Data processing addendum

Version 1 · 18 July 2026

This addendum forms part of the JOBE Recruit terms when a customer uses JOBE to process personal information for which that customer is a controller. It records the controller-to-processor instructions and safeguards for that customer workspace.

Postal address must be completed

The Processor is Christopher John Howitt, a sole trader trading as JOBE Recruit. A valid postal or service address is still required in the Terms. This addendum should not be treated as commercially complete until that address is published.

1. Roles and order of terms

The subscribing recruiter or recruitment business is the Customer and normally the controller of candidate, client and recruitment-workspace information. Christopher John Howitt, trading as JOBE Recruit, is the Processor for that information. He remains a separate independent controller for JOBE’s own account administration, billing, security, support, consent-based analytics and corporate prospect research that JOBE sources or creates for the lead marketplace, as explained in the Privacy notice.

This addendum does not govern JOBE’s independent-controller marketplace research. If the Customer saves, supplements or uses a marketplace record for outreach, the Customer is a separate controller for that use and JOBE processes the resulting workspace copy on the Customer’s instructions.

This addendum applies for the subscription and any period in which the Processor retains Customer personal information. If it conflicts with the general Terms about processing Customer personal information, this addendum takes priority. It does not replace a lawful international-transfer mechanism where one is required.

2. Processing details

Subject matterProviding the JOBE recruitment workspace, authentication, synchronisation, Business team collaboration, requested AI and transcription actions, reporting, support and client-sharing functions.
DurationThe service term plus the deletion, backup, dispute and legal-retention periods described in the Privacy notice.
Nature and purposeReceiving, hosting, organising, retrieving, synchronising, analysing on request, transmitting to authorised providers or recipients, exporting and deleting information to deliver Customer-selected recruitment workflows.
PeopleCandidates, prospective candidates, client contacts, prospective clients, referees and the Customer’s authorised users.
InformationIdentity and contact information; CV, employment, skills, availability, interview and assessment information; job and client records; recruiter notes; call transcript text and summaries; shortlist decisions; tasks and commercial records. The Customer must avoid unnecessary special-category, criminal-offence, identity-document and financial information.
InstructionsThis addendum, the Terms, the Customer’s settings and the actions its authorised users take in JOBE. The Customer can give additional lawful written instructions through support where they are consistent with the service.

3. Processor commitments

4. Sub-processors

The Customer gives general written authorisation for the Processor to use the sub-processors listed below for the stated functions. The Processor must impose data-protection obligations appropriate to each service and remains responsible to the Customer for its sub-processors’ performance of those obligations.

The Processor will publish a material new sub-processor on this page before it begins processing Customer workspace information where reasonably practicable. A Customer with a reasonable data-protection objection must contact support promptly. The parties will try in good faith to resolve it; if no reasonable alternative exists, the Customer may stop the affected function or terminate before that sub-processor begins processing.

ProviderFunctionInformation when used
SupabaseAuthentication, individual workspace sync, shortlist and feedback storageAccount identity and relevant workspace or shortlist records
RailwayApplication/API hosting and Business shared-workspace databaseService requests, operational records and shared Business records
AnthropicRequested extraction, structuring, summarisation and coachingOnly content needed for the requested AI action
OpenAIRequested transcription and configured support assistanceSelected audio or support question text
ResendSupport and team-invitation deliverySupport message or invitation contact details

Stripe, Google Analytics and Companies House normally process billing, consent-based product analytics or public corporate queries for JOBE’s or the Customer’s separate purposes rather than processing the core recruitment workspace on the Customer’s behalf. Anthropic may also process limited corporate prospect fields for JOBE’s independent-controller marketplace scoring or sales preparation. Those activities fall under the Privacy notice rather than this processor addendum.

5. International processing

The providers above may process information in the UK, EEA, United States or another service location. Each party must meet the transfer obligations that apply to transfers it initiates. Where the Processor initiates a restricted transfer, it will use an applicable adequacy regulation, the UK International Data Transfer Agreement or Addendum, or another lawful safeguard, and will provide reasonable information for the Customer’s assessment on request. The Customer authorises transfers made consistently with this section and the sub-processor authorisation above.

6. Customer commitments

7. Information and audits

The Processor will first satisfy an audit request with current policies, processing summaries, provider information and reasonable written answers. If that is insufficient, the Customer may conduct one proportionate audit in a 12-month period on at least 30 days’ notice, during normal business hours, subject to confidentiality, security and other customers’ rights. Additional audits are permitted after a confirmed material breach or where a regulator requires one. The Customer bears its audit costs and the Processor may charge reasonable costs for bespoke assistance unless the audit identifies a material Processor breach.

Contact and reference

Questions or additional written instructions: chrisjhowitt@gmail.com.

This addendum follows the compulsory controller–processor topics summarised in the UK Information Commissioner’s Article 28 contract guidance. Customers should take their own legal advice about their particular recruitment processing and transfers.