Privacy Policy

1. Who We Are

PeopleX ATS is a product of PeopleX Solutions, an African recruitment technology company. We operate the platform available at ats.peoplex.africa and all associated subdomains.

For the purposes of data protection law, PeopleX Solutions is the data controller for recruiter and workspace data. For candidate data collected through your careers page, your organisation acts as the data controller and PeopleX acts as a data processor on your behalf.

You can reach us at: [email protected]

2. Data We Collect

From Recruiters & Hiring Teams

• Name and work email address (used to create your account)
• Company name, size, industry and country (used to configure your workspace)
• Job postings and role descriptions you create
• Interview notes, scorecards and hiring decisions
• Payment information processed via Paystack (we do not store card details)
• Usage data and activity logs within the platform

From Candidates (via your careers page)

• Full name, email address and phone number
• City and NYSC status
• CV / résumé (stored securely in encrypted storage)
• Answers to screening questions you configure
• Explicit consent record with timestamp

Automatically Collected

• Browser type and device information
• IP address (used for security only, not profiling)
• Pages visited and actions taken within the app (analytics only)

3. How We Use Your Data

• To provide and operate the PeopleX ATS platform
• To run AI CV scoring on candidates you receive (using Anthropic Claude — no candidate data is used to train AI models)
• To send transactional emails — interview confirmations, offer letters, password resets
• To send WhatsApp notifications to candidates on your behalf when you trigger them
• To process success fee payments via Paystack
• To generate analytics reports for your hiring team
• To maintain security logs and detect fraudulent activity
• To comply with applicable law

4. Data Sharing

We do not sell your data. We share data only with the following sub-processors, solely to provide the service:

• Supabase — database, authentication and file storage (EU region)
• Anthropic — AI CV scoring (data is not retained or used for training)
• SendGrid (Twilio) — transactional email delivery
• Paystack — payment processing (PCI-DSS compliant)
• Netlify — platform hosting and CDN

We may disclose data if required by Nigerian law, a court order, or a regulatory authority with proper jurisdiction.

5. Candidate Data & Consent

When a candidate applies through your PeopleX careers page, they explicitly consent to their data being shared with your organisation for recruitment purposes. This consent is timestamped and stored in the platform.

As the recruiting organisation, you are responsible for:

• Using candidate data only for the role they applied for
• Not retaining candidate data beyond a reasonable period (we recommend 12 months)
• Responding to candidate requests to access or delete their data
• Notifying candidates if you share their data with a third party (e.g. a staffing agency)

PeopleX provides a candidate data deletion feature — workspace admins can permanently delete a candidate's record and all associated files at any time.

6. Data Storage & Security

All data is stored on Supabase infrastructure in the EU West (Ireland) region. CV files are stored in encrypted object storage. All data in transit is protected by TLS 1.2+.

We implement row-level security (RLS) on all database tables, meaning your workspace data is logically isolated — no other PeopleX customer can access your data.

In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it.

7. Your Rights

You have the right to:

• Access — request a copy of all data we hold about you
• Correction — ask us to correct inaccurate data
• Deletion — request deletion of your account and all associated data
• Portability — receive your data in a machine-readable format
• Objection — object to certain types of processing
• Restriction — ask us to limit how we use your data

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Cookies

PeopleX uses only essential cookies and browser storage necessary to operate the platform — specifically to maintain your login session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

PeopleX is a business-to-business platform intended for use by organisations and working professionals. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has submitted data through your careers page, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify all workspace admins by email at least 14 days before the changes take effect. Continued use of PeopleX after that date constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions, requests, or complaints:

• Email: [email protected]
• Subject line: "Privacy Request — [your company name]"

We take all privacy matters se