Privacy & Cookie Policy

Privacy Policy Talenver
Effective Date: July 22nd, 2025

Welcome to Talenver. This Privacy Policy explains how TALENVER LLC, a U.S.-based company acting as the data controller of your personal information, collects, uses, shares, and protects your personal data when you access or use the Talenver platform (the “Platform”).

Talenver is a global online platform that enables professional collaboration between individuals providing services (“Talents”) and those seeking such services (“Hirers”). This Privacy Policy applies to all users, whether accessing our services from the United States or abroad, and is intended to reflect our commitment to privacy, transparency, and lawful data processing in accordance with applicable U.S. federal and state laws, as well as international best practices where relevant.

Legal Framework and Scope. As a U.S.-based company, our primary obligations stem from:

The California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA);
Other applicable U.S. state privacy laws (e.g., Virginia, Colorado, Connecticut, Utah);
Relevant federal statutes (e.g., FTC Act, Children’s Online Privacy Protection Act (COPPA), CAN-SPAM Act, GLBA, where applicable);
International frameworks, such as the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs), apply when we process data of EEA or global users.

Where required by international law (e.g., the General Data Protection Regulation (GDPR)), we implement appropriate safeguards for cross-border data transfers and ensure that user rights are upheld in accordance with these frameworks. However, this Policy is governed by U.S. law, and in the event of a conflict, U.S. legal standards will apply, unless a higher level of protection is mandated by the user’s jurisdiction of residence.

This Privacy Policy is part of our Terms of Service and supplemented, where applicable, by additional policies such as our forthcoming Content Moderation Policy and Intellectual Property Policy.

Who We Are and How to Contact Us

The Talenver platform is operated by TALENVER LLC, a corporation organized and existing under the laws of the United States, with its principal place of business located at:

Sunny Isles Beach, FL, 33160, USA. For the purposes of the CCPA/CPRA and other applicable laws, Talenver is the “Business” or “Data Controller” with respect to your personal information.

We have appointed a Data Protection Officer (DPO) to oversee privacy compliance and handle questions or requests related to this Policy. DPO Contact Details:

Name: LURIE, YULIA
Email:info@talenver.com

If you have questions about this Policy, your rights under applicable U.S. or international law, or how we handle your data, we encourage you to contact our DPO directly or use the contact methods in the “Contact Us” section of this Policy.

Note for International Users: If you are a resident of the European Economic Area (EEA) or other jurisdictions with data transfer or representation requirements, we take steps to ensure that appropriate protections are in place. Where legally required, we may appoint a representative under Article 27 of the GDPR, information available upon request.

DEFINITIONS AND KEY TERMS

For the purposes of this Privacy Policy, the following capitalized terms shall have the meanings set forth below. Any terms not defined herein shall have the meaning assigned to them in the Talenver Terms of Service or as defined by applicable law.

“Platform” refers to the Talenver-branded digital environment, including all associated websites, mobile applications, software interfaces, APIs, browser extensions, and services operated by Talever, that facilitate interactions between Talents and Hirers.
“User” means any natural person or legal entity that accesses, registers for, browses, or otherwise uses the Platform, including Talents, Hirers, and unregistered visitors.
“Talent” refers to any individual or business entity that offers freelance, project-based, or professional services through the Platform.
“Hirer” refers to any individual, company, or organization that uses the Platform to post jobs, search for or review Talent profiles, or engage with Talents for service-based work.
“Personal Data” (also referred to as “personal information” under certain U.S. laws) means any information that relates to, describes, or could reasonably be linked to an identified or identifiable individual. This may include, without limitation, names, contact details, identification numbers, geolocation data, employment or education history, IP addresses, and online behavior data, as defined under Applicable Laws.
“Sensitive Personal Information” means a subset of Personal Data that is subject to heightened protection under certain laws. Under California law (CPRA), this may include precise geolocation, financial account credentials, government-issued identifiers, racial or ethnic origin, genetic data, biometric identifiers, and information concerning health or sexual orientation. Under the GDPR, similar data is referred to as “Special Categories of Data.”
“Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means. This includes, but is not limited to, collection, storage, access, use, transmission, disclosure, modification, restriction, deletion, and destruction.
“Data Controller” means the entity that determines the purposes and means of Processing Personal Data. For purposes of this Policy, Talenver is the Data Controller, as defined under Article 4(7) GDPR, Cal. Civ. Code § 1798.140(d), and other relevant laws.
“Data Processor” means a third party that processes Personal Data on behalf of the Data Controller, as defined under Article 4(8) GDPR. Examples include infrastructure providers, email delivery services, or analytics vendors acting under a contractual agreement with Talenver.
“Consent” refers to a User’s freely given, specific, informed, and unambiguous indication of agreement to the Processing of Personal Data, expressed by a clear affirmative action, where such consent is required by law.
“Profiling” means any form of automated Processing of Personal Data to evaluate or predict personal aspects relating to a User, such as professional performance, preferences, interests, economic status, or online behavior.
“Automated Decision-Making” refers to decisions made solely by automated means—without human involvement—and that produce legal or similarly significant effects on the User, as governed by Article 22 of the GDPR and California law. Civ. Code § 1798.185(a)(16), and other state laws.
“Third-Party Services” means any external platform, tool, service provider, vendor, or integration partner (e.g., Stripe, Zoom, Google Analytics) that supports the delivery of the Platform’s features. These entities may act as independent data controllers or processors depending on the nature and context of data sharing.
“Applicable Laws” refers to all statutes, regulations, and legally binding frameworks governing data protection and privacy that apply to Talenver’s data collection and use, including but not limited to:

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA);
The Federal Trade Commission Act (FTC Act);
The Children’s Online Privacy Protection Act (COPPA) and other relevant U.S. federal statutes;
Other U.S. state privacy laws (e.g., Virginia, Colorado, Connecticut, Utah);
The General Data Protection Regulation (EU) 2016/679 (GDPR) (as applicable for international users);
Any other jurisdiction-specific privacy law to the extent applicable based on User location or data residency.

SCOPE OF THIS PRIVACY POLICY
1. This Privacy Policy (“Policy”) describes how TALENVER LLC, doing business as Talenver (“Talenver,” “we,” “us,” or “our”), in its capacity as a data controller (and where applicable, as a processor), collects, uses, stores, discloses, and protects Personal Data in connection with your use of the Talenver platform and its related services (collectively, the “Platform”).
2. Applicability. This Policy applies to all natural persons who access or interact with the Platform, including:
  1. Registered and unregistered Users, including Talents, Hirers, and general visitors;
  2. Individuals residing in the United States (including California under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA)), and in other U.S. states with enacted privacy laws (e.g., Virginia, Colorado, Connecticut, Utah);
  3. Users located in jurisdictions governed by international data protection laws, such as the General Data Protection Regulation (GDPR) in the EEA.
3. This Policy governs Personal Data collected or processed through:
  1. The Talenver website(s), mobile application(s), browser tools, and APIs;
  2. Account registration, user profile completion, resume uploads, job listings, portfolios, dashboards, and subscription services;
  3. Messaging features, video or voice calls, scheduling tools, and analytics dashboards;
  4. User feedback, support tickets, surveys, and service communications;
  5. Embedded third-party features (e.g., Stripe for payments, Zoom for interviews, Google Analytics for usage tracking), where Talenver controls integration and processing parameters.
4. Talenver adheres to applicable privacy laws in each relevant jurisdiction and commits to maintaining high standards of confidentiality, security, and transparency in its handling of your Personal Data.
5. Exclusions from Scope. This Policy does not apply to:
  1. Personal data processing carried out by third-party websites, tools, or services not owned or operated by Talenver, even if accessible via the Platform;
  2. Personal data collected by Hirers, recruiters, or third-party businesses who use the Platform and independently process data via external systems (e.g., proprietary Applicant Tracking Systems (ATS), direct links to job applications, or third-party interview platforms).
  3. Such parties act as independent data controllers, and Talenver does not assume responsibility for their privacy practices. We strongly recommend reviewing the privacy policies of such external parties before submitting your data to them.
6. Legal Effect and Relationship to Other Documents. This Policy forms a legally binding part of your contractual relationship with us under the Talenver Terms of Service. In the event of any conflict between this Policy and other notices or platform documents, this Policy shall prevail with respect to the processing of Personal Data, unless explicitly superseded by jurisdiction-specific terms or regulatory requirements.
7. Where local law grants users greater rights or imposes stricter obligations, such protections shall apply. For California residents, this Policy also constitutes our Notice at Collection under Cal. Civ. Code § 1798.100(b) and is designed to meet all notice and transparency requirements under the CPRA.
8. If you access or use the Platform on behalf of a company, organization, or other legal entity, you represent that you are authorized to bind such entity to the terms of this Policy.
INFORMATION WE COLLECT
1. Talenver collects and processes various categories of personal data (“Personal Data”) for the purpose of delivering, maintaining, personalizing, securing, and improving the Platform. We only collect Personal Data to the extent that it is lawful, necessary, and proportionate to the services provided. Collection is carried out in accordance with applicable laws, including the California Consumer Privacy Act of 2018 (CCPA), as amended by the CPRA, the General Data Protection Regulation (GDPR), and other relevant legal frameworks.
2. We obtain information through the following channels:
  1. Information You Provide Directly. You may voluntarily provide us with Personal Data when you register for an account, fill out your profile, engage with the Platform, communicate with others, or interact with our support team. This includes:
  2. Identifiers and Contact Information (Cal. Civ. Code §1798.140(v)(1)(A)): Full name, username, photo/avatar, date of birth or age range, email address, phone number, physical address (if provided), and location preferences.
  3. Professional and Account-Related Data (Cal. Civ. Code §1798.140(v)(1)(I)): Resume/CV, job title, education, skills, work history, certifications, languages, availability status, portfolio links, and other profile materials you upload.
  4. Account credentials (hashed passwords). If you sign up using a third-party login (e.g., Google, LinkedIn), we collect only the minimal identity data (e.g., name, email) as per your authorization.
  5. Platform Usage & Communication Data: Direct messages (content and metadata such as timestamp, sender/recipient), notes or tags added to profiles, scheduling activity, and voluntary video/audio interactions (not recorded unless explicitly consented to by both parties).
  6. Feedback and Support Inquiries: Submit support requests, bug reports, survey responses, and general correspondence with our customer success or trust and safety teams.
  7. Billing and Commercial Data (Cal. Civ. Code §1798.140(v)(1)(D)): Subscription tier, payment method type, billing country, transaction identifiers, and purchase logs. Note: We do not collect or store full payment card numbers; all payment processing is handled by PCI-DSS-compliant third-party providers (e.g., Stripe).
3. Information Collected Automatically. When you use the Platform, we automatically collect data to optimize performance, ensure security, and improve user experience. This includes:
  1. Internet or Network Activity (Cal. Civ. Code §1798.140(v)(1)(F)): Device type, browser, OS version, screen resolution, language, referral URL, pages viewed, session duration, login/logout events, scroll or click behavior, feature usage logs, and time spent per feature.
  2. Device Identifiers & Connection Data: IP address, user agent string, network provider, and region-level geolocation (inferred from IP). We do not collect GPS-level location unless you explicitly enable it in your device settings.
  3. Cookies and Similar Technologies: We use first- and third-party cookies, SDKs, and web beacons for authentication, analytics, and personalization (see Section 3 – Cookies and Tracking Technologies). Where required by law (e.g., GDPR), we present a cookie banner with opt-in controls.
4. Information Received from Third Parties. We may also obtain Personal Data from external parties where permitted by law or authorized by you, including:
  1. Authentication & Identity Providers: When you register via OAuth or SSO providers (e.g., Google, LinkedIn), we receive validated information, including your name, email, and profile image.
  2. Analytics & Measurement Vendors: We receive anonymized or pseudonymized analytics data from tools like Google Analytics, Firebase, or other SaaS performance dashboards to understand aggregate usage trends.
  3. Referrals, Hiring Partners, or Talent Aggregators: If you are introduced to Talenver through a third-party recruiter, affiliate link, or API partner, we may receive your name, email, or partial profile to facilitate your onboarding.
  4. Publicly Available Information: In limited cases, we may supplement profile visibility by importing data from publicly available professional websites or portfolios that you have explicitly referenced.
  5. Third-Party Integrations and Widgets: When interacting with embedded third-party services (e.g., Zoom, YouTube, embedded maps, customer chat), those services may collect their own technical or behavioral data in accordance with their privacy policies.
5. Categories of Personal Information Collected Under U.S. Law. For compliance with CCPA/CPRA, the categories of Personal Data we collect include:

CCPA Category	Examples	Collected
Identifiers	Name, email, IP address, login ID	✔
Personal Records	Employment or education data voluntarily provided	✔
Protected Characteristics	Age (optional), gender (optional)	✔
Commercial Information	Subscription history	✔
Internet Activity	Device data, cookies, session activity	✔
Geolocation Data	Region-level location (from IP)	✔
Inferences	Matching preferences, usage patterns	✔ (limited)
Sensitive Personal Information	Not collected by default	✖ (unless provided by user voluntarily and with consent)

Sensitive Data Clarification. We do not intentionally collect sensitive personal data as defined under Cal. Civ. Code §1798.140(ae) or GDPR Art. 9, such as race, political views, religious beliefs, biometric or genetic data, or precise geolocation, unless explicitly provided by the User and only with proper consent and safeguards in place.
Data Integrity and Limitations. We apply purpose limitation and data minimization principles, retaining only the information necessary for:
1. Performance of contractual obligations;
2. Security and fraud prevention;
3. Legal compliance and regulatory audit;
4. Legitimate interest of platform operation and enhancement.

Automated Decision-Making and Profiling. Talenver does not engage in fully automated decision-making that produces legal effects or similarly significant impacts on individuals, as defined under Article 22 of the General Data Protection Regulation (GDPR) or relevant U.S. state privacy laws such as the California Privacy Rights Act (CPRA).
We may use algorithmic tools, such as profile matching, job recommendations, or filtering systems, to personalize and enhance your experience on the Platform. However, these tools:
1. Do not operate in isolation; all outcomes are subject to human oversight and judgment.
2. Do not result in binding or consequential decisions without meaningful human involvement.
3. Are designed to support, not replace, human decision-making.
If in the future we introduce any form of automated decision-making that may significantly affect users (e.g., eligibility determination, prioritization algorithms), we will:
1. Provide clear and timely notice to affected users;
2. Ensure the availability of a mechanism to request human review;
3. Implement all safeguards required under applicable legislation, including the right to explanation and contestation under Article 22(3) GDPR and Cal. Civ. Code § 1798.185(a)(16).

USER CHOICES AND CONTROLS
1. Talenver is committed to providing you with meaningful transparency and control over how your Personal Data is collected and used, particularly with regard to cookies, tracking technologies, and behavioral profiling. We implement user-centric privacy practices in line with the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), and other applicable legal frameworks.
2. Cookie and Tracker Preferences. When you first visit our Platform from a jurisdiction that requires consent for non-essential cookies (e.g., EU/EEA), you will be presented with a cookie banner that allows you to:
  1. Accept all cookies;
  2. Reject all non-essential cookies;
  3. Customize preferences by category (e.g., analytics, functionality, advertising).
3. Your consent choices are recorded and can be updated at any time via the “Cookie Settings” link located in the footer of our website.
4. We use a consent management platform (CMP) that complies with IAB Europe’s Transparency and Consent Framework (TCF) and supports Global Privacy Control (GPC) headers, ensuring compliance with CPRA and GDPR where required.
  1. ⚠️ Please note that disabling certain cookie types may degrade user experience or affect the availability of certain Platform features (e.g., login persistence or interface localization).
5. Browser-Level Tracking Controls. You can manage or block tracking at the browser level using the following tools:
  1. Browser Settings: Most modern browsers (e.g., Chrome, Firefox, Safari) allow you to clear cookies, block third-party cookies, and set permissions on a site-by-site basis.
  2. Google Analytics Opt-Out: Google Analytics Opt-Out Add-On allows you to prevent your data from being used by Google Analytics.
  3. Do Not Track (DNT): We honor DNT signals where feasible and required by local law, though support may vary depending on browser implementation.
  4. Global Privacy Control (GPC): If your browser or extension sends a GPC signal, we treat it as a valid opt-out of “sale” or “sharing” of Personal Data under CPRA § 1798.135(b).
6. Advertising and Behavioral Profiling. Talenver does not currently engage in targeted advertising or profiling for cross-context behavioral purposes. However, if such functionality is introduced in the future, we will:
  1. Provide clear notice and opt-in/opt-out options in accordance with CPRA and GDPR requirements;
  2. Offer mechanisms to disable personalized ads through your account settings or browser.
7. In addition, you may opt out of behavioral ad networks through independent platforms such as:
  1. YourOnlineChoices (EU)
  2. Network Advertising Initiative (NAI, US)
  3. Digital Advertising Alliance (DAA, US)
    These tools allow you to exercise broader control over cookies and interest-based advertising.
8. Mobile Application Permissions. If you use the Talenver mobile app, you may control app-specific data collection directly from your device’s operating system:
  1. Location Access: Disable precise or background location tracking in your device’s privacy settings.
  2. Push Notifications: Opt in or out of in-app messaging or alerts via your OS preferences.
  3. App Tracking Transparency (iOS): For Apple users, you can block tracking across apps by disabling “Allow Apps to Request to Track” in your iOS privacy settings.
    We respect your mobile privacy settings and will never override your system-level permissions.
9. Opt-Out Rights Under U.S. Law. If you are a California resident or a resident of another U.S. state with similar privacy laws (e.g., Colorado, Virginia), you may:
  1. Opt out of the “sale” or “sharing” of your Personal Data by activating GPC or using platform settings;
  2. Limit the use of Sensitive Personal Information if collected in the future (see CPRA §1798.121);
  3. Submit a verified rights request (see Section 9 of this Policy).
  4. We do not sell your Personal Data for monetary consideration and do not use Sensitive Personal Information for inferring characteristics unless expressly disclosed.
10. Withdrawal of Consent. Where the legal basis for processing your Personal Data is your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
11. You may withdraw consent through any of the following methods:
  1. By updating your preferences in your Talenver account settings;
  2. By adjusting your cookie choices via our Cookie Preference Center (available in the website footer);
  3. By contacting our Data Protection Officer at info@talenver.com
12. We will respond to all valid withdrawal requests within the legally mandated timeframes:
  1. Within 15 business days for California residents under the CPRA;
  2. Within one calendar month for data subjects under the GDPR (extendable by two months for complex requests, with notice).
  3. Please note that some Platform features may become partially or fully unavailable if they rely on the data for which consent has been withdrawn (e.g., personalized recommendations, certain cookies, or marketing emails).
HOW WE USE YOUR INFORMATION
1. We process your Personal Data only for clearly defined, legitimate, and proportionate purposes, as required by U.S. privacy laws (e.g., California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., as amended by the CPRA) and international frameworks (e.g., GDPR, UK GDPR). We adhere to the principles of purpose limitation, data minimization, and lawfulness of processing as core principles of our privacy governance.
2. Each processing activity is supported by a corresponding legal basis and limited to what is necessary to provide the Platform, enhance your experience, and meet our legal obligations.
3. Provision of Core Platform Services. We process your information to:
  1. Register, verify, and manage your account;
  2. Create and display your user profile;
  3. Enable you to post or respond to job listings;
  4. Match Talents with Hirers and facilitate service-related workflows;
  5. Maintain your dashboard and Platform access.
4. Legal Basis:
  1. Performance of a contract (Talenver Terms of Service);
  2. Legitimate interest in operating a secure and functional service environment.
5. Communication Tools and Transactional Notifications. We process Personal Data to enable:
  1. Real-time messaging between Users;
  2. Video or audio calls;
  3. Scheduling features (e.g., interviews or availability);
  4. Email or in-app notifications (e.g., activity alerts, reminders).
6. Legal Basis:
  1. Performance of a contract;
  2. Legitimate interest in ensuring uninterrupted communication between Users.
    Where applicable (e.g., newsletters or optional alerts), consent will be required.
7. Platform Analytics and Technical Diagnostics. We collect and analyze aggregated or pseudonymized data to:
  1. Understand usage patterns;
  2. Monitor system health and troubleshoot issues;
  3. Improve features and interface design;
  4. Guide internal business decisions.
8. Legal Basis:
  1. Legitimate interest in maintaining, developing, and optimizing the Platform;
  2. Consent, where required (e.g., for cookies and third-party analytics under GDPR or CPRA).
9. Personalization and Recommendations. We may tailor the content, job suggestions, or profile search results based on: Your prior activity; Location; Saved preferences; Behavioral insights.
10. Legal Basis:
  1. Legitimate interest in delivering relevant results;
  2. Consent, where behavioral profiling requires it (e.g., under GDPR or CPRA for Sensitive Data).
11. Premium Features and Payment Processing. For paid services, we process:
  1. Billing and subscription records;
  2. Payment identifiers and invoices;
  3. Tax jurisdiction or applicable billing contact details.
12. Legal Basis:
  1. Performance of a contract (paid plan terms);
  2. Legitimate interest in ensuring secure and compliant payments via PCI-compliant processors.
13. Marketing and Community Outreach. With your prior opt-in consent, we may send:
  1. Product updates and feature announcements;
  2. Event invitations;
  3. Surveys and newsletters;
  4. Community engagement campaigns.
  5. You may opt out of these communications at any time via email footer links or your notification settings.
14. Legal Basis:
  1. Consent (e.g., CPRA §1798.120(c), GDPR Art. 6(1)(a));
  2. Legitimate interest for existing customers, where legally permitted.
15. Fraud Prevention, Security, and Policy Enforcement. We use data to Monitor suspicious behavior, detect fraud or spam, investigate Terms of Service violations, moderate flagged content, and maintain cybersecurity protocols.
16. Legal Basis:
  1. Legitimate interest in securing the Platform;
  2. Legal obligation where law requires incident reporting or breach response.
17. Compliance with Legal Obligations. We may retain or disclose Personal Data as required to:
  1. Fulfill recordkeeping, accounting, or tax obligations;
  2. Respond to subpoenas or court orders;
  3. Cooperate with regulatory inquiries or law enforcement requests;
  4. Maintain lawful backups and audit trails.
  5. Legal Basis: Legal obligation under U.S. law (e.g., Cal. Civ. Code § 1798.110(c)) and GDPR Art. 6(1)(c).
18. Dispute Resolution and Enforcement of Legal Rights. We retain relevant Personal Data to:
  1. Enforce our contracts or defend legal claims;
  2. Investigate reported disputes;
  3. Assert or respond to complaints, subpoenas, or legal filings.
19. Legal Basis: Legitimate interest in dispute resolution, litigation management, and regulatory compliance.
20. Corporate Events and Restructuring. In the event of:
  1. A merger, acquisition, bankruptcy, asset sale, or restructuring;
  2. Negotiations regarding such transactions;
  3. We may transfer your Personal Data under contractual safeguards and confidentiality measures.
21. Legal Basis: Legitimate interest in ensuring operational continuity and responsible data stewardship.
22. Automated Monitoring and Abuse Prevention. To protect the integrity of the Platform, we employ automated tools—including AI-based models provided by OpenAI and Google Cloud—to monitor, detect, and flag potentially abusive, fraudulent, or policy-violating behavior. This includes analysis of content, messaging metadata, behavioral signals, and suspicious login patterns.
  
  While we do not use fully automated decision-making that produces legal or similarly significant effects under Article 22 GDPR, we reserve the right to restrict or suspend accounts when serious risks are identified. These systems are subject to human oversight, and users may request a review of automated enforcement actions.
HOW WE SHARE AND DISCLOSE INFORMATION
1. We treat your personal data with the highest level of confidentiality and disclose it only in accordance with applicable laws, contractual obligations, and your privacy choices. All disclosures are governed by the principles of lawfulness, necessity, proportionality, transparency, and accountability.
2. Disclosure to Other Users. The core functionality of Talenver is to connect Talents with Hirers. To enable this, certain limited information is disclosed by design:
  1. Talent Profiles: If you are a Talent, your public profile (e.g., name, location, title, experience, skills, portfolio, and availability status) may be visible to Hirers and other users, depending on your privacy settings. Some elements may also be discoverable by unregistered visitors or search engines if you opt in. We do not publish sensitive data (such as your email or phone number) unless you explicitly choose to display them.
  2. Hirer Information: If you represent a Hirer, your job postings, company name, logo, and recruiter identity may be visible to Talents and the public. Direct contact details (e.g., your email) are disclosed only when required for communication purposes and in accordance with your interaction flow.
  3. Messaging and Calls: Private messages and call metadata (e.g., participants, timestamps) are accessible only to the parties involved. We do not monitor or record private messages or calls unless explicitly required by law or triggered by a user-reported investigation into abuse.
  4. Public Forums and Contributions: Any content voluntarily posted in public areas of the Platform (e.g., discussion boards, testimonials, or reviews) is visible to all users and may be indexed by search engines. Please avoid posting personal or confidential information in such public channels.
  5. We provide granular visibility controls in your account settings to help you manage how your data appears and is shared across the Platform.
3. Disclosures to Service Providers (Processors). We engage trusted third-party service providers to perform certain functions on our behalf. These entities act as Data Processors and are contractually obligated to process your data solely as instructed by us and to maintain strict confidentiality.
4. Typical service categories include:
  1. Cloud infrastructure and hosting (e.g., AWS, Google Cloud)
  2. Analytics and performance monitoring (e.g., Google Analytics, Hotjar)
  3. Communication tools (e.g., email and video conferencing services)
  4. Payment processing (e.g., Stripe)
  5. Customer support, CRM, and feedback platforms
5. Each processor is bound by a Data Processing Agreement (DPA) that is consistent with Article 28 of the GDPR and applicable U.S. laws. We conduct due diligence and ongoing audits to ensure security, regulatory compliance, and limitation of access to what is strictly necessary.
6. Disclosures to Integration Partners (Independent Controllers). Certain Platform features involve interaction with third-party tools and systems that may act as independent Data Controllers, determining their own purposes and legal bases for processing:
  1. Single Sign-On (SSO): If you log in via services like Google or LinkedIn, we receive your verified identity data as authorized by you. The SSO provider processes your access credentials under their own privacy policy.
  2. Embedded Media or Widgets: Third-party content (e.g., YouTube videos, maps, calendars) embedded within the Platform may collect data or use tracking mechanisms governed by their own terms. We advise reviewing those third-party policies directly.
  3. Advertising Platforms (Future Use): While Talenver does not currently serve interest-based ads, should we introduce advertising or cross-context behavioral targeting in the future, we will:
    1. Provide clear opt-in consent where required;
    2. Honor “Do Not Sell or Share My Personal Information” links and Global Privacy Control (GPC) signals as mandated by the CPRA;
    3. Update this Policy to reflect any such changes.
  4. We only integrate with partners who demonstrate strong security and compliance practices. However, we are not responsible for how they process your data after receipt.
7. Legal Disclosures and Regulatory Compliance. We may access, preserve, or disclose your data where we are legally permitted or obligated to do so, including to:
  1. Respond to subpoenas, court orders, or lawful governmental requests;
  2. Comply with U.S. state or federal laws, or equivalent international legal obligations;
  3. Investigate or prevent suspected fraud, abuse, or security threats;
  4. Enforce our Terms of Service or other platform policies;
  5. Protect the rights, safety, or property of Talenver, our users, or the public.
  6. Where legally allowed, we will provide advance notice to affected users unless doing so would compromise investigations or contravene a legal prohibition.
8. Corporate Events and Business Transfers. In connection with a merger, acquisition, asset sale, financing, reorganization, bankruptcy, or similar event, we may transfer your personal data to a successor entity. In such cases:
  1. The successor will be contractually bound to honor privacy commitments that are materially equivalent to this Policy;
  2. You will be notified in advance if the intended use of your data materially changes, and may be given the opportunity to object or withdraw consent where applicable.
9. Disclosures Based on Your Consent. We will never share or disclose your Personal Data to third parties for purposes that are not explicitly stated in this Policy unless we first obtain your clear, informed, and affirmative consent.
  1. You may revoke such consent at any time by adjusting your preferences in your account settings or by contacting our Data Protection Officer (DPO) at info@talenver.com
10. California Shine the Light Notice (Cal. Civ. Code § 1798.83).We do not share personal information with unaffiliated third parties for their direct marketing purposes without your explicit consent. California residents may request further information about our disclosure practices by contacting us via the methods described in the “Contacting Talenver” section.
11. Talenver does not act as an escrow agent or intermediary in any financial transactions between users. All payments for job offers, services, or personal interactions are conducted externally and at the sole discretion and responsibility of the involved users. The Platform does not guarantee or enforce the fulfillment of agreements between users.
INTERNATIONAL DATA TRANSFERS
1. Talenver is owned and operated from the United States, and as such, your Personal Data may be transferred to, accessed from, or processed in jurisdictions outside of your country of residence, including—but not limited to – the United States. These transfers are essential to provide our Services, manage infrastructure, enable customer support, and ensure platform availability globally.
2. Transfers to the United States and Other Jurisdictions. By using the Platform, you acknowledge and agree that your Personal Data may be transferred to and processed in countries that may not provide the same level of data protection as your jurisdiction. In particular, the United States does not currently benefit from an adequacy decision under the GDPR or equivalent designations under other international privacy laws. Nevertheless, we apply stringent safeguards consistent with U.S. law and global privacy frameworks, including:
  1. The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA);
  2. Federal Trade Commission (FTC) rules and guidance on privacy, security, and deceptive practices;
  3. Sector-specific U.S. laws such as the Children’s Online Privacy Protection Act (COPPA), Gramm–Leach–Bliley Act (GLBA), and Health Insurance Portability and Accountability Act (HIPAA), where applicable;
  4. Contractual, technical, and organizational safeguards to protect data against unauthorized access, use, or disclosure.
3. All third-party processors and sub-processors receiving data from us are bound by written agreements that include:
  1. Confidentiality obligations;
  2. Data access restrictions (including geo-fencing where required);
  3. Prohibition on secondary use of data except as instructed by Talenver.
4. Transfers from the EEA, Switzerland, and Other Regulated Jurisdictions. If you are located in the European Economic Area (EEA), Switzerland, or another jurisdiction that imposes restrictions on international data transfers, we ensure that your data receives a level of protection equivalent to that required under your local laws. We rely on one or more of the following legal transfer mechanisms:
  1. Standard Contractual Clauses (SCCs) issued by the European Commission (or UK International Data Transfer Addendum, where applicable);
  2. Data Privacy Framework (DPF) Certification, where processors are certified under the EU–U.S. or Swiss–U.S. frameworks;
  3. Transfer Impact Assessments (TIAs) and supplementary safeguards, including encryption, pseudonymization, access logging, and robust technical controls;
  4. Explicit, informed consent where required by Article 49(1)(a) GDPR for specific transfers initiated by the user.
  5. You may request a copy of the applicable SCCs or information about the relevant safeguards we implement by contacting us via the methods set forth in the “Contact Us” section.
5. Your Consent and Rights in the Context of Transfers. Where consent is required under applicable laws (e.g., for certain cookie-based integrations or direct international job applications), we will request it prior to initiating such transfers. By continuing to use the Platform, you consent, where legally valid – to:
  1. The cross-border processing of your Personal Data by Talenver and its verified partners;
  2. The storage of your data in cloud infrastructure located in the United States or other jurisdictions necessary for service provision;
  3. Our reliance on recognized legal safeguards where required to ensure lawful processing.
6. We do not sell or share your Personal Data in cross-border contexts for behavioral advertising purposes. Should our data practices materially change, we will:
  1. Update this Privacy Policy;
  2. Provide you with advance notice;
  3. Offer appropriate opt-out or consent mechanisms in compliance with CPRA §§ 1798.115(d), 1798.120, and related provisions.
7. Our Global Commitment to Data Protection. Regardless of your location, we maintain a uniform, high-standard approach to data protection across jurisdictions, including:
  1. Compliance with the principles of purpose limitation, storage limitation, data minimization, and fairness;
  2. Strict access controls, least-privilege protocols, and staff privacy training;
  3. Zero-trust network architecture and regular penetration testing;
  4. Oversight by our Data Protection Officer (DPO) and internal compliance team;
  5. Prompt response to user rights requests and inquiries from regulators or supervisory authorities.
8. If you have any concerns regarding cross-border data transfers or if you wish to exercise rights relating to data processed in a foreign jurisdiction, you may contact our DPO at info@talenver.com, and we will respond in accordance with applicable legal timelines.
DATA RETENTION
1. Talenver retains your personal data only for as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy, comply with applicable legal obligations, resolve disputes, enforce our agreements, and maintain the integrity and security of the Platform. Our retention practices align with data minimization and storage limitation principles under applicable privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), and other relevant frameworks.
2. We apply predefined retention periods depending on the category of data, its usage context, and legal or contractual requirements. Where feasible, we implement automated deletion routines, anonymization protocols, and access restrictions for legacy data.
3. Account and Profile Data
  1. We retain your profile and account information (including identity, role, preferences, and job/project history) as long as your account remains active.
  2. If your account is deleted voluntarily or becomes inactive for a prolonged period (e.g., 12 months of inactivity, subject to notification), we initiate a deactivation and deletion process.Full erasure from active systems typically occurs within 30 to 60 days post-deletion, unless retention is legally required (e.g., for fraud prevention, regulatory compliance, or defense of legal claims).
  3. Minimal residual identifiers (e.g., hashed user ID) may be retained to prevent account misuse, impersonation, or re-registration abuse.
4. Communications and Messaging
  1. Messages exchanged via the Talenver Platform are retained for the duration of your account activity.
  2. Upon account deletion, your personal access to messages is revoked, and associated metadata is scheduled for deletion unless required for legal or moderation reasons.
  3. Messages already delivered to other users’ inboxes may remain available to them, as those recipients are independent controllers of their communication logs.
  4. Encrypted system backups may preserve messaging logs temporarily (see Section 9.6).
5. Payment and Financial Records
  1. Transactional records, including payment history, invoices, billing contacts, and tax-related information, are retained for a minimum of seven (7) years, or as required under U.S. federal and state tax laws, accounting regulations, and anti-fraud statutes.
  2. This retention ensures compliance with statutory audit obligations and financial reporting requirements.
6. Analytics, Cookies, and Usage Logs
  1. Analytics and usage-related metadata (e.g., IP logs, page interactions, referral sources) are retained only as long as necessary for performance optimization and security monitoring.
  2. Where technically possible, we configure tools like Google Analytics to purge personally identifiable data after 14–26 months.
  3. Aggregated or pseudonymized datasets that no longer identify individual users may be retained longer for trend analysis, research, or service improvement.
7. Legal, Compliance, and Enforcement Retention
  1. Personal data may be retained beyond normal periods where necessary to:
    1. Comply with subpoenas, court orders, or statutory obligations;
    2. Investigate or prevent fraud, abuse, or unlawful conduct;
    3. Enforce our Terms of Service;
    4. Preserve evidence in pending or reasonably anticipated litigation;
    5. Respond to regulatory investigations or consumer rights requests.
  2. In the event of a legal hold or government inquiry, deletion is suspended until resolution or release.
8. System Backups and Disaster Recovery
  1. Certain personal data may persist in encrypted backups retained solely for disaster recovery, data restoration, or business continuity purposes.
  2. Backup lifecycles follow a rolling deletion schedule, typically not exceeding 90 days, and are not used for active processing, profiling, or commercial exploitation.
9. Data Anonymization
  1. Where retention is no longer necessary, we either delete the data securely or anonymize it irreversibly so that it can no longer be linked to any individual.
  2. Anonymized data is no longer considered personal data and may be retained indefinitely for analytics, benchmarking, or system optimization.
10. User-Initiated Deletion
  1. You may request account or data deletion at any time via:
    1. The “Delete Account” feature in your Platform settings; or
    2. By contacting our Data Protection Officer at info@talenver.com.
  2. Please note: We may be required to retain certain data despite your request, as permitted or required by law (e.g., for tax, fraud prevention, or legal obligations). In such cases, the data will be restricted to the legally mandated purpose only and flagged for restricted access and future erasure.
YOUR RIGHTS AND CHOICES
1. Talenver is committed to upholding your rights as a data subject and empowering you to make informed decisions regarding your personal data. The rights available to you depend on your place of residence and applicable data protection laws, including U.S. federal and state privacy laws (such as the California Consumer Privacy Act, “CCPA”, as amended by the California Privacy Rights Act, “CPRA”), as well as the General Data Protection Regulation (“GDPR”) for users in the European Economic Area (EEA) and the United Kingdom.
2. Rights for U.S. Residents (Including California). If you are a resident of California or another U.S. state with enacted privacy legislation (e.g., Colorado, Connecticut, Utah, Virginia), you may exercise the following rights under applicable state law:
  1. Right to Know. Request details about the categories and specific pieces of personal information we collect, use, disclose, or otherwise process, including the purposes and third parties involved (Cal. Civ. Code § 1798.110, § 1798.115).
  2. Right to Delete. Request deletion of your personal information that we have collected and retained, subject to legal exceptions (e.g., fraud prevention, compliance with a legal obligation, or internal uses aligned with your relationship with us).
  3. Right to Correct. Request that we correct inaccurate personal information maintained about you (Cal. Civ. Code § 1798.106).
  4. Right to Opt Out of “Sale” or “Sharing”. Talenver does not currently sell or share personal data as defined under the CPRA for cross-context behavioral advertising. If this changes, we will provide a prominent “Do Not Sell or Share My Personal Information” link and honor global opt-out signals such as the Global Privacy Control (GPC).
  5. Right to Limit Use of Sensitive Personal Information. If we collect Sensitive Personal Information for purposes beyond those permitted under Cal. Civ. Code § 1798.121(a), you may direct us to limit its use.
  6. Right to Non-Discrimination. You will not be denied goods or services, charged different prices, or subjected to retaliation for exercising your legal rights under the CCPA/CPRA.
3. To exercise your U.S. privacy rights, please contact us at info@talenver.com, submit a request via talenver.com, or use available account tools. Authorized agents may submit requests on your behalf, subject to additional verification requirements.
4. Rights for Users in the EEA and United Kingdom. If you are located in the European Economic Area (EEA) or the UK, you are entitled to the following rights under Article 15–22 of the GDPR / UK GDPR:
  1. Right of Access (Art. 15): Receive confirmation as to whether we process your personal data and access a copy of such data.
  2. Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal information.
  3. Right to Erasure (“Right to be Forgotten”, Art. 17): Request deletion of your personal data, subject to lawful retention exceptions.
  4. Right to Restrict Processing (Art. 18): Request restriction of processing where data is contested, unlawfully processed, or no longer needed but required for legal claims.
  5. Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format or request its direct transfer to another controller.
  6. Right to Object (Art. 21): Object to processing based on our legitimate interests or for direct marketing purposes.
  7. Right to Withdraw Consent (Art. 7(3)): Withdraw your consent to processing at any time, without affecting the lawfulness of prior processing.
  8. Right to Lodge a Complaint: Contact your local data protection authority (DPA) or the UK Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint/.
5. Privacy Request Submission Mechanism. To exercise your privacy rights under the CPRA, GDPR, or other applicable data protection laws, you may submit a request using our designated web form at: https://www.talenver.com/
  
  Alternatively, you may contact our Data Protection Officer (DPO) via the contact details provided in the “Contacting Talenver” section. We also honor browser-enabled opt-out signals such as Global Privacy Control (GPC) and will respond to valid requests within the legally mandated timeframes.
6. How to Exercise Your Rights. You may exercise many of your privacy rights directly via your Talenver account settings, such as updating your profile, downloading a copy of your data, or deleting your account.
7. For formal privacy requests – including access, correction, deletion, portability, or restriction – you may contact us via:
  1. Email: info@talenver.com
  2. Web Form: talenver.com
8. To protect your data and ensure security, we will verify your identity before acting on your request. This may include confirming your registered email, requesting login validation, or providing documentation if acting through an authorized agent.
9. We will respond to your request within the legally required timeframes:
  1. Within 45 days under CPRA (extendable once by another 45 days with notice);
  2. Within 1 month under GDPR (extendable by 2 months for complex requests).
10. If we cannot fulfill your request, we will provide a written explanation referencing the legal basis for refusal.
HOW CALIFORNIA RESIDENTS CAN EXERCISE THEIR RIGHTS
1. If you are a resident of California, you are entitled to exercise your rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA) (Cal. Civ. Code § 1798.100 et seq.). These rights include:
  1. Right to Know. Request disclosure of the categories and/or specific pieces of personal information we collect, use, disclose, or “sell”/“share” (as those terms are defined under the CPRA), including the purposes and third parties involved.
  2. Right to Delete. Request that we delete personal information we have collected about you, subject to statutory exceptions (e.g., compliance, security, transaction fulfillment).
  3. Right to Correct. Request correction of inaccurate personal information that we maintain.
  4. Right to Opt Out of Sale or Sharing. Direct us not to “sell” or “share” your personal information, particularly for cross-context behavioral advertising. Talenver does not currently engage in such practices. Should this change, a “Do Not Sell or Share My Personal Information” link will be provided, and we will honor Global Privacy Control (GPC) opt-out signals.
  5. Right to Limit Use of Sensitive Personal Information. Where applicable, direct us to restrict the use or disclosure of sensitive data (e.g., government ID, precise geolocation, account credentials), except for permitted business purposes under Cal. Civ. Code § 1798.121.
  6. Right to Non-Discrimination. We will not deny goods, charge different prices, or provide different quality of service for exercising your legal rights.
2. How to Submit a Request. You may exercise your California privacy rights using any of the following methods:
  1. Email: Send your request to info@talenver.com with the subject line “CCPA Request”.
3. Verification Procedures. To protect your information, we are required to verify your identity before fulfilling any request. This may involve:
  1. Matching your request details to our records;
  2. Verifying control over your email or account;
  3. Requesting supplemental documentation, especially for sensitive or high-risk data.
4. If you are acting through an authorized agent, we will require:
  1. A signed written authorization or valid power of attorney; and
  2. Direct confirmation of your identity by the individual on whose behalf you are acting, as required by Cal. Civ. Code § 1798.140(y).
5. This Privacy Policy also serves as our Notice at Collection pursuant to Cal. Civ. Code § 1798.100(b) and satisfies the comprehensive disclosure requirements under § 1798.130(a)(5).
6. Automated Decision-Making and Profiling (GDPR Art. 22). Talenver does not engage in fully automated decision-making that produces legal effects or similarly significant consequences on individuals, as defined under Article 22 GDPR or applicable U.S. state laws.
7. We may use algorithmic features (such as recommendation filters, profile matches, or search rankings) to enhance user experience. However, these do not constitute decisions made without human involvement and do not have legally binding or discriminatory consequences.
8. If in the future Talenver introduces any fully automated systems of material legal consequence, we will:
  1. Provide explicit notice before initiating such processing;
  2. Ensure compliance with Article 22 of the GDPR, § 1798.185(a)(16) of the CPRA, or other applicable law;
  3. Offer the ability to request human review, contest the decision, and opt-out, as required.
9. Right to Lodge a Complaint. If you believe that our handling of your personal data violates applicable laws, you have the right to lodge a formal complaint with the appropriate regulatory body:
  1. California: Contact the California Privacy Protection Agency (CPPA) at https://cppa.ca.gov.
  2. European Union (EEA): File a complaint with your local Data Protection Authority (DPA). A list is available at https://edpb.europa.eu/about-edpb/board/members_en.
  3. United Kingdom: Submit a complaint to the Information Commissioner’s Office (ICO) via https://ico.org.uk.
10. We strongly encourage you to contact us directly first at info@talenver.com. We are committed to resolving privacy-related concerns promptly, fairly, and transparently.
11. California Shine the Light Notice (Cal. Civ. Code § 1798.83). We do not disclose your personal data to third parties for their direct marketing purposes without your explicit consent. California residents may request information about any such disclosures, if applicable, by contacting us at info@talenver.com
Children’s Privacy
1. Talenver is a professional platform specifically designed for individuals of legal age to engage in employment-related, freelance, or contractual services. We do not knowingly collect, process, or disclose personal data from children under the age of 13 in compliance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506. We further do not process personal information of individuals under the age of 16 without appropriate consent under the California Consumer Privacy Act (CCPA/CPRA) and Article 8 of the GDPR, where applicable.
2. Age Restrictions and Eligibility. By accessing or using Talenver, you represent and warrant that you are:
  1. At least 16 years old (or the applicable age of digital consent in your jurisdiction);
  2. Not a child under 13 years of age, regardless of parental consent;
  3. Otherwise legally authorized to enter into binding agreements under the laws of your jurisdiction (e.g., 18 years old in most U.S. states).
3. No Use by Children Under 13. We do not knowingly collect personal information from, or allow registration by, any person under the age of 13. If we discover that a child under 13 has provided personal data without verifiable parental consent, we will:
  1. Immediately disable the associated account;
  2. Promptly delete all related personal information from our systems and logs; and
  3. Notify the parent or legal guardian in accordance with FTC enforcement guidelines under COPPA.
4. Use by Minors Aged 13 to 17. Minors between the ages of 13 and 17 may use Talenver only with the verifiable consent of a parent or legal guardian, and solely for lawful, age-appropriate, and professional purposes, such as:
  1. Applying for internships, apprenticeships, or mentorship programs;
  2. Showcasing portfolios or creative work in supervised educational contexts.
5. We do not knowingly:
  1. Profile such minors for marketing purposes;
  2. Engage them in automated decision-making producing legal or similarly significant effects (as defined in GDPR Art. 22 and CPRA § 1798.121);
  3. Use their data for behavioral advertising, unless legally permitted and explicitly consented to by a parent or guardian.
6. Parental and Guardian Rights. If you are a parent or legal guardian and believe that your child has registered or shared personal information in violation of this Policy, you may:
  1. Contact us at info@talenver.com with a request for deletion;
  2. Be asked to provide evidence of your legal relationship to the child and a valid government-issued ID for verification;
  3. Receive confirmation of action taken in accordance with legal requirements and applicable timelines (e.g., 10 business days under COPPA).
7. Responsibilities of Hirers and Employers. Employers using Talenver to engage with minors are solely responsible for:
  1. Complying with all applicable child labor laws, including the Fair Labor Standards Act (FLSA) and any state-level youth employment regulations;
  2. Verifying the age and eligibility of minor applicants before initiating employment or service agreements;
  3. Ensuring that any job posting, internship, or opportunity involving minors is lawful, non-exploitative, and age-appropriate;
  4. Refraining from processing, collecting, or retaining unnecessary personal data from minor users.
  5. Failure to meet these obligations may result in account suspension or legal reporting
8. Reporting Suspected Violations. If you suspect that a user is underage or believe that we may have collected data from a child in violation of this Policy or applicable law, please notify us immediately at info@talenver.com. We will conduct a prompt investigation and take all necessary corrective actions.
9. Retention of Children’s Data (COPPA Compliance). We retain the personal data of minors only as long as necessary to fulfill the purpose for which it was collected, and only with verifiable consent from their parents or guardians. We promptly delete such data upon withdrawal of consent or termination of purpose, in accordance with the Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501–6506) and FTC regulations.
10. We retain children’s personal data no longer than is necessary to fulfill the purposes for which it was collected. All data from users under the age of 18 is stored only with verified parental consent and is promptly deleted upon request. We do not knowingly retain any information from children under the age of 13 in violation of the Children’s Online Privacy Protection Act (COPPA).
DATA SECURITY
1. At Talenver, the confidentiality, integrity, and availability of your personal data is a core priority. We implement and continuously improve a comprehensive data protection program designed to mitigate risks, prevent unauthorized access, and ensure full compliance with applicable privacy and cybersecurity regulations.
2. Security Governance and Compliance Framework. Our data security program is modeled on internationally recognized standards and U.S. legal expectations, including but not limited to:
  1. The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF);
  2. ISO/IEC 27001 (Information Security Management Systems) and ISO/IEC 27701 (Privacy Information Management);
  3. Applicable provisions of the California Consumer Privacy Act (CCPA/CPRA) and guidance from the Federal Trade Commission (FTC);
  4. Sector-specific regulations where applicable (e.g., GLBA, HIPAA, COPPA).
3. Technical and Organizational Measures. To protect your data throughout its lifecycle, Talenver maintains the following controls:
  1. Encryption and Key Management
    1. All data in transit is encrypted using TLS 1.2 or higher.
    2. Data at rest is encrypted using AES-256 industry-standard encryption.
    3. Passwords are hashed using bcrypt with appropriate salting and never stored in plaintext.
    4. Encryption keys are securely managed and rotated regularly.
  2. Access Management and Role Segregation
    1. We use strict role-based access control (RBAC) policies across systems and infrastructure.
    2. Access to personal data is limited strictly to personnel whose roles require such access, following the least privilege principle.
    3. All employees, contractors, and service providers with access to data are bound by confidentiality agreements and receive annual security and privacy training.
  3. Zero Trust Security Architecture
    1. We implement a Zero Trust model, verifying every access attempt regardless of origin.
    2. Multi-factor authentication (MFA), session timeouts, and context-aware authentication are enforced across sensitive environments.
  4. Real-Time Monitoring and Threat Detection
    1. Our systems are monitored 24/7 using Security Information and Event Management (SIEM) tools.
    2. We maintain active threat intelligence feeds and incident response protocols to ensure rapid mitigation of suspicious activity.
  5. Vulnerability and Penetration Testing
    1. We conduct independent third-party penetration tests at least annually.
    2. Ongoing vulnerability scanning is performed across our codebase, cloud infrastructure, and APIs.
    3. Critical vulnerabilities are remediated in accordance with industry-standard SLAs.
  6. Subprocessor Security Oversight
    1. Third-party vendors are evaluated based on their security certifications (e.g., SOC 2 Type II, ISO 27001) and are bound by Data Processing Agreements (DPAs).
    2. We restrict data sharing only to subprocessors with a legitimate operational role and enforce audit rights and breach notification duties contractually.
  7. Data Minimization, Anonymization, and Pseudonymization
    1. Where full personal data is not necessary, we use pseudonymization or anonymization techniques to limit risk.
    2. This is particularly applied in analytics, product testing, AI/ML training, and system optimization scenarios.
  8. Physical Security and Infrastructure Resilience
    1. Our infrastructure is hosted in Tier 3 or higher data centers with 24/7 physical surveillance, biometric access, and disaster recovery controls.
    2. All on-premise or paper-based storage (if any) is governed by strict destruction policies and chain-of-custody procedures.
4. Breach Notification and Regulatory Obligations. While no system is immune to risk, we are prepared to act swiftly and transparently:
  1. In the event of a data breach, we will notify affected users and regulators in accordance with U.S. state breach notification laws (e.g., Cal. Civ. Code §§ 1798.82–1798.84), CPRA § 1798.150, and, where applicable, the GDPR (Articles 33–34).
  2. For California residents, we will notify the California Privacy Protection Agency (CPPA) and provide detailed information on the scope, affected data, and mitigation steps.
  3. Our breach response procedures include root cause analysis, containment, user support, and continuous improvement post-incident.
5. Your Role in Protecting Your Data. Users are encouraged to:
  1. Use a strong, unique password and enable multi-factor authentication (where offered);
  2. Never share login credentials;
  3. Report suspicious activity or unauthorized access immediately to info@talenver.com.
6. Talenver is committed to continual assessment and improvement of our security posture to adapt to evolving threats and best practices. If you have questions about our data security program, please contact our Data Protection Officer (DPO) at info@talenver.com.
7. Data Protection Impact Assessments (DPIA) and Risk Management. We maintain a structured privacy governance framework and conduct Data Protection Impact Assessments (DPIAs) prior to launching any features, systems, or integrations that may pose a heightened risk to individuals’ privacy rights. This includes profiling, cross-context behavioral tracking, or automated processing of sensitive categories of data. Our approach complies with Section 1798.185(a)(15)(B) of the California Civil Code (CPRA) and incorporates risk-based methodologies aligned with ISO/IEC 27701 and the NIST Privacy Framework. DPIAs are reviewed by our DPO and, where necessary, supplemented by Transfer Impact Assessments (TIAs) for cross-border data flows.
DATA PROTECTION GOVERNANCE AND RISK ASSESSMENTS
1. Talenver maintains a proactive data protection governance framework aligned with global regulatory standards, including the California Consumer Privacy Act (as amended by the CPRA), the General Data Protection Regulation (GDPR), and relevant industry guidelines such as NIST and ISO/IEC 27701.
2. Data Protection Impact Assessments (DPIAs). We conduct formal Data Protection Impact Assessments (DPIAs) prior to the implementation of any platform feature, product enhancement, or third-party integration that is likely to result in a heightened risk to the rights and freedoms of individuals. This includes, but is not limited to:
  1. Large-scale processing of personal or sensitive data;
  2. Automated decision-making or profiling with potential legal or similar significant effects;
  3. Cross-border data transfers to jurisdictions lacking adequacy decisions;
  4. Integration of novel tracking or behavioral analytics technologies;
  5. Processing of minors’ data under expanded use cases.
3. Each DPIA evaluates potential risks, examines mitigation strategies, and documents safeguards to ensure compliance with CPRA § 1798.185(a)(15)(B) and GDPR Article 35. When appropriate, we consult with legal counsel, cybersecurity professionals, and—where required—regulatory authorities prior to proceeding with high-risk processing operations.
4. Privacy by Design and Default. Talenver adheres to the principles of Privacy by Design and Privacy by Default in the architecture and deployment of all features and services. This includes:
  1. Minimizing personal data collection to what is strictly necessary;
  2. Limiting retention to defined, documented periods;
  3. Restricting access on a need-to-know basis through role-based permissions;
  4. Embedding encryption, pseudonymization, and other technical safeguards at the design stage;
  5. Avoiding dark patterns that may subvert user control or informed consent.
5. All engineering and product teams are trained in privacy engineering principles, and new features undergo privacy reviews before public release.
6. Ongoing Risk Monitoring and Governance. Talenver continuously monitors privacy, security, and legal developments to ensure that our platform remains compliant and responsive to evolving threats and obligations. We maintain an internal register of data processing activities (ROPA), regularly update our DPIA library, and reassess existing processing activities as part of our platform’s lifecycle management and audit processes.
7. If you would like more information about our DPIA procedures or a summary of assessments relevant to your data, you may contact our Data Protection Officer (DPO) at info@talenver.com.
INCIDENT MANAGEMENT, BREACH NOTIFICATION, AND LEGAL DISCLAIMERS
1. Incident Response Program. Talenver maintains a robust, risk-based Incident Response Plan (IRP) aligned with the NIST CSF, FTC guidance, and relevant state-level data breach laws (e.g., Cal. Civ. Code §§ 1798.29, 1798.82). We conduct periodic tabletop exercises and penetration tests to assess readiness and response efficacy.
2. In the event of a confirmed security incident involving personal data:
  1. U.S. residents: We will notify affected users and regulatory agencies without unreasonable delay in accordance with applicable state notification statutes, including but not limited to the California Consumer Privacy Act (CCPA/CPRA) and California’s
  2. Security Breach Information Act. EU residents (if applicable): We will notify the appropriate Supervisory Authority within 72 hours pursuant to GDPR Article 33 and inform affected users where required under Article 34.
3. All breach notifications will contain:
  1. A general description of the breach and its impact;
  2. Categories of data affected;
  3. Steps we have taken to mitigate harm;
  4. Recommendations to users for protection.
4. Talenver will not be liable for any delays in notification attributable to third-party subprocessors, force majeure circumstances, or regulatory constraints.
5. User Responsibilities for Data Protection. Talenver provides industry-grade security, but ultimate protection also depends on user behavior. As such:
  1. Account Security: You are solely responsible for maintaining the confidentiality of your login credentials. Choose strong, unique passwords and enable Multi-Factor Authentication (MFA) where available.
  2. Device Security: You must use secure devices and update your operating systems and browsers to prevent local vulnerabilities.
  3. Suspicious Activity: If you suspect unauthorized access to your account, notify us immediately at info@talenver.com. Delayed reporting may limit our ability to assist or contain damage.
  4. Social Engineering and Phishing: We will never request passwords or sensitive data via email. Verify sender domains and avoid clicking on suspicious links.
  5. Content and Link Sharing: You are responsible for ensuring that any third-party links, documents, or content you share through Talenver comply with all applicable laws and do not contain malware, phishing payloads, or privacy-invading mechanisms.
6. Responsible Vulnerability Disclosure Policy. Talenver welcomes ethical security research. If you believe you have identified a potential vulnerability, contact us at info@talenver.com with sufficient technical detail for validation. We commit to:
  1. Acknowledge receipt within 5 business days;
  2. Investigate in good faith;
  3. Avoid legal action against good-faith researchers acting in accordance with this Policy;
  4. Optionally provide credit (with consent) for verified contributions.
7. Unauthorized access attempts, exploitation of vulnerabilities, or breach of system integrity for malicious or competitive purposes will be prosecuted under applicable law.
8. Note on Tax Information. While Talenver processes certain payment-related data for subscription management, the Platform does not engage in tax reporting or calculation for user transactions. For all tax-related matters, users should refer to the applicable provisions in our Terms of Service.
EXTERNAL LINKS AND THIRD-PARTY SERVICES
1. Platform Integrations and External Services. The Talenver Platform may incorporate or allow Users to access, embed, or link to third-party websites, services, or content (collectively, “Third-Party Services”), including:
  1. Portfolio or social profiles (e.g., LinkedIn, GitHub, Behance);
  2. Employer-hosted career portals or onboarding tools;
  3. External video conferencing, scheduling, or communication apps (e.g., Zoom, Calendly);
  4. Cloud-based document repositories (e.g., Google Drive, Dropbox);
  5. Third-party payment systems (e.g., Stripe, PayPal).
2. These integrations are provided for convenience or at the request of Users, but: Talenver does not own, control, or endorse any Third-Party Services and expressly disclaims all liability for their content, privacy practices, and security protocols.
3. Legal Disclaimers and Risk Allocation. Once you leave the Talenver environment (e.g., by clicking a link or using an embedded third-party widget), this Privacy Policy and our Terms of Service no longer apply. Your use of Third-Party Services is governed solely by their respective privacy policies and terms of use. We are not liable for:
  1. Any loss, damage, or data breach occurring within or due to a Third-Party Service;
  2. Any content misrepresentation, including broken or malicious links shared by other users;
  3. Any contractual obligations or disputes arising between users and third parties outside the Platform.
4. User Responsibilities for Linked Content. By including third-party content or links on your Talenver profile, messages, or job postings, you represent and warrant that:
  1. You have all necessary rights, licenses, and consents to share such content;
  2. The content is lawful, accurate, non-malicious, and does not violate third-party IP or privacy rights;
  3. You have independently reviewed the data handling practices of the linked service and accept responsibility for your own interaction with them.
5. We strongly discourage the use of:
  1. Links to deceptive, misleading, abusive, or phishing content;
  2. Embedded scripts or redirects to surveillance or adware networks;
  3. Any tool that attempts to track other users without consent.
6. Moderation and Enforcement. Talenver reserves the right, in its sole discretion, to:
  1. Remove or disable access to any third-party content or links deemed harmful, misleading, non-compliant, or contrary to our Terms;
  2. Suspend or terminate accounts that repeatedly or egregiously violate this standard;
  3. Act on user-reported links within a commercially reasonable timeframe.
  4. Users may report concerns about third-party content via email to info@talenver.com
7. Final Note. If you believe your rights have been infringed by a Third-Party Service accessed through the Platform, or you believe that such integration compromises your privacy or data security, contact our Data Protection Officer immediately at info@talenver.com
8. We take such reports seriously and will review them pursuant to our Platform Governance and Compliance Policy.
9. Recommendations to Users:
  1. Do not provide sensitive or personal data to external services unless you trust the recipient and have reviewed their data handling practices.
  2. Always verify the authenticity of third-party tools before linking or engaging with them via Talenver.
  3. Use the account settings dashboard to manage, update, or remove links associated with your profile or posted content.
  4. If you believe a third-party integration or link compromises your privacy or security, contact us immediately at info@talenver.com.
10. Updates to This Privacy Policy. Talenver reserves the right to amend or update this Privacy Policy at any time to reflect changes in:
  1. Our data collection and processing practices;
  2. Applicable legal requirements (including U.S. federal and state laws, CCPA/CPRA, and GDPR where applicable);
  3. Regulatory or enforcement guidance;
  4. Changes to our services, technologies, or partnerships.
11. Notification of Material Changes. If we make any material changes to how we collect, use, disclose, or retain your personal data, or if your rights under this Policy are impacted, we will notify you by:
  1. Posting a prominent notice on our website and/or within our mobile application;
  2. Sending an email and/or in-app notification to the contact details associated with your account, where legally required;
  3. Updating the “Last Updated” date at the top of this document.
  4. Your continued use of the Talenver Platform following such updates constitutes your acceptance of the revised Policy, to the extent permitted by law.
12. Consent Where Required. If the revised Policy involves a material change in purpose or legal basis for processing (e.g., a shift from legitimate interest to consent), and consent is legally required (e.g., under Art. 6(1)(a) GDPR or Cal. Civ. Code § 1798.120), we will:
  1. Seek your explicit opt-in consent before applying such changes;
  2. Offer you the ability to withdraw consent at any time without affecting prior processing.
13. Version Control and Archived Copies. We maintain an archive of prior versions of this Privacy Policy to comply with applicable law (e.g., Cal. Civ. Code § 1798.130(a)(5)(A) and GDPR Art. 5(2)). You may request access to a previous version by contacting our Privacy Team at info@talenver.com.
COOKIES AND TRACKING TECHNOLOGIES
1. Talenver uses cookies and similar tracking technologies to operate the Platform, enhance your experience, analyze usage patterns, and – where applicable – support personalized features or future advertising capabilities. This section explains what technologies we use, why we use them, and how you can manage your preferences.
2. What Are Cookies and Tracking Technologies? Cookies are small text files placed on your device when you visit a website or use an application. Tracking technologies also include:
  1. Web beacons or pixel tags;
  2. Local storage objects (LSOs);
  3. Mobile SDKs;
  4. JavaScript identifiers;
  5. Server log files and fingerprinting techniques.
  6. These technologies help us understand user behavior, secure the Platform, and tailor content and features.
3. Categories of Cookies We Use
  1. Strictly Necessary. Enable core functions like login, navigation, and security enforcement.
  2. Preferences. Store your language, region, and interface customizations.
  3. Analytics and Performance. Help us understand user engagement and optimize Platform features (e.g., Google Analytics, Firebase).
  4. Marketing and Advertising. Used to deliver targeted content and measure campaign effectiveness. We currently do not serve third-party ads but reserve the right to do so in the future with proper notice and user controls.
4. Third-party services may set cookies on your device when you use the Platform. These providers are governed by their own privacy policies and may collect information independently (e.g., Google, Meta, Stripe, Intercom).
5. Legal Basis for Use. We rely on the following legal bases:
  1. Consent for non-essential cookies under Art. 6(1)(a) GDPR and Cal. Civ. Code § 1798.100 et seq.;
  2. Legitimate interest for strictly necessary and performance-enhancing cookies, where applicable.
6. Cookie Consent and Opt-Out Options. Upon your first visit to the Platform, you will be presented with a cookie banner where required by law (e.g., GDPR, CPRA). You may:
  1. Accept all cookies;
  2. Reject non-essential cookies;
  3. Customize your settings by cookie category.
7. You can modify or revoke your preferences at any time via our Cookie Settings Panel or through your browser settings.
8. We also honor:
  1. Global Privacy Control (GPC) signals for California and other U.S. states;
  2. Do Not Track (DNT) signals where technically feasible;
  3. Universal opt-out platforms, including YourAdChoices and YourOnlineChoices.
9. Managing Cookies in Your Browser or Device. You may configure your browser or mobile device to:
  1. Block or delete cookies;
  2. Notify you when a cookie is set;
  3. Disable third-party cookies.
  4. Note: Disabling certain cookies may limit access to some features of the Platform, including secure login and personalized dashboards.
10. Future Changes. If we begin to use advertising cookies or third-party behavioral tracking, we will update this Policy, obtain appropriate consent, and implement opt-out mechanisms as required by:
  1. The California Consumer Privacy Act (CCPA), as amended by the CPRA;
  2. The ePrivacy Directive and GDPR;
  3. Other applicable data protection frameworks.
FINAL NOTES, PLATFORM CONDUCT, AND THIRD-PARTY CAUTION
1. User Awareness and Best Practices. We encourage all Users to:
  1. Review third-party tools before engaging with them via Talenver;
  2. Refrain from sharing sensitive personal information with unknown external recipients;
  3. Use in-platform settings to manage or remove third-party links and profile data;
  4. Report any suspicious behavior, phishing attempts, or third-party integrations that may compromise your privacy or the security of others.
2. If you believe a third-party service accessed through our Platform has infringed your privacy or introduced risk, contact us at info@talenver.com. We investigate all verified concerns in good faith.
3. Designated Agent for DMCA Notices. If you believe that content hosted on the Talenver Platform infringes your copyright, you may submit a Digital Millennium Copyright Act (DMCA) takedown notice to our designated agent. We comply with 17 U.S.C. § 512(c)(3) and maintain a formal takedown process to address such claims in good faith.
  1. Designated Agent: Talenver Inc. – DMCA Agent Email: info@talenver.com
  2. To be effective, your notice must include all information required under § 512(c)(3). Misuse of the DMCA process may result in legal consequences.
CONTACTING TALENVER
1. If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or your personal data, you may contact us using the methods below.
2. General Contact Information
  1. Email: info@talenver.com
    (Please include “Privacy Inquiry” in the subject line)
3. We aim to respond to verified privacy requests:
  1. Within 45 days for California residents under CPRA (with the possibility of a 45-day extension);
  2. Within 30 days for EU/UK residents under GDPR (extendable to 60 days with notice).
4. For identity verification, please include:
  1. The email associated with your account;
  2. Your jurisdiction (e.g., California, New York, Germany);
  3. A clear description of your request;
  4. Any supporting documentation (e.g., proof of authority, if acting through an agent).
Additional Policies and Guidance
1. For a comprehensive understanding of how we govern user behavior and protect rights on the Talenver Platform, we recommend reviewing:
  1. Content Moderation Policy – rules for acceptable conduct, safety, and misuse prevention;
  2. Intellectual Property Policy – rights, ownership, and licensing of user content.
2. Together with this Privacy Policy, these documents form an integral part of our governance structure and help us ensure a secure, lawful, and equitable environment for all Talenver Users.