Legal
Privacy Notice
Last updated: 2026-05-24
1. Who we are
Augustova Limited (“Onrolo”, “we”, “us”) is the data controller for personal data processed through the Onrolo platform. Registered in England and Wales, Company No. 17216706 (registered office available on the Companies House register).
Contact: privacy@onrolo.ai
ICO registration: ZC152144
2. What data we collect
We collect the following categories of personal data depending on your relationship with us:
- Recruiters / Hiring managers: name, work email, job title, organisation name, billing details (processed by Stripe — not stored by us).
- Candidates: name, email address, phone number, CV / resume, screening responses (voice, text or chat), AI-scored competency results, application status.
- Technical data (all users): IP address, browser type, session identifiers, error logs, usage telemetry.
3. Lawful bases for processing
Our role under UK GDPR depends on who you are. For recruiters and hiring-manager accounts, Augustova Limited is the data controller for personal data you give us directly (account, billing, support). For candidate data uploaded or generated through the Platform on behalf of a hiring organisation, we act as a processoron that customer’s instructions under our Data Processing Agreement. Where we use aggregated, de-identified candidate data to improve the Platform we act as an independent controller.
We rely on the following Article 6 lawful bases:
| Processing activity | Lawful basis (Article 6 UK GDPR) |
|---|---|
| Provide the Platform under a paid subscription | Contract, Art. 6(1)(b) |
| Process payments and keep statutory financial records | Contract + Legal obligation, Art. 6(1)(b) & (c) (UK tax law) |
| Send transactional and service emails (e.g. screening invites, calendar invites) | Contract, Art. 6(1)(b) |
| Process candidate data on a customer’s behalf for screening & shortlisting | Customer’s lawful basis (typically Art. 6(1)(b) contract or 6(1)(f) legitimate interest in recruitment); Onrolo acts as processor under DPA |
| Prevent abuse, fraud, and rate-limit the API | Legitimate interests, Art. 6(1)(f) |
| Product analytics and error monitoring | Legitimate interests (essential telemetry) / Consent (non-essential cookies), Art. 6(1)(f) & (a) |
| Marketing email to recruiter contacts | Consent or soft opt-in under PECR reg. 22, Art. 6(1)(a) |
| Improve our AI screening models using aggregated, de-identified data | Legitimate interests, Art. 6(1)(f) (balanced against candidate rights; opt-out available on request) |
Special-category data (Article 9).Onrolo does not ask candidates for special-category data (health, disability, ethnicity, religion, sexual orientation, trade-union membership). Our screening questions are configured by customers and prohibited by our Acceptable Use Policy from soliciting Art. 9 data. Where such data appears voluntarily in a CV or free-text response, we process it on the basis of Art. 9(2)(e) (“manifestly made public by the data subject”) together with the customer’s recruitment basis. We do not use special-category data as an input to AI scoring.
4. How we use your data
We use personal data only for the purposes set out below. We do not sell personal data and we do not use candidate data for any advertising purpose.
Recruiters and hiring managers (we are controller)
- Create and maintain your account; authenticate you on sign-in.
- Operate the subscription (billing, invoicing, dunning).
- Send transactional messages: receipts, security alerts, account changes.
- Provide customer support and respond to your enquiries.
- Detect, prevent and investigate fraud, abuse, and security incidents.
- Comply with our own legal obligations (tax, accounting, regulator requests).
- Measure how the Platform is used (aggregated, with consent for non-essential analytics).
Candidates (we are processor for the customer; controller for our own platform telemetry)
- Deliver screening invitations, reminders, and calendar invites on the customer’s behalf.
- Collect screening responses (text, voice or chat) for the customer’s evaluation.
- Run AI-assisted scoring across the five named competency dimensions documented in the Model Card.
- Surface scored shortlists, transcripts, and rationale to the customer’s recruiters for human review.
- Provide candidates with a route to request human review of any AI assessment.
All users
- Operate, secure and improve the Platform (logging, monitoring, capacity planning).
- Comply with UK GDPR rights requests and ICO obligations.
5. Sub-processors and international transfers
We use the following third-party processors. Where data is transferred outside the UK/EEA we rely on UK International Data Transfer Agreements (IDTA) or Standard Contractual Clauses (SCCs). See our full Sub-processor List.
| Processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Supabase | Database, auth, storage | EU (AWS eu-west-1) | EU adequacy / UK IDTA |
| Retell AI | AI voice screening | US | UK IDTA / SCCs |
| Twilio | SMS & WhatsApp delivery | US / EU | UK IDTA / SCCs |
| Resend | Transactional email | US | UK IDTA / SCCs |
| Anthropic | AI screening & analysis | US | UK IDTA / SCCs |
| Vercel | Hosting & edge runtime | US (global CDN) | UK IDTA / SCCs |
| Sentry | Error monitoring | US | UK IDTA / SCCs |
| Inngest | Background job orchestration | US | UK IDTA / SCCs |
| Upstash | Redis caching & rate limiting | US / EU | UK IDTA / SCCs |
| Cloudflare (Turnstile) | Bot protection on public forms | US (global) | UK IDTA / SCCs |
| Meta (WhatsApp Cloud API) | WhatsApp candidate messaging | US | UK IDTA / SCCs |
6. Your rights
Under UK GDPR you have the right to: access, rectification, erasure, restriction, portability, and to object to processing. To exercise any right contact privacy@onrolo.ai.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk.
7. Retention
We keep personal data only as long as we need it for the purpose it was collected, or for as long as the law requires. For candidate data we process on a customer’s behalf, the customer is the controller and sets the retention period through their account settings and DPA. Where the customer has not configured a period our defaults apply.
| Category | Retention |
|---|---|
| Recruiter account and profile | Life of the subscription, then deleted within 30 days of account closure |
| Candidate applications, CVs, screening responses | Controlled by the customer; default 24 months from last activity, after which data is purged unless legal hold applies |
| AI screening scores and rationale | Same as the underlying application (linked record) |
| Voice screening recordings | 90 days, then deleted; transcripts retained with the application record |
| Billing and tax records | 7 years (UK tax law) |
| Sub-processor audit logs | 13 months |
| Product analytics events | 12 months rolling |
| Application error and security logs | 90 days |
| Cookie consent log | Retained for audit; the user identifier is nullified on account deletion |
| Backups | Encrypted, 30 days rolling; deleted data is purged from backups within that window |
Deletion is irreversible. Where a candidate exercises an erasure right, we will action it within 30 days and notify the customer that held the record so they can update their own systems where required.
8. Security
We treat the Platform as recruitment infrastructure and engineer for confidentiality, integrity and availability. Concretely:
- Encryption in transit: TLS 1.2 minimum (TLS 1.3 preferred) on every public endpoint; HSTS enforced.
- Encryption at rest: AES-256 across Supabase Postgres, Storage, and our Upstash cache.
- Tenant isolation: row-level security policies on every multi-tenant table; service-role access is gated to a small set of audited admin RPCs.
- Authentication: Supabase Auth with bcrypt-hashed passwords, leaked-password protection enabled, MFA required for internal admin accounts.
- Secret management: all keys live in Vercel / Supabase environment vaults; no secrets in source control.
- Webhook integrity: Stripe, Supabase, Resend and Retell webhooks are verified by signature before any state change.
- Error monitoring: Sentry with server-side PII scrubbing of names, emails, phone numbers, CV content and screening transcripts before any event is sent off-platform.
- Rate limiting: per-route Upstash limits, abuse kill-switch on AI routes, Cloudflare Turnstile on public forms.
- Sub-processor diligence: each processor is assessed against the UK ICO Transfer Risk Assessment template before onboarding and reviewed annually.
- Vulnerability disclosure: report security issues to security@onrolo.ai; we commit to acknowledging within 2 working days.
We are not currently SOC 2 or ISO 27001 certified. UK Cyber Essentials and a SOC 2 Type 1 readiness assessment are on our security roadmap; this page will be updated when those land. In the event of a personal data breach likely to result in a risk to data subjects, we will notify the ICO within 72 hours of becoming aware (Art. 33) and affected customers without undue delay.
9. Automated screening
Onrolo uses AI models (provided by Anthropic) to assist recruiters in evaluating candidate CVs and screening responses. The system produces a numeric fit score and supporting rationale across five named dimensions. All AI outputs are reviewed by a human recruiter before any candidate-facing decision is taken — no rejection or advancement is sent automatically. Candidates have the right, under UK GDPR Article 22, not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects; this right is protected by our human-in-the-loop policy. For full details of the model used, its limitations, and our bias-testing approach, see our AI Model Card. To request a human review of any AI assessment or to exercise your Art. 22 rights, contact privacy@onrolo.ai.
10. Cookies
See our Cookie Policy.
11. Changes to this notice
We will post material changes on this page and, where required by law, notify you by email. Continued use after the effective date constitutes acceptance.