This website is maintained and operated by Solu Recrutamento e Seleção LTDA. (“We”). We collect and use certain personal data belonging to those who use our website. In doing so, we act as the controller of this data and are subject to the provisions of Federal Law No. 13,709/2018 (General Personal Data Protection Law or “LGPD”).
To ensure the responsible use and protection of your personal data, we provide this PRIVACY POLICY containing important information about:
- Who should use our website;
- What data we collect and what we do with it;
- Your rights in relation to your personal data; and
- How to contact us.
1. WHO SHOULD USE OUR WEBSITE
Our website is intended for use only by individuals over the age of eighteen ("Users"). Therefore, children and adolescents should not use it.
2. DATA WE COLLECT AND REASONS FOR COLLECTION
Our website collects and uses certain personal data from our Users, in accordance with the provisions of this section:
2.1 PERSONAL DATA EXPRESSLY PROVIDED BY USERS
We collect the following personal data that our Users expressly and voluntarily provide to us when using our website:
- Name;
- Phone number;
- Email address;
- CPF;
- Professional history and/or Curriculum Vitae (“CV”);
- Compensation and/or salary expectations.
This data is collected when the user voluntarily registers through forms of any kind on our websites. The data provided by our Users is collected for the following purposes:
- So that we can identify opportunities aligned with your skills and thus include you in screenings for appropriate selection processes;
- So that we (or our partners) can contact you when these opportunities arise;
- To prevent data duplication or people attempting to impersonate you.
2.2 SENSITIVE DATA
We will not collect sensitive personal data from our Users, as defined in Article 11 and subsequent articles of the Personal Data Protection Act.
2.3 SENSITIVE DATA NOT EXPRESSLY PROVIDED FOR
In some cases, other types of data not expressly provided for in this Privacy Policy may be collected, provided that such data is provided with the User’s consent or that the collection is permitted on another legal basis provided for by law. In any case, Users of the website will be informed of the data collection and the resulting processing activities.
2.4 COLLECTION OF PERSONAL DATA THROUGH THE USE OF ARTIFICIAL INTELLIGENCE
We use artificial intelligence (AI) to process our Users’ personal data through a conversation with our AI, which generates a report for recruiters containing information such as name, job title, current employer, salary, and other data relevant to the hiring process.
When using AI, we seek to ensure the security and protection of Users’ personal data, adhering to the principles of transparency, purpose, adequacy, necessity, free access, data quality, security, prevention of harm, non-discrimination, and accountability, as recommended by the General Data Protection Law (LGPD).
The data processed by AI is used exclusively for the specific purposes described in this Privacy Policy, such as including Users in screenings for appropriate selection processes and contacting them when opportunities arise.
We emphasize that the use of AI does not eliminate the need for human analysis throughout the recruitment and selection process, as this is essential to ensure the accuracy and quality of decisions based on the data collected and processed by AI.
In accordance with Article 20 of the LGPD, the data subject has the right to request a review of decisions made based exclusively on the automated processing of personal data that affect their interests, including decisions that define their personal or professional profile or suitability for selection processes. To exercise this right, the data subject may contact our DPO through the channels indicated in Section 10 of this Policy, and we commit to responding to the request within 15 (fifteen) days, clarifying the criteria and procedures used.
This document may be updated to reflect any changes in personal data processing practices involving the use of AI, always in compliance with applicable legislation and respecting Users’ rights regarding their personal data.
If you have any questions or concerns regarding the processing of your personal data by AI, please contact us through the channels indicated in this Privacy Policy (juridico@getsolu.ai).
2.5 BACKGROUND CHECK
Due to the nature of our recruitment and selection activities, we may conduct or coordinate background checks on candidates’ personal and professional history (“Background Check”). For Solu, the processing of data resulting from these checks is based on the legitimate interest of the controller (Art. 7, item IX, of the LGPD), as it constitutes an activity essential to the provision of the recruitment service and is expected by the candidate in the context of the selection process; and, for contracting partner companies, on the execution of preliminary procedures to the employment contract in which the candidate is an interested party (Art. 7, item V, of the LGPD).
The verifications may cover the following categories of data and information: (i) criminal and civil records, through consultation of public databases; (ii) verification of professional and academic references with third parties indicated by the candidate or identified based on their professional history; (iii) consultation of delinquency records with credit protection agencies, when the position to be filled justifies such verification for reasons of necessity and proportionality that are duly substantiated; and (iv) confirmation of resume data, including academic background and employment history.
In compliance with the principle of transparency set forth in Article 6, item VI, of the LGPD, the candidate will be informed in advance, in a clear and accessible manner, about the conduct of the Background Check, the categories of data to be verified, and the sources to be consulted—including previous employers, educational institutions, and public databases. This obligation to provide prior information stems directly from the duty of transparency incumbent upon the data controller and is not conditional upon the data subject’s consent, given the distinct legal basis underpinning the processing.
The results of the verifications will be shared exclusively with the contracting partner companies involved in the respective selection process, within the limits of the purpose that justified the processing and in compliance with the principle of necessity; use for purposes incompatible with the recruitment that gave rise to them is prohibited, as detailed in Section 3 of this Policy.
3. SHARING PERSONAL DATA WITH THIRD PARTIES
Some of the personal data mentioned (such as professional history and/or resume, compensation and/or salary expectations, and contact information such as phone number and email address) may be shared by us with third parties, specifically with partner companies that are conducting or about to conduct recruitment processes.
The results of background checks conducted as part of the Background Check (as per Section 2.5) may also be shared with the contracting partner companies involved in the respective recruitment process, based on Solu’s legitimate interest (Art. 7, IX) and the execution of pre-contractual procedures in favor of the contracting company (Art. 7, V), and sharing for purposes other than or incompatible with the selection process that gave rise to the processing is prohibited. Access to the information will be controlled by Us and will adhere to the “need-to-know” principle with respect to Our actions. No third party, whether an individual or an entity, will have unrestricted access to information that is not relevant to their business relationship with Us at that specific time.
We will share this data for the purpose of informing the responsible recruiters of the User’s skills and career stage, so that they may assess their compatibility with the selection process(es) they are conducting or about to conduct.In addition to the situations described here, we may share data with third parties to comply with a legal or regulatory requirement, or to comply with an order issued by a public authority.
In any case, the sharing of personal data will comply with all applicable laws and regulations, always seeking to ensure the security of our Users’ data, in accordance with industry-standard technical practices.
3.1 INTERNATIONAL DATA TRANSFERS
Due to the use of cloud computing services and information technology tools provided by international suppliers, personal data may be transferred to countries or international organizations located outside Brazil.
In such cases, we will ensure that such transfers comply with the requirements set forth in Articles 33 through 36 of the LGPD, by adopting appropriate safeguards, such as entering into standard contractual clauses, or by verifying in advance that the recipient country or entity provides a level of personal data protection adequate to that provided for in Brazilian law, in accordance with criteria established by the National Data Protection Agency (ANPD).
The User may request information regarding international transfers through the contact channels indicated in Section 10 of this Policy.
4. HOW LONG WILL YOUR PERSONAL DATA BE STORED?
The personal data collected by the website is stored and used for a period of time necessary to achieve the purposes listed in this document, taking into account the rights of the data subjects, the rights of the website controller, and applicable legal or regulatory provisions.Once the retention periods for personal data have expired, they are removed from our databases or anonymized, except in cases where storage is permitted or required by law or regulation.
As general guidance on the retention periods applied:
- (i) data collected for active recruitment purposes will be retained for a period of 24 (twenty-four) months, renewable upon new consent from the data subject;
- (ii) data of candidates effectively hired by partner companies will be transferred to the respective contracting controller and subject to the latter’s retention policy;
- (iii) background check results will be deleted or anonymized within 90 (ninety) days after the conclusion of the corresponding selection process, unless otherwise required by law;
- and (iv) data retained to comply with legal obligations will be kept for the periods provided for in the applicable specific legislation, including the applicable statutes of limitations.
5. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Every personal data processing operation must have a legal basis—that is, a justification authorizing it, as provided for in the General Personal Data Protection Law. All of our personal data processing activities are based on a legal basis permitted by law.
The main legal bases we use are: (i) the data subject’s consent (Art. 7, I), applicable to voluntary registration on the website and the use of IA Sol to generate profile reports, as well as for sending marketing communications when expressly authorized by the candidate; (ii) the legitimate interest of the controller (Art. 7, IX), applicable to screening activities, candidate referrals, operational communications regarding the selection process, and the conduct of Background Checks by Solu, which constitute the company’s core business and are expected by the candidate in the context in which the data was provided; (iii) the performance of preliminary procedures to the contract to which the data subject is a party (Art. 7, V), applicable to the conduct of ongoing selection processes and to the Background Check performed on behalf of contracting partner companies, as a pre-contractual step required by the employer; and (iv) compliance with a legal or regulatory obligation (Art. 7, II), when the retention or sharing of data is required by specific legislation or by order of a competent authority.
Further information regarding the legal bases we use for specific personal data processing operations can be obtained through our contact channels, listed at the end of this Policy.
6. USER RIGHTS
Website users have the following rights regarding their data, as granted by the Personal Data Protection Act:
- Confirmation of the existence of data processing;
- Access to data;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;
- Portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, subject to commercial and industrial secrecy;
- Deletion of personal data processed with the data subject’s consent, except in cases provided for by law;
- Information regarding the public and private entities with which the controller has shared data;
- Information regarding the option to withhold consent and the consequences of refusal;
- Withdrawal of consent.
It is important to note that, under the LGPD, there is no right to erasure of data processed on legal grounds other than consent, unless the data is unnecessary, excessive, or processed in violation of the law.
6.1 HOW THE DATA SUBJECT CAN EXERCISE THEIR RIGHTS
Data subjects whose personal data is processed by us may exercise their rights by sending a message to our Data Protection Officer ("DPO") via email or mail. The necessary information for this is in the "HOW TO CONTACT US" section of this PRIVACY POLICY.
To ensure that the User seeking to exercise their rights is, in fact, the data subject of the request, we may request documents or other information that may assist in their proper identification, in order to safeguard our rights and the rights of third parties. This will only be done, however, if absolutely necessary, and the requester will receive all related information.
In accordance with the provisions of the LGPD, requests from data subjects will be addressed within fifteen (15) calendar days from the date of receipt by Solu.
6.2 COMMUNICATION WITH APPLICANTS
All candidates who participate in interviews with Sol, our virtual recruiter, will have their email addresses automatically added to our mailing list. This measure is intended to keep them informed about platform updates, system improvements, news, and promotions.
This practice is in line with our Privacy Policy, ensuring transparency and respect for our users’ data. Users can unsubscribe from the mailing list directly via email by using the "Unsubscribe" button included in the email itself.
7. SECURITY MEASURES IN THE PROCESSING OF PERSONAL DATA
We employ technical and organizational measures designed to protect personal data from unauthorized access and from situations involving the destruction, loss, misplacement, or alteration of such data.
The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a potential breach would pose to the User’s rights and freedoms, and the standards currently employed in the market by companies similar to ours.Among the security measures we have adopted, we highlight the following:
- Storage of passwords using cryptographic hashes;
- Restrictions on access to databases.
In addition to the measures above, we have adopted the following complementary safeguards: role-based access control and the principle of least privilege, so that each employee accesses only the personal data strictly necessary for the performance of their duties; logging of access and auditing of operations performed on personal data; use of secure connections (TLS/SSL) for data transmission between systems; and an ongoing training and awareness program on information security and personal data protection for all employees who handle Users’ personal data.
Although we take every measure within our power to prevent security incidents, it is possible that a problem may arise caused exclusively by a third party—such as in the case of attacks by hackers or crackers—or due to the User’s sole fault, which occurs, for example, when the User transfers their own data to third parties. Thus, although we are generally responsible for the personal data we process, we disclaim liability in the event of exceptional situations such as these, over which we have no control.
In any case, should any security incident occur that could pose a risk or cause significant harm to any of our Users, we will notify those affected and the National Data Protection Authority of the incident, in accordance with the provisions of the General Data Protection Law.
8. COMPLAINT TO A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, personal data subjects who feel they have been harmed in any way may lodge a complaint with the National Data Protection Authority.
9. CHANGES TO THIS POLICY
This version of our PRIVACY POLICY was updated on: March 9, 2026
We reserve the right to modify these terms at any time, particularly to adapt them to any changes made to our website, whether through the introduction of new features or the removal or modification of existing ones.
Whenever a modification is made, our Users will be notified of the change.
10. HOW TO CONTACT US
If you have any questions about this Privacy Policy or the personal data we process, please contact our Data Protection Officer (“DPO”) through one of the channels listed below:
Legal Email: juridico@getsolu.ai
Mailing Address: Virtual Office
Name of the Data Protection Officer (DPO): Gabriel Appel
.svg)