HireflowSign in →

Privacy Policy

Effective: May 8, 2026

Hireflow (“we”, “us”) provides hiring infrastructure for People teams. This policy describes how we handle personal data — both for our own customers (“Account Holders”) and for the candidates whose data is processed inside customer workspaces (“Candidates”).

Note: This is a starter template and must be reviewed by counsel before relying on it for production. Replace this notice and verify each section reflects your actual practices, sub-processors, and retention schedules.

1. Roles

For data Account Holders submit about themselves and their teammates (name, email, billing details), Hireflow is the controller. For data customers process inside their workspace about Candidates, Hireflow is a processor acting under the Account Holder’s instructions, governed by the Data Processing Addendum at /dpa.

2. What we collect

Account data

  • Name, email, company name, password (hashed) when you sign up
  • Billing address and payment method (stored by Stripe; we receive a token only)
  • Audit metadata: IP, user agent, action timestamps

Candidate data (processed on customers’ behalf)

  • Name, email, phone, social links, resume contents
  • Application form responses, AI-extracted fields, interview notes
  • Pipeline status changes and team comments about the candidate

3. Why we collect it

  • Service provision — to operate the workspace, run AI extraction, send notifications.
  • Billing — to charge for the subscription (Stripe).
  • Security & abuse — rate limiting, fraud prevention, audit logging.
  • Aggregate analytics — to improve the product (no candidate PII leaves the customer’s tenant).

4. Legal bases (GDPR / DPDPA)

For Account Holders we rely on contract performance and legitimate interest. For Candidates we rely on the Account Holder’s lawful basis (typically consent or legitimate interest in recruitment); the Account Holder must satisfy that basis in their own privacy notice.

5. Data location

Application data is hosted in the EU (Neon Postgres, Frankfurt region). Resume files are stored on object storage co-located with the database. Customer-Sub-processors are listed at /dpa#subprocessors.

6. Retention

  • Account data — for the life of the subscription, then 90 days.
  • Candidate data — controlled by the Account Holder. Hireflow purges within 30 days of workspace deletion.
  • Audit logs — 13 months.
  • Backups — encrypted; rolled off after 35 days.

7. Your rights

Account Holders can export or delete their workspace data via Settings → Data. Candidates wishing to exercise GDPR / DPDPA rights against a Hireflow-hosted workspace should contact the Account Holder (the data controller); Hireflow will assist with technical execution within 30 days of receiving a verified request from the controller.

8. Security

  • TLS in transit, AES-256 at rest
  • Row-level multi-tenancy with Postgres RLS on every tenant table
  • Optional dedicated Postgres schema for Enterprise customers
  • Audit log of every control-plane mutation
  • Quarterly access review

9. Children

Hireflow is not directed at users under 16. We do not knowingly collect data from children.

10. Changes

We post material changes 30 days before they take effect and email Account Holders.

11. Contact

Email privacy@hireflow.app for any privacy question. Our EU representative is listed at /dpa#representative.

Questions? Email legal@hireflow.app.