Version 1.0 — Effective 9 April 2026
This Policy describes how M2Talents, operated by Mo Mohamed, Munich, Germany (the “Data Controller”) collects, processes, stores, and protects personal data via ApplicantGrid (the “Service”), in compliance with the GDPR (EU 2016/679), the BDSG, and the TTDSG.
Controller: M2Talents — Mo Mohamed
Address: Munich, Germany
Email: privacy@applicantgrid.com
Account data (name, email, country, phone), CV/resume uploads, application tracking data, networking contacts, imported emails, and payment information (processed via Stripe).
Technical data (IP, browser, device), usage data (pages, features, sessions), and authentication data (login timestamps, session tokens).
AI outputs (CV analyses, rewrites, interview prep), classification data, search queries, and AI usage metrics for fair usage tracking.
Contract (Art. 6(1)(b)): Account management, application tracking, email integration. Consent (Art. 6(1)(a)): AI-powered features, optional email import. Legitimate interest (Art. 6(1)(f)): Security, fraud prevention, analytics. Legal obligation (Art. 6(1)(c)): Tax records, regulatory compliance.
Supabase (database, auth, storage — EU/US with SCCs), Stripe (payments — US with SCCs), Mailgun/Sinch (email — EU/US with SCCs), Anthropic (AI via Claude Haiku — US with SCCs), Vercel/Replit (hosting — US/EU with SCCs). All bound by DPAs per Art. 28 GDPR.
When using AI Features, text content (not original files) is sent to Anthropic’s API for real-time processing. Anthropic does not retain data for model training. No automated decisions with legal effects are made — all AI outputs are suggestions for user review.
Active accounts: duration + 30 days. Deleted accounts: 30 days then permanently erased. Payment records: 10 years (§147 AO). Server logs: 90 days. Terminated violator identifiers: 24 months.
Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), withdraw consent (Art. 7(3)), and lodge a complaint with the BayLDA (Art. 77). Contact: privacy@applicantgrid.com. Response within 30 days.
We use strictly necessary cookies only (authentication, session management). No tracking cookies. If analytics are added in future, explicit consent will be obtained per TTDSG/GDPR.
TLS 1.2+ encryption in transit and at rest. Row-Level Security. bcrypt password hashing. Least-privilege access. Regular security reviews.
Supervisory authority notified within 72 hours (Art. 33). Affected users notified without undue delay if high risk (Art. 34).
The Service is not for individuals under 16. We do not knowingly collect data from children.
Material changes communicated 14 days in advance via email or in-app notification.
Privacy: privacy@applicantgrid.com
Support: support@applicantgrid.com
Supervisory Authority: BayLDA — https://www.lda.bayern.de
© 2026 M2Talents. All rights reserved. Last updated: 9 April 2026.