GDPR / CCPA — Data Subject Rights
Data access, portability, and deletion requests for EU and California residents
Candidates on file
0
Across all sources for this tenant
Data Subject Requests
Process GDPR Article 15 (access), Article 20 (portability), and Article 17 (erasure) requests. CCPA equivalent requests are handled via the same workflow.
Export Candidate Data
Downloads all data held for a candidate: profile, applications, evaluations, interviews, and audit log entries. Satisfies GDPR Articles 15 and 20.
Delete Candidate Data
Soft-deletes candidate PII: name, email, and resume text are anonymized. Application and evaluation records are retained for audit integrity. Satisfies GDPR Article 17.
Warning: This action is irreversible. PII will be permanently anonymized. Audit records are retained per GDPR Article 17(3)(b).
About GDPR / CCPA compliance
Neuroxa processes candidate personal data as a data processor on behalf of your organization (the data controller). All data is stored in Postgres with tenant isolation. Candidate data is never shared across tenants.
Deletion requests anonymize PII while preserving audit records, which is required under GDPR Article 17(3)(b) for legal proceedings and Article 89 for scientific/research purposes. The audit log is append-only and captures the deletion event with timestamp.
Data retention: candidate records are retained for 24 months after last activity by default. Configure your retention policy in Tenant Settings.