Last updated: 08 Oct 2025

Privacy that keeps talent data confident

MBAroles is built for sensitive hiring work. This policy explains what we collect, why we collect it, and the controls you have to shape how your data flows across the platform.

ISO 27001 alignedNo-color, monochrome UIPrivacy controls built-in

At-a-glance

The essentials every team asks before partnering with us.

✓ ISO 27001 aligned

Data Controller

MBAroles Ltd, UK

Registered under the UK Information Commissioner's Office.

Regions Covered

EU · UK · US

Data is stored closest to your primary operating region.

DPAs & Subprocessors

Transparent directory

We publish every processor change with 30-day notice.

Account & identity

• Name & job title
• Company & team size
• Work email & phone
• Authentication logs

Usage insights

• Feature adoption events
• Session metadata
• In-product feedback
• Support conversations

Opportunities data

• Role requirements & salary bands
• Candidate notes
• Hiring preferences
• Team comments

How we use your data

Every purpose is tied to a lawful basis and is reviewed quarterly.

Jump to controls

Deliver the platform

Provision accounts, personalize dashboards, and roll out improvements.

We rely on performance of a contract to run the MBAroles experience you signed up for.

Secure accounts

Detect abuse, monitor risk signals, and keep credentials safe.

Security monitoring is processed under legitimate interest—retention windows are minimized.

Guide your team

Send product education, adoption nudges, and advisory research.

You can opt out of non-essential comms anytime in your notification center.

Stay compliant

Meet legal, regulatory, and audit requirements across jurisdictions.

We keep auditable logs and only disclose information when required by law.

Security commitments

Designed for enterprise hiring teams handling sensitive personal data.

Encryption everywhere

TLS 1.3 in transit and AES-256 at rest across primary and backup stores.

Geo redundancy

EU & UK data centers with automatic failover and integrity testing.

Access controls

Least privilege, hardware security keys, and quarterly audits.

Need a custom DPA?

We support bespoke terms for regulated teams.

Attach your preferred clauses and we’ll coordinate with legal in under five business days.

Your privacy controls

Use in-product privacy center or reach out to compliance@mbaroles.com.

Self-serve

Access & portability

Download a structured export of your profile, searches, and candidate data.

We respond to verified requests within 30 days.

Rectification

Update inaccurate information directly or ask us to revise it for you.

Most fields are editable in-app; our team handles the rest.

Erasure & restriction

Request deletion of non-essential data or pause processing temporarily.

We’ll guide you through impact assessments before removal.

Objection & consent

Opt out of marketing, profiling, or processing based on consent.

Preference center: Settings → Notifications

Data Protection Officer

dpo@mbaroles.com

Email DPO

Retention & notifications

Know how long we keep things and how we’ll keep you informed.

Audit logs

Activity logs are retained up to 90 days; system backups cycle every 35 days.

Fulfillment

For deletion requests we may verify via secure link before processing.

Change notifications

We send 30-day advance notice for policy updates and highlight critical changes in-product.

Subscribe in Settings → Privacy feed

Frequently asked questions

Your legal, security, and recruiting operations teams’ most common topics.

Do you use AI to enrich our talent data?▾

If AI features are enabled, they operate on data you provide and are designed to assist workflow (e.g., summarization or ranking signals). Teams can disable optional AI features in the admin settings.

How long do you retain information after an account closes?▾

We retain only what’s necessary for legal, security, and audit obligations. Non-essential data can be deleted upon request; backups expire on a rolling schedule.

Can we host MBAroles in our own cloud?▾

For enterprise customers, we can discuss private deployments and data residency requirements. Contact the privacy team for options and timelines.

Need a signed agreement?

Our privacy team replies within one business day.

Email compliance@mbaroles.com or book a review call to walk through controls, subprocessors, and bespoke terms.

Dedicated Data Protection Officer

dpo@mbaroles.com

10 Finsbury Square, London EC2A 1AF