Summary: Flintage processes candidate data on behalf of corporate clients via a transient pipeline but never permanently retains candidate documents (CVs, recordings) after delivery. Documents are processed and delivered directly to your own Google Drive folder, one you own and control. We only retain evaluation scores, metadata, and business records necessary to operate the service.
1. Who We Are
Flintage, a product of Eldorado Node ("we", "our", "us") is an AI automation engineering business operated by Eldorado Daniel, based in Abuja, FCT, Nigeria. We operate the Hiring Intelligence System at flintage.work and related services.
Contact: support@flintage.work
2. Data We Process
2.1 Corporate Client Data
When a corporate client registers with us, we collect and store:
- Company name and display name
- Contact email address
- Billing information (processed by our payment processing partners. We do not store card details)
- Cloud storage folder configuration (used to route file uploads to client's own storage)
- API usage metrics (submissions count, quota usage)
- Account settings (brand colour, logo URL, ATS webhook)
2.2 Candidate Evaluation Data
When a corporate client submits a candidate for evaluation, we process:
- CV files and audio recordings: transmitted through a transient processing pipeline, processed entirely in memory, and delivered directly to your designated Google Drive folder. Immediately after confirmed delivery, both files are programmatically deleted from the Processor's service account. Every deletion is logged in an immutable record (Eldorado_DeletionLog) with timestamp, delivery confirmation status, GDPR compliance flag, and minutes from delivery to deletion. We do not retain copies of these files after delivery.
- Candidate name and email: stored in our evaluation records to identify and route communications
- Evaluation scores and metadata: overall score, criteria scores, AI narrative, compliance status, role template, timestamps: stored in our cloud database
- Recruiter notes: behavioural signals submitted by the client's HR team as part of the evaluation
2.3 System Data
- Authentication logs (API key usage, timestamps)
- Error logs (workflow failures, system events)
- Audit trail records (immutable evaluation history for compliance)
3. How We Use Data
- To deliver the Hiring Intelligence System services to corporate clients
- To generate AI-powered candidate evaluation reports
- To send transactional emails (reports, offer letters, rejection notices, onboarding)
- To enforce usage quotas and manage billing
- To maintain compliance audit trails as required by applicable law
- To improve system performance and reliability
- To comply with legal obligations
4. Data Sovereignty: Candidate Documents
Candidate CVs and interview recordings are never permanently stored on Flintage servers. These files are securely processed through a transient pipeline and delivered directly to the corporate client's own Google Drive folder, one they own and control. Immediately after confirmed delivery, both files are programmatically deleted from the Processor's service account. Every deletion is logged in an immutable audit record with timestamp, delivery confirmation, and GDPR compliance flag. Flintage cannot access your files after deletion and does not maintain ongoing access to your Drive folder beyond the specific delivery write permission you have granted.
This architecture ensures full compliance with data minimisation principles under GDPR Article 5(1)(c) and equivalent data minimisation principles under applicable international data protection law.
5. Legal Bases for Processing
We process personal data under the following legal bases:
- Contract performance: processing necessary to deliver services to corporate clients
- Legitimate interests: system security, fraud prevention, service improvement
- Legal obligation: compliance audit trails, regulatory reporting
- Consent: where obtained from data subjects for specific processing activities
6. Data Sharing
We share data only with the following categories of third parties:
- Cloud Storage and Data Management Provider: for file storage routing and data storage. the provider's privacy policy applies.
- AI Evaluation Engine Provider: candidate data is transmitted to our AI evaluation engine for AI evaluation. Governed by the provider's API Terms of Service.
- Audio Processing Provider: audio data is transmitted for transcription. Governed by the provider's Terms of Service.
- Professional Data Intelligence Service: candidate names may be used for professional footprint searches. Governed by the provider's Terms of Service.
- Payment Processing Providers: payment processing. We do not store card details. Their respective privacy policies apply.
- SMTP providers: for email delivery.
We do not sell, rent, or trade personal data to any third party for marketing purposes.
7. International Data Transfers
Our services operate globally, serving clients across multiple jurisdictions worldwide. Data may be processed in any country where our service providers maintain infrastructure. When transferring data from the UK, EEA, or other regions, we rely on appropriate safeguards including standard contractual clauses.
8. Data Retention
- Candidate documents (CV, audio): deleted from Processor systems immediately after confirmed delivery to the client's Google Drive folder. Not retained by us at any point after delivery. The client holds these files in their own storage under their own retention policy.
- Candidate evaluation records (scores, metadata, compliance status, AI narrative): retained for 12 months from the evaluation date
- Audit log records: retained for 7 years for employment compliance purposes, in anonymised form after the evaluation record retention window closes
- Deletion log records: retained for 7 years as evidence of GDPR-compliant data handling
- Client account data: retained for the duration of the subscription plus 6 months after termination
- Authentication logs: retained for 90 days
9. Security
We implement appropriate technical and organisational measures to protect personal data, including:
- API key authentication for all data submissions
- HTTPS encryption for all data in transit
- Session token authentication for dashboard access
- Rate limiting and brute force protection
- Separate credentials for different system components
- Immutable audit logging
10. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of data we hold about you
- Rectification: request correction of inaccurate data
- Erasure: request deletion of your data (subject to legal retention requirements)
- Portability: receive your data in a machine-readable format
- Objection: object to processing based on legitimate interests
- Restriction: request restriction of processing in certain circumstances
To exercise any right, contact: support@flintage.work
11. Browser Storage
The client portal (portal.flintage.work) uses sessionStorage for authentication session management only. sessionStorage is not a cookie: it is stored locally in your browser tab, is never transmitted to our servers, and is cleared automatically when the browser tab is closed. We do not use tracking cookies, advertising cookies, or third-party analytics cookies on any part of our platform. No cookie consent banner is required.
12. Children's Data
Our services are intended for corporate HR use only. We do not knowingly process data relating to individuals under 18 years of age. If you believe we have inadvertently received data about a minor, please contact us immediately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified to active clients by email at least 14 days before taking effect. Continued use of the service after that date constitutes acceptance of the updated policy.
14. Contact
For privacy inquiries, data subject requests, or complaints:
Flintage, a product of Eldorado Node
Abuja, FCT, Nigeria
support@flintage.work
We will respond to all requests within 30 days.