Effective date: April 6, 2026 · Last updated: April 6, 2026
We know privacy policies are long. Here is what matters most, in plain English.
| Topic | What we do |
|---|---|
| What we collect | Your name, email, company name, uploaded documents, and AI vendor list. |
| Why we collect it | Solely to generate your compliance report. Nothing else. |
| Who sees it | Only you and the HireAudit service owner. Never sold or shared with third parties. |
| AI training | Your data is never used to train, fine-tune, or improve any AI model. Ever. |
| How long we keep it | Uploaded documents are automatically deleted 30 days after your report is delivered. Contact info is retained until you request deletion. |
| Your rights | You can request deletion of all your data at any time. We respond within 48 hours. |
| Breach notification | We will notify you within 72 hours of discovering any breach affecting your data. |
HireAudit is an AI-powered hiring compliance intelligence service operated by an individual practitioner with a Juris Doctor degree and an AI Governance Professional (AIGP) certification. We provide automated compliance analysis of hiring documents and consulting services to HR and Talent Acquisition professionals. For privacy inquiries, contact us at [email protected].
We collect only what is necessary to provide the service you requested:
Account and contact information: Your name, email address, and company name, provided when you initiate an audit.
Uploaded documents: Job descriptions, interview guides, and any other hiring documents you choose to upload. These are stored temporarily and deleted automatically as described in Section 5.
AI vendor information: The names of AI-powered tools you disclose as part of the audit process.
Payment information: We do not store payment card data. Payments are processed by Stripe, which maintains its own privacy and security certifications (PCI DSS Level 1). We receive only a transaction confirmation and the tier you purchased.
Usage data: Standard server logs including IP address, browser type, and pages visited. These are used solely for security monitoring and are not linked to your identity for marketing purposes.
We use your information for one purpose: to generate and deliver your compliance report. Specifically:
• Your uploaded documents are processed by an AI language model to identify compliance findings. The text extracted from your documents is sent to this model as part of the analysis. The model does not retain your data between sessions and your data is not used to train or improve any model.
• Your contact information is used to deliver your report and to respond to your inquiries.
• We do not use your information for advertising, marketing to third parties, behavioral profiling, or any purpose other than providing the service you paid for.
We do not sell, rent, or share your personal information with third parties for their own purposes. The only service providers who may process your data are:
AI language model provider: The text of your documents is processed by an AI model to generate compliance findings. This processing is governed by the provider's data processing terms, which prohibit use of your data for model training.
Cloud storage provider: Your uploaded files are stored in encrypted cloud object storage (S3-compatible) until they are automatically deleted per our retention schedule.
Payment processor (Stripe): Stripe processes your payment. We do not receive or store your card details. Stripe's privacy policy is available at stripe.com/privacy.
Legal obligation: We may disclose information if required by law, court order, or to protect the rights and safety of our users, provided we notify you in advance where legally permitted.
We believe in minimal retention. Our policy exceeds the requirements of GDPR, CCPA, and most other applicable privacy frameworks:
Uploaded documents: Automatically and permanently deleted from our storage systems 30 days after your compliance report is delivered. You will receive an email confirmation when your documents have been deleted.
Compliance findings and report: Retained for 12 months to allow you to access your dashboard and track remediation progress. You may request earlier deletion at any time.
Contact information: Retained until you request deletion or until 24 months of account inactivity, whichever comes first.
Payment records: Retained for 7 years as required by applicable tax and accounting law. These records contain only transaction amounts and dates, not card details.
Regardless of where you are located, you have the following rights with respect to your personal data:
Right to access: You may request a copy of all personal data we hold about you.
Right to deletion: You may request that we delete all of your personal data. We will complete this within 48 hours and confirm by email. Note that payment transaction records may be retained as required by law.
Right to correction: You may request correction of inaccurate personal data.
Right to portability: You may request your data in a machine-readable format.
Right to object: You may object to any processing of your data beyond what is strictly necessary to deliver the service.
To exercise any of these rights, email [email protected]. We respond to all requests within 48 hours — faster than the 30-day window required by GDPR and the 45-day window required by CCPA.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Access to customer data is restricted to the service owner. We maintain no third-party analytics trackers, advertising pixels, or session recording tools on this site. For a full description of our security practices, see our Security Practices page.
In the event of a data breach affecting your personal information, we will notify you by email within 72 hours of becoming aware of the breach. This notification will describe what data was affected, what we believe happened, and what steps we are taking. This commitment applies to all customers regardless of their location, and meets or exceeds the requirements of GDPR Article 33, CCPA, and applicable US state breach notification laws.
We use a single session cookie to maintain your login state. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not use Google Analytics, Facebook Pixel, or any similar tracking technology.
HireAudit is a professional business service not directed at individuals under 18. We do not knowingly collect personal information from minors.
If we make material changes to this Privacy Policy, we will notify existing customers by email at least 14 days before the changes take effect. The effective date at the top of this page will be updated. Continued use of the service after the effective date constitutes acceptance of the updated policy.
For any privacy-related questions, requests, or concerns, contact us at [email protected]. We respond to all inquiries within 48 hours.