Legal

Privacy Policy

Last updated · May 19, 2026Effective · May 19, 2026

1. Overview

HireFunnel helps employers run video-first hiring funnels. Candidates record short videos, answer questions, and book interviews through a shareable link. Recruiters review submissions, schedule meetings, and run automated email and SMS follow-ups.

This Privacy Policy explains what personal information we collect from people who use HireFunnel (employers, recruiters, and candidates), how we use it, who we share it with, and what choices you have. We try to write this in plain language and only ask for what we actually need.

2. Who we are

“HireFunnel”, “we”, “us”, and “our” refer to the operator of the HireFunnel service at hirefunnel.app. You can reach us at privacy@hirefunnel.app.

When an employer uses HireFunnel to screen candidates, the employer is the data controller of the candidate’s personal data and HireFunnel acts as a data processor on the employer’s behalf. For employer account information (names, billing contacts, login credentials), HireFunnel is the controller.

3. What we collect

3.1 Information you give us

  • Account data — name, work email, password (hashed), workspace name, role, and billing details.
  • Content you upload — flow questions, training materials, templates, branding assets, and notes.
  • Candidate submissions (collected from candidates on behalf of employers) — video recordings, answers to text or multiple-choice questions, uploaded files, contact details (name, email, phone), and any other data the employer chooses to collect in their flow.
  • Scheduling data — calendar availability, interview times, attendee lists, and Google Meet metadata when the employer connects Google Workspace.
  • Support communications — anything you send us by email, chat, or phone.

3.2 Information we collect automatically

  • Usage data — pages viewed, buttons clicked, features used, timestamps, referring URLs, and approximate location derived from IP address.
  • Device data — browser type, operating system, screen size, language preference, and device identifiers.
  • Log data — IP addresses, request paths, response codes, and error traces (used for debugging and abuse prevention).
  • Cookies and similar technologies — see Section 12.

3.3 Information from third parties

  • Google Workspace — when you connect your Google account, we receive calendar events, free/busy data, meeting participant identities, and (with your permission) recordings and notes stored in Drive.
  • Sigcore / SMS provider — inbound SMS replies from candidates, delivery receipts, and reply consent state.
  • Payment processor — billing status, subscription level, and invoice metadata. We do not store full payment card numbers.

4. How we use it

We use personal data to:

  • Deliver and operate the HireFunnel service.
  • Authenticate users, secure accounts, and prevent fraud, spam, and abuse.
  • Process candidate submissions — including transcription of video answers, AI- assisted scoring summaries, and automatic routing through the hiring funnel.
  • Send transactional emails and SMS messages (account verification, password resets, automation messages sent by employers to candidates).
  • Improve product quality — debug errors, measure performance, and decide what to build next. We aggregate or de-identify this data wherever possible.
  • Communicate with you about product updates, security advisories, and policy changes. You can opt out of non-essential marketing email at any time.
  • Meet legal and tax obligations.

We do not sell personal data, and we do not use candidate submissions to train third-party AI models. Transcription and AI-summary providers are configured to disable training on our data.

6. How we share data

We share personal data only in the situations below.

  • With the employer running the funnel. If you apply for a job through a HireFunnel-powered link, your submission is shared with that employer.
  • With subprocessors who help us run the service (see Section 7). They are contractually bound to process data only on our instructions.
  • With other people you share with. Employers can invite teammates to a workspace, share submissions internally, or grant scoped access to specific candidates.
  • For legal reasons — to comply with laws, court orders, or government requests; to enforce our terms; or to protect the rights, property, or safety of HireFunnel, our users, or the public.
  • Business transfers — if HireFunnel is acquired, merged, or sells substantially all of its assets, your data may transfer as part of that transaction. We will notify you and honor the commitments in this policy.

7. Subprocessors

We use the following third parties to operate HireFunnel. Each is bound by a data-processing agreement.

ProviderPurposeRegion
VercelApplication hostingUS / global edge
RailwayPostgres database hostingUS
Amazon Web ServicesVideo and file storage (S3)US
SendGrid (Twilio)Transactional email deliveryUS
SigcoreSMS messagingUS
DeepgramVideo / audio transcriptionUS
OpenAIAI-assisted question and summary generationUS
Upstash QStashDelayed job executionUS / EU
Google CloudCalendar, Meet, Drive integrations (employer-connected)Global
StripePayment processingUS / EU

The current list of subprocessors is available on request. We will give 30 days’ notice before adding a new subprocessor that processes substantial personal data.

7.1 Google API Services — Limited Use disclosure

When you connect a Google Workspace account, HireFunnel requests access to specific Google services (Calendar, Meet, Drive, and basic profile data) to power scheduling and interview workflows. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, HireFunnel:

  • Uses Google user data only to provide and improve the features the user connected Google for (reading calendar availability, creating Meet events, reading meeting recordings and transcripts saved to the user’s Drive).
  • Does not use Google user data to train generalized or third- party AI/ML models.
  • Does not sell or transfer Google user data to third parties for advertising, market research, or any other unrelated purpose.
  • Does not allow humans to read Google user data unless we have obtained the user’s explicit consent for specific messages, it is necessary for security purposes (such as investigating abuse), it is required by law, or the data has been aggregated and anonymized for internal operations.
  • Stores Google user data only for as long as needed to provide the service and deletes it on account disconnection or user request, subject to the retention schedule in Section 8.

You can revoke HireFunnel’s access to your Google account at any time from myaccount.google.com/permissions.

8. Retention

  • Account data — retained while your account is active and for up to 12 months after closure, then deleted or anonymized.
  • Candidate submissions — retained for the period set by the employer (default 180 days, configurable up to 24 months on the Scale plan), then deleted. Employers may delete a submission at any time.
  • Logs — retained for up to 90 days for security and debugging.
  • Billing records — retained for as long as required by tax law (typically 7 years).

9. Security

We protect personal data with industry-standard controls, including:

  • TLS 1.2+ encryption for data in transit.
  • AES-256 encryption at rest for stored videos and database backups.
  • Role-based access controls and least-privilege engineering access.
  • Audit logging of administrative actions.
  • Regular dependency scans and quarterly security reviews.
  • SOC 2 Type II documentation available to Scale-plan customers under NDA.

No system is perfectly secure. If we discover a personal-data breach affecting you, we will notify you and the appropriate regulators in accordance with applicable law.

10. Your rights

Depending on where you live, you may have the following rights with respect to your personal data:

  • Access — a copy of the data we hold about you.
  • Correction — fix data that is inaccurate or incomplete.
  • Deletion — ask us to delete your data, subject to legal exceptions.
  • Portability — receive your data in a machine-readable format.
  • Restriction or objection — limit how we use your data.
  • Withdraw consent — where we rely on consent, you can withdraw it.
  • Complaint — lodge a complaint with your local data-protection authority.

To exercise these rights, email privacy@hirefunnel.app. If you are a candidate and want to access or delete a submission, contact the employer that ran the funnel — we will help them honor your request.

California residents. If you are a California resident, you have the right to know, delete, correct, and opt out of the “sale” or “sharing” of your personal information under the CCPA/CPRA. We do not sell personal information.

11. Notice for candidates

If you applied for a job using a HireFunnel-powered link, the employer who created that link decides what to collect, how to evaluate your submission, and how long to keep it. HireFunnel processes your data on their behalf.

  • Your video, transcript, and answers are visible to the employer and anyone they invite into their workspace.
  • Transcripts are generated automatically and may contain errors. The employer (not HireFunnel) decides how to use them.
  • You can stop SMS messages by replying STOP at any time, and unsubscribe from email by clicking the link in any automation message.
  • To request access, correction, or deletion of your submission, contact the employer first. You may also email privacy@hirefunnel.app and we will forward your request and assist where required by law.

12. Cookies and tracking

We use cookies and similar technologies for these purposes:

  • Strictly necessary — sign-in sessions, security, CSRF tokens.
  • Functional — remember your preferences (theme, language).
  • Analytics — measure aggregate usage so we can improve the product. We do not use cookies to build advertising profiles or share data with ad networks.

You can disable non-essential cookies in your browser settings. We do not respond to Global Privacy Control or Do-Not-Track headers today because we do not engage in cross-site tracking or behavioral advertising.

13. International transfers

HireFunnel is operated from the United States, and most of our subprocessors are based in the US. If you access the service from outside the US, your personal data will be transferred to, stored, and processed in the US and other countries where our subprocessors operate. We rely on Standard Contractual Clauses (SCCs) and equivalent transfer mechanisms where required.

14. Children

HireFunnel is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify account holders by email and update the “Last updated” date at the top of this page. Continued use of HireFunnel after the effective date means you accept the revised policy.

16. Contact us

Questions, requests, or complaints about this policy? Reach us at privacy@hirefunnel.app.

For security-related disclosures, please email security@hirefunnel.app.

See also: Terms of Service.