Privacy Policy

We collect information you provide directly to us and information generated as you use the Hireflow platform. This includes:

We use the information we collect to:

• Create and maintain your account and authenticate your identity
• Match your profile with relevant job opportunities
• Process and manage your job applications
• Communicate application status updates and notifications
• Facilitate communication between candidates and hiring teams
• Improve and personalize the Hireflow platform
• Monitor for fraud, abuse, and security threats
• Comply with applicable legal obligations
• Send you relevant updates (you may opt out at any time)

We do not use your personal data to make fully automated hiring decisions. All application reviews involve human judgment.

Where applicable under data protection law (including the GDPR), we process your personal data on the following legal bases:

• Contract performance — to provide the services you've signed up for
• Legitimate interests — for fraud prevention, security, and platform improvement
• Legal obligation — where required by law
• Consent — for marketing communications (which you may withdraw at any time)

We do not sell your personal information. We share your data only in the following limited circumstances:

• Hiring organizations: When you apply for a role, your application details are shared with the relevant hiring team members within that organization.
• Service providers: We use trusted third-party vendors (e.g., cloud hosting, email delivery) who process data on our behalf under strict data processing agreements.
• Legal requirements: We may disclose data when required by law, court order, or government authority.
• Business transfers: In the event of a merger or acquisition, data may be transferred as part of that transaction with appropriate notice to you.

Hireflow uses cookies and similar tracking technologies to operate the platform and understand how it's used. Our cookies fall into the following categories:

• Essential cookies: Required for authentication and session management. Cannot be disabled without breaking the platform.
• Analytics cookies: Help us understand how users navigate the platform so we can improve it. Used in aggregated, anonymous form.
• Preference cookies: Remember your settings and preferences across sessions.

You can control non-essential cookies through your browser settings. Note that disabling cookies may affect platform functionality.

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

• Active accounts: retained for the duration of your account plus 2 years after your last activity
• Job applications: retained for 3 years from the date of submission
• Communications: retained for 2 years from the date of the last exchange
• Log and security data: retained for 12 months

When data is no longer needed, we securely delete or anonymize it. You may request earlier deletion at any time (see Your Rights).

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal obligations)
• Restriction: Request that we limit how we use your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

We implement industry-standard security measures to protect your personal data, including:

• Encryption of data in transit (TLS) and at rest (AES-256)
• Hashed and salted password storage — we never store plaintext passwords
• Role-based access controls limiting who can view candidate data
• Regular security reviews and penetration testing
• Automatic session expiry and secure cookie handling

While we take every reasonable precaution, no system is completely secure. If you suspect a security incident, please contact us immediately at [email protected].

Hireflow is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the platform before the changes take effect. The “Effective date” at the top of this page indicates when it was last revised.

Your continued use of Hireflow after the effective date of any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact our Privacy team: