Privacy Policy

1. Information We Collect

Recruiters & Employers (Account Holders)

• Name, email address, and password (hashed — never stored in plain text)
• Workspace and company details you provide
• Job postings, hiring pipeline data, and notes you create
• Team member information you add to your workspace
• Usage data (pages visited, features used) via analytics cookies — only with your consent

Job Applicants

• Full name, email address, and phone number
• CV / resume files (PDF), stored with original filenames
• Profile photo (if provided)
• LinkedIn profile URL and publicly available LinkedIn profile data (only when a recruiter submits a LinkedIn URL)
• GitHub profile URL and public GitHub data (for Information Technology roles only)
• Cover letter, languages, nationality, location, and salary expectation (if provided)
• Answers to custom application questions set by the employer

Usage & Technical Data

• Log data including IP address, browser type, device information, and pages visited
• Cookies and similar tracking technologies (analytics only with your consent)
• Feature usage patterns used to improve the service

Document Signers (E-Signature Feature)

When a person signs a document via Hirempire's e-signature feature (whether as a candidate or as an authorized employer signatory), we collect and permanently store the following as part of the legally required audit trail:

• Full name and email address provided at time of signing
• IP address and resolved country at the time of signing
• Browser and device information (User-Agent string)
• Timestamp (UTC) of signing and of explicit consent
• SHA-256 cryptographic hash of the signed PDF document
• The signed PDF document itself, stored in encrypted cloud storage

This data is collected on the legal basis of legitimate interests (maintaining a legally valid audit trail) and legal obligation (compliance with applicable e-signature laws globally, including ESIGN/UETA, eIDAS 2.0, Egyptian Law 15/2004, UAE Federal Decree-Law 46/2021, and equivalent laws in other jurisdictions). Signers provide explicit consent via a mandatory consent checkbox before signing is permitted. This audit data is essential for any potential legal dispute and cannot be deleted during the 5-year retention period.

2. How We Use Your Information

• To provide the service — managing your account, jobs, candidates, and hiring workflows
• Applicant matching — applicant data is shared exclusively with the recruiter or employer who owns the job posting. No other user or third party can access it.
• AI-powered features — CV screening, job description generation, and candidate evaluation using OpenAI (GPT) and Anthropic (Claude). Your data is never used to train these models.
• Automated communications — sending follow-up emails and notifications on your behalf. You control content, timing, and recipients. Every automated email includes an unsubscribe mechanism.
• Analytics — understanding how Hirempire is used to improve it (analytics cookies only with your consent)
• Security — detecting and preventing fraud and abuse

3. Legal Basis for Processing (GDPR)

• Contract performance — processing necessary to provide the service you signed up for
• Legitimate interests — security, fraud prevention, and service improvement
• Consent — analytics cookies (you can withdraw at any time)
• Legal obligation — where required by applicable law

4. Data Sharing & Sub-processors

We do not sell or share your personal data with third parties for marketing or advertising purposes. We use the following sub-processors to operate the service:

5. Third-Party Integrations

Cal.com (Interview Scheduling)

We connect to Cal.com via OAuth to enable interview scheduling. We access your calendar availability to display open slots and confirm bookings. Only meeting details relevant to your hiring pipeline are retained.

Email Providers (Gmail, Outlook)

Hirempire Inbox connects to your email provider via OAuth. We access only emails relevant to your recruitment conversations. We do not read, store, or process emails unrelated to the service.

LinkedIn (Chrome Extension)

Our Chrome Extension imports publicly visible LinkedIn profile data only when you explicitly choose to add a candidate. We do not access private LinkedIn messages, connection lists, or any data beyond the visible public profile.

Hirempire MCP Server (Claude / Anthropic)

Hirempire provides an MCP (Model Context Protocol) server that allows you to connect your Hirempire workspace to Claude (by Anthropic) and other compatible AI assistants. When you enable this integration, the following applies:

• The MCP server exposes a set of tools that the AI assistant can call on your behalf: get_companies, get_jobs, get_candidates, update_candidate_stage, and create_job.
• Read-only tools (get_companies, get_jobs, get_candidates) retrieve data from your workspace and pass it to the AI model to answer your queries. No data is modified.
• Write tools (update_candidate_stage, create_job) make changes to your workspace data. These are only executed following explicit instructions from you in your conversation with the AI.
• Your workspace data (companies, jobs, candidates) is transmitted to Anthropic's infrastructure as part of the AI model's context. Anthropic's own privacy policy governs how this data is handled on their side. Hirempire does not use your workspace data to train AI models.
• MCP access is authenticated using your Hirempire account credentials. You can revoke MCP access at any time from your workspace settings.
• All tool calls made via the MCP server are scoped exclusively to your own workspace — no cross-workspace data access is possible.

The MCP server is an opt-in integration. You must explicitly configure it in Claude or another compatible AI client to activate it. If you have questions about data handling within this integration, contact [email protected].

6. International Data Transfers

Our infrastructure is hosted in the United States (Chicago, IL) on Oracle Cloud Infrastructure, which is certified under the EU-US Data Privacy Framework (DPF). File storage is on Amazon Web Services (DPF-certified). AI processing is via OpenAI and Anthropic, both DPF-certified with executed Data Processing Agreements. Where data transfers occur outside the EU/EEA without DPF coverage, we rely on Standard Contractual Clauses (SCCs).

7. Data Security

• All data is transmitted over HTTPS (TLS encryption)
• Data at rest is encrypted by Oracle Cloud Infrastructure and AWS S3
• Access to applicant data is restricted by row-level security — only workspace members can access their workspace data
• Passwords are hashed and never stored in plain text

If you suspect a security issue, contact us at [email protected].

8. Data Retention

• Account data — retained while your account is active. Deleted within 30 days of account deletion request.
• Applicant data — retained as long as the associated workspace is active. Recruiters can delete individual applications at any time.
• CV files — stored until the recruiter deletes the application or the workspace is deleted.
• Signed documents & e-signature audit records — retained for a minimum of 5 years from the date of signing, as required for legal compliance. This includes the signed PDF, IP address, country, device information, consent timestamp, and document hash. These records cannot be deleted on request during the retention period due to legal obligations.
• Analytics data — up to 14 months per Google Analytics retention policy.

9. Cookies & Tracking

We use two types of cookies:

• Necessary cookies — required for authentication and core platform functionality. Always active.
• Analytics cookies — Google Analytics and PostHog, used to understand how visitors use Hirempire. Only set with your explicit consent.

You can manage your cookie preferences at any time using the Cookie Settings link in the footer.

10. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights:

• Access — request a copy of the data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data
• Restriction — request we limit how we use your data
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests
• Withdraw consent — withdraw analytics consent at any time via Cookie Settings in the footer

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Applicants: If you submitted a job application and want your data deleted, email us with the job title and company name. We will process your request within 30 days.

11. Children's Privacy

Hirempire is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us at [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users by email for material changes at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent revision.