Privacy Policy

1. Introduction

This Privacy Policy explains how Topliner Group B.V. ("we", "us", or "our") collects, uses, and protects information when you use our AI-powered executive search research platform (the "Service").

Important: You act as the Data Controller for any candidate or third-party data processed through the Service. We provide the tools and infrastructure; you are responsible for ensuring your use of the Service complies with applicable law.

2. Information We Collect

We collect information you provide directly — including account registration details, project configurations, search parameters, and support communications — as well as usage and technical data generated automatically when you use the platform (such as log data, browser type, and IP address).

The Service also processes publicly available professional information collected through automated tools, including professional profiles, employment history, and company data. You are the Data Controller for this third-party data and are solely responsible for ensuring you have a lawful basis to process it.

3. How We Use Information

We use information solely to provide and maintain the Service: operating the platform, processing your queries using AI and automated tools, responding to support requests, detecting security issues, and complying with legal obligations. We do not use candidate or third-party data for our own marketing, profiling, or AI model training. We act as a Data Processor for such data.

4. Data Sharing

We do not sell or rent data. We share information only where necessary: with infrastructure and service providers required to operate the platform, within your workspace as determined by your own access controls, when required by law, or with your explicit consent. We do not share candidate or third-party data with other Service users or external parties beyond what is necessary to provide the Service.

5. International Data Transfers

Some of our service providers are based outside the EEA, including in the United States. Specifically, queries processed through the AI Copilot are handled by Anthropic (USA), and candidate profile data is sourced via Crustdata (USA). These constitute transfers of personal data outside the EEA. We ensure such transfers are covered by appropriate safeguards, including EU Standard Contractual Clauses where required under GDPR Chapter V.

6. Data Security

We implement technical and organisational measures to protect your data, including access controls, authentication mechanisms, and regular security assessments. You are responsible for maintaining the security of your account credentials.

7. Data Retention

We retain account and project data for as long as your account is active and for up to 90 days following account closure to allow for data export. Log data is typically retained for 90 days. Data may be retained longer if required by law. You are responsible for managing and deleting third-party professional data in accordance with your own retention obligations.

8. Cookies

We use essential cookies required for the Service to function, functional cookies that remember your preferences, and analytics cookies that help us understand how the platform is used. You can control cookies through your browser settings; disabling essential cookies may affect Service functionality.

9. Your Rights

Under GDPR, you have the right to access, rectify, erase, restrict, or port your personal account data, and to object to its processing. To exercise these rights, contact legal@topliner.app .

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

For requests relating to candidate or third-party data, please contact the organisation that uses TOPLINER to process your information, as they are the Data Controller for such data.

10. Children's Privacy

The Service is intended for business use only and is not directed to individuals under 18 years of age.

11. Changes to This Policy

We will notify users of material changes by email or through the Service at least 60 days before they take effect. Continued use of the Service after changes become effective constitutes acceptance.

12. Contact

For questions about this Privacy Policy, data requests, or privacy concerns, contact: