Your privacy, our commitment
At HireFlow, operated by FoundryX ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information when you use our AI-powered interview preparation platform. By accessing or using HireFlow, you acknowledge that you have read and understood this policy.
This policy applies to all users of HireFlow, including visitors to our website, registered users, and subscribers to any of our plans. It covers data collected through our web application, API services, and any related communications.
We collect information necessary to provide, maintain, and improve our services. The types of data we collect fall into the following categories:
When you create an account, we collect:
When you use our interview features, we process:
All payment processing is handled exclusively by Stripe, our PCI DSS-compliant payment processor. We do not store, process, or have access to your full credit card numbers, CVV codes, or bank account details. The only payment-related data we retain includes:
We automatically collect certain technical data when you interact with our platform:
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
Processing required to deliver the services you signed up for — including running AI interviews, generating reports, and managing your subscription.
Processing necessary for our legitimate business interests, such as improving our AI models through aggregated and anonymized data analysis, preventing fraud, and ensuring platform security.
Where required, we obtain your explicit consent before processing — for example, when sending marketing communications or using optional analytics cookies.
Processing required to comply with applicable laws, regulations, tax requirements, or legal proceedings.
We use the information we collect for the following specific purposes:
We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We share data only in the following limited circumstances:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| Supabase | Database and authentication infrastructure |
| Groq | AI language model inference |
| ElevenLabs | Voice synthesis for AI interviewer |
| Vercel | Application hosting and CDN |
We may disclose data when required by law, court order, subpoena, or governmental regulation. We will notify you of such requests unless legally prohibited from doing so.
In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction. We will provide at least 30 days' notice and the option to delete your account before any such transfer.
We may share data for purposes not described here only with your explicit, informed consent.
We retain your data only for as long as necessary to fulfill the purposes described in this policy. Specific retention periods are as follows:
| Data Type | Retention Period |
|---|---|
| Account profile data | Retained while your account is active, deleted within 30 days of account deletion |
| Interview recordings (audio) | Automatically deleted after 90 days, or immediately upon your manual deletion |
| Interview transcripts & reports | Retained for 12 months after creation, or until you manually delete them |
| Uploaded CVs and job descriptions | Retained while your account is active, deleted within 30 days of account deletion |
| Payment and billing records | Retained for 7 years as required by German tax law (AO §147) |
| Technical logs and analytics | Anonymized after 90 days, fully deleted after 12 months |
| Support correspondence | Retained for 24 months after ticket resolution |
When you delete your account, we initiate a permanent deletion process. All personal data is purged from our active systems within 30 days. Data may persist in encrypted backups for up to 90 additional days before being overwritten.
As a data subject under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:
You may request a complete copy of all personal data we hold about you. We will provide this in a structured, commonly used, machine-readable format within 30 days.
You may request that we correct any inaccurate or incomplete personal data. You can also update most information directly in your account settings.
You may request deletion of your personal data at any time. You can delete your account through Settings, or contact us for a full data purge. Certain data may be retained where legally required.
You may request that we export your data in a machine-readable format (JSON or CSV) so you can transfer it to another service.
You may request that we limit how we process your data while a dispute or request is being resolved.
You may object to processing based on legitimate interest. You can opt out of marketing communications at any time via the unsubscribe link in any email.
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
You have the right to file a complaint with your local data protection authority. For users in Germany, this is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW).
To exercise any of these rights, email us at support@hireflow.pro with the subject line "Data Rights Request." Please include your account email for verification. We will acknowledge your request within 48 hours and fulfill it within 30 calendar days.
There is no fee for exercising your data rights. We may request additional verification for sensitive requests to protect your account security.
We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
Data Breach Protocol: In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
HireFlow is operated by FoundryX from Germany. Your primary data is stored in the European Union (Frankfurt, Germany). Some of our service providers are located outside the EU. When data is transferred internationally, we ensure appropriate safeguards are in place:
HireFlow uses artificial intelligence to power interview simulations and generate performance feedback. We want to be transparent about how AI interacts with your data:
Your voice recordings are processed in real-time by our speech-to-text service to generate transcriptions. Audio is processed transiently and is not used to train third-party AI models.
AI models analyze your transcribed responses to generate scores, identify strengths and weaknesses, and provide coaching recommendations. This analysis is based on patterns, not deterministic rules.
We do not use AI to create profiles that produce legal or similarly significant effects on you. Interview scores are for practice purposes only and do not affect your access to services, employment prospects, or any other rights.
You may request human review of any AI-generated assessment by contacting our support team.
We may use anonymized, aggregated data to improve our AI models. Your individual interview data is never used to train models without explicit anonymization. You may opt out of aggregated data usage by contacting us.
HireFlow is designed for users aged 16 and older. We do not knowingly collect personal data from children under 16. If we become aware that a user is under 16, we will promptly delete their account and all associated data. If you believe a minor has created an account, please contact us immediately at support@hireflow.pro.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will notify you at least 30 days in advance via email and/or a prominent in-app notification. Non-material changes (such as formatting or clarifications) may be made without prior notice. We encourage you to review this policy periodically. Your continued use of HireFlow after changes take effect constitutes acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For data protection inquiries, you may also reach our Data Protection Officer at support@hireflow.pro.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.