Privacy Policy
Last updated: February 2026
1. Who we are
CriticCode is operated by Robin Goudeketting, based in Austria. If you have questions about this policy, contact us at support@critic.codes.
2. What data we collect
Hiring managers (account holders): name, company name, email address, and password (hashed). We also store the invitations you create and the results of completed assessments.
Candidates: name and email address, provided by the hiring manager who invites them. Candidates do not create accounts and are not required to identify themselves beyond what the hiring manager supplies. Assessment responses (rankings and written reasoning) are stored and associated with the invitation, not with a persistent candidate profile.
3. How we use your data
- To provide the service — sending invitation links, storing responses, showing results to the hiring manager.
- To process payments via Stripe. We do not store payment card details; these are handled entirely by Stripe.
- To send transactional emails (invitations, password resets, completion notifications) via Brevo.
- To contact you about your account if necessary.
We do not sell your data, use it for advertising, or share it with third parties beyond the processors listed below. We run no analytics, tracking scripts, or third-party pixels of any kind.
4. Legal basis (GDPR)
We process personal data on the basis of contract performance (to deliver the service you signed up for) and legitimate interest (transactional communications). Candidate data is processed on the basis of the hiring manager's legitimate interest in evaluating job applicants.
5. Data storage and location
All data is stored on servers located in the Netherlands, within the European Union, and is subject to GDPR protections. We do not transfer personal data outside the EU, except where our processors (Stripe, Brevo) may do so under appropriate safeguards as described in their own privacy policies.
6. Data retention
Account data is retained as long as your account exists. Invitation and assessment data is retained for as long as it is needed for the hiring process. You may request deletion at any time by emailing support@critic.codes.
7. Third-party processors
- Stripe — payment processing. Stripe Privacy Policy.
- Brevo — transactional email delivery. Brevo Privacy Policy.
- Railway — cloud hosting (EU, Netherlands). Railway Privacy Policy.
8. Tracking and cookies
We use a single session cookie to keep you logged in. We run no analytics, no tracking pixels, and no third-party scripts. We do not use advertising cookies or build behavioural profiles.
9. Your rights
Under GDPR you have the right to access, correct, or delete your personal data, restrict or object to processing, and data portability. To exercise any of these rights, email support@critic.codes. You also have the right to lodge a complaint with your national data protection authority (in Austria: Datenschutzbehörde).
10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email. Continued use of the service after changes constitutes acceptance.