← Back to sign in

Privacy Policy

Last updated: March 5, 2026

1. Introduction

Revivesoft LLC ("Company," "we," "us," or "our") operates HireStaq ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service. It applies to all users of HireStaq, including visitors, registered users, and paying subscribers.

By using the Service, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Data Controller

For purposes of applicable data protection laws (including GDPR), Revivesoft LLC is the data controller of your personal data. Contact: support@hirestaq.com.

3. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and a bcrypt-hashed version of your password. We never store passwords in plain text.

User Content

When you use the Service, you may upload resumes, create job postings, define screening criteria, and add notes or tags to candidate profiles ("User Content"). This content is stored to provide the Service and is processed by AI providers on your behalf (see Section 6).

Candidate Data: By uploading resumes or adding candidate information, you represent that you have obtained all necessary consents and legal authority to process that data on behalf of the individuals concerned, in compliance with applicable employment and data protection laws.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, screening sessions created, and session duration. This data is used to improve the Service and understand user behavior.

Technical and Device Data

We may collect IP addresses, browser type, device information, and other technical data for security purposes such as rate limiting, abuse prevention, and brute-force protection.

Payment Information

If you purchase a subscription, payment information is collected and processed directly by Stripe, our third-party payment processor. We do not store your credit card or payment details. We receive and store subscription status, plan tier, and billing period information.

Communications

If you contact us via email or submit feedback through the Service, we collect and retain the content of those communications.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Performance of a Contract: Processing necessary to provide the Service (account management, resume screening, AI analysis, candidate ranking).
  • Legitimate Interests: Security monitoring, fraud prevention, rate limiting, abuse detection, and Service improvement — balanced against your privacy rights.
  • Legal Obligation: Compliance with applicable laws, regulations, and lawful requests from public authorities.
  • Consent: Where we rely on consent (e.g., optional analytics), you may withdraw it at any time by contacting us.

5. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Screen and rank candidate resumes against your job requirements using AI
  • Authenticate your identity and secure your account
  • Send transactional emails (account verification, password reset, team invitations)
  • Enforce rate limits and prevent abuse
  • Process subscription payments and manage billing
  • Respond to feedback and support requests
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without human review.

6. Third-Party Services and Data Sharing

We use the following third-party services to operate. Each acts as a data processor on our behalf, bound by data processing agreements:

  • AI Providers (OpenAI, Anthropic): Resume content and job descriptions are transmitted to AI providers to generate screening analysis, compatibility scores, and candidate rankings. These providers process data under their respective API terms and privacy policies. We do not use your data to train AI models.
  • Vercel: Hosting, infrastructure, and analytics (aggregate usage data). Data may be processed in the United States.
  • Upstash: Redis caching for rate limiting, session management, and temporary analysis caching.
  • Stripe: Payment processing and subscription management. They are an independent data controller for payment data.
  • SMTP Provider (SMTP2GO): Transactional email delivery for verification, password reset, and team invitation emails.

We do not sell, rent, or trade your personal information to third parties. We may disclose data if required by law, court order, or to protect our legal rights.

International Transfers: Some of our service providers are located outside the EEA. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to protect your data.

7. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Vercel (United States). We implement industry-standard security measures including:

  • Passwords hashed with bcrypt (salt factor 10)
  • Verification and reset tokens stored as SHA-256 hashes (single-use)
  • HTTPS/TLS encryption for all data in transit
  • Rate limiting and brute-force protection (account lockout after 5 failed logins)
  • JWT-based session management with 7-day expiration
  • Input validation and sanitization to prevent injection attacks

While we take reasonable measures to protect your data, no system is completely secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

8. Data Retention

We retain your account data and content for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account and organization data: Retained until account deletion; deleted within 30 days thereafter
  • Candidate profiles, resumes, and job postings: Retained until you delete them or close your account
  • AI analysis cache: Content-addressed cache that expires automatically after 90 days
  • Session tokens: Expire after 7 days
  • Email verification tokens: Expire after 24 hours
  • Password reset tokens: Expire after 1 hour
  • Usage analytics: Retained in aggregate form for service improvement

9. Cookies and Local Storage

The Service uses:

  • Authentication cookies: JWT session tokens required for login. These are strictly necessary and cannot be disabled without breaking authentication.
  • Theme preferences: Stored in browser localStorage to persist your light/dark mode preference between sessions.

We do not use cookies for advertising, cross-site tracking, or third-party behavioral profiling.

10. Your Rights (GDPR — EEA/UK Users)

If you are located in the EEA or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Restriction: Request that we limit processing of your data in certain circumstances.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Right to Lodge a Complaint: File a complaint with your national supervisory authority.

To exercise these rights, contact us at support@hirestaq.com. We will respond within 30 days.

11. Your Rights (CCPA — California Residents)

If you are a California resident, the CCPA and CPRA grant you additional rights including the right to know, delete, correct, and opt-out of sale of your personal information. We do not sell or share your personal information for cross-context behavioral advertising.

To submit a CCPA request, contact us at support@hirestaq.com.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a revised "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

14. Contact

For privacy questions, data access requests, or complaints, contact us at:

Revivesoft LLC
Email: support@hirestaq.com

© 2026 Revivesoft LLC. All rights reserved.

Terms of Service