Hirepie
2.1 Account Data
- Email address
- Full name
- Password (hashed, never stored in plain text)
- Profile information (avatar, preferences)
Privacy Policy
How We Handle Your Data
This policy describes how we collect, use, protect, and retain personal data when you use Hirepie.
Last Updated: February 7, 2026 Effective Date: February 7, 2026
1. Identity and Contact Details
Data Controller:
Hirecamp Platforms Limited
Seafield Road, Blackrock, Co. Louth
Ireland
General Contact: hello@hirepie.io
Data Protection Contact: privacy@hirepie.io
2. Data We Collect
2.2 CV/Resume Data
- Personal information (name, contact details, location)
- Professional history (work experience, education)
- Skills and qualifications
- Uploaded documents (PDF, DOCX files)
2.3 Usage Data
- Feature usage analytics (anonymized)
- Session information
- Browser and device type
2.4 Technical Data
- IP address (for security purposes, retained for 30 days)
- Cookies (with consent)
- Log data
3. Legal Basis for Processing
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Account data | Contract performance | Provide our services |
| CV data | Contract performance + Consent | CV formatting and AI processing |
| Usage analytics | Legitimate interest | Service improvement |
| Security logs | Legitimate interest | Fraud prevention and security |
| Marketing | Consent | Product updates and offers |
4. AI Processing Disclosure
4.1 How We Use AI
- Extract text from uploaded CVs (OCR)
- Summarize and format CV content
- Score CV-job matches (for recruiters)
- Improve document formatting
4.2 AI Processing Consent
AI processing of your CV data requires your explicit consent, which you provide during registration. You can withdraw this consent at any time through your account settings.
4.3 AI Sub-Processors
| Processor | Purpose |
|---|---|
| Mistral AI | Document text extraction |
| Groq | Text summarization |
| Google Vertex AI | CV-job matching |
| Cloudflare AI Gateway | Request routing |
All AI processors are selected for strong privacy practices and GDPR compliance.
For details about our AI sub-processors, contact us at privacy@hirepie.io.
5. Data Retention Periods
| Data Type | Retention Period | Justification |
|---|---|---|
| Active user account | Until deletion requested | Service provision |
| CVs | Until user deletes | User control |
| Deletion requests | 2 years | Legal compliance audit |
| IP violation logs | 30 days | Security |
| Data exports | 7 days | User convenience |
| Audit logs | Permanent (anonymized after user deletion) | Compliance |
6. Your Rights (GDPR Articles 15-22)
6.1 Right to Access (Article 15): Request a copy of all personal data we hold about you.
6.2 Right to Rectification (Article 16): Correct any inaccurate personal data.
6.3 Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten"). 30-day grace period allows cancellation. Some data may be retained for legal compliance.
6.4 Right to Restrict Processing (Article 18): Limit how we use your data in certain circumstances.
6.5 Right to Data Portability (Article 20): Receive your data in a machine-readable format (JSON).
6.6 Right to Object (Article 21): Object to processing based on legitimate interests.
6.7 Rights Related to Automated Decision Making (Article 22): Request human review of automated decisions and understand the logic behind AI processing.
7. How to Exercise Your Rights
Via Account Settings: Consent management: Settings > Privacy (cookie preferences).
Via Email: For data export, account deletion, or other GDPR requests, contact privacy@hirepie.io with:
- Subject line: "GDPR Request - [Right Type]"
- Your registered email address
- Specific request details
Response Time: We respond to all requests within 30 days as required by GDPR.
8. Data Security Measures
Technical Measures
- TLS 1.3 encryption for data in transit
- AES-256 encryption for data at rest
- Secure password hashing (bcrypt)
- MFA option
- Regular security audits and penetration testing
Organizational Measures
- Need-to-know employee access controls
- Staff training on data protection
- Incident response procedures
- Regular policy reviews
Infrastructure
- EU-based data storage (Supabase EU region)
- Infrastructure providers, including Supabase, maintain SOC 2 Type 2 compliance
- Regular encrypted backups
9. International Transfers
Primary Data Location: All primary data is stored in the European Union (EU region).
Sub-Processor Transfers: Some AI processing may involve data transfer to the United States (Groq, Google Vertex AI).
Transfer Safeguards: Standard Contractual Clauses (SCCs), additional encryption controls, and Data Processing Agreements (DPAs).
10. Cookies
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Essential | Authentication, security | No |
| Analytics | Service improvement | Yes |
| Session recording | UX research | Yes (opt-in only) |
Manage cookie preferences through our cookie banner or Account Settings.
11. Updates to This Policy
- Posted on this page with updated date
- Communicated via email for material changes
- Effective 30 days after posting (unless urgent security matter)
12. Contact Information
Privacy Contact: privacy@hirepie.io
Postal Address:
Hirecamp Platforms Limited
Seafield Road, Blackrock, Co. Louth
Ireland
Document Version
| Version | Date | Changes |
|---|---|---|
| 1.0 | February 7, 2026 | Initial policy |