Information in compliance with personal data protection regulations
In Europe and Spain, there are data protection regulations designed to safeguard your personal information, and our company strictly complies with them.
For this reason, it is very important to us that you clearly understand what we will do with the personal data we request.
We aim to be transparent and give you control over your data, using simple language and clear options that allow you to decide how your personal information is used.
If you have any questions after reading this information, please do not hesitate to contact us.
Who are we?
• Company name: GENIUS for PEOPLE, S.L.
• Tax ID (CIF): B44879849
• Main activity: Software development, cloud-based business management programs, web development, and e-commerce.
• Address: C/ Badajoz Nº 32, 08005, Barcelona
• Contact email: admin@mainder.ai
• Website: http://www.mainder.ai
We are at your disposal—please don’t hesitate to contact us.
What will we use your data for?
In general, your personal data will be used to maintain our relationship with you and to provide our services.
They may also be used for other activities, such as sending you advertising or promoting our activities.
Why do we need to use your data?
Your personal data is necessary for us to interact with you and provide our services. To this end, we will provide you with checkboxes and clear options so you can easily decide how your personal information is used.
Who will have access to your information?
In general, only authorized personnel from our company will have access to the information you provide.
In some cases, other entities that need access to your data in order to provide our services may also view it. For example, our bank will have access to your details if payment for our services is made by card or bank transfer.
Additionally, public or private entities to which we are legally required to disclose your personal data may also have access—for example, tax authorities in compliance with tax law.
If, outside of these cases, we need to share your personal information with other entities, we will first ask for your permission through clear options that allow you to decide.
How will we protect your data?
We protect your data with effective security measures appropriate to the risks involved in its use.
To this end, our company has approved a Data Protection Policy and conducts annual controls and audits to ensure that your personal data remains secure at all times.
USE OF GOOGLE DATA – INTEGRATION WITH GOOGLE WORKSPACE
1. GOOGLE DATA WE COLLECT AND ACCESS
When you authorize Mainder to connect with your Google account, we access the following specific types of data depending on the permissions (scopes) you grant:
Google Profile Information:
• Full name from your Google account
• Primary email address
• Google profile picture (if available)
• Unique Google user ID
Gmail Data (if Gmail scope is authorized):
• Reading of emails related to recruitment processes
• Sending emails on your behalf to candidates
• Email metadata (sender, recipient, subject, date)
• Email attachments (CVs, portfolios)
• Draft creation
• Label and folder management related to recruiting
Google Calendar Data (if Calendar scope is authorized):
• Reading calendar events to check availability
• Creating events for interviews and meetings
• Modifying existing events (rescheduling interviews)
• Accessing attendee information
• Location and meeting room details
• Google Meet links associated with events
Google Contacts Data (if Contacts scope is authorized):
• Professional contact list
• Contact details (emails, phones, companies)
• Notes linked to contacts
• Contact groups
Google Drive Data (if Drive scope is authorized):
• Access only to files explicitly shared with Mainder
• CVs and candidate documents stored in Drive
• Shared recruitment process folders
2. HOW WE USE GOOGLE DATA
Google data is used exclusively to provide and improve Mainder’s recruiting functionalities:
Communication Management:
• Send interview invitations directly from your Gmail account
• Automate candidate responses while maintaining your corporate identity
• Synchronize candidate conversations for a full communication history
• Attach relevant documents to emails
Interview Scheduling:
• Check your availability before proposing interview times
• Automatically create calendar events with full details
• Generate Google Meet links for virtual interviews
• Send reminders and event updates
Talent Database Management:
• Import relevant professional contacts for recruiting
• Enrich candidate profiles with updated contact data
• Organize candidates into groups by process or skill
Document Storage:
• Access CVs and portfolios stored in Google Drive
• Organize documentation by selection process
• Share documents among recruiting team members
IMPORTANT NOTE:
We do not use Google data for:
• Advertising or marketing unrelated to the requested services
• Selling data to third parties
• Creating profiles for other purposes
• Training AI models without explicit consent
• Any purpose not described in this policy
3. WHO WE SHARE GOOGLE DATA WITH
Data obtained through Google APIs is handled with strict confidentiality.
We do not share your Google data with:
• Advertising or marketing companies
• Data brokers or resellers
• Competitors or unauthorized third parties
• Credit or lending entities
We only share Google data with:
• Your Mainder team members, according to the access permissions you configure
• Essential infrastructure providers:
• Amazon Web Services (AWS): secure data storage in EU servers
• OpenAI: anonymized text analysis for CVs (with prior consent)
• Legal authorities: only when legally required and with notice whenever possible
4. GOOGLE DATA STORAGE AND PROTECTION
We implement enterprise-grade security measures:
Technical Security Measures:
• Encryption in transit: TLS 1.3 for all communications
• Encryption at rest: AES-256 for stored data
• Authentication: OAuth 2.0 with temporary access tokens
• Access control: mandatory 2FA and role-based access (RBAC)
• Audit: full access logs retained for 90 days
• Segregation: full data isolation between clients
Storage Location:
• Primary servers: AWS EU-West-1 (Ireland)
• Backups: AWS EU-West-2 (London)
• Compliance: GDPR, ISO 27001, SOC 2 Type II (in progress)
5. GOOGLE DATA RETENTION AND DELETION
We manage Google data retention transparently:
Retention Policies:
• Active subscription: data retained while you use Mainder
• After cancellation: 90-day retention for potential reactivation
• Automatic deletion: after 90 days post-cancellation
• Access tokens: renewed or expired per Google’s configuration
Request for Immediate Deletion:
To request immediate deletion of your Google data:
• Email: privacy@mainder.ai
• Web form: https://mainder.ai/eliminar-datos
• Response time: within 72 business hours
• Confirmation: data deletion certificate by email
6. GOOGLE ACCESS REVOCATION
You can revoke Mainder’s access to your Google data at any time in two ways:
From Mainder:
• Go to Settings → Integrations
• Select Google Workspace
• Click Disconnect account
• Confirm disconnection
From Google:
• Visit https://myaccount.google.com/permissions
• Find Mainder in the app list
• Click Remove access
Revocation effects:
• Immediate stop to new data access
• Deactivation of Google-dependent features
• Previously processed data retained per retention policy
• You can reconnect anytime
7. COMPLIANCE WITH GOOGLE POLICIES
Mainder strictly complies with all Google policies and requirements:
• Google API Services User Data Policy
• Google OAuth 2.0 Policies
• Limited Use Requirements
• Google Cloud Platform Terms of Service
• Sensitive and restricted scope verification
Audits and Certifications:
• Annual review of Google policy compliance
• Quarterly security audits
• Google Workspace Developer Certification (in progress)
8. TRANSPARENCY OF REQUESTED GOOGLE SCOPES
Mainder requests access to the following Google OAuth 2.0 scopes:
(list continues depending on the scopes granted in your specific integration)
9. UPDATES TO THIS POLICY
• This policy is updated whenever Google’s services or policies change.
• We will notify you by email about significant changes.
• The date of the last update appears at the end of this document.
• Your continued use constitutes acceptance of any changes.
10. CONTACT AND PRIVACY REQUESTS
To exercise your rights regarding Google data or for any inquiries:
Privacy email: admin@mainder.ai
Last updated: October 8, 2025
Will your data be sent to other countries?
Some countries are considered safe for your data, and others are not. For example, the European Union is considered a safe environment. Our policy is not to transfer your personal information to any country that is not deemed secure in terms of data protection.
If, for service-related reasons, it becomes necessary to send your data to a country less secure than Spain, we will always request your prior consent and implement effective security measures to reduce any risks associated with the transfer.
How long will we keep your data?
We will retain your data for the duration of our relationship and as long as required by law. Once the applicable legal periods expire, we will securely delete your data in an environmentally responsible manner.
What are your data protection rights?
At any time, you may contact us to know what information we hold about you, correct it if it is inaccurate, and delete it once our relationship ends, if legally permitted.
You also have the right to request the transfer of your data to another entity. This right is called “data portability” and may be useful in certain circumstances.
To exercise any of these rights, you must submit a written request to our address, along with a copy of your ID, so we can verify your identity.
Specific forms to request these rights are available at our offices, and we are happy to assist you with the process.
For more information on your data protection rights, please visit the website of the Spanish Data Protection Agency (www.agpd.es).
Can you withdraw your consent later if you change your mind?
You can withdraw your consent regarding the use of your data at any time.
For example, if you previously agreed to receive advertising about our products or services but no longer wish to, you can notify us through the opposition form available at our offices.
If you believe your rights have been violated, where can you file a complaint?
If you believe your rights have been disregarded by our company, you can file a complaint with the Spanish Data Protection Agency through any of the following means:
Electronic headquarters: www.agpd.es
Postal address:
Agencia Española de Protección de Datos
C/ Jorge Juan Nº 6, 28001 Madrid
Telephone:
901 100 099 / 912 663 517
Filing a complaint with the Agency is free of charge and does not require a lawyer or legal representative.
Will we create profiles about you?
Our policy is not to create profiles of our service users.
However, in certain situations—such as providing services or for commercial purposes—we may need to create information profiles about you. For example, we may use your purchase or service history to offer you products or services tailored to your preferences.
In such cases, we will apply strong security measures to protect your information from unauthorized access or misuse.
Will we use your data for other purposes?
Our policy is not to use your data for purposes other than those stated. If we ever need to use your data for a different purpose, we will always request your prior consent through clear options allowing you to decide accordingly.
