Who I am
This site is operated personally by Mzwakhe Mokhatla, based in South Africa. For any privacy question or to exercise the rights described below, email mokhatla.mzwakhe@gmail.com.
What I collect, and why
I only collect what the recruiter verification flow on /recruiter actually needs.
- Account details, your full name, work email, company, role you're hiring for, and a company website / LinkedIn URL. You give this when you request access.
- Authentication data, a one-time code emailed to your inbox, plus a session token after verification so you stay signed in.
- Technical metadata, IP address and user-agent of the device that signed in, captured for fraud prevention and audit logs.
- Consent records, your cookie choices and policy acceptance, so I can prove consent was given (GDPR Article 7).
I do not sell data, run advertising, or share data with social networks. There is no marketing pixel on this site.
Lawful basis
- Contract / pre-contract (GDPR Art. 6(1)(b)), you provide your details to take a step toward a hiring conversation.
- Legitimate interest (Art. 6(1)(f)), fraud prevention and audit logs of who accessed the CV.
- Consent (Art. 6(1)(a)), non-essential cookies and any future analytics.
Who processes the data with me
- Neon (Postgres database, EU-West-2), stores user records and consent logs.
- Resend, delivers the one-time verification code to your inbox.
- Vercel, hosts the site and routes traffic.
Each of these is a data processor under a Data Processing Agreement and only handles data on documented instructions.
Retention
Recruiter accounts are kept for 365 days from your last sign-in and are then either deleted or anonymised, unless you ask me to delete them sooner. Audit logs (sign-ins, consent events) are kept for 24 months for security and legal reasons, then deleted.
Your rights
Under GDPR and similar laws (UK GDPR, POPIA, CCPA), you have the right to:
- Access, export everything I hold about you as JSON via
/recruiter→ “Export my data”. - Rectification, update your name, company, role, and URL by going through sign-up again with the same email.
- Erasure, delete your account and all associated profile data via
/recruiter→ “Delete my account”. - Withdraw consent, reopen the cookie banner at any time from the footer.
- Object / restrict, email me and I'll comply within 30 days (usually within 48 hours).
- Lodge a complaint, with your local supervisory authority (in South Africa, the Information Regulator; in the EU, your national DPA).
International transfers
Data is processed primarily in the EU (Neon EU-West-2, Resend EU region) and may transit through Vercel's global edge network. Standard contractual clauses (or the equivalent transfer mechanism) are in place with each processor.
Changes to this policy
When this policy changes materially, the version string at the top of the page is bumped and you will be asked to re-confirm consent on your next visit.