Sorceo← Back to home

Privacy Policy

Last updated: April 28, 2026

This Privacy Policy explains how SIA ECO SOULS (“Sorceo”, “we”, “us”, or “our”) collects, uses, and protects personal data when you use the Sorceo service — an AI-powered candidate screening and hiring assistance tool available at sorceo.com.

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable Latvian data-protection law.

1. Data Controller

The data controller responsible for your personal data is:

  • SIA ECO SOULS
  • Registration number: 40203437942
  • Address: Lielā iela 232, Daugavpils, LV-5415, Latvia
  • Contact: support@sorceo.com

2. What Data We Collect

We collect only the data needed to provide the Sorceo service:

  • Account data: your email address, and your name if you choose to provide it.
  • Authentication data: hashed password and session identifiers managed by our authentication provider.
  • Resume / CV files you upload (PDF or DOCX), including any personal data contained in those files about candidates.
  • Job descriptions and other text you enter into the product to run candidate screening.
  • Usage data: basic technical logs (timestamps, request metadata, error logs) needed to operate and secure the service.

If you upload a CV that contains personal data about a third party (e.g. a candidate), you confirm that you have a lawful basis to share that data with us for processing.

3. Purpose of Processing

We use your data to:

  • Provide AI-powered candidate screening and ranking against the job descriptions you submit.
  • Generate personalized outreach messages and other hiring assistance features.
  • Operate, secure, and improve the service during the beta period.
  • Communicate with you about your account, access status, and important service updates.

4. Legal Basis

We process your personal data on the following legal bases under GDPR:

  • Consent (Art. 6(1)(a)) — when you create an account and submit data to be analyzed.
  • Legitimate interest (Art. 6(1)(f)) — to operate, secure, and improve the service, prevent abuse, and communicate essential service information.
  • Contractual necessity (Art. 6(1)(b)) — to deliver the features you have requested.

5. Sub-processors and Tools We Use

To deliver the service, we share limited data with the following processors. Each is bound by contractual data-protection terms:

  • OpenAI — to perform AI analysis of CVs and job descriptions and to generate outreach drafts. Content sent to OpenAI is processed under their API data-processing terms and is not used to train their models.
  • Supabase — to host our database, manage authentication, and store uploaded files. Data is hosted in EU/EEA infrastructure.
  • Email service provider — to send transactional emails (account notifications, access decisions, password resets).

6. Data Storage and Location

Your data is stored on Supabase infrastructure located in the European Union / European Economic Area (EU/EEA). When data is transferred to a sub-processor outside the EEA (e.g. OpenAI in the United States), the transfer is protected by Standard Contractual Clauses and equivalent safeguards approved by the European Commission.

7. Data Retention

During the beta phase, your account data, uploaded CVs, and screening history are retained for as long as your account is active, so you can return to previous results. You may request deletion of your account and associated data at any time by emailing support@sorceo.com. We will delete the data within 30 days of a verified request, except where retention is required by law.

8. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion (“right to be forgotten”) of your personal data.
  • Restrict or object to certain processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) or your local supervisory authority.

To exercise any of these rights, contact us at support@sorceo.com.

9. Security

We apply appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), access controls, role-based authorization, and audit logging of administrative actions. No system is perfectly secure, but we work to follow industry best practices.

10. We Do Not Sell Your Data

We do not sell, rent, or trade your personal data, the CVs you upload, or any candidate information to third parties. Data is used solely to provide the service to you.

11. Children

Sorceo is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy as the product evolves. Material changes will be communicated via email or via a notice in the product. The “Last updated” date at the top of this page will always reflect the latest revision.

13. Contact Us

For any privacy-related questions or requests, contact us at support@sorceo.com.