HireOps AIStart free

Legal

Privacy Policy

Last updated: 2026-05-04

HireOps AI ("we", "us") is a product of Symprio. This Privacy Policy explains what data we collect, how we use it, and the rights you have over it.

This is a template. Before going to production with real users, have a lawyer review it for your jurisdiction. The substance below describes the product's actual data handling so a lawyer can refine the wording.

1. Data we collect

Account data

  • Email, name, password (stored as an argon2 hash — never plaintext)
  • Workspace name and plan
  • Login timestamps and IP addresses

Recruiting data you upload or generate

  • Job postings, candidate names, emails, phone numbers, resume text
  • Email content from connected inboxes (when you sync via Gmail or IMAP)
  • Interview transcripts (Q&A answers and voice transcripts)
  • Webcam-derived signals during interviews: face presence and attention scores. We do not store interview video.
  • Behavioural signals during Q&A interviews: tab focus loss, paste events, typing time

Usage data

  • Pages viewed, actions taken, errors encountered
  • Stripe billing metadata (when you upgrade) — Stripe handles card details directly; we never see them

2. How we use it

  • To run the product: route candidates through your pipeline, score resumes, conduct interviews
  • To bill you for paid plans (via Stripe)
  • To improve product reliability via aggregated, de-identified telemetry
  • To send transactional email (signup verification, password reset, interview invitations)

We do not sell your data, share it with advertisers, or use your recruiting data to train AI models.

3. Subprocessors

To deliver the product, we share specific data with the following processors:

  • Mistral AI — resume scoring, Q&A question generation and grading, interview evaluation. Resume text and interview transcripts are sent for inference; not stored long-term by Mistral per their data policy.
  • ElevenLabs — voice interview agent. Audio streams during the interview only.
  • Stripe — payment processing and billing portal.
  • Google (Gmail API) — only if you connect your Gmail. Read/send scopes apply only to the connected account.
  • Hosting — VPS infrastructure for the application and database.

4. Data isolation

Each workspace (tenant) is isolated at the database level via atenant_id column on every record. Queries from one tenant never see data from another.

5. Retention

  • Account data: retained while your workspace is active. Deleted on request.
  • Candidate data: retained per your workspace's preferences. You can delete a candidate at any time.
  • Email verification + password reset tokens: 24 hours / 1 hour respectively, then expire.
  • Audit logs: 12 months.

6. Your rights

You can request access, export, correction, or deletion of your personal data at any time. Email privacy@symprio.com. We aim to respond within 30 days.

7. Security

  • Passwords hashed with argon2 (memory-hard, industry standard)
  • JWT session cookies are HttpOnly and SameSite=Lax
  • HTTPS for all connections in production
  • Daily automated backups of the database, encrypted at rest

8. Cookies

See our Cookie Policy for what cookies we set and why.

9. Contact

Questions? Email privacy@symprio.com.