Privacy Policy

Last updated: March 13, 2026

1. Who We Are

CultureMatch ("we", "us", "our") is a culture-matching platform operated from Amsterdam, the Netherlands. We help companies assess cultural fit of candidates using AI-powered questionnaires and evaluations.

Contact: hello@culturematch.nl
Address: Amsterdam, the Netherlands

2. Data We Collect

Account Information

When you create an account, we collect your name, email address, company name, and password (stored securely using bcrypt hashing).

Culture Assessment Data

We collect responses to culture questionnaires completed by your employees and job candidates. This includes values, preferences, and work style information used to generate culture match scores.

Candidate Data

When candidates apply through our platform, we collect their name, email, application responses, and any uploaded documents (CVs, cover letters).

Usage Data

We collect standard usage analytics including pages visited, features used, and technical information such as browser type and IP address.

3. How We Use Your Data

  • Service Delivery: Processing culture assessments, generating match scores, and providing analytics.
  • AI Evaluation: Candidate responses are processed by AI models (OpenAI, Mistral) to generate culture fit scores and recommendations. Data sent to AI providers is limited to assessment responses only — no personally identifiable information is included in AI prompts.
  • Billing: Payment processing is handled by Mollie (mollie.com). We do not store credit card details.
  • Communication: Sending questionnaire invitations, application confirmations, and service notifications.
  • Improvement: Analyzing usage patterns to improve our platform.

4. Legal Basis (GDPR)

We process your data based on:

  • Contract: Processing necessary to provide our services (Art. 6(1)(b) GDPR).
  • Legitimate interest: Analytics and service improvement (Art. 6(1)(f) GDPR).
  • Consent: Marketing communications, where applicable (Art. 6(1)(a) GDPR).

5. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Port your data to another service
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise any of these rights, contact us at hello@culturematch.nl.

6. Data Sharing

We share data only with:

  • AI Providers (OpenAI, Mistral) — anonymized assessment data for evaluation
  • Mollie — payment processing
  • AWS — cloud infrastructure and file storage
  • Sentry — error monitoring (no personal data)

We do not sell your data to third parties.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, personal data is removed within 30 days. Anonymized analytics data may be retained indefinitely.

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

9. Security

We protect your data with:

  • Encrypted connections (HTTPS/TLS)
  • Secure password hashing (bcrypt)
  • Two-factor authentication (TOTP)
  • Role-based access controls
  • Regular security reviews

10. Changes

We may update this policy from time to time. We will notify you of material changes via email or in-app notification.

11. Contact

For privacy-related questions or requests:
Email: hello@culturematch.nl
Address: Amsterdam, the Netherlands