Privacy Policy

AloRecruit is operated by Atlas Liberty Group Ltd, a company incorporated in England and Wales. When we refer to "AloRecruit", "we", "us" or "our" in this policy, we mean Atlas Liberty Group Ltd.

We act as a data controller for the personal data of clients, recruiters, and visitors to our platform. For candidate data submitted by recruiters, we act as a data processor on behalf of the recruiter (the data controller).

We collect different types of information depending on how you interact with AloRecruit:

• Account data: full name, email address, company name, and role (client, recruiter, or candidate).
• Profile data: LinkedIn URL, professional biography, and any additional information you add to your profile.
• Usage data: pages visited, features used, and interaction logs collected automatically via our infrastructure.
• Communications: messages, enquiries, or support requests sent to us directly.
• Lead data: first name and email address submitted via our lead magnet or contact forms.
• Technical data: IP address, browser type, device type, and cookies (see Section 7).

We use personal data only for the purposes described below and only to the extent permitted by applicable law:

• To provide, maintain, and improve the AloRecruit platform and portal.
• To create and manage user accounts and authenticate access.
• To match clients with appropriate recruiters and candidates.
• To communicate with you about your account, service updates, and relevant opportunities.
• To send transactional emails (e.g. account confirmation, download delivery) — not marketing unless you explicitly opt in.
• To detect and prevent fraud, abuse, and violations of our Terms of Service.
• To comply with legal obligations applicable to us.

Our legal basis for processing is primarily contract performance (to deliver the service), legitimate interests (platform security and service improvement), and consent (where you have opted in to communications).

AloRecruit processes candidate profile data on behalf of recruiters who use our platform. This data may include names, contact details, employment history, and LinkedIn profiles sourced by the recruiter during an engagement.

Recruiters act as data controllers for any candidate data they submit. AloRecruit processes this data solely as instructed by the recruiter, strictly for the purpose of managing the recruitment pipeline for the relevant client engagement.

We do not sell, rent, or share candidate profile data with any third party other than the client directly associated with the engagement. Candidate data is retained for a maximum of 24 months after the conclusion of an engagement, unless an earlier deletion is requested.

Candidates who become aware that their data is held on the AloRecruit platform may contact us at privacy@alorecruit.com to request access, correction, or deletion.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights in relation to your personal data:

• Right of access — to receive a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your data where there is no legitimate reason for us to continue processing it.
• Right to restriction — to request that we restrict processing of your data in certain circumstances.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to object — to object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@alorecruit.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in the UK, the ICO at ico.org.uk).

We share personal data only with the following categories of recipients, and only to the extent necessary:

• Supabase (database and authentication infrastructure) — our primary data processor, hosted on AWS in the EU.
• Resend (transactional email delivery) — receives email addresses only for the purpose of delivering emails you have requested.
• Upstash (rate limiting and caching) — stores anonymous IP-derived tokens only, no personally identifiable data.
• Vercel (hosting infrastructure) — may process request metadata such as IP addresses as part of standard CDN operation.

We do not sell personal data to any third party. We do not use your data for behavioural advertising. All third-party processors are bound by data processing agreements.

AloRecruit uses a small number of technically necessary cookies to operate the platform. These cookies are not optional if you wish to use authenticated features of the service.

• Session cookies: issued by Supabase to maintain your authenticated session. These expire when you sign out or after 7 days of inactivity.
• CSRF protection tokens: prevent cross-site request forgery attacks.
• Rate-limit tokens: anonymous hashed identifiers used to enforce API rate limits — no personal data is stored.

We do not use advertising cookies, tracking pixels, or third-party analytics scripts on the authenticated portal. The marketing website may use lightweight, anonymised analytics without cookies (no consent required). We do not use Google Analytics.

We retain personal data for as long as your account is active or as needed to provide services:

• Active account data is retained for the lifetime of your account.
• After account deletion, data is purged within 90 days, except where retention is required by law.
• Candidate profile data is retained for 24 months after the conclusion of an engagement.
• Lead and marketing data is retained for 36 months unless you unsubscribe or request deletion.
• Activity logs are retained for 12 months for security and audit purposes.

Our infrastructure is primarily located within the European Economic Area. Where data is transferred outside the EEA (for example, to US-based processors), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

For any privacy-related queries, to exercise your rights, or to raise a concern, please contact: