1. Who we are
HireFlow360, Inc. is the controller of personal data about account holders and website visitors. For candidate personal data submitted by our customers, the customer is typically the controller and we act as a processor under our Data Processing Addendum.
2. Data we collect
- Account data: name, work email, organization, role.
- Usage data: log, device, and product-interaction data.
- Candidate data submitted to the ATS by our customers.
- Billing data processed by our payment provider.
3. How we use data
To provide and secure the Service, support customers, improve features, comply with law, and communicate service updates. We do not sell personal data.
4. Legal bases
Where GDPR/UK GDPR applies, we rely on contract performance, legitimate interests, consent (where required), and legal obligation.
5. Sharing and sub-processors
We share data with vetted sub-processors (hosting, email, payments, analytics) under contract. [CONFIRM — publish current sub-processor list once vendor keys are finalized; see BLOCKERS section A.]
6. Retention
We retain personal data only as long as needed for the purposes above or as required by law, then delete or anonymize it.
7. Your rights
Depending on your location you may have rights to access, correct, delete, port, or object to processing of your data. See our Data Rights (GDPR/CCPA) page to exercise them.
8. Security
We use encryption in transit, access controls, and audit logging. No system is perfectly secure; we work to protect your data and notify you of incidents as required by law.
9. International transfers
Where data is transferred internationally we use appropriate safeguards such as Standard Contractual Clauses. [CONFIRM — transfer mechanism per hosting region.]
10. Contact
Privacy questions or requests: privacy@hireflow360.com.