Privacy Policy
Last updated: March 24, 2026
This Privacy Policy explains how TailorShift collects, uses, and protects your personal data when you use our platform at tailorshift.co.
1. Data Controller
TailorShift is operated by:
- IRBIS Partners (IRBIS)
- SIRET: 831 642 608
- 42 rue Notre-Dame des Champs, 75006 Paris, France
- Contact: contact@irbis.fr
2. Data We Collect
- Account data: name, email address, profile photo, password (hashed), authentication identifiers
- Professional data: CV/resume content, work experience, skills, job titles, education, languages, geographic preferences, salary expectations
- Matching data: scores from our algorithmic matching engine, match history, interaction records
- OAuth data: information from sign-in providers (Google, LinkedIn, Apple) — see Sections 5-7
- Technical data: IP address, browser type, device info, pages visited, session duration
3. Purposes of Processing
- Account management: creating, maintaining, and securing your account
- Talent matching: analyzing profiles to identify opportunities using our scoring engine
- Platform operation: technical functionality, monitoring, improvement
- Communication: service notifications, match alerts, and (with consent) updates
- Security: detecting unauthorized access, fraud prevention
4. Legal Bases
| Purpose | Legal Basis |
|---|
| Account management | Performance of contract (Art. 6(1)(b) GDPR) |
| Talent matching | Legitimate interest (Art. 6(1)(f) GDPR) with balancing test |
| Platform operation | Legitimate interest (Art. 6(1)(f) GDPR) |
| Communication (service) | Performance of contract (Art. 6(1)(b) GDPR) |
| Communication (marketing) | Consent (Art. 6(1)(a) GDPR) |
| Talent pool retention | Consent (Art. 6(1)(a) GDPR) — withdrawable at any time |
| Security | Legitimate interest (Art. 6(1)(f) GDPR) |
5. Google Sign-In
When you sign in with Google, we receive your name, email address, and profile photo.
This data is used solely for account creation and authentication. We do not:
- Sell your Google account data to third parties
- Use it for advertising or ad targeting
- Use it for AI/ML model training unrelated to your matching experience
- Use it for credit scoring, lending, or data brokering
Your use of Google Sign-In is subject to the Google API Services User Data Policy.
6. LinkedIn Sign-In
When you sign in with LinkedIn, we receive your name, email address, and profile URL. This data is used solely for account creation and authentication. It is not sold or shared for advertising.
7. Apple Sign-In
When you sign in with Apple, we receive your name and email address. Apple may provide a Private Relay email address. We fully support this feature and will not attempt to resolve your actual email.
8. Algorithmic Matching
TailorShift uses an algorithmic matching engine that evaluates candidate-opportunity fit across multiple dimensions including competency, domain expertise, experience, and cultural alignment.
Safeguards
- No fully automated decisions with significant effects are made without human review
- A qualified recruiter reviews all match results before consequential action
- You may request an explanation of your matching score
- You may contest a matching decision and request human reassessment
- Contact contact@irbis.fr to exercise these rights
This disclosure complies with GDPR Article 22 and the CNIL Recruitment Referential.
9. Recipients and Sub-Processors
| Provider | Role | Location |
|---|
| Supabase | Database hosting and authentication | EU (AWS eu-west) |
| Vercel | Application hosting and CDN | Global (EU-primary) |
| Resend | Transactional email delivery | US (with SCCs) |
We do not sell personal data to any third party.
10. Data Retention
- Active accounts: duration of account + 6 months after closure
- Inactive talent profiles: maximum 2 years from last activity (CNIL guideline)
- Technical logs: 12 months
- Matching data: as long as the account is active
11. International Transfers
Data is primarily hosted in the EU (Supabase, AWS eu-west). Transfers outside the EU are protected by Standard Contractual Clauses (SCCs).
12. Your Rights
- Access: obtain a copy of your data
- Rectification: correct inaccurate data
- Erasure: request deletion
- Restriction: limit processing
- Portability: receive data in machine-readable format
- Objection: object to processing based on legitimate interest
- Withdraw consent: at any time, without affecting prior processing
Contact contact@irbis.fr. We respond within 30 days.
You may lodge a complaint with the CNIL.
13. Security
- Encryption at rest and in transit (TLS 1.2+)
- Row-level security on database tables
- Access controls on a need-to-know basis
- Regular security audits and dependency scanning
14. Cookies
We use essential cookies only (authentication and CSRF protection). No advertising, tracking, or analytics cookies.
15. AI Transparency
- TailorShift uses AI-assisted evaluation as a decision-support tool, not a decision-maker
- Human oversight at every consequential stage
- Regular audits for fairness, accuracy, and non-discrimination
Changes to This Policy
Material changes will be communicated via email or in-platform notification.