Legal
Privacy Policy
Last updated: 22 June 2026
1. Who we are
matchbase.io is an AI-powered candidate matching platform for independent recruiters. The service is operated by matchbase.io, based in the Netherlands. We are the data controller for data you provide to us when creating an account and using the platform.
Contact: hello@matchbase.io
2. Data we collect
Account data — when you register: your name, work email address, and a hashed password. We never store your password in plain text.
Billing data — when you subscribe: your payment method and billing address are processed and stored by Stripe. We store only your Stripe customer ID and subscription status.
Candidate CV data — CVs uploaded by you or your candidates contain personal data (name, email, phone, employment history). We store this data to provide the CV scoring and matching service. You are the data controller for candidate data; we process it on your behalf.
Usage data — standard server logs (IP address, browser, pages visited) retained for up to 90 days for security and performance monitoring.
3. How we use your data
- To provide and maintain the matchbase.io service
- To process payments and manage subscriptions
- To send transactional emails (account confirmation, password reset, candidate invite notifications)
- To analyse CVs and score candidates against role frameworks using AI
- To detect and prevent fraud or abuse
We do not sell your data. We do not use your data or candidate data to train AI models.
4. AI processing
CV text is sent to Anthropic's API (Claude) for automated extraction and scoring. Anthropic processes this data solely to return results to matchbase.io and does not use it for model training. See Anthropic's Privacy Policy.
We minimise data sent to Anthropic — only anonymised CV text (with PII stripped) is used for the scoring step. Original PII (name, email, phone) is stored separately and not sent to Anthropic.
5. Third-party processors
| Processor | Purpose | Location |
|---|---|---|
| Vercel | Hosting and file storage (CV files) | EU / US |
| Neon / PostgreSQL | Database | EU |
| Stripe | Payment processing | EU / US |
| Anthropic | CV analysis and scoring | US |
| Resend | Transactional email delivery | EU / US |
All processors operate under Data Processing Agreements and, where applicable, Standard Contractual Clauses for transfers outside the EU.
6. Data retention
- Account data — retained while your account is active. Deleted within 30 days of account deletion.
- Candidate CV data — retained while your account is active. You can delete individual candidate profiles at any time from the intake queue.
- Billing records — retained for 7 years to comply with Dutch tax law.
- Server logs — retained for up to 90 days.
7. Your rights
Under GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and associated data
- Portability — receive your data in a machine-readable format
- Object — object to processing where we rely on legitimate interests
- Withdraw consent — where processing is based on consent
To exercise any of these rights, email us at hello@matchbase.io. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
8. Cookies
We use only essential session cookies required for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies.
9. Changes to this policy
We may update this policy from time to time. We will notify you by email for material changes. The “last updated” date at the top reflects the most recent version.
10. Contact
Questions about this policy? Email us at hello@matchbase.io.