your behalf, we will:

  • Promptly inform you of the request
  • Not respond directly to the request without your authorization, unless legally required to do so
  • Provide information and assistance to help you respond to the request

7.3 Implementation in the Platform

TalentTuner implements features that help you exercise Data Subject rights:

  • Account settings to view and update Personal Data
  • Dashboard functionality to access, download, or delete resume analyses
  • Option to request complete account deletion via [email protected]

8. Cross-Border Data Transfers

8.1 Data Storage Locations

TalentTuner primarily stores and processes data in the following locations:

  • Firebase services (Google Cloud Platform): US-based servers
  • OpenAI API: US-based processing
  • Railway.app: US-based hosting

8.2 International Transfer Safeguards

When Personal Data is transferred internationally, TalentTuner implements appropriate safeguards, which may include:

  • Relying on adequacy decisions where applicable
  • Standard contractual clauses with service providers
  • Contractual commitments with Sub-processors regarding data protection
  • Technical measures to ensure appropriate levels of protection

8.3 Canadian Data Processing

As TalentTuner is operated from Canada, some administrative processing of data occurs in Canada, which has been recognized as providing adequate protection by various data protection authorities.

9. Data Retention and Deletion

9.1 Retention Period

TalentTuner retains Personal Data as necessary to provide the Service and as specified in our Privacy Policy. In general:

  • Account information is retained while your account is active
  • Resume analyses are stored until you delete them or close your account
  • Usage data is retained for up to 24 months for analytics purposes

9.2 Deletion of Data

Upon termination of your use of the Service or upon your request, TalentTuner will:

  • Delete or return all Personal Data to you, as requested
  • Delete existing copies of Personal Data unless storage is required by applicable law
  • Ensure that Sub-processors delete Personal Data in accordance with this DPA

9.3 Anonymization

In some cases, TalentTuner may anonymize Personal Data rather than delete it. Anonymized data:

  • Cannot be linked back to individual users
  • Is used only for statistical analysis and service improvement
  • Is not subject to the deletion requirements of this DPA

10. Audits and Compliance

10.1 Demonstration of Compliance

Upon reasonable request, TalentTuner will provide information necessary to demonstrate compliance with the obligations set forth in this DPA.

10.2 Impact Assessments

TalentTuner will provide reasonable assistance with any data protection impact assessments and prior consultations with regulatory authorities that you are required to conduct under applicable data protection laws, to the extent relevant to the processing of Personal Data under this DPA.

11. Limitation of Liability

The liability of each party under this DPA shall be subject to the exclusions and limitations of liability set out in the Terms of Service.

12. Term and Termination

This DPA shall remain in effect as long as TalentTuner processes Personal Data on your behalf under the Terms of Service. Upon termination of the Terms of Service, this DPA shall automatically terminate.

13. Governing Law

This DPA shall be governed by the laws specified in the Terms of Service.

14. Changes to this DPA

TalentTuner may update this DPA from time to time. The current version will always be posted on our website with an effective date. Significant changes will be communicated via email or visible notice on our platform.

15. Contact Information

If you have questions about this Data Processing Addendum:

Email: [email protected]
Subject Line: "DPA Inquiry"

By using TalentTuner, you acknowledge that you have read and agree to this Data Processing Addendum.

Last updated: April 24, 2025