Stage 01
Collected for the role
Candidate data is gathered for one specific open role and a lawful hiring purpose — never speculative, never hoarded.
Compliance
GDPR-compliant AI hiring means using AI in recruitment in a way that respects EU data-protection law — lawful processing, data minimisation, candidate rights, and a human in the loop. Celper is built around those principles: you stay the data controller, and Celper is the processor that supports your compliance.
General information, not legal advice.
Data lifecycle
No black box, no indefinite storage. Data flows through three deliberate stages — and then it is gone on a timer you can see.
Stage 01
Candidate data is gathered for one specific open role and a lawful hiring purpose — never speculative, never hoarded.
Stage 02
The AI screens and scores; a person must review the analysis before any Selected or Rejected outcome.
Stage 03
When the retention window closes, candidate data is deleted automatically — configurable on Enterprise.
12-month
auto-deletion is the default for every candidate record. On Enterprise the retention window is configurable to match your own policy.
Roles & responsibilities
GDPR draws a clear line. You decide why and how candidate data is used; Celper handles it on your documented instructions — bound by a DPA, on EU soil.
You
The employer decides why and how candidate data is used, and stays responsible for its own processing and lawful basis.
Celper
Celper processes candidate data only on your documented instructions, under a DPA executed with every customer.
EU data residencyUsing Celper does not by itself make you compliant — as the employer you are the deployer and controller responsible for your own processing. Celper provides tooling that supports it. See our privacy notice and how this maps to the EU AI Act.
Built-in safeguards
Human oversight
A candidate cannot be set to Selected or Rejected until a person reviews the AI analysis.
The scored, explainable report informs that human — it does not replace them. This reflects GDPR Article 22 on solely-automated decisions and EU AI Act Article 14 on meaningful human oversight, with Article 14 transparency to candidates in mind. Built for recruiters, not replacements.
FAQ
Yes. Celper is built for GDPR-compliant AI hiring: data is encrypted in transit and at rest, hosted with EU data residency, candidate data is auto-deleted after 12 months, and a data processing agreement (DPA) is executed with every customer. Celper provides tooling that supports compliance — the employer remains the controller responsible for its own use.
The customer (the employer) is the data controller — it decides why and how candidate data is used. Celper acts as the data processor, handling that data on the controller’s documented instructions under a DPA signed with every customer.
Candidate data is stored with EU data residency on Google Cloud / Firebase infrastructure located in Belgium and the Netherlands. It is encrypted in transit and at rest, and Celper uses no advertising or marketing cookies.
Candidate data is automatically deleted after 12 months. On Enterprise, the retention window is configurable to fit your own policy.
No. A candidate cannot be set to Selected or Rejected until a person reviews the AI analysis. This reflects GDPR Article 22 on solely-automated decisions and EU AI Act Article 14 on meaningful human oversight.
Want more detail? Read the privacy notice, our wider FAQ, how Celper maps to the EU AI Act, or talk to us.
Type your number. Let Celper do the talking.
We’ll call you for a 60-second demo interview. No spam, ever.