Penroll

Legal

Privacy Policy

Last updated: June 2026

This Privacy Policy explains what data Penroll collects, why we collect it, and how we handle it. We try to be plain-English about this — no dark patterns, no buried disclosures.

It covers Penroll itself as a Controller: our website visitors and the recruiters/companies who hold an account. Candidate data submitted through a customer’s job application — CVs, screening answers, interview and offer details — is handled by Penroll as a Processor on that customer’s instructions; the categories of candidate data, retention, and security measures are set out in our Data Processing Agreement.

What we collect

Account data. Your name, email, and company workspace details, stored in our EU-hosted (Frankfurt) database. If you sign in with Google, we receive your name, email, and profile photo from Google’s OAuth flow.

Job and candidate data. Job posts, applications, CVs, AI ranking output, interview and offer details that you and your candidates create in the product. This is processed under the DPA above and stored on the same EU-hosted infrastructure.

Billing data. If you’re on a paid plan, Stripe holds your billing email, payment method, and invoice history. We store your Stripe customer ID and current plan/credit balance, not your card details.

Cookies and analytics. See the dedicated section below and our full Cookie Policy.

AI processing

Job posts, candidate rankings, screening questions, and offer letters are produced by a third-party AI provider, listed by name in our sub-processors page. We use that provider’s business-tier API, under which our data is not used to train their models. Cross-border transfer to a non-EU provider is covered by Standard Contractual Clauses and data-minimisation safeguards (see the DPA, section 6).

Cookies

Penroll sets a small number of first-party cookies needed to keep you signed in, remember your language, and remember your cookie choices — these are required for the product to work. With your opt-in consent (via the cookie banner), we also load PostHog (EU-hosted product analytics) and Microsoft Clarity (session replay, used for bug triangulation and UX research) — both are off until you accept them. We do not set advertising or cross-site tracking cookies. Full breakdown, including every cookie name and how long each lasts, at penroll.app/legal/cookies.

Your rights (GDPR / CCPA)

You can request a copy of your data, ask us to delete it, or request a correction. The fastest path is the self-serve form at penroll.app/erasure — submissions are actioned in our next nightly cycle (usually within 24 hours). For requests we can’t handle there, email privacy@penroll.app and we’ll respond within 30 days.

Stripe holds the bulk of your billing data — for subscription cancellations and payment method updates, use the "Manage in Stripe" button on the Billing page.

Data retention

Candidate application data is retained for 90 days after rejection or inactivity, then deleted from production storage (backups expire on a rolling 30-day window) — see DPA section 2. Account data is retained while your workspace is active and for a limited period after cancellation, after which it’s anonymised; Stripe retains its own billing records per their retention policy.

Contact

Privacy questions: privacy@penroll.app
General support: support@penroll.app

→ Terms of Service