Replypact

Privacy Policy

Last updated: 11 June 2026

Replypact is a job portal for IT roles in the DACH region. This policy explains what personal data we process, why, who can see it, and the rights you have over it. It applies to everyone who uses Replypact — candidates, companies, and scouts.

Replypact is currently an early-stage product. We keep the data we collect to the minimum the platform needs to function, and we do not sell personal data or use it for third-party advertising. The legal entity responsible for your data (the controller) and its contact address are named in our Imprint.

The data we hold

For every account, regardless of role, we store the email address you register with, a securely hashed password, your role, your email-verification status, and a record of which invitation or invite code you signed up through (see “Invitations and referrals” below).

If you use Replypact as a candidate, we additionally process the information you choose to add to your profile:

  • Identity and contact details: first and last name, phone number, and your city and country.
  • Professional profile: job title or headline, biography, a structured CV (roles, skills, and languages), and links you add such as a portfolio or GitHub profile.
  • Compensation expectations: your salary range and, for freelance work, your day-rate range.
  • Applications: the roles you apply to and the cover note you write for each.

If you use Replypact as a company, we process your company profile and the roles you post, together with the structured feedback and rating you give to each candidate you reject — feedback is a core, mandatory part of the platform.

If you use Replypact as a scout (an external recruiter), we process your name, agency name, biography, and website, and the endorsements you write about the candidates you invite.

Who can see your data

Replypact is deliberately two-sided, and different roles see different things:

  • When you apply to a role or both sides signal mutual interest, the company sees your candidate profile, your application and cover note, the transparent matching breakdown, and any endorsement a scout has attached to you.
  • When a company rejects you, the structured feedback and rating it is required to give is shared with you, the rejected candidate.
  • A scout who invited you sees a limited view of you: your professional headline, your availability, the endorsement they wrote, the date you joined, and whether interest they signalled on a company’s behalf became mutual. A scout does not see your contact details, your compensation expectations, or your applications to companies they are not acting for.

We do not otherwise share your profile with other users, and we never sell it.

Scouts acting on behalf of companies

A scout can be authorized by a company — with the company’s explicit, revocable agreement — to act on its behalf. Where such an authorization is active, the scout may signal a company’s interest in a candidate and may attach that company to an invitation they send.

When this happens, the candidate always sees the provenance: interest is shown as coming “via” the named scout, so it is transparent that a third party acted for the company. Interest signalled this way counts against the company, not the scout, and either side can revoke the authorization at any time.

Why we process your data (legal bases)

We rely on the following legal bases under the GDPR:

  • Performance of a contract (Art. 6(1)(b)): to create and run your account and to deliver the matching, application, and feedback features you sign up for.
  • Legitimate interests (Art. 6(1)(f)): to operate the two rules that define Replypact — mandatory feedback and limited application slots — and to keep the platform safe, including the invite hierarchy we use to trace and stop abuse.
  • Consent (Art. 6(1)(a)): where we ask for it specifically, for example before sending certain notifications. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): where the law requires us to keep or disclose certain records.

Invitations and referrals

Registration as a candidate or scout is invite-only. Invitations take two forms: a personal email invitation bound to one recipient address, and a shareable invite code with a limited number of uses. When you accept an invitation, we record who invited you.

We keep this “who invited whom” relationship even if the person who invited you later deletes their account, because it is a structural record we rely on to detect and stop coordinated abuse — for example, a leaked code used to mass-create accounts. It links to a deactivated, anonymised account and is not used to profile you.

Cookies and tracking

We use as few cookies as possible. The marketing site stores your language preference in a cookie scoped to our domain so your choice carries across our sites. The application uses a token to keep you signed in. We do not use third-party advertising or cross-site tracking cookies.

How long we keep your data

We keep your personal data for as long as your account is active. When you ask us to erase it, we remove or anonymise it as described under “Your rights”.

One category is deliberately retained in anonymised form: the numeric feedback scores and rating attached to an application. Once a candidate is anonymised these numbers no longer identify anyone, and they form the company’s accountability record — the basis of the feedback quality the platform is built to guarantee. The free-text parts of feedback, which could name you, are removed.

Your rights

Under the GDPR you have the right to access the personal data we hold about you, to correct it, to have it erased, to restrict or object to its processing, to receive it in a portable form, and to withdraw any consent you have given. You also have the right to lodge a complaint with a data-protection supervisory authority.

You can correct most of your data yourself in your profile. To erase your account, use the deletion option in your account settings; we complete erasure within 24 hours and confirm by email. On erasure we delete or null your personal fields and remove your CV, skills, languages, and interest records; your past applications are kept on the company side but shown only as “[deleted]”, and your login email is anonymised. The anonymised feedback scores described above are retained.

International transfers

Replypact serves the DACH region, and we process personal data within the European Union / European Economic Area. If that ever changes, we will update this policy and put appropriate safeguards in place first.

Changes and contact

We may update this policy as the product develops; we will change the “last updated” date above when we do. For any privacy question, or to exercise a right that you cannot complete in the app, contact us using the details in our Imprint.