Privacy Policy

1. Information We Collect

We collect the following types of personal information:

• Account Information: Email address, name, and authentication data via Supabase Auth
• Resume Data: All information you manually enter or import for your resume creation
• Voice Data: Audio recordings and transcripts if you use our voice input feature
• Usage Data: IP address, device type, browser information, timestamps, and interaction logs for security and service improvement
• Payment Information: Billing details processed securely through Stripe (we do not store full payment details)
• Technical Data: Device information, browser type, operating system, and performance data
• Communication Data: Emails, support tickets, and other communications with our team

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our resume building and AI services
• Legitimate Interest: To improve our services, detect fraud, and ensure security
• Consent: For optional features like email notifications and marketing communications
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interests: To protect your safety and security

3. How We Use Your Data

• To generate, personalize, and optimize your resume using AI technology
• To provide customer support and respond to your inquiries
• To improve our services and develop new features
• To detect and prevent fraud, abuse, and security threats
• To process payments and manage subscriptions
• To send important service updates and notifications (you can opt out)
• To comply with legal obligations and enforce our Terms of Service
• To analyze usage patterns and optimize platform performance
• To provide personalized recommendations and content

4. AI Processing and Data Analysis

Our platform uses artificial intelligence to enhance your resume creation experience:

• Your resume data is processed by AI models to generate content suggestions
• Voice recordings are transcribed and analyzed to extract resume information
• Usage patterns are analyzed to improve our AI algorithms
• All AI processing is conducted in accordance with our data protection obligations
• You can request deletion of your data at any time
• AI-generated content is not stored permanently and is used solely for service delivery
• We do not use your data to train third-party AI models without explicit consent

5. How We Store and Protect Your Data

We implement industry-standard security measures to protect your data:

• Data is stored securely using Supabase (hosted within the EU)
• All data transmission is encrypted using TLS/SSL protocols
• Access to your data is limited to authorized personnel only
• We regularly conduct security audits and updates
• We maintain backup systems to prevent data loss
• We implement access controls and authentication mechanisms
• We conduct regular penetration testing and vulnerability assessments
• We have incident response procedures in place

6. Data Retention

We retain your personal data for the following periods:

• Account Data: Until you delete your account or request deletion
• Resume Data: Until you delete your account or the specific resume
• Voice Recordings: Automatically deleted after 30 days
• Usage Logs: Retained for 12 months for security purposes
• Payment Data: Retained as required by financial regulations (typically 7 years)
• Communication Data: Retained for 3 years for customer service purposes
• Backup Data: Retained for up to 90 days in encrypted backups

You can request deletion of your data at any time by contacting us or using the delete account feature.

7. Third-Party Services

We use the following third-party services that may process your data:

• Supabase: Database and authentication services (EU-based)
• OpenAI: AI processing for resume generation (with data processing agreements)
• Stripe: Payment processing (GDPR compliant)
• Vercel: Hosting and CDN services (GDPR compliant)
• Resend: Email delivery services (GDPR compliant)

All third-party services are bound by data processing agreements and GDPR compliance requirements. We conduct regular audits of our third-party providers to ensure compliance.

8. International Data Transfers

Your data is primarily stored and processed within the European Union. Any international transfers are conducted in accordance with GDPR requirements, using appropriate safeguards such as Standard Contractual Clauses (SCCs) and adequacy decisions. We maintain a record of all international data transfers and their legal basis.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right of Rectification: Correct inaccurate or incomplete data
• Right of Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for optional processing
• Right to Lodge a Complaint: File a complaint with supervisory authorities

To exercise these rights, contact us at support@hirective.com. We will respond within 30 days and may request additional information to verify your identity.

10. Cookies and Tracking

We use essential cookies for authentication and service functionality. We do not use tracking cookies or third-party analytics without your explicit consent. You can manage cookie preferences through your browser settings. We also use local storage for application state management.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, in accordance with GDPR requirements. We maintain an incident response plan and regularly test our breach detection and response procedures.

12. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately. We will promptly delete any such information upon verification.

13. Automated Decision Making

Our AI-powered features may involve automated decision making. You have the right to request human review of any automated decisions that significantly affect you. We will provide you with information about the logic involved and the significance and envisaged consequences of such processing.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be announced via email or through our platform at least 30 days before they take effect. We encourage you to review this policy periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact and Complaints

If you have questions about this policy or wish to exercise your rights, contact us at:

Email: support@hirective.com

You also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately. We will cooperate with supervisory authorities in the investigation of any complaints.

16. Legal Basis and Compliance

This Privacy Policy is compliant with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. We regularly review and update our practices to ensure ongoing compliance with evolving legal requirements.