.png&w=384&q=75&dpl=dpl_CL5ezxZFu5RMXpEK46Reefy7CbnS){kind=small}
Privacy Policy
Last updated: May 12, 2026 · v3.1
1. Data Controller
Zeder LLC ("selenios.com"), registered in the State of Delaware, United States, with its registered office at 16192 Coastal Highway, Lewes, DE 19958, is responsible for the processing of personal data we collect and process through our website and application.
selenios.com is an AI-assisted recruitment platform that offers sourcing, automated screening, interview scheduling, video call recording and analysis, and analytics associated with selection processes.
2. Scope of this Policy
This Policy regulates the collection, processing, storage and deletion of personal data in connection with the use of selenios.com services. It applies to candidates, users of our clients, and any data subject whose data is processed through our platform.
We are committed to complying with the privacy and data protection laws in force in the jurisdictions where we operate, as well as with the Data Protection Principles of the Ibero-American Data Protection Network (RIPD).
3. Privacy Contact
selenios.com has appointed an internal contact responsible for coordinating privacy and data protection matters, handling data subject inquiries, and serving as the point of communication with clients and authorities.
- Contact: dpo@selenios.com
Responsibilities include:
- Overseeing compliance with applicable data protection regulations.
- Coordinating the exercise of data subject rights (access, rectification, deletion, objection, portability, restriction).
- Advising the team on good practices in handling personal data.
- Acting as the point of contact with authorities and clients.
- Coordinating the management of data security incidents.
4. Purposes of Processing
We process personal data exclusively for the following purposes:
- Candidate sourcing: identifying and contacting potential candidates for selection processes.
- Automated screening: analyzing and evaluating candidates through artificial intelligence tools.
- Interview scheduling: coordinating meetings between candidates and clients via calendar synchronization.
- Interview recording and analysis: capturing, transcribing and summarizing video calls to assist the client in decision-making.
- Analytics and reporting: generating metrics and reports on selection processes.
- Service improvement: internal analysis aimed at optimizing the platform.
- Legal compliance: meeting legal obligations and responding to requests from competent authorities.
We do not use personal data for purposes other than those informed without prior notice and, where applicable, without obtaining consent again.
5. Categories of Personal Data We Collect
We process the following categories of personal data:
- Identification and contact data: first name, last name, email, phone, location.
- Professional information: CV, work history, academic background, certifications, public professional profiles (e.g., LinkedIn).
- Platform interactions: messages, questionnaire responses, communications via WhatsApp and other enabled channels.
- Interview content: video and audio recordings, transcripts, interview notes.
- Derived data: candidate scoring, automated evaluations, AI-generated summaries.
- Technical data: IP address, device identifiers, platform usage data, cookies.
- Calendar data: availability, events, participants (when the user connects their Google Calendar).
We do not request sensitive data (health, political opinions, biometric data or other special categories). If, due to the nature of a selection process, a client incorporates such information, the client is responsible for having obtained the corresponding data subject's consent and we process that information with the same level of protection as the rest.
6. Methods and Sources of Collection
Personal data may be obtained from the following sources:
- Directly from the data subject: forms, platform responses, participation in interviews or calls.
- Through our clients: clients may upload to the platform information about candidates they have previously contacted or who have applied to their openings.
- Integrations with third-party services: Google Calendar (when the user authorizes the connection), videoconferencing platforms and messaging tools enabled by the client.
- Public sources: professional profiles and other publicly available information, used solely for sourcing purposes.
We obtain data only from sources we reasonably understand to be lawful. When data comes from the client, we assume the client has obtained the data subject's consent in accordance with its own legal obligations.
7. Role of selenios.com in Processing
- Data controller: when we interact directly with the data subject and obtain their consent (e.g., website registration, subscription to communications).
- Data processor: when we process data on behalf of a client. In that case, the client is the controller and we process the data following its instructions and the terms of the contract.
8. Consent and User Choices
When consent is required:
- Before collecting personal data directly from the data subject.
- Before activating integrations that access the data subject's data (e.g., Google Calendar).
- Before using data for new purposes not previously informed.
- When, exceptionally, sensitive information is collected, by means of explicit and separate consent.
Data subject choices:
- Choose not to provide certain data. If the data is necessary to provide the service, we will inform you of the consequences (for example, being unable to participate in a selection process).
- Withdraw consent at any time by writing to dpo@selenios.com. Withdrawal does not affect the lawfulness of prior processing but may limit further use of the service.
- Disconnect integrations (for example, revoke access to Google Calendar from your Google Account).
Client responsibility: when we act as processors, the client is responsible for obtaining informed consent from candidates and end users before incorporating their data into the platform and for informing them how to exercise their rights.
9. Sharing with Third Parties and Subprocessors
We share personal data only with third parties strictly necessary to provide the service. We work with providers that have their own recognized security standards and, where appropriate, data processing agreements (DPAs) that govern the use of the information.
Our main subprocessors are listed in our Trust Center: https://trust.selenios.com/subprocessors
We do not sell personal data. We do not use it for targeted advertising or marketing profiling. We only disclose data to other third parties where there is (a) data subject consent, (b) client instruction under contract, or (c) legal obligation.
We maintain an internal list of subprocessors and review at least annually the current security certifications of the main ones (for example, their SOC 2 reports or equivalents).
10. International Transfers
Because we use global infrastructure, personal data may be transferred to and processed in countries other than that of the data subject. Any international transfer is carried out with contractual and technical safeguards that ensure an adequate level of protection.
11. Data Retention and Deletion
Retention criteria: we retain personal data only for as long as necessary to fulfill the informed purposes, meet legal obligations or resolve disputes.
General timeframes:
- Active account data: retained while the client maintains an active subscription.
- Data after contract termination: retained for up to 90 days after the contract ends, unless the law requires a different period.
- Google OAuth tokens: revoked upon deactivating the integration; synced data is deleted within 30 days (rotating backup copies are purged within a maximum of 90 days).
- Deletion requests: are processed and logged. Information identified for destruction is securely deleted or anonymized to prevent loss, theft, misuse or unauthorized access.
Protection during retention: while data remains stored, we apply controls to prevent accidental deletion or destruction.
12. Data Subject Rights
We guarantee data subjects the exercise of the following rights:
- Access: know what personal data we hold about the data subject and obtain a copy.
- Rectification: correct inaccurate or incomplete data.
- Deletion: request deletion of the data.
- Objection: object to certain processing.
- Portability: receive the data in a structured, commonly used format.
- Restriction: restrict processing under certain circumstances.
- Withdrawal of consent.
How to exercise these rights:
- Send a request to dpo@selenios.com.
- We will confirm the requester's identity through a reasonable means (typically, validating that the request comes from the email associated with the account).
- We will respond within up to 30 days, extendable when complexity requires it, in a comprehensible format.
- If the request is denied (for example, because a law requires us to retain the information or because the client is the data controller), we will inform the reason in writing and, where applicable, how to appeal.
- Where applicable, we will communicate corrections or deletions to the third parties with which we had shared the data.
When the data subject is a candidate of a client, we will refer the request to the corresponding client if the client is the data controller.
13. Data Quality
We strive to keep personal data up to date, complete and relevant to the purposes for which it is processed. Data subjects and users are responsible for:
- Providing truthful information at the time of collection.
- Keeping the information they upload to the platform up to date.
- Notifying us when they detect incorrect or outdated information.
14. Notifications to Data Subjects
Data subjects are notified:
- At the time of (or as soon as possible after) the collection of their personal data.
- Before or at the time of significant changes to this Policy.
- Before using data for new purposes not previously informed.
The usual means of notification are: in-platform notices, email to the data subject or the responsible client, and publication of the updated version on our website. Previous versions of this Policy are kept internally to document prior communications.
15. Cookies and Similar Technologies
We use cookies to operate the site, analyze traffic, remember preferences and improve the user experience.
Types of cookies:
- Essential: necessary for basic operation.
- Performance: help us understand site usage.
- Functionality: remember preferences.
- Marketing: deliver relevant content or ads.
The user can accept, block or delete cookies from their browser settings. Disabling certain cookies may affect site functionality.
16. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption in transit (TLS) and at rest (AES-256).
- Access control with least-privilege principle.
- Two-factor authentication on critical accounts (AWS, MongoDB, sensitive internal systems).
- Continuous infrastructure monitoring and an incident response process managed by the engineering team.
- Periodic security reviews and vulnerability testing when significant changes are introduced to the platform.
- Initial training and periodic refreshers on security and privacy practices for the entire team.
Additional details are described in our Information Security Policy.
17. Privacy Incident Management and Notification
We have an internal process to detect, manage and respond to privacy incidents, including unauthorized access, loss or improper disclosure of personal data.
In the event of an incident:
- We log it and assess its scope and impact.
- We determine whether notification is required (to the client, to affected data subjects or to authorities) and the applicable timeframe.
- We notify by email or another appropriate means, with the information necessary for each party to take action.
- We keep a record of detected or reported incidents, as well as the corrective actions implemented.
Where agreements with our providers provide for it, we require them to report any actual or suspected unauthorized disclosure of personal data we have transferred to them. If a provider fails to comply, we take the corresponding corrective measures.
18. Inquiries, Claims and Disputes
Anyone may contact us regarding privacy inquiries, claims or disputes by writing to dpo@selenios.com.
We have an internal process to:
- Receive and log each inquiry or claim.
- Investigate and resolve within a reasonable timeframe.
- Document the resolution and communicate it to the requester.
- Report the results of compliance reviews to management and implement remediation plans when issues are identified.
19. Monitoring and Review
Management reviews compliance with this Policy and the associated controls at least annually to verify their effectiveness, adapt them to regulatory changes and keep them aligned with our operations. Significant findings are documented and action plans are executed within reasonable timeframes.
20. Changes to this Policy
This Policy may be modified to reflect updates in our services or regulatory changes. Significant changes are notified to users with reasonable advance notice through the usual channels (email and publication on the site). Continued use of the service after the effective date implies acceptance of the updated version.
Previous versions are kept internally.
21. Contact
For any inquiries about this Policy or about the processing of your personal data:
Zeder LLC
16192 Coastal Highway, Lewes, DE 19958, USA
Email: dpo@selenios.com
Security and Information Management Policy
Last updated: October 15, 2025
1. Introduction
This document has been prepared by the Engineering Department of Zeder LLC with the purpose of presenting a detailed and comprehensive description of the security measures, policies, and protocols applied in protecting the services this corporation offers. The confidentiality, integrity, and availability of information handled by Zeder LLC represents an unwavering commitment for the company, which is evidenced through the implementation of advanced security strategies, in line with international cybersecurity industry models and regulations.
Zeder LLC, an organization specialized in recording and storing corporate video calls, captures and hosts virtual interactions within a security framework that preserves the privacy of both participants and data handled during such communications. Services are marketed under the brand and platform selenios.com.
2. Organizational Context
Zeder LLC positions itself as a regional leader in providing AI-powered recruitment services with a particular emphasis on information security. The organization complies with rigorous security controls to ensure that each phase of the recording, storage, and access process for video calls is governed by data protection and user privacy principles. The customer-facing operational platform is selenios.com.
3. Security Infrastructure and Architecture
The technological infrastructure of Zeder LLC is designed to form a secure and resilient ecosystem. The design of its technological architecture includes multiple security layers, including next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), and Network Segmentation solutions to control data traffic flow and prevent unauthorized access to internal systems.
The infrastructure of the various applications owned by Zeder LLC is primarily hosted on Amazon Web Services (AWS) following the main security standards.
4. Video Call Recording Procedures
Video calls are recorded from the synchronization of calendars of each selenios.com user. selenios.com users in their meetings are responsible for notifying other participants that the session is being recorded by selenios.com.
Sessions are captured using secure automated tools that ensure recording fidelity and protection against any improper manipulation.
5. Data Storage Policies
Zeder LLC employs Amazon Web Services (AWS) S3 services for video call storage. AWS was chosen due to its demonstrated commitment to computer security, offering features such as client-side encryption, detailed access logs, and geographic data replication options to increase availability and durability.
Information generated by selenios.com is stored in MongoDB databases on MongoDB Atlas Cloud servers.
6. Artificial Intelligence
Zeder LLC / selenios.com uses the services and models of OpenAI and ElevenLabs through their API. OpenAI and Eleven Labs publicly state that they do not train their models with information that Zeder LLC / selenios.com sends to their servers. Information on OpenAI and Eleven Labs servers is encrypted using AES-256 and is SOC2 compliant.
References:
7. Access and Identity Management
The access policy of Zeder LLC ensures that only previously authorized and authenticated personnel can access information. Following the principle of least privilege, strict permissions are assigned that suit the role each user performs within the client organization. Additionally, access to video calls is compartmentalized by organization, meaning users can only access calls relevant to their corporate scope.
8. Data Encryption and Secure Transfer
All information, both in transit and at rest, is encrypted using recognized and strong algorithms, such as Advanced Encryption Standard (AES) for encryption at rest, and TLS for encryption in transit. This level of protection ensures that data is secure against interceptions and unauthorized access during transmission and storage.
9. Monitoring and Incident Management
The infrastructure of Zeder LLC is continuously monitored to detect and respond to any anomalous activity. The company has an Incident Response Team (CERT) that operates in collaboration with advanced monitoring solutions to act diligently upon any indication of compromise.
10. Resilience Strategies and Contingency Plans
Aware of the inherent risks in data management, Zeder LLC has established a solid business continuity and disaster recovery plan. This plan includes the use of automatic backups and redundancy strategies to ensure quick and effective recovery of information in case of unforeseen situations.
11. Workforce Education and Awareness
Training and awareness in security matters are cornerstones for Zeder LLC. The organization invests in continuing education programs for its personnel, ensuring that each member of the company is aware of industry best practices and actively participates in safeguarding information security.
12. Employee Access Limitation and Account Protection
Zeder LLC operates under a strict "privacy by design" policy which imposes firm barriers around the information its employees can access. Only access to information necessary to perform assigned functions is permitted, and under no circumstances is employee access to video call recordings authorized without legitimate and documented cause. Additionally, all Amazon Web Services (AWS) accounts used in data management and storage are fortified with two-factor authentication (2FA), ensuring that even in the event of a possible breach of security credentials, systems will continue to be protected by an additional security layer that requires a second form of verification before allowing access.
13. Continuous Security Audits and Reviews
The security framework of Zeder LLC is subject and exposed to constant testing including internal and external audits, penetration testing, and vulnerability assessments. These examinations are vital to maintaining a consistent and evolving security posture against the changing dynamics of cyber threats.
14. Contact and Policy Updates
The IT security policies and procedures of Zeder LLC are subject to regular reviews to adapt to new technologies and emerging threats. For inquiries or specific requests for additional security information, the following contact is provided: dpo@selenios.com.
Annex: Google Integrations (Calendar)
"Google API Services User Data Policy" Compliance
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
English canonical wording (required by Google): "Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements."
1. Google Data We Access (Data Accessed)
Google Calendar (to display availability, propose and schedule interviews)
- Events: title, description, start and end time, time zone, participants/attendees, video call links (e.g., Google Meet), location and response status.
- Availability: free/busy windows to suggest and confirm meetings.
- Profile information: user's email address for identification.
Exact scopes:
https://www.googleapis.com/auth/calendar.readonly(read events and availability)https://www.googleapis.com/auth/calendar.events(create, read and modify events)https://www.googleapis.com/auth/userinfo.email(obtain user email)
2. How We Use the Data (Data Usage)
- Provide visible functions requested by the user: view availability, propose/create/update calendar events.
- We do not sell data, we do not use it for advertising targeting or profiling for marketing purposes.
- Human access: is prohibited, except for (a) explicit user consent; (b) legal obligation; or (c) security/abuse (e.g., investigating an incident).
- Minimization principle: we request and process only the data necessary for the authorized function.
3. Third-Party Sharing (Data Sharing)
We share data exclusively with Amazon Web Services (AWS), which acts as infrastructure and storage processor/subprocessor under contract. AWS processes data only following our instructions, with equivalent security measures and without the right to use it for its own purposes.
Beyond the above, we do not share Google data with third parties except for legal obligation or user consent, in accordance with Limited Use exceptions.
4. Storage, Security and Retention (Storage & Security)
- OAuth Tokens: stored encrypted and with role-restricted access; periodic rotation.
- Encryption: data protected in transit (TLS) and at rest.
- Logs and derived data: we retain only minimum necessary identifiers and states (e.g., event IDs and operational flags) for service continuity.
- Retention: we maintain Calendar data while the integration is active and as necessary for providing the authorized functionality.
- Deletion: upon deactivating the integration or closing the account, we revoke tokens immediately and delete associated Google synced data within a maximum of 30 days (rotative backup copies purged in ≤ 90 days), except for legally required retentions.
5. User Control: Revocation and Deletion (Revocation & Deletion)
Revoke permissions in Google: the user can withdraw access at any time from their Google Account → Security → Third-party apps with account access → Manage access (also available at myaccount.google.com/permissions).
From Selenios: the user can deactivate the integration and/or request deletion of their account and synced data by writing to dpo@selenios.com; we process the deletion according to the timeframes in point 4.
6. In-Product Notices
We display clear notices alongside functions that use Google data (e.g., when connecting Calendar or creating an event), indicating what data will be used and for what purpose, before the user confirms.
7. Changes and Verification
If we expand the scope of data or its use, we will update this section and, when applicable, request additional verification from Google before requesting new permissions.