Legal
Privacy Policy
Last updated: 2026-06-07
HireOps AI ("we", "us") is a product of Symprio. This Privacy Policy explains what data we collect, how we use it, and the rights you have over it.
For a Data Processing Agreement, subprocessor review, security questionnaire, or jurisdiction-specific privacy addendum, contact privacy@symprio.com.
1. Data we collect
Account data
- Email, name, password (stored as an argon2 hash — never plaintext)
- Workspace name and plan
- Login timestamps and IP addresses
Recruiting data you upload or generate
- Job postings, candidate names, emails, phone numbers, resume text
- Email content from connected inboxes (when you sync via Gmail or IMAP)
- Interview transcripts (Q&A answers and voice transcripts)
- Webcam-derived signals during interviews: face presence and attention scores. We do not store interview video.
- Behavioural signals during Q&A interviews: tab focus loss, paste events, typing time
Usage data
- Pages viewed, actions taken, errors encountered
- Stripe billing metadata (when you upgrade) — Stripe handles card details directly; we never see them
2. How we use it
- To run the product: route candidates through your pipeline, score resumes, conduct interviews
- To bill you for paid plans (via Stripe)
- To improve product reliability via aggregated, de-identified telemetry
- To send transactional email (signup verification, password reset, interview invitations)
We do not sell your data, share it with advertisers, or use your recruiting data to train AI models.
3. Subprocessors
To deliver the product, we share specific data with the following processors:
- Mistral AI — resume scoring, Q&A question generation and grading, interview evaluation. Resume text and interview transcripts are sent for inference; not stored long-term by Mistral per their data policy.
- ElevenLabs — voice interview agent. Audio streams during the interview only.
- Stripe — payment processing and billing portal.
- Google (Gmail API) — only if you connect your Gmail. Read/send scopes apply only to the connected account.
- Hosting — VPS infrastructure for the application and database.
4. Data isolation
Each workspace (tenant) is isolated at the database level via atenant_id column on every record. Queries from one tenant never see data from another.
5. Retention
- Account data: retained while your workspace is active. Deleted on request.
- Candidate data: retained per your workspace's preferences. You can delete a candidate at any time.
- Email verification + password reset tokens: 24 hours / 1 hour respectively, then expire.
- Original resume files: stored privately per tenant and deleted when the candidate or workspace is deleted.
- Audit logs: 12 months.
6. Your rights
You can request access, export, correction, or deletion of your personal data at any time. Email privacy@symprio.com. We aim to respond within 30 days.
7. Automated decision-making
HireOps uses AI to score resumes and interviews and to recommend a next step (advance, hold, or reject) against thresholds your workspace configures. These are recommendations, not final decisions: no candidate is rejected by automated processing alone. A rejection only takes effect after a human recruiter reviews the case and explicitly confirms it, and every confirmation is recorded in our audit log. Cases with elevated fraud signals are always routed to a human rather than auto-decided.
Where a decision involved automated processing, candidates have the right to obtain human review, to express their point of view, and to contest the decision. Contact the hiring organisation directly, or email privacy@symprio.com and we will route the request to them.
8. Security
- Passwords hashed with argon2 (memory-hard, industry standard)
- JWT session cookies are HttpOnly and SameSite=Lax
- Verification and reset tokens are stored as one-way hashes
- Resume uploads are limited to PDF/DOCX, validated server-side, scanned for active/embedded content, and stored in private tenant-scoped paths
- HTTPS for all connections in production
- Daily automated backups of the database, encrypted at rest
9. Cookies
See our Cookie Policy for what cookies we set and why.
10. Contact
Questions? Email privacy@symprio.com.