Privacy Policy

This Privacy Policy describes how Minotaur.io LLC (“Minotaur,” “we,” “us,” or “our”) collects, uses, and governs personal information in connection with Minotaur Sales, Minotaur ATS, and related services (the “Services”). 

1. Our Data Roles 

Minotaur operates under a dual-role data governance model depending on the source of the data: 

(a) Client-Uploaded Data (Processor Role): Where customers upload contacts, resumes, or other data into Minotaur Sales or Minotaur ATS, the customer acts as the Controller and Minotaur processes such data solely on the customer’s documented instructions pursuant to the applicable Data Processing Addendum (DPA). 

(b) Minotaur-Owned Datasets (Controller Role): For data made available through Minotaur Sales, the collaborative recruitment database, or other platform-curated datasets, Minotaur acts as an independent Controller. Minotaur provides licensed, time-bound access to curated datasets. Such access does not constitute a “sale” of personal information as defined under applicable law. 

Minotaur does not transfer ownership, title, or permanent control of personal information to customers. Access rights are limited, revocable, non-transferable, and subject to entitlement controls and platform restrictions. 

Where Minotaur acts as Controller, processing is conducted based on legitimate business interests in facilitating professional contact discovery, recruitment, and business outreach services. Such processing is assessed and balanced against applicable individual rights and freedoms as required by law. 

(c) Collaborative Contributions: When users contribute candidate information to a collaborative pool, they represent that they have a lawful basis to do so. Upon contribution, Minotaur governs the collaborative database as Controller for purposes of platform administration, data quality management, and lawful access licensing. Collaborative data may be made available to other authorized users within applicable platform visibility controls. Collaborative visibility is subject to regional or platform-based controls. 

Minotaur conducts and documents legitimate interest assessments where required by applicable law. 

1. Information We Process 

Depending on context, we may process: 
• Professional identifiers (name, title, employer) 
• Business contact information (business email, business phone) 
• Personal contact information publicly used for professional or business communications. 
• Resume data and employment history 
• Account and authentication information 
• Usage, audit, and access logs 

1. AI & Automated Processing 

Minotaur may use automated systems and AI-assisted tools to enhance search, ranking, enrichment, data validation, and workflow recommendations. Such processing does not constitute automated decision-making with legal or similarly significant effects unless explicitly stated. Users remain responsible for independent review of outputs. 

1. Data Retention 

Retention periods vary depending on data source and role. Platform-curated datasets are subject to structured refresh, stale marking, and purge cycles. Client-Uploaded Data is retained in accordance with customer instructions and contractual obligations. Where deletion is requested, Minotaur may retain minimal suppression identifiers to prevent re-ingestion. 

1. Your Rights 

Individuals may exercise applicable data rights as described in our Data Rights & Removal Policy. Requests may be submitted to privacy@minotaur.io. 

1. Security 

We implement reasonable technical and organizational safeguards consistent with our Security Overview. No method of transmission or storage is completely secure. 

1. International Transfers 

Where required, Minotaur implements appropriate safeguards for cross-border data transfers, including contractual protections where applicable. 

1. International Jurisdiction Notices 

Minotaur operates globally and may process personal information subject to additional rights and requirements under applicable local laws. 

Depending on your location, you may have additional rights under the following frameworks: 

Brazil (LGPD — Lei nº 13.709/2018) 
Individuals in Brazil may have rights including confirmation of processing, access to personal data, correction, anonymization, deletion, portability, and information regarding data sharing. Processing is conducted based on applicable legal bases under the LGPD. 

Colombia (Ley 1581 de 2012) 
Individuals in Colombia may have rights of access (habeas data), correction, deletion, and revocation of authorization for the processing of personal data. 

Mexico (LFPDPPP) 
Individuals in Mexico may exercise ARCO rights: access, correction, cancellation, and opposition to processing of personal data. 

Canada (PIPEDA and applicable provincial laws) 
Individuals in Canada may have rights to access and correct personal information and withdraw consent where consent is the legal basis for processing. 

Individuals may submit requests to privacy@minotaur.io, and Minotaur will respond in accordance with applicable legal requirements. 

1. California (CPRA) Notice 

California residents may have additional rights under the California Privacy Rights Act (CPRA), including rights to know, delete, correct, and limit use of certain information. Minotaur does not sell personal information. Sensitive personal information is processed only as permitted by law. 

Sensitive personal information, where collected (such as account credentials or security-related data), is used solely for authentication, security, compliance, and service integrity purposes and not for profiling or advertising. 

Providing licensed access to professional datasets does not constitute a sale of personal information under applicable law. 

1. Changes to This Policy 

We may update this Privacy Policy periodically. The updated version will be posted with a revised effective date. 

Contact: privacy@minotaur.io