← Back to NoMoreSourcing

Privacy Policy

Version 1.0 — Effective: April 1, 2026 — Last updated: April 1, 2026

1. Introduction

NoMoreSourcing ("NoMoreSourcing", "we", "us" or "our") is committed to protecting your privacy and handling your personal data responsibly. We operate the AI-powered recruitment sourcing platform at app.nomoresourcing.io (the "Platform"). This Privacy Policy explains what personal data we collect, why, how we use and protect it, and your rights.

By using our Platform you agree to the data processing described in this policy. This policy should be read together with our Terms & Conditions.

2. Data Controller

NoMoreSourcing
Email: privacy@nomoresourcing.io

As NoMoreSourcing is established in the EU, no separate EU representative is required.

3. What Personal Data We Collect

3.1 Account & Profile Data

• Name, email address, password (hashed)
• Organisation name, role (admin/member)
• Subscription tier and billing status
• Language preference

3.2 Recruitment Data

• Client/organisation profiles you create (name, sector, location, culture, preferences)
• Vacancy descriptions, job requirements, dealbreakers, nice-to-haves
• Candidate profiles fetched from LinkedIn via Lobstr.io or uploaded via CSV
• AI-generated candidate scores, summaries, and outreach messages
• Your feedback on candidates (ratings, notes)
• Intake form responses from clients/hiring managers

3.3 Payment Data

• Processed exclusively by Stripe. We do not store credit card numbers.
• We retain: transaction IDs, amounts, subscription status, invoices

3.4 Technical Data

• IP address, browser type, device information
• Pages visited, session duration, actions performed
• Error logs and performance data

3.5 Third-Party Data (LinkedIn Profiles)

When you use our LinkedIn integration (via Lobstr.io), candidate profile data is fetched from LinkedIn. This data includes: name, job title, company, location, profile URL, experience, education, and skills. You are responsible for ensuring your use of this data complies with LinkedIn's terms of service and applicable data protection law. NoMoreSourcing processes this data on your behalf as a data processor.

4. Purposes of Processing

• Platform services: Account management, authentication, AI scoring, candidate matching, outreach generation
• Organisation management: Team members, role assignment, shared data within your organisation
• Payments: Subscription management, invoicing, payment processing via Stripe
• Communication: Service notifications, intake forms, shared result links
• Security: Fraud prevention, abuse detection, platform protection
• Improvement: Usage analytics, performance monitoring, feature development
• Legal compliance: Tax obligations, legal proceedings, regulatory requirements

5. Legal Bases

• Contract performance (Art. 6(1)(b) GDPR): Account management, platform services, payments
• Legitimate interest (Art. 6(1)(f) GDPR): Security, fraud prevention, analytics, service improvement
• Consent (Art. 6(1)(a) GDPR): Marketing communications, non-essential cookies
• Legal obligation (Art. 6(1)(c) GDPR): Tax records, regulatory compliance

6. Data Security

• All data encrypted in transit (TLS) and at rest
• Passwords hashed with bcrypt
• Row-level security (RLS) in database ensuring data isolation between organisations
• API keys stored server-side, never exposed to browser
• Regular security updates and monitoring

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for keeping your login credentials confidential.

7. Data Retention

• Active accounts: Data retained while subscription is active
• Deleted accounts: Personal data removed within 30 days, except where legal retention applies
• Financial records: 7 years (tax law)
• Technical logs: 1 year
• Shared result links: 90 days after creation

8. Third Parties

8.1 Service Providers

• Supabase: Database hosting and authentication
• Vercel: Application hosting
• Stripe: Payment processing
• Anthropic (Claude): AI candidate scoring and outreach generation
• Lobstr.io: LinkedIn profile scraping (on your instruction)

All providers are bound by data processing agreements.

8.2 Shared Result Links

When you share results via a link, the candidate data in that share is accessible to anyone with the link. No login is required. You are responsible for sharing links only with authorised parties.

8.3 AI Processing

Candidate data is sent to Anthropic's Claude API for scoring and outreach generation. Anthropic processes this data under their data processing agreement and does not use it for model training. NoMoreSourcing is not liable for Anthropic's data handling beyond the scope of our agreement with them.

9. International Transfers

Data may be transferred to the United States (Anthropic, Stripe, Vercel). These transfers are protected by Standard Contractual Clauses and/or adequacy decisions.

10. Your Rights

Under GDPR you have the right to: access, rectify, erase, restrict processing, data portability, and object to processing. Contact privacy@nomoresourcing.io. We respond within 1 month.

11. Cookies

• Essential: Session management, authentication, language preference
• Analytics: Anonymous usage statistics (with consent)

12. Minors

The Platform is for professional use only and not intended for persons under 18.

13. Accuracy & Liability

You are responsible for the accuracy of data you input. NoMoreSourcing is not liable for AI scoring decisions, candidate assessments, or outreach messages. These are generated tools to assist your professional judgement, not replacements for it. NoMoreSourcing is not liable for any recruitment decisions made based on Platform output.

14. Changes

We may update this policy. Material changes are communicated 30 days in advance via email. Continued use after changes constitutes acceptance.

15. Contact & Complaints

Email: privacy@nomoresourcing.io

You may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): www.autoriteitpersoonsgegevens.nl

NoMoreSourcing © 2026