Legal
Privacy Policy
How Reliyre collects, uses, and protects personal data when you use our platform, websites, and services.
Last updated: June 2026
1. Introduction
This Privacy Policy explains how Reliyre B.V. ("Reliyre", "we", "us") collects, uses, and protects personal data when you use our platform, websites, and services (the "Service").
We are committed to protecting personal data and complying with the EU General Data Protection Regulation (GDPR) and applicable Dutch data protection law.
Data controller:
Reliyre B.V.
Contact: info@reliyre.com
2. Two roles: when we are controller and when we are processor
Reliyre processes personal data in two distinct roles:
2.1 As a data controller— for data about our own customers and website visitors (for example, account holders' names and emails, billing data, and website analytics). This Privacy Policy governs that processing.
2.2 As a data processor— when our customers (staffing agencies, HR teams) use the Service to process the personal data of their workers. In that case, the customer is the data controller and Reliyre acts on their behalf under a separate Data Processing Agreement (DPA). We process worker data only on the customer's documented instructions.
3. Personal data we collect
3.1 Account and contact data: name, email address, phone number, company name, role, and login credentials.
3.2 Billing data: billing details and payment information. Payment card data is processed directly by our payment provider (Stripe); we do not store full card numbers.
3.3 Usage and technical data: IP address, browser type, device information, log data, and information about how you use the Service.
3.4 Cookies and similar technologies: as described in our Cookie Policy.
3.5 Worker data (processed on behalf of customers): when customers use the Service, they may upload personal data about their workers, which can include identity documents (ID cards, passports), work permits, contact details, bank/IBAN details, qualifications, and contract information. We process this data as a processor on the customer's behalf, under the DPA.
4. How we use personal data and legal bases
We process personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Providing and operating the Service | Performance of a contract |
| Processing payments and billing | Performance of a contract |
| Communicating with you about your account | Performance of a contract / legitimate interest |
| Improving and securing the Service | Legitimate interest |
| Sending product updates or marketing (where applicable) | Consent / legitimate interest |
| Complying with legal obligations | Legal obligation |
Where we rely on consent, you may withdraw it at any time.
5. Sub-processors and third-party services
We use carefully selected third-party providers to deliver the Service. These may include:
- Stripe — payment processing
- Vercel / Supabase — hosting and database (EU region)
- Transactional email delivery
- Anthropic — document analysis and verification
- Google Analytics — website analytics
We require all sub-processors to provide adequate safeguards for personal data.
6. International data transfers
We host and process personal data within the European Union (data residency: Frankfurt, Germany). Where any sub-processor processes data outside the EU, we ensure appropriate safeguards are in place (such as EU Standard Contractual Clauses or an adequacy decision).
7. Data retention
We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law:
- Account data: for the duration of your subscription and a reasonable period afterwards.
- Billing data: as required by tax and accounting law (typically 7 years under Dutch law).
- Worker data (as processor): retained and deleted according to the customer's instructions and the DPA.
When data is no longer needed, we securely delete or anonymize it.
8. Your rights under the GDPR
If you are in the EU/EEA, you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Eraseyour data ("right to be forgotten"), subject to legal exceptions;
- Restrict or object to certain processing;
- Data portability — receive your data in a structured, machine-readable format;
- Withdraw consent at any time, where processing is based on consent;
- Lodge a complaint with a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
To exercise your rights, contact us at info@reliyre.com.
Note for workers: if your data is processed by Reliyre on behalf of a staffing agency or employer (our customer), you should direct requests to that organization, which is the data controller. We will assist them in responding.
9. How we protect personal data
We implement appropriate technical and organizational measures to protect personal data, including:
- encryption in transit and at rest;
- access controls and role-based permissions;
- hash-chained, tamper-evident audit logs;
- regular monitoring and backups;
- EU-based data hosting.
No system is completely secure, but we work continuously to protect your data.
10. Cookies
Our website uses cookies and similar technologies. For details, see our Cookie Policy.
11. Children
The Service is not directed to children under 18, and we do not knowingly collect their personal data.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, where changes are material, notify you through the Service or by email.
13. Contact
For any questions about this Privacy Policy or our handling of personal data:
Reliyre B.V.
Email: info@reliyre.com
If you wish to raise a concern, you also have the right to contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
