Legal

Privacy Policy

How Reliyre collects, uses, and protects personal data when you use our platform, websites, and services.

Last updated: June 2026

1. Introduction

This Privacy Policy explains how Reliyre B.V. ("Reliyre", "we", "us") collects, uses, and protects personal data when you use our platform, websites, and services (the "Service").

We are committed to protecting personal data and complying with the EU General Data Protection Regulation (GDPR) and applicable Dutch data protection law.

Data controller:
Reliyre B.V.
Contact: info@reliyre.com

2. Two roles: when we are controller and when we are processor

Reliyre processes personal data in two distinct roles:

2.1 As a data controller— for data about our own customers and website visitors (for example, account holders' names and emails, billing data, and website analytics). This Privacy Policy governs that processing.

2.2 As a data processor— when our customers (staffing agencies, HR teams) use the Service to process the personal data of their workers. In that case, the customer is the data controller and Reliyre acts on their behalf under a separate Data Processing Agreement (DPA). We process worker data only on the customer's documented instructions.

3. Personal data we collect

3.1 Account and contact data: name, email address, phone number, company name, role, and login credentials.

3.2 Billing data: billing details and payment information. Payment card data is processed directly by our payment provider (Stripe); we do not store full card numbers.

3.3 Usage and technical data: IP address, browser type, device information, log data, and information about how you use the Service.

3.4 Cookies and similar technologies: as described in our Cookie Policy.

3.5 Worker data (processed on behalf of customers): when customers use the Service, they may upload personal data about their workers, which can include identity documents (ID cards, passports), work permits, contact details, bank/IBAN details, qualifications, and contract information. We process this data as a processor on the customer's behalf, under the DPA.

4. How we use personal data and legal bases

We process personal data for the following purposes:

PurposeLegal basis
Providing and operating the ServicePerformance of a contract
Processing payments and billingPerformance of a contract
Communicating with you about your accountPerformance of a contract / legitimate interest
Improving and securing the ServiceLegitimate interest
Sending product updates or marketing (where applicable)Consent / legitimate interest
Complying with legal obligationsLegal obligation

Where we rely on consent, you may withdraw it at any time.

5. Sub-processors and third-party services

We use carefully selected third-party providers to deliver the Service. These may include:

  • Stripe — payment processing
  • Vercel / Supabase — hosting and database (EU region)
  • Transactional email delivery
  • Anthropic — document analysis and verification
  • Google Analytics — website analytics

We require all sub-processors to provide adequate safeguards for personal data.

6. International data transfers

We host and process personal data within the European Union (data residency: Frankfurt, Germany). Where any sub-processor processes data outside the EU, we ensure appropriate safeguards are in place (such as EU Standard Contractual Clauses or an adequacy decision).

7. Data retention

We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law:

  • Account data: for the duration of your subscription and a reasonable period afterwards.
  • Billing data: as required by tax and accounting law (typically 7 years under Dutch law).
  • Worker data (as processor): retained and deleted according to the customer's instructions and the DPA.

When data is no longer needed, we securely delete or anonymize it.

8. Your rights under the GDPR

If you are in the EU/EEA, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Eraseyour data ("right to be forgotten"), subject to legal exceptions;
  • Restrict or object to certain processing;
  • Data portability — receive your data in a structured, machine-readable format;
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

To exercise your rights, contact us at info@reliyre.com.

Note for workers: if your data is processed by Reliyre on behalf of a staffing agency or employer (our customer), you should direct requests to that organization, which is the data controller. We will assist them in responding.

9. How we protect personal data

We implement appropriate technical and organizational measures to protect personal data, including:

  • encryption in transit and at rest;
  • access controls and role-based permissions;
  • hash-chained, tamper-evident audit logs;
  • regular monitoring and backups;
  • EU-based data hosting.

No system is completely secure, but we work continuously to protect your data.

10. Cookies

Our website uses cookies and similar technologies. For details, see our Cookie Policy.

11. Children

The Service is not directed to children under 18, and we do not knowingly collect their personal data.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, where changes are material, notify you through the Service or by email.

13. Contact

For any questions about this Privacy Policy or our handling of personal data:

Reliyre B.V.
Email: info@reliyre.com

If you wish to raise a concern, you also have the right to contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).