GDPR Compliance & Data Security

Symbioze.ai processes personal data (name, CV, contact details, professional history) as part of AI agent implementations on behalf of recruitment agencies. These processing activities are carried out as a data processor under GDPR (Art. 28), acting on documented instructions from the client agency, which acts as data controller. Data is never used beyond the contractually defined purposes or sold to third parties.

Data processed by our AI agents is retained only for the duration necessary to fulfill the defined mission with the agency. Upon completion, data is deleted or anonymized. Our infrastructure is hosted in Europe (GDPR compliant), secured with end-to-end encryption in transit and at rest, with access restricted to authorized personnel only.

Any individual whose data is processed through our AI agents holds the following rights: access, rectification, erasure, restriction, portability, and objection (GDPR Art. 15–21). To exercise these rights, individuals may contact the recruitment agency acting as data controller, or reach us directly at: privacy@symbioze.ai. Complaints may also be submitted to the relevant supervisory authority (CNIL in France, or your local data protection authority).