Why should I use Ceevee instead of managing recruitment manually?

Spreadsheets and email threads break down fast. Ceevee gives you AI-powered CV scanning, visual hiring pipelines, candidate assessments, and a branded job portal — all in one platform. You spend less time on admin and more time talking to the right candidates.

Is Ceevee really free?

Yes. The Standard plan is free forever and includes up to 5 active jobs, 30 candidates, 15 AI CV scans, 5 assessments, and 1 branded job portal listing. No credit card required. If you outgrow these limits, the Enterprise plan removes all caps.

Is candidate data safe on Ceevee?

Absolutely. All data is encrypted in transit (TLS) and at rest, and securely stored on EU-based servers. Passwords are hashed, access to production systems is strictly limited, and we enforce row-level security policies. We comply with GDPR and never sell candidate data to third parties.

What powers the AI behind CV scanning and assessments?

Ceevee uses a proprietary analysis pipeline combined with safe, enterprise-grade AI models from renowned providers. CV data is processed in encrypted form, never used to train third-party models, and all AI outputs are suggestions designed to support — not replace — human decision-making.

What types of assessments can I send to candidates?

Ceevee offers two assessment types: a DISC-O personality assessment that measures five core behavioral traits (Drive, Influence, Steadiness, Conscientiousness, Openness), and a Developer assessment that scores architecture, execution, craftsmanship, collaboration, adaptability, and impact. Both are AI-scored with detailed profiles.

Can I customize the job portal with my own branding?

Yes. The portal editor lets you set your brand colors, background color, font family, header image, footer text, and SEO settings. Your portal lives at yourcompany.app.ceevee.cc and candidates can search, filter, and apply directly — applications flow straight into your pipeline.

How does team collaboration work?

You can invite team members with role-based access. Owners have full control, Recruiters can manage jobs and candidates, and Viewers have read-only access. Everyone works from the same dashboard with real-time data — no duplicate spreadsheets or lost emails.

How is candidate data protected under GDPR?

All candidate data is encrypted in transit (TLS 1.2+) and at rest (AES-256), stored on EU-based servers with row-level security isolating each organization’s data. We act as a data processor under Article 28 GDPR — we never use candidate data for our own purposes, never share it between organizations, and never use it to train AI models. A formal Data Processing Agreement (DPA) is in place from the moment you register. Read our full GDPR Compliance and DPA pages in the footer for details.

What are my responsibilities as an organization owner?

As the data controller under GDPR, your organization is responsible for: having a lawful basis to collect candidate data, providing candidates with privacy notices (including disclosure of AI tools), responding to data subject requests within 30 days, conducting Data Protection Impact Assessments when required, enforcing data retention periods, and ensuring human oversight of all AI-generated recommendations before making hiring decisions. Ceevee provides the tools — lawful and compliant use is your responsibility.

What rights do candidates have, and what consent is needed?

Under GDPR, candidates have the right to access, rectify, erase, restrict, and port their personal data, as well as the right to object to processing. Ceevee does not make automated hiring decisions — all AI outputs are recommendations requiring human review. Candidates should direct data requests to the employer who collected their data. If a candidate contacts us, we forward the request to the relevant employer and assist in responding. Your organization must inform candidates about data processing through appropriate privacy notices before uploading their data to Ceevee.

Back to home

Privacy Policy — Ceevee Recruitment Platform

Last updated: May 12, 2026

This Privacy Policy explains how Correct Context sp. z o.o. ("Ceevee", "we", "us", "our") collects, uses, stores, and protects personal data when you use the Ceevee platform ("Service"). This policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Polish data protection law.

1. Data Controller

The data controller for account data and usage data processed through the Service is:

Company: Correct Context sp. z o.o.
KRS: 0000699600
NIP: 9532727782
REGON: 368514828
Address: ul. Joachima Lelewela 27, 85-652 Bydgoszcz, Poland
Contact: duke.vu@correctcontext.com

For candidate data uploaded by employers, see Section 5 for the controller/processor distinction.

2. Data We Collect

Account Data

When you register, we collect:

Full name and email address
Organization name and details
Password (stored securely hashed, never in plain text)
User role within the organization (Owner, Recruiter, Viewer)

Usage Data

We automatically collect:

Pages visited, features used, and actions taken within the Service
Browser type, device information, operating system, and IP address
Usage statistics (e.g., number of CV scans, candidates added, assessments created)
Referral source and session duration

Candidate Data (processed on behalf of the employer)

When employers upload CVs or receive applications through the job portal, we process candidate personal data on their behalf as a data processor. This may include:

Name, email, phone number, and address
Work experience, education, skills, and qualifications
Assessment results and personality profiles generated by our AI
CV documents and attachments (PDF files)
Application data submitted through the job portal

3. How We Use Your Data

We use account and usage data to:

Provide, maintain, and improve the Service
Manage your account and enforce usage limits per your plan
Send transactional emails (account confirmations, security alerts, notifications)
Provide customer support
Detect fraud, abuse, and ensure platform security
Generate aggregated, anonymized analytics to improve the Service
Comply with legal obligations

We use candidate data exclusively to provide the Service to the employer (data controller) as described in Section 5.

4. Legal Basis for Processing (GDPR Art. 6)

We process personal data based on the following legal grounds:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service under our agreement with you
Legitimate interest (Art. 6(1)(f)): Improving the Service, security monitoring, fraud prevention, and analytics — balanced against your rights and freedoms
Legal obligation (Art. 6(1)(c)): Compliance with applicable tax, accounting, and regulatory requirements
Consent (Art. 6(1)(a)): Where specifically required, such as for optional marketing communications (you may withdraw consent at any time)

5. Candidate Data: Controller vs. Processor Roles

This section is critical to understanding data protection responsibilities when using Ceevee:

The employer (your organization) is the data controller for all candidate personal data uploaded to or collected through the Platform. The employer determines the purposes and means of processing candidate data.
Ceevee (Correct Context sp. z o.o.) acts as a data processor under Article 28 GDPR. We process candidate data solely on the employer's documented instructions and only for the purpose of providing the Service.

What Ceevee does as data processor:

Stores candidate data securely in encrypted databases with row-level security
Processes CVs through AI to extract structured candidate information
Generates assessment profiles and personality insights as instructed by the employer
Provides tools for the employer to manage, search, and organize candidate data
Sends communications to candidates only when triggered by the employer through the Platform
Deletes candidate data upon the employer's request or account termination

What Ceevee does NOT do with candidate data:

We do not use candidate data for our own purposes
We do not sell, rent, or share candidate data with third parties for their own use
We do not share candidate data between different employer organizations
We do not use candidate data to train AI models
We do not profile candidates for purposes beyond what the employer instructs
We do not make automated decisions about candidates — all AI outputs are recommendations for the employer's review

Data Processing Agreement (DPA)

A formal Data Processing Agreement in accordance with Article 28 GDPR is available upon request. Enterprise customers receive a DPA as part of their onboarding. To request a DPA, contact us at duke.vu@correctcontext.com.

Data subject requests regarding candidate data

If we receive a request directly from a candidate (data subject) regarding their personal data, we will promptly notify the relevant employer (data controller) and assist them in responding to the request. We will not respond to data subject requests regarding candidate data independently, unless required by law.

6. Employer's GDPR Obligations

As the data controller for candidate data, the employer is responsible for:

Lawful basis: Ensuring a valid legal basis exists for collecting and processing candidate personal data (e.g., legitimate interest in recruitment, or candidate consent where required)
Transparency: Informing candidates about how their personal data will be processed, including the use of AI-powered tools such as Ceevee, through appropriate privacy notices
Data minimization: Collecting only candidate data that is necessary and relevant for the recruitment purpose
Data subject rights: Responding to candidates' requests to access, rectify, erase, or port their personal data within the timeframes required by GDPR (typically 30 days)
Data Protection Impact Assessment (DPIA): Conducting a DPIA where required, particularly when using AI-based profiling or processing candidate data at scale
Special category data: Not processing special category data (Art. 9 GDPR — e.g., racial or ethnic origin, health data, trade union membership) through the Platform without explicit candidate consent and a valid legal basis
Retention: Defining and enforcing appropriate data retention periods for candidate data in accordance with applicable law
Cross-border transfers: Ensuring compliance with GDPR requirements when transferring candidate data to or from countries outside the EEA

Ceevee provides the technical tools for recruitment. The lawful and ethical use of those tools — including compliance with GDPR, local employment law, and anti-discrimination law — is the employer's responsibility.

7. AI Processing and Automated Decision-Making

The Service uses artificial intelligence to:

Scan and parse CVs to extract structured candidate information
Generate candidate summaries, skill assessments, and personality profiles
Score and rank candidates based on extracted data

Important safeguards:

No automated decisions: Ceevee does not make automated hiring decisions within the meaning of Article 22 GDPR. All AI outputs are recommendations and suggestions that must be reviewed by a human before any hiring decision is made.
Processor obligation: AI processing is performed solely on the employer's instructions as part of providing the Service.
No model training: We do not use your data or candidate data to train third-party AI models. Data sent to our AI provider (Anthropic) is processed under a data processing agreement that prohibits model training on customer data.
Encryption: Data sent to AI providers is transmitted in encrypted form over TLS.
Human oversight: The employer bears responsibility for applying human oversight and judgment to all AI-generated outputs before making employment decisions.

8. Sub-processors

We use the following sub-processors to provide the Service. Each has an appropriate data processing agreement in place:

Supabase (US/EU): Database hosting, authentication, and file storage
Vercel (US/EU): Application hosting and content delivery
Anthropic (US): AI processing for CV scanning and assessment generation
Resend (US): Transactional email delivery
Google LLC (US/EU): Google Workspace APIs (Google Calendar) for interview scheduling and calendar integration

We will notify employers of any changes to sub-processors that process candidate data. A current list of sub-processors is available upon request.

9. Data Sharing

We share personal data only with:

Sub-processors: As listed in Section 8, solely for providing the Service
Legal authorities: When required by law, court order, or to protect our legal rights
Professional advisors: Legal counsel or auditors, subject to confidentiality obligations

We do not sell personal data to third parties. We do not share candidate data between different employer organizations using the Platform.

10. Data Storage and Security

We implement technical and organizational measures appropriate to the risk, including:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+
Encryption at rest: Database storage is encrypted at rest using AES-256
Access controls: Row-level security (RLS) policies ensure data isolation between organizations. Access to production systems is restricted to authorized personnel with multi-factor authentication.
Password security: Passwords are hashed using bcrypt and never stored in plain text
Audit logging: Security-relevant events are logged for monitoring and incident response
Regular updates: Dependencies and infrastructure are kept up to date with security patches
Data center location: Primary data storage is in EU-based data centers where possible

11. Data Breach Notification

In accordance with Articles 33 and 34 of GDPR:

If we become aware of a personal data breach affecting candidate data, we will notify the relevant employer (data controller) without undue delay, and in any event within 48 hours of becoming aware of the breach.
Our notification will include the nature of the breach, categories of data affected, approximate number of data subjects, likely consequences, and measures taken or proposed to address the breach.
The employer (data controller) is responsible for notifying the relevant supervisory authority within 72 hours of becoming aware of the breach (where required under Art. 33 GDPR) and for notifying affected data subjects where required under Art. 34 GDPR.

For breaches affecting account data where we are the data controller, we will notify the relevant supervisory authority and affected users directly as required by GDPR.

12. Data Retention

Account data: Retained while your account is active and for 30 days after account deletion to allow recovery
Candidate data: Retained as long as the employer's account is active. Deleted within 30 days of account termination or upon the employer's deletion request.
Usage logs: Retained for up to 12 months for security, debugging, and analytics purposes
Backups: Removed within 90 days of data deletion from primary storage
Legal requirements: Certain data may be retained longer if required by applicable tax, accounting, or regulatory law

Employers are responsible for defining appropriate retention periods for candidate data under their control and for deleting candidate data when it is no longer necessary for the recruitment purpose.

13. Your Rights (GDPR)

As a data subject under GDPR, you have the right to:

Access (Art. 15): Request a copy of the personal data we hold about you
Rectification (Art. 16): Request correction of inaccurate or incomplete data
Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
Restriction (Art. 18): Request limitation of processing in certain circumstances
Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
Objection (Art. 21): Object to processing based on legitimate interest
Withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
Automated decisions (Art. 22): Not be subject to a decision based solely on automated processing — Ceevee does not make such decisions

To exercise any of these rights regarding your account data, contact us at duke.vu@correctcontext.com. We will respond within 30 days.

For candidates: If you are a candidate whose data has been processed through Ceevee, please contact the employer (the organization that collected your data) to exercise your GDPR rights. If you contact us directly, we will forward your request to the relevant employer and assist them in responding.

You also have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

14. International Data Transfers

Some of our sub-processors operate outside the European Economic Area (EEA), primarily in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
The EU-US Data Privacy Framework, where applicable
Data processing agreements with all sub-processors that include GDPR-compliant transfer provisions

You may request a copy of the relevant safeguards by contacting us.

15. Cookies

We use cookies and similar technologies for:

Essential cookies: Required for authentication, language preferences, and core functionality. These do not require consent.
Analytics cookies: Google Analytics / Google Tag Manager to understand how the Service is used and improve it. These are loaded only where permitted by applicable cookie consent requirements.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

16. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will take steps to delete it promptly.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

18. Google Workspace API Compliance (Limited Use)

Ceevee's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

Specifically, with respect to data accessed through Google Workspace APIs (including Google Calendar), Ceevee:

Uses Workspace API data only to provide or improve user-facing features (such as scheduling interviews and syncing recruiter calendars) that are prominent in the Service's user interface
Does not transfer Workspace API data to others except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with the user's explicit consent
Does not use Workspace API data to serve advertisements, including retargeted, personalized, or interest-based advertising
Does not allow humans to read Workspace API data unless the user has given explicit consent, it is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements
Does not use Workspace API data, including derived data, to develop, train, or improve generalized or non-personalized AI/ML models

You may revoke Ceevee's access to your Google account at any time via your Google Account permissions page.

19. Contact

For any privacy-related questions, data protection requests, or to request a Data Processing Agreement:

Email: duke.vu@correctcontext.com
Address: Correct Context sp. z o.o., ul. Joachima Lelewela 27, 85-652 Bydgoszcz, Poland