Term & Conditions

Welcome to HIRO! These terms and conditions outline the rules and regulations for the use of our website and services

Privacy Policy

Last updated: 14 April 2025

1. Introduction

At HIRO, we are committed to protecting your personal data and being transparent about how we collect, use, and safeguard your information.

This Privacy Policy explains how we handle your personal data when you use our services—whether as a company seeking to hire, or as a candidate exploring opportunities.

If you continue to use our platform, you agree to the practices described here. If you do not agree, you may stop using our services at any time.

2. Who We Are

HIRO is committed to match talent with great opportunities and job roles at companies.

HIRO AI LTD

71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

Company No. 16517296

Represented by: Mustafa Yenler, Director

Email: mustafa@usehiro.com

3. What Data We Collect

We collect data necessary to provide our services effectively and lawfully. This includes:

For Candidates:

  • Name, email, phone number

  • CV, experience, skills, preferences

  • Job search history, interview notes, or AI-enhanced summaries

  • Optional links (e.g. LinkedIn), availability, compensation expectations

For Companies:

  • Company name, size, industry, location

  • Contact person's name, email, job title

  • Hiring needs, role details

  • Billing and invoice data (via Stripe)

For All Users:

  • Login credentials (email, auth tokens)

  • IP address, browser type, device info

  • Usage data (pages viewed, time spent, interactions)

  • Locally stored preferences in your browser (we do not use third-party ad cookies)

4. How We Use Your Data

We use your data to:

  • Match candidates to relevant opportunities

  • Power AI-driven recommendations (without training external models)

  • Facilitate communication between candidates and employers

  • Improve our services, UX, and job-matching accuracy

  • Process payments (companies only)

  • Detect fraud or misuse

  • Comply with legal obligations

We only process what's necessary — and nothing more.

5. Legal Basis for Processing

Our data processing activities rely on:

  • Performance of a contract (Art. 6(1)(b) GDPR): e.g. providing hiring or application services

  • Legitimate interest (Art. 6(1)(f)): e.g. improving platform features or preventing fraud

  • Consent (Art. 6(1)(a)): e.g. sending job alerts or storing additional profile details

  • Legal obligation (Art. 6(1)(c)): e.g. maintaining tax records

Where we rely on consent, you can withdraw it at any time by contacting mustafa@usehiro.com.

6. Third-Party Services

To run HIRO, we securely integrate with third-party tools including:

  • Supabase (infrastructure, authentication)

  • OpenAI & Anthropic (AI-enhanced notes, job summaries)

  • Stripe (payments)

  • Other secure cloud providers for analytics or communication

These providers are bound by GDPR-compliant Data Processing Agreements (DPAs) and operate under strict confidentiality and security protocols.

7. Data Sharing

We may share your personal data in the following cases:

  • With hiring companies when you're actively matched, introduced, or shortlisted for a role

  • With technical service providers who help us operate the platform

  • With public authorities, only where legally required (e.g. tax audits, fraud investigations)

We do not sell or rent your data. All sharing is purpose-bound, minimal, and subject to contractual safeguards.

8. Data Retention

We keep your data only for as long as necessary:

  • Candidate data: up to 2 years after last activity, unless you request earlier deletion

  • Company data: for the duration of the commercial relationship, plus legal retention for financial records (up to 10 years under German law)

  • AI notes and session logs: deleted or anonymized regularly, unless legally required otherwise

9. Your Right to Be Forgotten

You can request that we delete or anonymize your data at any time.

Once verified, we will:

  • Delete your account and associated data within 30 days

  • Anonymize any retained system logs used for internal analysis

  • Confirm completion by email

Note: Some records may be retained where legally required (e.g. for billing, audit).

10. Data Security

We use leading security practices to protect your data, including:

  • End-to-end encryption (in transit and at rest)

  • Strict access controls and authentication

  • Regular audits, patching, and vulnerability monitoring

  • Real-time threat detection and backups

Only authorised personnel have access to your data — and only for legitimate purposes.

11. In Case of a Breach

If your data is affected by a breach, we'll notify you and the appropriate German Data Protection Authority (DPA) without undue delay, as required by Art. 33–34 GDPR.

We also take immediate steps to contain and resolve any incident.

12. International Data Transfers

Some of our service providers (e.g. Google Cloud, OpenAI) are based outside the EU.

Whenever we transfer personal data outside the EU/EEA, we ensure:

  • Use of Standard Contractual Clauses (SCCs) approved by the EU Commission

  • Additional security (e.g. encryption, access limits)

  • Ongoing legal assessments of the transfer risk

By using HIRO, you agree to such transfers as described.

13. AI & Automated Profiling

Our platform uses AI to recommend job matches and enhance notes. This involves:

  • Analysing skills, experience, and role requirements

  • Suggesting matches or improving summaries

  • Ranking or flagging opportunities (non-binding)

14. Cookies & Tracking

HIRO uses limited tracking technologies — no advertising cookies.

We use:

  • Essential cookies: For login and session functionality

  • Local storage: For saved preferences and smoother user experience

  • Optional analytics (e.g. pseudonymised usage metrics)

You can manage your browser settings to disable cookies, though core functionality may be affected.

15. Your Rights (Under GDPR)

You have the right to:

  • Access your personal data (Art. 15)

  • Correct inaccuracies (Art. 16)

  • Request deletion (Art. 17)

  • Restrict processing (Art. 18)

  • Data portability (Art. 20)

  • Object to processing (Art. 21)

  • Not be subject to automated decisions (Art. 22)

To exercise any of these rights, email us at: mustafa@usehiro.com

16. Updates to This Policy

We may update this policy as our services or legal requirements evolve. We will notify users of significant changes by email or via the platform before they take effect.

17. Contact Us

For any privacy-related questions or requests, please contact:

📧 mustafa@usehiro.com