← Back to HIRESSCOPE

GDPR & Data Privacy

Last updated: 1 May 2026

Your Data, Your Rights

HIRESSCOPE is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). You have the right to access, correct, delete, or export your data at any time. To exercise any of these rights, contact us at [email protected].

1. Data Controller

HIRESSCOPE

AI-powered CV screening & job fit evaluation platform

hiresscope.com

Data privacy contact: [email protected]

2. What Data We Hold

Employer Accounts

  • Name and work email address
  • Company name and slug
  • Job descriptions and posting content
  • Billing information (card data processed by Paddle — not stored by us)
  • Usage analytics and feature interactions

Candidate Profiles

  • Name, email address, and phone number (if provided)
  • CV file (PDF or DOCX) and extracted text
  • AI-parsed skill and experience profile
  • Job evaluation history and match scores
  • Account plan and subscription status

Candidate Applications (uploaded by employers)

  • Name, email, and phone (if provided by employer)
  • CV file stored encrypted on Cloudflare R2
  • AI-generated match score and skill analysis
  • Application status and recruiter notes

3. Legal Basis for Processing

Contract performanceProcessing your account data and delivering the platform service.
Legitimate interestFraud prevention, security, platform analytics, and improving AI models (aggregated, anonymised).
Legal obligationRetaining billing records as required by tax and accounting law.
ConsentMarketing communications — you can withdraw consent at any time by emailing [email protected].

4. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Ask us to correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interest or for direct marketing.

Right to Restrict

Request that we restrict how we process your data in certain circumstances.

5. How to Exercise Your Rights

To submit a data request, email us at [email protected] with the subject line "GDPR Data Request". Include:

  • Your full name and email address associated with your HIRESSCOPE account
  • The type of request (access, deletion, portability, etc.)
  • Any additional context that helps us locate your data

We will respond within 30 days as required by GDPR.

If your request is complex, we may extend this by up to two additional months and will notify you within the initial 30-day period.

6. Data Retention

Data TypeRetention Period
Employer account dataUntil account deletion + 30 days
Candidate profile & CVUntil account deletion + 30 days
Application CVs (employer-uploaded)12 months after job closure, or until employer deletes
Billing records7 years (legal/tax requirement)
Usage analytics24 months (aggregated, anonymised)
Server access logs90 days

7. Third-Party Processors

We use the following sub-processors to deliver our service:

Cloudflare R2CV file storage (encrypted at rest)
PaddlePayment processing and subscription management
OpenAIAI analysis of CV text (no data used for training)
Neon / PostgreSQLEncrypted database hosting
PostHogProduct analytics (anonymised usage data)
SentryError monitoring (anonymised stack traces)

We do not sell or share your personal data with third parties for marketing purposes.

8. Data Security

  • All CV files stored encrypted on Cloudflare R2 (AES-256)
  • All data in transit protected by TLS 1.2+
  • Database access restricted to authorised personnel only
  • Regular security reviews and dependency audits
  • Anonymised mode available for employers to prevent PII storage

9. Supervisory Authority

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with your local data protection authority. In the EU, you can find your national authority at edpb.europa.eu.

10. Contact Us

Data Privacy & GDPR Requests

[email protected]

Subject line: "GDPR Data Request" · Response within 30 days

HomePrivacy PolicyTerms of ServiceRefund Policy