Effective date: 10 October 2025 App: IntroMe Controller: Hirigoyen Holding BV (KvK 91367514) Address: Overtoom 141, 1054 HG, Amsterdam, Netherlands This Privacy Policy explains how IntroMe ("we", "us", "our") processes personal data when you use our app and services.
Controller: Hirigoyen Holding BV, Overtoom 141, 1054 HG, Amsterdam, Netherlands (KvK 91367514). Contact (privacy): theo@introme.io We have not appointed a Data Protection Officer; for any privacy questions or requests, use the contact above or the in-app support channel.
This policy applies to: • The IntroMe mobile/desktop apps and website. • Any related services (e.g., dashboards, email notifications). It does not cover third-party sites (such as employers’ career pages or LinkedIn) that we link to or pull public data from; their policies apply.
• Account data: name, email, profile basics, authentication tokens. • Job preferences: role, seniority, skills, locations, employment type, visa needs. • Documents & content: CV/resumé, short blurbs ("referral packet"), saved jobs, notes. • Friend invites: you may invite up to five close friends to connect their LinkedIn data to assist with referrals.
When you authorize IntroMe via LinkedIn’s Member Data Portability (MDP), we receive a snapshot limited to the domains we request and you approve (e.g., your connections and employment info) to build a company watchlist relevant to you. When a friend authorizes IntroMe via MDP, we may receive their snapshot of their 1st-degree connections (e.g., connection name, headline/position, employer name, connection date) solely to (i) identify that friend’s current employer for internal referral opportunities and (ii) identify employers within that friend’s network where an intro could be helpful. We do not contact your friends’ connections and we do not attempt to obtain contact details for them. You and your friends can revoke IntroMe’s access at any time in LinkedIn and in IntroMe.
Employers’ career sites / applicant tracking systems (ATS): We collect open job postings, usually via public APIs (e.g., Greenhouse, Lever, Ashby, SmartRecruiters, Workable, Recruitee, Teamtailor) and, where no API exists, by respectful crawling of public careers pages. We collect job title, location, team/department, description, posting date, and apply link.
• Technical: app version, device type/OS, language, time zone, basic diagnostics, crash reports. • Service logs: timestamps of log-ins, consents given/revoked, sync operations, and feature usage (e.g., job saved/applied). • Cookies & similar tech (web): strictly necessary cookies; analytics or marketing cookies only with your consent. We do not need or intentionally collect special categories of personal data (e.g., health, religion). Please do not include them in your CV or notes; if we become aware, we’ll delete or minimize.
• Provide and operate the service Examples: build employer watchlists; fetch & display matching roles; save jobs; generate referral packets. Legal basis: GDPR Art. 6(1)(b) (contract—providing the service you requested). • Use LinkedIn MDP data (you) Examples: import your connections/employers to find relevant companies. Legal basis: GDPR Art. 6(1)(b) (contract) + your consent via MDP grant (Art. 6(1)(a)). • Use LinkedIn MDP data (your friends) Examples: use consenting friends’ snapshots to surface internal referral or intro opportunities for you. Legal basis: GDPR Art. 6(1)(a) (consent from each friend). • Fetch publicly available job postings Examples: query employer job APIs and public careers pages. Legal basis: GDPR Art. 6(1)(f) (legitimate interests—to provide expected core functionality). • Communications you initiate Examples: draft referral/intro messages for you to send. Legal basis: GDPR Art. 6(1)(b) (contract). • Improve, secure, and troubleshoot the service Examples: analytics, crash logs, preventing abuse. Legal basis: GDPR Art. 6(1)(f) (legitimate interests). • Comply with legal obligations Examples: tax/audit logs; responding to lawful requests. Legal basis: GDPR Art. 6(1)(c) (legal obligation). You may withdraw consent at any time (this does not affect processing before withdrawal). Where we rely on legitimate interests, we balance those interests against your rights and implement data-minimisation and controls.
We request only the minimum MDP domains needed (e.g., connections and positions). We do not send messages or connection requests on your behalf, and we do not auto-contact anyone in your network. We do not sell personal data. If a friend disconnects or revokes consent, we stop syncing and delete their snapshot per the retention rules below.
• You (account data, preferences, documents). • LinkedIn MDP snapshots for you and any friends who grant access. • Publicly available employer career sites and ATS job APIs. • Your device/app (telemetry and logs).
We share data only with: • Processors (service providers) under data-processing agreements, e.g., cloud hosting, databases, analytics, error monitoring, email delivery, and queueing. These providers act on our instructions. • LinkedIn: only insofar as you or your friends choose to connect; otherwise, we are a recipient from LinkedIn, not sharing to LinkedIn. • Potential employers: only when you decide to apply or ask for a referral/intro; we do not send anything without your action. • Legal & compliance: if required by law or to protect rights, safety, or integrity of the service. We maintain a current list of subprocessors on request or at our website.
We are based in the EU (Netherlands). Some processors may be outside the EEA (e.g., in the UK or US). Where data is transferred outside the EEA, we rely on adequacy decisions (where available) or Standard Contractual Clauses (SCCs) plus supplementary measures as needed.
• Account data: for your account’s life; delete or anonymize within 30 days after closure. • LinkedIn MDP snapshots (you): refreshed periodically; latest snapshot retained while your account remains active; delete within 30 days of your disconnection or account closure. • Friends’ MDP snapshots: kept only while that friend’s consent is active and you still want their help. Delete within 30 days of friend revocation or your removal of that friend from IntroMe. • Job postings: rolling window, typically 90–180 days unless still active. • Logs & diagnostics: 12 months unless a shorter period is feasible. • Backups: per backup rotation (typically 30–90 days), then purged. Where legal obligations require longer retention (e.g., tax/audit), we retain only what’s necessary.
You have the right to: access your personal data and obtain a copy; rectify inaccurate or incomplete data; erase your data in applicable cases; restrict or object to processing (especially where we rely on legitimate interests); data portability (for data you provided to us); withdraw consent at any time; and complain to a supervisory authority (in the Netherlands, the Autoriteit Persoonsgegevens). To exercise your rights, contact us via the details below. We will verify your identity and respond within GDPR timelines.
We score job opportunities (e.g., fit score, intro viability) to rank listings for you. These rankings do not produce legal or similarly significant effects. You can always view alternatives, change filters, or ask us to review the logic.
We apply appropriate technical and organizational measures, including encryption in transit and at rest, access controls/least privilege with audit logs and MFA for staff accounts, vendor due diligence and DPAs with processors, and secure development practices. No method is 100% secure, but we work to protect your data and will promptly notify you and authorities of any data breach when legally required.
IntroMe is not intended for individuals under 16. We do not knowingly collect data from children. If you believe a child has provided personal data, contact us to delete it.
Strictly necessary cookies are used to provide the site and keep you logged in. Analytics/measurement cookies are used only with your consent (per ePrivacy/GDPR). You can change preferences at any time via the cookie banner or browser settings.
We may update this policy from time to time. We will post the updated version with a new effective date and, where appropriate, notify you in-app or by email. If changes materially affect your rights, we will seek consent where required.
Hirigoyen Holding BV Overtoom 141, 1054 HG, Amsterdam, Netherlands KvK: 91367514 Email: theo@introme.io