Privacy Policy

Last updated: 29 June 2026

This Privacy Policy explains how Tedrix (“we”, “us”) collects and processes personal data when you use our website and gated application at tedrix.io (the “Service”). We are the data controller for your account data. For data you upload to run an automation, we act as a data processor on your behalf — see “Data you process through the Service” below.

Who we are

Tedrix is operated as a registered sole proprietorship (enskild firma) in Sweden. For any privacy question, or to exercise your rights, contact us at info@tedrix.io.

Data we collect

Account data: your name or company name, email address, and a securely hashed password (we never see your password in plain text).
Billing data: subscription status and billing details, handled by our payment processor, Stripe. We do not store full card numbers.
Usage data: basic technical logs needed to operate and secure the Service.

Data you process through the Service

When you run an automation (for example, ranking CVs), you may submit documents or other content that can contain personal data about third parties (such as job candidates). We process this content only to produce your result, and we do not retain it after the run completes — it is processed transiently and is not stored on our systems afterwards. For this content you are the controller and Tedrix is your processor; a Data Processing Agreement is available on request.

Legal bases (GDPR)

We process account and billing data to perform our contract with you (Article 6(1)(b)) and to meet legal obligations such as bookkeeping (Article 6(1)(c)). Limited technical logging relies on our legitimate interest in operating a secure Service (Article 6(1)(f)). Content you submit to an automation is processed under your instructions as controller.

Sub-processors

We rely on a small number of trusted providers to run the Service:

• Supabase — authentication and database hosting.
• Vercel — application hosting.
• Stripe — payment processing.
• Anthropic — AI model used to process automation content (e.g. scoring CVs). Content is sent only to generate your result and is not used to train models.
• Zoho — sending transactional email (e.g. confirmation and password-reset messages).

International transfers

Where a provider processes data outside the EU/EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses. We prefer EU processing regions for automation content where available.

How long we keep data

Account and billing data are kept while your account is active and for as long as required by law afterwards (e.g. accounting records). Automation content is not retained after a run. You can ask us to delete your account and associated data at any time.

Your rights

Under the GDPR you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability. You may also lodge a complaint with the Swedish data protection authority (Integritetsskyddsmyndigheten, IMY). To exercise any right, email info@tedrix.io.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.