Start free
Legal · Last updated 2026-05-19

Privacy Policy

This policy explains what data hire.page ("we", "us") collects, how we use it, and the rights you have over it. It applies to everyone who visits our website, signs up for an account, or applies to a job through a hire page hosted on the Service.

1. Who is responsible for your data

For visitors to hire.page itself (marketing site, your account, your workspace), we are the data controller.

For applicants who apply through a hire page built by one of our customers, the customer is the data controller and we act as a processor on their behalf. The customer's own privacy notice on their hire page applies to that processing.

2. Data we collect about you

Account data. When you sign up: your name, email address, hashed password, and — if you use Google login — your Google profile identifier. We don't see your Google password.

Workspace content. Anything you put into the product: hire pages you build, applicant records and answers, custom questions, internal notes, comments and ratings on candidates, stage-transition email templates.

Billing data. If you subscribe to a paid plan, Stripe processes your card. We store the Stripe customer ID, the plan you're on, invoice history, and the last 4 digits of the card — never the full number.

Usage data. Anonymous product analytics events (page views, button clicks, feature use) via PostHog and Umami, and basic marketing-page analytics via GA4. We use these to understand which parts of the product people use and to spot bugs.

Support data. If you email us, we keep the email thread so we have context next time.

3. Data candidates submit through a hire page

When someone applies through a hire page, we store the answers they submit (typed answers, uploaded files such as CVs, video responses), their email address, and any metadata your hire page collects. That data is owned by the workspace that owns the hire page — the customer — and they decide how long it's kept.

4. Why we use this data

  • To run your account and workspace (the contract you've signed up to).
  • To process payments on paid plans (contract again, via Stripe).
  • To send transactional email about your account: receipts, password resets, security alerts. You can't opt out of these as long as you have an account.
  • To send product update emails. You can unsubscribe from these in account settings or from any email footer.
  • To detect abuse, fraud, and security threats (legitimate interest).
  • To improve the product with anonymous usage analytics (legitimate interest).

5. Data we don't sell

We don't sell or rent your account data or your applicants' data to anyone. Ever. We don't run ad-tracking pixels on your authenticated workspace, and we don't share data with advertisers.

6. Sub-processors we use

To run the Service we share data with a small number of vetted sub-processors:

  • Stripe — payment processing for subscriptions.
  • Resend — sending transactional and stage-transition emails on your behalf.
  • Laravel Cloud — application hosting (EU or US region depending on your account).
  • Cloudflare R2 — storage of uploaded files (CVs, videos, hire page assets).
  • PostHog — product analytics on the authenticated app.
  • Umami — privacy-friendly analytics on the marketing site (self-hosted by us).
  • Google Analytics 4 — additional marketing-site analytics.

Each sub-processor receives only the data needed to do their job. On request we'll provide a current sub-processor list with regions.

7. How long we keep your data

While your account is active, we keep the data as long as you keep it. When you close your account we delete your workspace and applicant data within 30 days, except where we're legally required to keep something longer (for example, invoices for tax purposes are kept for 7 years).

You can also delete individual hire pages, applicants, or files at any time from inside the product.

8. Where your data is stored

Workspaces are hosted in the EU by default. US-based customers may be hosted on a US region — you can ask which by emailing [email protected]. Some sub-processors (Stripe, Cloudflare R2) are global by design and we rely on the EU's Standard Contractual Clauses for any transfer outside the UK/EEA.

9. Your rights

Wherever you live, you can:

  • See what we hold about you.
  • Correct it.
  • Export your data to CSV (from inside your workspace, anytime).
  • Ask us to delete your account.

If you're in the UK, the EU, or another jurisdiction with similar laws (UK GDPR / EU GDPR / CCPA), you additionally have rights to restrict processing, object to processing, and complain to your local data protection authority.

To exercise any of these rights, email [email protected]. We aim to respond within 5 business days and we won't charge you for it.

10. Cookies

We use a small number of strictly necessary cookies to keep you signed in and to remember your billing preferences. The marketing site also sets a first-party analytics cookie. We don't run third-party advertising cookies.

11. Children

hire.page is not for use by anyone under 16. Don't sign up if you're younger than that, and don't collect application data from anyone under 16 through a hire page.

12. Security

We encrypt data in transit and at rest, run regular backups, and limit production access to a short list of named people. If we ever experience a breach involving your data we'll notify affected customers within 72 hours of confirming it.

13. Changes to this policy

When we make material changes we email account owners and update the "Last updated" date above.

14. Contact

Privacy questions, requests, or DPA paperwork: write to [email protected].