Privacy Policy

Effective Date: August 18, 2025

promptlyhired.ai ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our website and Services.

1. Information We Collect

• Account Info: Name, email, password, and profile details.
• Job Info: Resumes, applications, and job postings.
• Usage Data: Log files, cookies, analytics, and device info.
• Payment Info (if applicable): Billing details processed by third-party payment providers (e.g., Stripe).

2. How We Use Information

We use your information to:

• Provide and improve our Services.
• Facilitate job applications and postings.
• Communicate with you about your account or updates.
• Analyze site usage and improve performance.

3. Sharing of Information

We may share your information with:

• Employers (if you apply to jobs).
• Job seekers (if you post a job).
• Service providers (hosting, analytics, payment processors).
• Law enforcement if required by law.

We do not sell your personal data to third parties.

Third-Party Service Providers

We use the following third-party services to provide our platform:

All third-party service providers are bound by data processing agreements and are GDPR-compliant. They may only process your data for the specific purposes we've contracted them for. You can review Stripe's Data Processing Agreement at stripe.com/legal/dpa and SendGrid's DPA at twilio.com/en-us/legal/data-protection-addendum.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract Performance: To provide job posting, application, and payment processing services
• Legitimate Interest: To improve our platform, prevent fraud, and ensure security
• Legal Obligation: To comply with tax, accounting, and employment law requirements
• Consent: For marketing communications (if applicable in the future)

You can withdraw consent at any time where consent is the legal basis for processing.

4. Cookies & Tracking

We use cookies and similar technologies only for essential functionality:

• Keep you logged in and maintain your session.
• Protect against security threats (CSRF protection).
• Remember your login preferences (if you choose "Remember me").

We do not use cookies for:

• Analytics or tracking user behavior
• Personalized advertising
• Third-party tracking

You can manage cookies through your browser settings. All cookies we use are essential for the website to function properly and do not require your consent under GDPR regulations.

5. Data Security

We use reasonable measures to protect your information, but no system is 100% secure.

6. Your Rights

Depending on your location, you may have the right to:

• Access, correct, or delete your data.
• Opt out of marketing emails.
• Request a copy of your information.
• Request data portability (receive your data in a structured, machine-readable format).
• Object to processing of your personal data.
• Withdraw consent at any time (where consent is the legal basis for processing).

To exercise any of these rights, please contact us at admin@promptlyhired.ai. We will respond to your request within 30 days.

For data portability requests, we will provide your data in a commonly used, machine-readable format (such as JSON or CSV) free of charge.

7. Data Retention

We retain your personal data for specific periods based on legal requirements and business needs:

• Account Data: Until account deletion or 7 years for tax and legal compliance
• Job Postings: 7 years (employment law and tax requirements)
• Payment Records: 7 years (accounting and tax law requirements)
• Email Verification Tokens: 24 hours after sending
• Password Reset Tokens: 1 hour after sending
• Session Data: 30 days (configurable)
• Login History: 2 years for security monitoring

You can request data deletion at any time, subject to legal retention requirements.

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected users without undue delay when the breach poses a high risk
• Document all breaches and our response actions
• Take immediate steps to contain and mitigate the breach

9. Children's Privacy

Our Services are not directed to children under 13, and we do not knowingly collect data from them.

10. International Data Transfers

Your data may be transferred to and processed in the United States by our service providers and infrastructure. These transfers are protected by:

• AWS Service Terms: Our hosting provider (AWS) automatically provides GDPR compliance through their Service Terms, including Standard Contractual Clauses (SCCs) for international data transfers
• Standard Contractual Clauses (SCCs): Approved by the European Commission for data transfers to non-adequate countries
• Data Processing Agreements: Binding contracts with all third-party service providers (Stripe, SendGrid)
• Appropriate Safeguards: Technical and organizational measures to ensure data protection

All international transfers comply with GDPR Chapter V requirements and include appropriate safeguards. Our servers are located in AWS US-East (Ohio) and are protected by AWS's comprehensive security measures and built-in GDPR compliance.

11. Changes to this Policy

promptlyhired.ai may update this Privacy Policy occasionally. We will notify you of changes by email or through the platform.

12. Automated Decision Making

We do not currently use automated decision-making processes that significantly affect you. If we implement such systems in the future (such as AI-powered job matching), you will have the right to:

• Request human review of automated decisions
• Receive an explanation of how the decision was made
• Challenge automated decisions that affect you
• Opt out of automated decision-making where possible

13. Contact Us

If you have questions, contact us at:
Email: admin@promptlyhired.ai