Inga CRM

Privacy Policy

Last updated: March 18, 2026

1. Introduction

Welcome to Inga CRM ("we," "our," "us," or the "Company"). Inga CRM is an AI-powered recruiting Customer Relationship Management and Applicant Tracking System designed to help recruitment professionals streamline their hiring workflows. We are committed to protecting your privacy and handling your personal data with transparency and care.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at inga-crm.com (the "Site"), use our application (the "Service"), or otherwise interact with us. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

This Privacy Policy applies to all users of our Service, including recruiters, hiring managers, administrators, and any individuals whose data is processed through the platform. We encourage you to read this Privacy Policy carefully and contact us at hello@inga-crm.com if you have any questions.

2. Information We Collect

We collect information in several ways to provide, improve, and personalize our Service. The types of information we collect include the following:

2.1 Account and Registration Data

When you create an account or register for our Service, we collect personal information that you voluntarily provide to us, including but not limited to:

  • Full name and professional title
  • Email address
  • Phone number
  • Company or organization name
  • Billing and payment information (processed securely through our third-party payment processor)
  • Password (stored using Argon2id hashing — we never store plaintext passwords)
  • Profile preferences and settings

2.2 Candidate and Recruitment Data

As a recruiting CRM/ATS, our Service is designed to help you manage candidate information. When you use our Service, you may input, upload, or otherwise provide data about candidates and contacts, including but not limited to:

  • Candidate names, email addresses, phone numbers, and other contact information
  • Resumes, CVs, cover letters, and portfolio materials
  • Employment history, education, skills, and qualifications
  • Interview notes, assessments, evaluations, and feedback
  • Communication records between recruiters and candidates
  • Job application statuses and hiring pipeline stages
  • Salary expectations and compensation data
  • Any additional notes, tags, or custom fields you choose to create

You are the data controller for any candidate data you input into the Service. You are responsible for ensuring that you have obtained proper consent or have a lawful basis for processing candidate personal data through our platform in accordance with applicable data protection laws.

2.3 Usage and Analytics Data

We automatically collect certain information when you access and use the Service, including:

  • IP address and approximate geographic location
  • Browser type, version, and language preferences
  • Operating system and device information
  • Pages visited, features used, and actions taken within the Service
  • Date, time, and duration of your sessions
  • Referring website or source
  • Performance data, error logs, and diagnostic information

2.4 Cookie and Tracking Data

We use cookies and similar tracking technologies to collect information about your browsing activity. For detailed information about the cookies we use and your choices regarding cookies, please see Section 10 of this Privacy Policy.

2.5 Communications Data

When you contact us via email, through our website contact form, or through any other communication channel, we collect the information you provide in those communications, including your name, email address, and the content of your message.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To create and manage your account, provide access to our platform features, process transactions, and deliver the recruiting CRM/ATS functionality you have subscribed to.
  • AI-Powered Features: To power our artificial intelligence capabilities, including candidate matching, resume parsing, automated communication drafting, and intelligent recruitment insights. See Section 4 for detailed information about AI data processing.
  • Service Improvement: To analyze usage patterns, identify areas for improvement, develop new features, and optimize the overall user experience of our platform.
  • Communication: To send you important service-related notices, updates, security alerts, and support messages. With your consent, we may also send marketing communications about new features, promotions, or relevant content.
  • Security and Fraud Prevention: To monitor for and prevent unauthorized access, detect suspicious activity, investigate potential security incidents, and protect the integrity of our Service.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to establish, exercise, or defend legal claims.
  • Aggregated Analytics: To create anonymized, aggregated statistical data that does not identify any individual, which we may use for business analysis, research, and reporting purposes.
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.

4. AI Data Processing

Inga CRM utilizes artificial intelligence to provide intelligent recruiting features. We believe transparency about how AI interacts with your data is essential, and we want you to understand exactly how your information is processed by our AI systems.

4.1 AI Provider and Data Handling

Our AI features are powered by the Anthropic Claude API. We have specifically chosen Anthropic as our AI provider because of their strong commitment to data privacy and security. The following safeguards are in place:

  • Zero Data Retention: Anthropic operates under a zero data retention policy for API usage. This means that any data sent to Anthropic's API for processing is not stored, retained, or logged by Anthropic after the response is generated.
  • No Model Training: Your data is never used to train, fine-tune, or improve Anthropic's AI models. The data you send through our Service remains exclusively for providing you with the requested AI-powered features.
  • Transient Processing: Data sent to the AI API is processed in real-time and exists in Anthropic's systems only for the duration necessary to generate a response. No persistent copies are created.

4.2 What Data Is Sent to the AI

When you use AI-powered features within Inga CRM, only the data necessary for the specific function is sent to the AI provider. This may include:

  • Resume and CV text for parsing and analysis
  • Job descriptions for candidate matching
  • Communication drafts for AI-assisted writing
  • Candidate profile summaries for intelligent insights

We apply data minimization principles and send only the minimum information required to deliver the requested AI feature. Sensitive personal data (such as payment information) is never sent to the AI provider.

4.3 AI Output Disclaimer

AI-generated outputs, including candidate assessments, communication suggestions, and matching scores, are provided as decision-support tools only. They should not be treated as definitive evaluations or professional advice. You retain full responsibility for all hiring decisions made using our platform.

5. Data Storage and Security

We take the security of your data seriously and implement comprehensive technical and organizational measures to protect your information.

5.1 Data Hosting Location

All primary data is stored on dedicated servers hosted by Hetzner in the European Union. By hosting within the EU, we ensure that your data benefits from the robust data protection framework established by the General Data Protection Regulation (GDPR) and related European data protection laws.

5.2 File Storage

Uploaded files, including resumes, attachments, and documents, are stored using Cloudflare R2, a globally distributed object storage service. Cloudflare R2 provides high availability and durability for your files while maintaining strong security standards.

5.3 Security Measures

We implement the following security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security).
  • Encryption at Rest: Stored data is encrypted at rest using industry-standard AES-256 encryption.
  • Password Security: User passwords are hashed using Argon2id, the current state-of-the-art password hashing algorithm, which provides strong resistance against brute-force, side-channel, and GPU-based attacks.
  • Access Controls: We implement strict role-based access controls to ensure that only authorized personnel can access your data, and only to the extent necessary for their role.
  • Regular Security Audits: We conduct regular security assessments and vulnerability testing to identify and address potential security risks.
  • Incident Response: We maintain an incident response plan to quickly detect, respond to, and recover from security incidents.
  • Infrastructure Isolation: Our dedicated server infrastructure ensures physical and logical separation from other tenants, providing an additional layer of security.

5.4 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by the GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your information only in the following limited circumstances:

6.1 Service Providers

We engage trusted third-party service providers who assist us in operating our Service, conducting our business, or providing services to you. These service providers have access to your personal data only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data. Our current service providers include:

  • Hetzner: Dedicated server hosting in the European Union
  • Cloudflare: Content delivery, DDoS protection, and file storage (R2)
  • Anthropic: AI processing via API (zero data retention)
  • Payment processors: Secure payment processing for subscriptions

6.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including court orders, subpoenas, or governmental requests. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal data.

6.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and related data protection laws. We respect these rights and are committed to facilitating their exercise. Your rights include:

  • Right of Access: You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to Be Forgotten): You have the right to request that we delete your personal data, subject to certain exceptions such as compliance with legal obligations or the establishment, exercise, or defense of legal claims.
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
  • Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection laws.

To exercise any of these rights, please contact us at hello@inga-crm.com. We will respond to your request within 30 days, as required by law. We may need to verify your identity before processing your request. In certain cases, we may charge a reasonable fee or refuse a request if it is manifestly unfounded or excessive.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The specific retention periods depend on the type of data and the purpose of processing:

  • Account Data: Retained for the duration of your active account and for up to 12 months after account closure, unless longer retention is required by law or for the resolution of disputes.
  • Candidate and Recruitment Data: Retained for as long as your account is active. Upon account deletion, candidate data will be permanently deleted within 30 days, unless retention is required by applicable law.
  • Usage and Analytics Data: Retained for up to 24 months for service improvement and analytics purposes. This data is progressively anonymized over time.
  • Billing and Transaction Data: Retained for up to 7 years as required by tax and financial reporting regulations.
  • Communication Records: Customer support communications are retained for up to 24 months after resolution.

When data is no longer required, we will securely delete or anonymize it. Anonymized data, which can no longer be associated with any individual, may be retained indefinitely for statistical and analytical purposes.

9. International Data Transfers

Our primary data storage is located within the European Union. However, some of our service providers may process your data in other jurisdictions. When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission for the recipient country
  • Binding Corporate Rules where applicable
  • Your explicit consent for specific transfers where required

10. Cookies

We use cookies and similar tracking technologies to enhance your experience on our Site and Service. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

10.1 Types of Cookies We Use

  • Essential Cookies: These cookies are strictly necessary for the operation of our Site and Service. They enable core functionality such as authentication, session management, and security. These cookies cannot be disabled.
  • Performance and Analytics Cookies: These cookies help us understand how visitors interact with our Site by collecting information about page visits, traffic sources, and user behavior. This information is used to improve our Site and Service.
  • Functionality Cookies: These cookies enable enhanced functionality and personalization, such as remembering your language preferences and display settings.
  • Marketing Cookies: With your consent, we may use marketing cookies to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

10.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, please note that blocking essential cookies may impact the functionality of our Service. You can also manage your cookie preferences through our cookie consent banner when you first visit our Site.

11. Children's Privacy

Our Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as promptly as possible. If you believe that we may have collected information from a child under 16, please contact us immediately at hello@inga-crm.com.

12. Third-Party Links

Our Site and Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to any third-party sites or services. We are not responsible for the privacy practices of any third-party sites or services, and we encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will notify you by posting the updated Privacy Policy on this page with a revised "Last updated" date. For significant changes that materially affect your rights, we will provide additional notice through email or a prominent notification within our Service. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

We will endeavor to respond to all inquiries within a reasonable timeframe and no later than 30 days from receipt of your request, as required by applicable law.