← Back to HireSprint

PRIVACY POLICY

Last updated: April 2025 · Effective: April 2025

HireSprint ("HireSprint", "we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit hiresprint.co and use our services.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our site. By accessing or using HireSprint, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: Your full name and email address when you register
  • Resume content: Resume text, bullet points, and career history you paste or upload
  • Job descriptions: Job postings you paste to generate tailored resumes
  • Communications: Messages you send us via support tickets or email
  • Profile details: Any additional career information you add to your account

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, time spent, clicks, and navigation paths
  • Device information: Browser type, operating system, screen resolution, and language settings
  • IP address: Used for security, fraud prevention, and rate-limiting our demo tools
  • Cookies: Session cookies for authentication; see Section 8 for full cookie details

1.3 Information from Third Parties

  • Payment processors: Stripe provides us with transaction confirmations and subscription status — we never receive or store your card details
  • Authentication providers: If you sign in via a third-party provider in future, we receive your name and email only

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide the service: Resume tailoring, ATS scoring, cover letter generation, and all other features require processing your resume and job description data through our AI models
  • To maintain your account: Storing your generated resumes, application history, and preferences so you can access them later
  • To process payments: Managing your subscription, billing cycles, and payment history via Stripe
  • To send transactional communications: Account verification, password reset, subscription receipts, and important service updates
  • To improve our service: Analysing anonymised usage patterns to understand how features are used and where we can improve
  • To ensure security: Detecting and preventing fraud, abuse, and unauthorised access
  • To comply with legal obligations: Maintaining records as required by applicable law

Important: Your resume content and job descriptions are sent to Anthropic's Claude AI API solely to generate tailored outputs. Anthropic processes this data in accordance with their own privacy policy and does not use your data to train their models under their API usage terms.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for processing your personal data is:

  • Performance of a contract: Processing necessary to deliver the services you have requested
  • Legitimate interests: Improving our service, preventing fraud, and ensuring platform security
  • Consent: For optional communications such as product updates and tips (you may withdraw consent at any time)
  • Legal obligation: Where required to comply with applicable laws and regulations

4. Sharing Your Information

We do not sell, trade, or rent your personal information. We share data only in these limited circumstances:

  • Anthropic (Claude AI): Resume and job description content is processed to generate tailored outputs. Anthropic does not use API data for model training.
  • Stripe: Payment processing. Stripe handles all card data under PCI-DSS compliance. We receive only subscription status and transaction identifiers.
  • Supabase: Database and authentication infrastructure hosted on AWS. Your data is encrypted at rest and in transit.
  • Vercel: Our hosting provider processes web request data to serve you our application.
  • Legal requirements: We may disclose information if required by law, court order, or to protect rights, property, or safety.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our site.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services:

  • Account data: Retained while your account is active and for 30 days after deletion
  • Generated resumes: Stored until you delete them or close your account
  • Payment records: Retained for 7 years as required by financial regulations
  • Usage logs: Anonymised after 90 days; raw logs deleted after 30 days
  • Support communications: Retained for 2 years to provide ongoing support

6. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Right of access
Request a copy of the personal data we hold about you
Right to rectification
Request correction of inaccurate or incomplete data
Right to erasure
Request deletion of your data ("right to be forgotten")
Right to portability
Receive your data in a structured, machine-readable format
Right to restrict processing
Request that we limit how we use your data
Right to object
Object to processing based on legitimate interests
Withdraw consent
Withdraw consent for optional communications at any time
Lodge a complaint
File a complaint with your local data protection authority

To exercise any of these rights, email us at contact@hiresprint.co. We will respond within 30 days.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to request deletion of your personal information
  • The right to opt-out of the sale of personal information — we do not sell personal information
  • The right to non-discrimination for exercising CCPA rights

To submit a verifiable consumer request, contact us at contact@hiresprint.co.

8. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and to keep you logged in. Cannot be disabled.
  • Functional cookies: Remember your preferences such as theme settings.
  • Analytics cookies: Help us understand how you use the service so we can improve it. These are anonymised.

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from logging in.

9. Data Security

We implement industry-standard security measures to protect your personal information:

  • All data transmitted between your browser and our servers is encrypted using TLS 1.3
  • Data at rest is encrypted using AES-256 on Supabase/AWS infrastructure
  • Authentication is handled by Supabase Auth with bcrypt password hashing
  • Payment data is never stored on our servers — handled entirely by Stripe's PCI-DSS-compliant infrastructure
  • Access to production systems is restricted to authorised personnel only
  • Regular security reviews and dependency audits

No system is 100% secure. In the event of a data breach that affects your personal data, we will notify you within 72 hours as required by GDPR.

10. International Data Transfers

HireSprint operates globally. Your data may be processed in the United States (AWS us-east-1 via Supabase) and other countries where our service providers operate. Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

11. Children's Privacy

HireSprint is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will delete it immediately. If you believe a child under 16 has provided us with their data, contact us at contact@hiresprint.co.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or by placing a prominent notice on our website at least 14 days before the change takes effect. The "Last updated" date at the top of this policy reflects the most recent revision. Continued use of HireSprint after changes take effect constitutes your acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response time

We will respond to all privacy-related enquiries within 30 days, and within 72 hours for data breach notifications.

Terms of ServiceContact Us← Back to HireSprint