Legal
Privacy Policy
Last updated: 28 May 2026
1. Who we are
EmployeePass("we", "us", "our") operates https://www.employeepass.pro and related applications that help engineers earn portable, verified credentials and help companies hire pre-verified talent in the European Union.
For GDPR purposes, EmployeePass is the data controller for personal data processed through our marketing site, waitlist forms, and platform (when available).
Contact: privacy@employeepass.pro
2. Our privacy principles
- EU-first: We design for GDPR compliance and store production data in the EU where possible.
- Purpose limitation: We collect only what we need to verify credentials, match talent, and operate the marketplace.
- Your control: Engineers choose profile visibility (public, opt-in, or stealth). You can request access, export, correction, or deletion of your data.
- Trust by design: Verification and reference data are structured and auditable — we do not sell personal data to third parties.
3. What data we collect
3.1 Engineers (waitlist & platform)
- Identity: name, email address
- Professional: specialty, experience level, country, career preferences
- Profile & credential: résumé/LinkedIn-derived data, assessment scores, VIP certification status, identity verification results (when enabled)
- OAuth: LinkedIn profile identifier and basic profile fields when you sign in with LinkedIn
- References: structured attestations submitted by past employers or colleagues (with their LinkedIn-verified identity)
3.2 Companies (waitlist & platform)
- Contact: name, work email, company name
- Hiring: estimated hires per year, country, demo booking status
- Usage: search queries, pipeline notes, messages with candidates (when platform features are active)
3.3 Reference givers
- LinkedIn OAuth identity, work email (when provided), structured reference responses, timestamp, and technical metadata for fraud prevention
3.4 Automatically collected
- Technical logs: IP address, browser type, device information, pages visited, referral source
- Cookies and similar technologies (see Section 8)
4. Why we use your data (legal bases)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Waitlist & account registration | Contract / pre-contractual steps |
| Engineering Passport verification | Contract; legitimate interest (fraud prevention) |
| Employer reference requests | Consent of the engineer initiating the request |
| Matching engineers with companies | Contract; consent (visibility settings) |
| Demo scheduling (Cal.com) | Contract / pre-contractual steps |
| Security, abuse prevention, audit logs | Legitimate interest |
| Product analytics (aggregated) | Legitimate interest |
| Marketing emails you opt into | Consent |
5. How we share data
We do not sell your personal data. We share data only when necessary:
- Companies: Engineer profile data you make visible or opt into — never more than your privacy settings allow.
- Reference givers: Engineers see submitted references on their profile; companies see references according to engineer visibility rules.
- Processors: Infrastructure and service providers that help us operate, including:
- Neon (EU Postgres database hosting)
- Vercel (application hosting)
- LinkedIn (OAuth authentication for engineers and referees)
- Cal.com (demo scheduling for companies)
- CodeSignal / identity verification providers (when VIP certification is used)
- Email delivery providers (transactional messages)
- Stripe (payments, when enabled)
We require processors to handle data under contract (GDPR Art. 28) and appropriate safeguards for any transfers outside the EEA.
6. International transfers
Our primary data storage is in the EU. If a sub-processor processes data outside the European Economic Area, we rely on Standard Contractual Clauses, adequacy decisions, or other GDPR-approved mechanisms. You may request details of safeguards by contacting privacy@employeepass.pro.
7. Retention
- Waitlist leads: until you create an account, ask for deletion, or 24 months of inactivity.
- Accounts & profiles: for the life of your account plus a short backup period after deletion.
- Engineering Passport credentials: for the validity period (typically 2–3 years) plus audit retention where legally required.
- References: immutable after submission; retained while the engineer profile is active unless deletion rights apply.
- Logs: typically 90 days for security; longer if needed for fraud investigations.
8. Cookies
We use:
- Strictly necessary: session and authentication cookies (e.g. after LinkedIn or email sign-in).
- Analytics: privacy-oriented usage metrics to improve the product (where enabled).
Non-essential cookies, where used, will be presented with consent options as required by EU law.
9. Your rights (GDPR)
If you are in the EU/EEA (or where applicable law grants similar rights), you may:
- Access your personal data
- Rectify inaccurate data
- Erase data ("right to be forgotten")
- Restrict or object to processing
- Data portability (structured, machine-readable export)
- Withdraw consent at any time (without affecting prior lawful processing)
- Lodge a complaint with your local supervisory authority
To exercise rights, email privacy@employeepass.pro. We respond within one month unless an extension is permitted.
10. Security
We use encryption in transit (TLS), access controls, role-based permissions, and audit logging. Verification and reference flows bind identities to OAuth providers where configured. No system is 100% secure — report concerns to privacy@employeepass.pro.
11. Children
EmployeePass is not directed at individuals under 18. We do not knowingly collect data from minors.
12. Changes
We may update this policy when our services or legal obligations change. Material changes will be posted on this page with an updated "Last updated" date. Continued use after changes constitutes notice where permitted by law.
13. Contact
Privacy inquiries: privacy@employeepass.pro
Data Protection Officer (when appointed): dpo@employeepass.pro