Login
Rectru · Compliance

GDPR / Data Processing Information

This page explains Rectru’s data processing model for GDPR and similar privacy frameworks, including controller/processor roles, customer responsibilities, retention, and the platform’s AI-assisted hiring positioning.

Effective date: 13th March 2026
Primary language: English
Service operator: Mendzys Inc.
This page is a public-facing overview of Rectru’s GDPR approach and does not by itself replace a signed Data Processing Addendum, legal review, or customer-specific contractual terms.

1. Rectru’s product position

Rectru provides AI-assisted interview, evaluation, and candidate management tools to support human decision-making. Rectru does not make hiring decisions on behalf of customers, and customers are responsible for ensuring meaningful human review and compliance with applicable law.

2. Controller and processor roles

For customer recruitment data processed through Rectru, the hiring company or customer is typically the data controller, because it decides why and how candidate data is used for its recruitment process.

Mendzys Inc., as operator of Rectru, typically acts as a data processor for that customer data and processes it on the customer’s behalf and under the relevant agreement and lawful instructions.

For Rectru’s own account, billing, support, security, fraud prevention, service administration, and website operation data, Mendzys Inc. typically acts as a controller.

3. Nature and purpose of processing

Rectru may process personal data to provide services such as:

  • candidate application intake and management;
  • interview scheduling and workflow automation;
  • recordings, transcripts, and interview support features;
  • AI-assisted summaries, recommendations, and analysis;
  • account administration, support, and platform security;
  • technical operations, hosting, and system maintenance.

4. Categories of data subjects

Data subjects may include:

  • candidates;
  • customer personnel and authorised users;
  • customer contacts and administrators;
  • other individuals whose information is submitted to Rectru by or on behalf of a customer.

5. Categories of personal data

Categories of personal data may include:

  • identity and contact details;
  • CVs, applications, and recruitment answers;
  • interview recordings, transcripts, and notes;
  • evaluation materials and workflow outputs;
  • usage, device, technical, and security data;
  • any other personal data submitted to Rectru by or on behalf of a customer.

6. AI-assisted features and human review

Rectru is intended as a decision-support platform. Customers must not use Rectru as the sole basis for unlawful solely automated decisions that produce legal or similarly significant effects where such use would violate applicable law.

Customers remain responsible for ensuring meaningful human review before rejection, progression, ranking, or other materially significant candidate outcomes are applied.

7. Customer responsibilities

Customers are responsible for:

  • determining the lawful basis for processing;
  • providing required notices to candidates and users;
  • configuring and using Rectru in compliance with applicable law;
  • ensuring recruitment decisions are not made unlawfully through solely automated means;
  • handling requests from candidates and other data subjects where the customer acts as controller.

8. Security measures

Rectru implements reasonable technical and organisational measures designed to protect personal data, including access control, authentication protections, logging, monitoring, encrypted transmission, environment controls, and incident management practices.

9. Hosting and transfers

Rectru is hosted on Microsoft Azure infrastructure. For customer environments designated by Mendzys Inc. for European data hosting, we intend that primary customer content is stored in Azure resources designated for EU hosting.

Where personal data subject to GDPR or similar laws is transferred internationally, Rectru may rely on appropriate safeguards such as Standard Contractual Clauses or equivalent lawful mechanisms.

10. Retention, deletion, and return

Rectru applies a default retention approach of up to 30 days for certain data stored in Rectru-managed services and containers, unless a different period is configured, contractually agreed, or required by law.

Upon termination or expiry of services, and subject to legal, backup, security, dispute, or preservation requirements, Rectru will delete or return personal data in accordance with the applicable agreement and law.

Customers remain responsible for retention in their own downstream systems, exports, or copies outside Rectru-managed storage.

11. Assistance with rights requests

Where Rectru receives a request from a data subject relating to personal data processed on behalf of a customer, Rectru may direct the request to that customer and provide reasonable assistance where appropriate.

12. Data protection addendum

Where required, Rectru may make available a contractual Data Processing Addendum that governs processor obligations, subprocessors, transfers, security, and end-of-service deletion or return obligations.

13. Contact

For privacy or GDPR-related questions about Rectru’s public compliance position, please contact:

Mendzys Inc. / Rectru
Email: info@rectru.com

Privacy Policy Data Processing Addendum Terms and Conditions Back to home