Introvy
Sign In
📄

International Data Transfers

Last updated: 5/13/2026

International Data Transfers

Last Updated: May 8, 2026

Introvy supports globally distributed staffing. This page summarizes how personal data moves across borders and the legal mechanisms we rely on.

1. Why data crosses borders

  • Customers (staffing firms) often employ recruiters in countries different from the candidates they recruit.
  • Candidates may apply through Introvy from any country.
  • Hiring companies may be in another country still.
  • Our infrastructure (Supabase, Vercel, Render, Cloudflare, OpenAI) is hosted primarily in the United States.

2. Legal mechanisms we rely on

| Source jurisdiction | Mechanism | |---|---| | EU/EEA | Standard Contractual Clauses (Module 2 controller→processor; Module 3 processor→sub‑processor) adopted by the European Commission, plus supplementary measures | | United Kingdom | UK International Data Transfer Addendum to the SCCs | | Switzerland | Swiss‑adapted SCCs | | California (CPRA) | "Service Provider" / "Contractor" terms in our DPA | | Other | Sector‑appropriate contractual safeguards |

3. Supplementary measures

  • TLS 1.2+ in transit and AES‑256 at rest for stored media.
  • Encryption keys held by infrastructure providers under their published key‑management practices; Introvy does not export bulk keys to third parties.
  • Least‑privilege role‑based access controls; recruiter access scoped to org RLS in Supabase.
  • Logging and alerting on access to candidate artifacts.
  • Documented incident response and 72‑hour breach notification.
  • Government access requests are reviewed by counsel; we challenge requests that lack proper legal basis where possible and notify affected Customers unless prohibited by law.

4. Data subject rights for cross‑border transfers

EU/UK/Swiss data subjects can:

  • Request a copy of the relevant SCCs/IDTA at hello@introvy.ai.
  • File a complaint with their local Data Protection Authority.
  • Direct erasure or restriction requests to the Customer (controller) or to Introvy (processor); we will route appropriately.

5. Customer responsibilities for offshore teams

When a Customer authorizes recruiters in additional countries (e.g., India, the Philippines, LATAM, Eastern Europe) to access Candidate data inside Introvy:

  • The Customer remains the controller and must complete its own onward‑transfer assessment (e.g., a Transfer Impact Assessment) where required by law.
  • Introvy provides RLS, audit logging, and SCC‑backed processor terms to support the Customer.
  • Customer must promptly remove offboarded team members.

6. Contact

For DPA, SCCs, or transfer‑related questions: hello@introvy.ai.

Other Legal Documents

Privacy PolicyTerms of ServiceCookie NoticeAccessibility StatementData Processing AddendumDisclosuresDMCA PolicySecurity PolicyLegal ContactAcceptable Use PolicyAI Content DisclaimerCandidate Video ReleaseSubprocessors

Cookies & local storage

We use strictly necessary cookies for sign-in, plus optional analytics that we never load until you say yes. We never load advertising trackers. Learn more.