HireAI← Back to Home
Legal

Privacy Policy

Last updated: April 2026 · Applies to all HireAI users and data subjects

Table of Contents

  • 1.Overview
  • 2.Who We Are
  • 3.Data We Collect
  • 4.Candidate Data (Uploaded by Users)
  • 5.How We Use Your Data
  • 6.Third-Party Services
  • 7.Data Storage & Security
  • 8.Data Retention
  • 9.Your Rights
  • 10.Cookies
  • 11.Children's Privacy
  • 12.Changes to This Policy
  • 13.Contact Us

01 · Overview

HireAI is built for HR professionals who need faster, smarter candidate screening. In doing so, we handle two types of data: data about you (our registered user) and data about candidates whose resumes you upload.

We take privacy seriously. This policy explains clearly what data we collect, why we collect it, how it is used, and how you and candidates can exercise rights over it.

Short version: We collect what's needed to run the platform. We don't sell data. We don't train AI on your candidate data. You control what you upload and can request deletion.

02 · Who We Are

HireAI is an early-stage SaaS product. For the purposes of data protection law, HireAI is the data controller for user account data, and acts as a data processor for candidate data uploaded by users (who are the data controllers for that data).

Contact: hireai.work@gmail.com

03 · Data We Collect (About You, the User)

CategoryData PointsPurpose
Account DataName, email address, password (hashed)Account creation and authentication
Payment DataTransaction ID, amount, credit pack purchased (no card details stored by us)Credit tracking and billing history
Usage DataPages visited, features used, credit consumption logs, timestampsPlatform analytics, debugging, product improvement
Technical DataIP address, browser type, device typeSecurity monitoring and abuse prevention
Support DataMessages sent to supportResolving support tickets

04 · Candidate Data (Uploaded by You)

When you upload resumes and candidate documents, HireAI processes the following candidate personal data on your behalf:

  • Name, email, phone number (extracted from resume)
  • Work history, education, skills listed in the resume
  • GitHub profile URL (extracted from resume)
  • Public GitHub data: repository names, commit history, star counts, programming languages (fetched via GitHub's public API)
  • AI-generated analysis scores and authenticity assessments derived from the above

You are responsible for ensuring you have a lawful basis to upload and process candidate personal data. HireAI processes this data only as instructed by you to deliver the analysis service.

We do not use candidate data to train our AI models. Candidate data is siloed per account and is not accessible to other users.

05 · How We Use Your Data

  • To provide the Service: Process resumes, run AI analysis, deliver scores and reports
  • To manage your account: Authentication, credit management, billing
  • To improve the product: Aggregated, anonymized usage analytics to understand how features are used
  • To communicate with you: Transactional emails (credit purchase receipts, account alerts), and occasional product updates (you can opt out)
  • To maintain security: Fraud detection, abuse prevention, system monitoring
  • To comply with legal obligations: If required by law or court order

We do not sell, rent, or share your personal data or candidate data with any third party for marketing purposes.

06 · Third-Party Services

HireAI integrates with the following third-party services to deliver its functionality:

ServicePurposeData Shared
SupabaseDatabase & authenticationAccount data, uploaded files, analysis results
Google (OAuth)Single Sign-On (SSO) authentication and seamless account creation.Email address, name, and basic profile picture retrieved for account setup. Secure auth tokens exchanged for session management.
Anthropic (Claude API)AI analysis engineResume text and GitHub data passed for analysis. Subject to Anthropic's data policies.
GitHub APIFetch public GitHub profile dataGitHub usernames/URLs
Dodo PaymentsPayment processingPayment transaction info (no raw card data)
Upstash (QStash)Background job scheduling and serverless message queueing for application processes.Task execution metadata and webhook routing URLs (no personally identifiable candidate data or raw resume files are shared).
VercelHosting & deploymentServer logs, request metadata

All third-party providers are selected for their data security standards. We encourage you to review their privacy policies independently.

07 · Data Storage & Security

Your data is stored on Supabase infrastructure. We implement industry-standard security practices including:

  • Encryption in transit (HTTPS/TLS for all data transfers)
  • Encryption at rest for stored files and database records
  • Access controls: only authorized personnel can access production data
  • Row-level security policies ensuring your data is isolated from other users

While we take security seriously, no system is 100% impenetrable. In the event of a data breach affecting your data, we will notify you within 72 hours of becoming aware of it.

08 · Data Retention

  • Account data: Retained for the lifetime of your account plus 90 days after deletion
  • Uploaded resumes and candidate data: Retained for 12 months from upload date, or until you delete them, whichever comes first
  • Analysis results: Retained for 12 months or until you delete your account
  • Payment records: Retained for 7 years as required for financial compliance
  • Support communications: Retained for 2 years

You can request deletion of specific data or your entire account at any time by contacting hireai.work@gmail.com.

09 · Your Rights

Depending on your jurisdiction, you may have the following rights over your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email hireai.work@gmail.com. We will respond within 30 days. Note that as a recruiter using HireAI, you are also responsible for handling rights requests from the candidates whose data you upload.

10 · Cookies

HireAI uses minimal cookies:

  • Essential cookies: Session authentication tokens — required for the platform to function
  • Analytics cookies: Anonymized usage tracking to improve the product (you may opt out)

We do not use advertising cookies or cross-site tracking cookies. You can control cookie preferences via your browser settings.

11 · Children's Privacy

HireAI is a B2B platform intended for professionals aged 18 and above. We do not knowingly collect data from individuals under 18. If you believe a minor's data has been submitted, contact us immediately at hireai.work@gmail.com.

12 · Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent in-app notice at least 7 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.

13 · Contact Us

For all privacy-related questions, requests, or concerns:

Email: hireai.work@gmail.com

We are committed to responding to all privacy inquiries within 30 days.