← Back to home
Legal

Privacy Policy

Last updated: July 10, 2026

HirePunk (operated by Mažoji Bendrija “Dekma”) provides AI-driven candidate sourcing and recruitment services — a website, web application, browser extension, and end-to-end recruiting services (together, the “Services”). This Privacy Policy explains how we collect, use, and safeguard personal data. Because our Services help identify and qualify candidates for employment roles, this policy covers our customers and website visitors as well as the candidates whose professional data is processed through the Services.

1. Data Controller

The data controller responsible for the processing described in this policy is Mažoji Bendrija “Dekma”, legal entity code 307544235, registered at Sodžiaus g. 34, Macenių k., LT-90100 Plungės r., Lithuania. Data about the Company are collected and stored in the Register of Legal Entities; the register manager is the state enterprise Centre of Registers.

Where our customers use the Services to process candidate data under their own instructions (see Section 6.1), the customer — not HirePunk — is the data controller for that processing, and their privacy notice applies to it.

2. Who This Policy Covers

This policy covers three groups of people:

Our Services are intended for business and professional use. We do not knowingly collect personal information from children under the age of 18.

3. Website Visitors, Marketing, and Business Contacts

3.1 Information we collect

3.2 How we use this information

3.3 Legal bases (GDPR)

3.4 Retention

4. Customer and Account Data

When you create an account or purchase the Services, we collect and process your name, email address, company details, billing information, account settings, and your communications with us. We process this data to provide the Services under our Terms of Service (performance of a contract), to invoice and collect payment (legal obligation and contract), and to provide support. We also automatically collect usage data about how you interact with the web application and extension — such as features used, actions taken, and diagnostic logs — based on our legitimate interest in operating, securing, and improving the Services.

We retain customer and account data for as long as your account is active and afterwards as necessary to comply with legal obligations (for example, accounting and tax laws), resolve disputes, and enforce our agreements.

5. The HirePunk Browser Extension

Our browser extension works alongside the recruiting tools you are already signed into on your own seat (for example, a professional network's recruiting product). The extension processes candidate profile information that you access through your own account — it does not use your credentials for any other purpose, and it transmits data to our servers only to provide the Services to you: extracting profile details, qualifying candidates against your role criteria, and assembling shortlists.

The extension stores limited operational data locally on your device (such as pairing state and progress of a sourcing run). We do not sell data collected by the extension, and we do not use it for purposes unrelated to providing and improving the Services.

6. Candidate Data

HirePunk processes candidate data in two distinct ways, with different roles under data-protection law.

6.1 Candidates processed under our customer's instructions (HirePunk as processor)

When a customer uses the Services — including the browser extension — to source and qualify candidates through their own recruiting seat, the customer (or their organisation) determines the purposes of that processing and is the data controller. HirePunk acts as a data processor: we handle candidate data only on the customer's documented instructions and only to provide the Services to them. Customers are responsible for ensuring they have a lawful basis to source and process candidate data and for complying with the terms of any third-party platform they use. A data processing agreement governing this processing is available on request.

If you are a candidate and your data was processed this way, requests about that data should be directed to the recruiter or company that sourced you; where you contact us instead, we will forward your request to them where applicable.

6.2 Candidates sourced by HirePunk (HirePunk as controller)

When we provide end-to-end recruiting services — identifying and qualifying candidates for a customer's role ourselves — HirePunk is the data controller for that sourcing activity.

What we process. Professional profile information, which may include: name and public profile identifiers (such as a public profile URL); job titles, employers, and employment dates; education, qualifications, and certifications; skills and languages; approximate location (city or region level); and other publicly available professional profile information such as headlines and summaries. We do not collect special category data (such as health, ethnicity, religion, or political opinions) as structured fields, and we do not use such data in matching.

Where it comes from. Candidate data comes from publicly available professional sources and professional networks, and may be supplemented by vetted third-party data providers that compile and license professional profile information. Contact details are processed only where needed to contact a candidate about a specific role.

Why we process it. To identify candidates who may be suitable for employment roles our customers are hiring for, to qualify them against role criteria, and to present relevant profiles to the hiring customer. Our lawful basis is legitimate interests (Article 6(1)(f) GDPR): connecting candidates with relevant professional opportunities, in a way candidates in the recruitment context can reasonably expect, using professional — not private — data.

AI-assisted matching. We use AI to help qualify and rank candidate profiles against a specific role's criteria. Scores and rankings exist only within the context of a specific search — no permanent score is attached to a candidate's profile. Recruiters and hiring teams review results themselves before taking any action; we do not make automated decisions about a candidate's suitability that produce legal or similarly significant effects. You may ask us for information about this processing, express your point of view, or request human review.

Who we share it with. When a candidate is identified as relevant to a role, their professional profile is shared with the hiring customer, who decides independently whether to make contact and becomes an independent data controller of the data they receive. We also share candidate data with service providers (such as hosting and AI infrastructure providers) under contractual safeguards.

How long we keep it. We retain candidate profiles for as long as they are relevant to active or recent sourcing work, and we delete or anonymise profiles that are no longer needed. If you ask us to delete your profile, we will remove it and keep a minimal suppression record to prevent it from being re-added.

7. Data Sharing and Disclosure

We do not sell personal data. We share personal data only with:

8. International Data Transfers

HirePunk is based in Lithuania and our Services are hosted within the European Union where practicable. Where personal data is transferred to a country outside the European Economic Area that does not provide an adequate level of protection (for example, to a service provider in the United States), we put appropriate safeguards in place, such as the Standard Contractual Clauses approved by the European Commission. You may request a copy of the relevant safeguards by contacting us.

9. Security

We implement technical and organisational measures — including encryption in transit, access controls, and the principle of least privilege — designed to protect personal data against unauthorised access, disclosure, alteration, or loss. No method of transmission or storage is completely secure; if we become aware of a security incident affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

10. Your Rights

Under the GDPR you have the right to:

To exercise any of these rights, contact us at silvestras@adpunk.ai. We may ask you to verify your identity before acting on a request, and we will respond within 30 days. If your request concerns data controlled by one of our customers (Section 6.1), we will direct it to them where applicable.

You also have the right to lodge a complaint with your local data protection authority. In Lithuania, this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, vdai.lrv.lt).

If you are located outside the EEA — including in US states with privacy legislation — you may have similar rights under your local law, such as the right to know, delete, correct, and opt out of certain processing. We will honour valid requests regardless of where you live.

11. Changes to This Policy

We may update this policy from time to time to reflect changes to the Services, legal requirements, or our processing practices. If we make significant changes, we will give prominent notice on our website. The “Last updated” date at the top of this page shows when the policy was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact the Data Controller:

Mažoji Bendrija “Dekma”
Legal entity code 307544235
Sodžiaus g. 34, Macenių k.
Plungės r., Lithuania, LT-90100
Email: silvestras@adpunk.ai
Phone: +370 662 17071

© 2026 Mažoji Bendrija “Dekma”