Privacy Policy
1. Data Controller
The data controller responsible for your personal data is Catena Tecnologia Ltda., a company incorporated in Brazil. Contact: privacidade@catena.work
2. What Data We Collect
- Identity: Full name
- Contact: WhatsApp/phone number, email address
- Professional: CV/résumé, LinkedIn profile, work history, skills
- Interview data: Responses to AI-conducted interview questions (text, and optionally audio)
- Technical: IP address, browser type, UTM/tracking parameters
3. Legal Bases for Processing
- Contract performance (LGPD Art. 7, VI / GDPR Art. 6(1)(b)): Processing your CV and application data to match you with job opportunities
- Legitimate interests (LGPD Art. 7, IX / GDPR Art. 6(1)(f)): Improving our AI models and platform
- Consent (LGPD Art. 7, I / GDPR Art. 6(1)(a)): Sending you notifications about your application status
- You are interacting with an AI system, not a human recruiter
- The AI generates a compatibility score that influences (but does not solely determine) hiring decisions
- Human oversight is available — hiring companies review all AI-generated assessments
- You have the right to request human review of any AI-based decision (see Section 7)
- Our AI system is designed to avoid discriminatory outputs based on protected characteristics
4. AI-Based Decision Making
We use AI to: (a) analyze your CV and match it to job requirements, (b) generate personalized interview questions, (c) process your interview responses and produce a compatibility score.
This score is advisory only. The final hiring decision is always made by a human at the hiring company. You have the right to contest any AI-based assessment and request human review — contact privacidade@catena.work.
This section fulfills obligations under: LGPD Art. 20 / GDPR Art. 22 / EU AI Act Art. 13, 14, and 50.
5. Data Sharing
- Hiring companies: Your application data (CV, interview transcript, score) is shared with the company that posted the job you applied for
- OpenAI: Interview responses and CV text are processed by OpenAI's API to generate questions and scores. OpenAI does not use this data to train its models (via API terms)
- Infrastructure: Heroku (hosting), AWS S3 (file storage), SendGrid (email delivery)
- We never sell your data to third parties or use it for advertising
6. Data Retention
- Active applications: retained while the job posting is open + 12 months
- Interview recordings/transcripts: 12 months from interview date
- CVs and profile data: 24 months from last activity
- You may request deletion at any time (see Section 7)
7. Your Rights
Under LGPD, GDPR, and the EU AI Act, you have the right to:
- Access your personal data
- Correction of inaccurate data
- Erasure ("right to be forgotten")
- Portability of your data in machine-readable format
- Object to automated processing
- Human review of any AI-based decision that significantly affects you (EU AI Act Art. 14)
- Withdraw consent at any time
To exercise any right, contact: privacidade@catena.work. We will respond within 15 business days.
8. Security
We implement industry-standard safeguards: TLS encryption in transit, encrypted storage at rest, access controls, and regular security reviews. In the event of a data breach affecting your rights, we will notify you within 72 hours.
9. International Transfers
Your data may be transferred to the United States (OpenAI, Heroku, AWS). Such transfers are protected by Standard Contractual Clauses (GDPR) and equivalent safeguards under LGPD.
10. Changes to This Policy
We may update this policy. The "Last updated" date reflects the most recent version. Material changes will be notified via email or prominent notice on our platform.
11. Contact & DPO
Data Protection Officer: privacidade@catena.work
Catena Tecnologia Ltda. · São Paulo, Brazil