Privacy Policy

This Privacy Policy explains how unghosted ("we", "us") processes personal data when you use our website and services. The service is operated by BDF Tech UG (haftungsbeschränkt), Euckenstrasse 19c, 81369 Munich, Germany ("BDF Tech"). For company and representative details, see our Imprint.

If you have questions about this Policy or your personal data, you can reach us at team@bdftech.de.

Depending on how you use unghosted, we may process the following categories of personal data:

• Account and authentication data: information involved in signing up or signing in. We use Clerk as our authentication provider; Clerk processes certain data on our behalf as described in its documentation and privacy notice.
• Request and case data: information you submit in connection with GDPR requests (such as company names, role titles, interview details, recruiter contacts, correspondence, and any attachments or notes you choose to provide).
• Communication data: messages you send us (for example email or in-product support) and related metadata.
• Technical and usage data: for example IP address, device and browser type, general location derived from IP, timestamps, and diagnostic logs, where needed to operate and secure the service.
• Data we receive while providing the service: for example status updates, documents, or communications relating to your requests.

We process personal data to provide, maintain, and improve unghosted; to authenticate users; to prepare, submit, and track GDPR-related requests you ask us to handle; to communicate with you; to comply with legal obligations; and to protect our legitimate interests (such as security, fraud prevention, and service analytics), in each case as permitted under the GDPR.

The main legal bases are performance of a contract (Article 6(1)(b) GDPR), compliance with legal obligations (Article 6(1)(c)), and legitimate interests (Article 6(1)(f)), where those interests are not overridden by your rights. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

We share personal data only where necessary to run the service or as required by law:

• Infrastructure and hosting providers that store or process data on our instructions (for example database and application hosting).
• Clerk for authentication and identity-related features.
• Email and notification providers for transactional or service-related messages.
• Companies or their data protection contacts when you ask us to submit access or erasure requests on your behalf, strictly to the extent needed for those requests.

We retain personal data only as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting requirements.

When you delete your account or ask us to erase data, we will delete or anonymize personal data unless we must retain certain information to comply with law or to establish, exercise, or defend legal claims.

Subject to applicable law, you may have the following rights in relation to your personal data:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object (Article 21 GDPR), including to processing based on legitimate interests
• Right to lodge a complaint with a supervisory authority in your country or region

We may update this Privacy Policy from time to time. We will post the updated version on this page and adjust the "Last updated" date.

If changes are material, we will provide additional notice where appropriate (for example by email or a notice in the product).