Recram

Privacy Policy

Last updated: March 25, 2026

Your privacy matters to us. This Privacy Policy explains how RecRam collects, uses, stores, shares, and protects your personal information when you use our platform, website, and services. This Privacy Policy is incorporated into and forms part of our Terms and Conditions of Service.

1. General

This Privacy Policy applies to all users of the platform accessible at www.recram.com (the "Site") and the services we offer, including video forms, AI analysis, Room messaging, Magnet widgets, and any other features we may introduce (collectively, the "Services").

If you have questions about this policy, contact us at gdpr@recram.com.

2. Who This Policy Applies To

Respondents

If you are answering a form, survey, or video questionnaire created by a RecRam customer, we are not the data controller for your responses. The person or organization that sent you the form controls how your data is processed. We act solely as a data processor on their behalf. Please review their privacy policy for details about how your data is handled.

Customers

If you have created an account on RecRam, this Privacy Policy governs how we process your personal data. Use of the Services requires registration as described in our Terms and Conditions of Service.

Your personal information is processed jointly by:

RECRAM INC
112 Capitol Trail Suite A1127, Newark, Delaware 19711 (US)
info@recram.com

RECRAM YAZILIM A.S.
Muallimköy Mh, Bilişim Vadisi, Deniz Cd. No:143/8-1, 41400 Gebze/Kocaeli (Turkey)

Data Protection Officer: gdpr@recram.com

3. What Data We Collect

Account Information

  • Name, email address, and password when you register
  • Organization name, billing address, and payment details when you subscribe
  • Profile information you choose to provide (profile photo, job title, company)

Usage Data

  • How you interact with the Services (pages visited, features used, forms created)
  • Device information (browser type, operating system, IP address, device identifiers)
  • Log data (access times, error logs, referring URLs)

Form Response Data (as Data Processor)

  • Video, audio, and text responses submitted by respondents to your forms
  • Contact information collected through your forms (name, email, phone — as configured by you)
  • AI analysis results generated from responses (transcripts, sentiment scores, keywords, summaries)
  • Device and browser metadata of respondents

Third-Party Authentication Data

  • If you sign in using Google or another provider, we receive your name, email address, and profile picture from that provider

4. How We Use Your Data

To Provide the Services (Contractual Basis)

  • Create and manage your account
  • Process and store form responses
  • Run AI analysis (transcription, sentiment detection, keyword extraction, summaries)
  • Send email notifications about form submissions
  • Process payments and manage subscriptions
  • Provide customer support

We retain data for the duration of our contractual relationship and for five years after termination for legal compliance purposes.

With Your Consent

  • Send marketing communications and newsletters (you can opt out at any time)
  • Use cookies for analytics and audience profiling as described in our Cookie Policy
  • Receive identity confirmation when you authenticate through third-party platforms (Google, etc.)

Based on Legitimate Interests

  • Monitor and improve the security, performance, and reliability of the Services
  • Analyze usage patterns to improve product features and user experience
  • Prevent fraud, spam, and abusive activity
  • Send product feedback forms to improve our service quality

5. Google API Services — User Data Policy

RecRam offers optional integrations with Google services. When you connect your Google account, we access certain Google user data as described below.

RecRam's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data Accessed from Google

  • Email Address (userinfo.email) — Identify which Google account is connected to RecRam.
  • Google Sheets (spreadsheets — read & write) — Export form response data (answers, transcripts, AI analysis results) to a spreadsheet you select.
  • Google Drive (drive.readonly) — List your spreadsheets so you can choose where to export data. We do not read, modify, or delete any file contents.
  • Google Calendar (calendar — read & write) — Create and manage calendar events for follow-ups triggered by form responses (e.g., scheduling interviews with qualified candidates).

How We Use Google User Data

  • Exporting form responses — Survey answers, video transcripts, sentiment scores, and contact information are written to your selected Google Sheets spreadsheet.
  • Listing your spreadsheets — Drive read-only access is used only to show you a list of available spreadsheets. No file contents are read.
  • Scheduling events — When you enable Calendar integration, RecRam creates or updates events based on form submission triggers you configure.
  • Account identification — Your Google email is used to display which account is connected and to manage the OAuth token lifecycle.

What We Do NOT Do with Google Data

  • We do not sell, rent, or share your Google user data with any third parties.
  • We do not use Google user data for advertising, marketing profiling, or any purpose unrelated to the integrations described above.
  • We do not use Google user data to train AI or machine learning models.
  • We do not allow humans to read your Google user data unless you explicitly request technical support, or where required by law.
  • We do not store copies of your Google Sheets content, Drive files, or Calendar events on our servers. Data flows directly between RecRam and Google's APIs.

Token Storage and Security

OAuth tokens (access and refresh tokens) are stored encrypted in our database, associated with your organization. Tokens are automatically refreshed when they expire. When you disconnect Google from your RecRam settings, all stored tokens are immediately deleted.

Revoking Google Access

You can revoke RecRam's access to your Google account at any time by:

Upon revocation, all stored OAuth credentials are permanently deleted from our systems.

6. Data Sharing

We share your information only with service providers who help us operate the Services. These providers are contractually required to protect your data and use it only as directed by us.

We may also share data:

  • When you explicitly authorize it (e.g., connecting integrations like Zapier, Slack, or Google Sheets)
  • With competent courts or authorities when legally required
  • To protect our rights or the rights of third parties

Categories of Service Providers

  • Cloud hosting and infrastructure (Google Cloud Platform, Cloudflare)
  • AI processing providers (Google Vertex AI, Google Gemini, OpenAI, Anthropic Claude)
  • Payment processing (Paddle — Merchant of Record)
  • Analytics and product improvement tools
  • Email delivery and communication platforms
  • Security and fraud prevention systems
  • Customer relationship management tools
  • Integration platforms (Zapier, Make, n8n — only when you enable them)

Form Response Sharing

If you create a form and choose to share results publicly or with third parties, the responses will be shared as you configure. You are responsible for notifying respondents and complying with applicable data protection laws when sharing their data.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and Turkey, where RECRAM INC and RECRAM YAZILIM A.S. are respectively based. We implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) for transfers from the European Economic Area
  • Technical and organizational measures to protect data in transit and at rest
  • Encryption of data using TLS 1.3 in transit and AES-256 at rest

8. Data Retention

  • Account data: Duration of account + 5 years
  • Form response data: Until you delete it, or upon account termination
  • AI analysis results: Same as form response data
  • Payment records: As required by tax law (typically 7 years)
  • Server logs: 90 days
  • OAuth tokens: Until you disconnect the integration

When you delete your account, all associated data is permanently removed from our systems within 30 days, except where retention is required by law.

9. Data Security

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • OAuth tokens are stored with encryption
  • Access to production systems is restricted and audited
  • Regular security reviews and vulnerability assessments
  • Video and media files are stored in isolated, encrypted cloud storage

10. Cookies and Tracking

We use cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences at any time through your browser settings or our cookie consent banner.

11. Your Rights

Under the GDPR and other applicable data protection laws, you have the right to:

  • Access your personal data and receive a copy
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time for consent-based processing
  • Not be subject to automated decision-making — you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you
  • Lodge a complaint with a supervisory authority — you have the right to lodge a complaint with a data protection authority in your country of residence, place of work, or where you believe a breach of data protection law has occurred

If you delete your account, all data is permanently removed from our systems. In limited cases, we may retain certain data where required by law or for the defense of legal claims.

To exercise your rights, contact us at gdpr@recram.com.

12. Children's Privacy

RecRam is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

13. Updates to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. Continued use of the Services after changes become effective constitutes acceptance of the updated policy.

If you disagree with any changes, you may delete your account at any time.

14. Contact Us

For any privacy-related questions or requests:

Privacy inquiries: gdpr@recram.com
General inquiries: info@recram.com
Technical support: support@recram.com

US Address: RECRAM INC, 112 Capitol Trail Suite A1127, Newark, Delaware 19711, United States
Turkey Address: RECRAM YAZILIM A.S., Muallimköy Mh, Bilişim Vadisi, Deniz Cd. No:143/8-1, 41400 Gebze/Kocaeli, Turkey