Privacy Policy
Last updated: 30 June 2026
This Privacy Policy explains how Tedrix (“we”, “us”) collects and processes personal data when you use our website and gated application at tedrix.io (the “Service”). We are the data controller for your account data. For data you upload to run an automation, we act as a data processor on your behalf — see “Data you process through the Service” below.
Who we are
Tedrix is a sole proprietorship (enskild firma) run by Teddy Wasserman, Vinningsbovägen 1, 445 34 Bohus, Sweden. Given our size we are not required to appoint a Data Protection Officer; for any privacy question, or to exercise your rights, contact us at info@tedrix.io.
Data we collect
Account data: your name or company name, email address, and a securely hashed password (we never see your password in plain text).
Billing data: subscription status and billing details, handled by our payment processor, Stripe. We do not store full card numbers.
Usage data: basic technical logs needed to operate and secure the Service.
Cookies
We use essential cookies required for authentication and security (for example, to keep you signed in). If we introduce optional analytics or marketing cookies in future, we will request your consent where required by law.
Data you process through the Service
When you run an automation (for example, ranking CVs), you may submit documents or other content that can contain personal data about third parties (such as job candidates). This content is processed only for the time necessary to provide the requested result and is not retained after processing, except where temporary storage is technically required for secure operation or required by law. For this content you are the controller and Tedrix is your processor; a Data Processing Agreement is available upon request or incorporated by reference.
Where this content includes personal data about people who did not give it to us directly (such as job candidates whose CVs our customer uploads), our customer is the controller and is responsible for informing those individuals and having a lawful basis, as required by Article 14 of the GDPR.
Automated processing
Some automations use AI to analyse content and produce a result — for example, scoring or ranking CVs. These results are designed to assist a human decision, not to make a final decision about anyone automatically. A person reviews and decides; the output is a recommendation. If you are subject to such processing, you can ask the controller (our customer, for uploaded content) for human review, to express your view, or to contest the outcome. We do not use your content to train AI models.
Legal bases (GDPR)
We process account and billing data to perform our contract with you (Article 6(1)(b)) and to meet legal obligations such as bookkeeping (Article 6(1)(c)). Limited technical logging relies on our legitimate interest in operating a secure Service (Article 6(1)(f)), which we have weighed against your interests and rights and consider not to override them given the limited, security-focused nature of the data. Content you submit to an automation is processed under your instructions as controller.
Sub-processors
We rely on a small number of trusted providers to run the Service:
- Supabase — authentication and database hosting.
- Vercel — application hosting.
- Stripe — payment processing.
- Anthropic — AI model used to process automation content (e.g. scoring CVs). Content is sent only to generate your result and is not used to train models.
- Zoho — sending transactional email (e.g. confirmation and password-reset messages).
International transfers
Where a provider processes data outside the EU/EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses. We prefer EU processing regions for automation content where available.
Security
We use appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. This includes encrypted connections, hashed passwords, and restricted access to systems handling personal data.
How long we keep data
Account data is kept while your account is active and deleted within about 30 days after you close it. Billing and accounting records are kept for 7 years as required by the Swedish Bookkeeping Act (bokföringslagen). Automation content is not retained after processing. You can request deletion of your account at any time; some information may be retained where required by law, such as accounting records.
Children
The Service is not intended for children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.
Your rights
Under the GDPR you have the right to access, correct, delete, restrict, or object to the processing of your personal data, the right to data portability, and — where we rely on consent — the right to withdraw that consent at any time. We respond to requests within one month (extendable by two further months for complex requests, in which case we will tell you). You may also lodge a complaint with the Swedish data protection authority (Integritetsskyddsmyndigheten, IMY). To exercise any right, email info@tedrix.io. If your request concerns content uploaded by one of our customers, we will direct you to that customer as the controller.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.