Effective Date: May 6, 2026
Version: 1.0
This page lists the third-party service providers (“sub-processors”) that Talent Ray FZ-LLC engages to provide the Talent-Ray HR evaluation platform. We maintain this list to give candidates and customers transparency about who processes personal data on our behalf.
We require every sub-processor to be bound by a written Data Processing Agreement (DPA) that imposes obligations no less protective than those we owe to our customers, including confidentiality, security, breach notification, and assistance with data subject rights.
Current Sub-processors
AI / Machine Learning Providers
These providers process candidate inputs (test answers, CVs, voice/text content) to generate evaluation outputs. Talent-Ray transmits only the data needed for the specific request, and providers are contractually prohibited from training their general models on our customers’ data.
| Provider | Entity & Location | Purpose | Safeguards |
|---|---|---|---|
| OpenAI | OpenAI, L.L.C. — United States | AI-based evaluation, content analysis | DPA, SCCs, no-training contractual commitment |
| Anthropic | Anthropic PBC — United States | AI-based evaluation, content analysis | DPA, SCCs, no-training contractual commitment |
| Google (Gemini API) | Google LLC — United States | AI-based evaluation, content analysis | DPA, SCCs, no-training contractual commitment |
| ElevenLabs | ElevenLabs Inc. — United States / EU | Text-to-speech for voice tests | DPA, SCCs |
In addition to the above, Talent Ray FZ-LLC operates proprietary self-hosted AI infrastructure within the EU (Germany) for selected customers and workloads. Personal data routed through this infrastructure does not leave Talent-Ray’s controlled environment and is not shared with any third-party AI provider.
Hosting and Infrastructure
| Provider | Entity & Location | Purpose | Safeguards |
|---|---|---|---|
| Hetzner Online GmbH | Germany (EU) | Application and database hosting, file storage | DPA, EU-located data centres, ISO 27001 certified |
Communications
| Provider | Entity & Location | Purpose | Safeguards |
|---|---|---|---|
| Resend | Resend, Inc. — United States (with EU infrastructure available) | Transactional email delivery (account, invitation, notification emails) | DPA, SCCs |
Authentication / Single Sign-On (Optional)
These providers are only invoked when a user actively chooses to sign in via that provider; no data is shared with them otherwise.
| Provider | Entity & Location | Purpose | Safeguards |
|---|---|---|---|
| Google LLC | United States | Optional “Sign in with Google” | OAuth standard, provider-side privacy policy applies |
| Microsoft Corporation | United States | Optional “Sign in with Microsoft” | OAuth standard, provider-side privacy policy applies |
| LinkedIn (Microsoft) | United States | Optional “Sign in with LinkedIn” | OAuth standard, provider-side privacy policy applies |
Planned Sub-processors
The following providers are part of our roadmap but are not yet active. We will move them to the “Current” section above with at least 30 days’ notice before activation.
| Provider | Intended Purpose | Status |
|---|---|---|
| Stripe | Payment processing for paid subscriptions | Planned — not yet integrated |
How We Notify You of Changes
When we add, remove, or replace a sub-processor that materially affects our customers or candidates, we will:
- Update this page with the new effective date and version number
- For active customer organisations, send an email notice to the designated billing/admin contact at least 30 days before the change takes effect
- Customers who object to a new sub-processor on reasonable, documented grounds may, as their sole remedy, terminate the affected portion of their subscription with a pro-rata refund of pre-paid fees
To subscribe to sub-processor change notifications, email [email protected] with the subject “Subscribe: sub-processor updates”.
Contact
Questions about this list, or about how a specific sub-processor handles your data:
Talent Ray FZ-LLC
Premises No. HD49A, First Floor, in5 Tech, Dubai Internet City, Dubai, United Arab Emirates
Email: [email protected]
This list is maintained in compliance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, GDPR Article 28, and KVKK Article 12.
