Kynto privacy policy: how we collect, use, store, and protect your data. GDPR compliant. Data hosted in Europe. Your rights regarding access, correction, deletion, and portability. Contact: contact@kyntoai.com.

Privacy Policy

Last updated: March 2026

1. Introduction

Kynto SAS ("Kynto", "we", "our") is committed to protecting the privacy and personal data of all individuals who interact with our website and platform. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and the Google API Services User Data Policy, including its Limited Use requirements.

2. Who We Are

Kynto SAS

Simplified Joint-Stock Company (SAS) — Share capital: €1,000

Registered office: 40 Avenue Junot, 75018 Paris, France

RCS Paris: 994 980 498

Contact: privacy@kyntoai.com

3. Our Role Under GDPR

Kynto acts as a data processor under the GDPR. Our customers (companies using the platform) act as data controllers with respect to candidate and recruitment-related personal data processed through Kynto.

For a full overview of our GDPR commitments — including data retention, candidate rights, subprocessor framework, and AI compliance — please visit our GDPR page.

4. Personal Data We Process

4.1 User (Client) Data

  • • First and last name
  • • Professional email address
  • • Company name and role
  • • Authentication and account data
  • • Connection data (IP address, logs, device information)
  • • Billing data (processed via Stripe)

4.2 Candidate Data (processed on behalf of customers)

  • • CVs and application documents
  • • Professional background, experience, and skills
  • • Contact details
  • • Evaluation notes and recruitment feedback
  • • AI-generated scores and summaries
  • • Interview transcriptions and recordings

Kynto does not intentionally collect sensitive data categories as defined under Article 9 GDPR. If such data is present in candidate documents, it is processed solely under the responsibility of the data controller.

5. Legal Bases for Processing

We process personal data on the following legal bases:

  • Contract performance — to deliver the Kynto platform and its features to our customers
  • Legitimate interests — to ensure platform security, reliability, and service improvement
  • Legal obligation — to comply with applicable laws and regulations
  • Consent — for optional cookies and non-essential features, where required

6. Infrastructure and Data Location

All personal data processed through Kynto is hosted exclusively within the European Union:

  • Application hosting: Vercel (EU)
  • File storage (CVs, transcriptions, recordings): Amazon Web Services S3 (region: eu-west-3, Paris, France)

Both providers operate under Standard Contractual Clauses (SCCs) in compliance with GDPR requirements for international data transfers where applicable.

7. Subprocessors

Kynto works with a carefully selected set of GDPR-compliant technical subprocessors. A Data Processing Agreement (DPA) is in place with each of them.

The full and up-to-date list of our subprocessors is available on our Subprocessors page.

8. Use of Artificial Intelligence

Kynto uses AI technologies to support recruitment processes, including CV analysis, candidate scoring, and interview assistance. These features operate exclusively as decision-support tools. All AI outputs must be reviewed and validated by a human user.

Kynto does not perform automated decision-making within the meaning of Article 22 GDPR.

AI models used by Kynto:

  • • are not trained on customer or candidate data
  • • operate in no-training / no-retention mode
  • • are hosted within the European Union

No data obtained via Google APIs is ever transmitted to or processed by any AI system.

9. Use of Google User Data

When a user connects their Google account, Kynto may access Google Calendar data (read, create, update, and delete events) and basic account information, solely to enable calendar synchronization and interview scheduling.

Google user data is:

  • • accessed in real time and not persistently stored
  • • never used for advertising, analytics, profiling, or AI processing
  • • never sold or shared with third parties for any purpose outside of providing the requested functionality

This use complies fully with the Google API Services User Data Policy, including its Limited Use requirements.

10. Cookies

Kynto uses cookies strictly necessary for platform operation (authentication, session management, security). Optional cookies may be used with your prior consent for performance monitoring and service improvement.

Kynto does not use advertising, retargeting, or cross-site tracking cookies.

You may manage your cookie preferences at any time via the cookie banner or platform settings. For a full breakdown of cookie categories and retention periods, refer to the cookie management interface.

11. Data Retention

Candidate data is automatically deleted 24 months after the closure of the relevant recruitment process, unless otherwise requested by the customer or required by law.

User (client) account data is retained for the duration of the contractual relationship and deleted upon account termination, subject to applicable legal retention obligations.

12. Your Rights

In accordance with the GDPR, you have the right to access, rectify, delete, port, restrict, or object to the processing of your personal data.

Candidates may also submit a deletion or portability request directly via our Privacy Portal, without needing to contact the company that collected their data.

All other requests may be submitted to: privacy@kyntoai.com

13. Updates to This Policy

This Privacy Policy may be updated periodically. The latest version will always be available on the Kynto website. Continued use of the platform following any update constitutes acceptance of the revised policy.

14. Contact

For any questions regarding this Privacy Policy or the processing of your personal data:

privacy@kyntoai.com