Privacy Policy

1. What We Collect

We collect the following information to operate the Platform:

• Account data: name, email address, password (hashed), Google OAuth tokens
• Resume data: uploaded resume files and parsed content (work history, skills, education)
• Profile data: professional title, location, job preferences, working status declaration
• Application data: job titles, companies, application status, ATS scores
• Billing data: subscription status, payment history (we do not store full card numbers — processed by Stripe)
• Usage data: login timestamps, feature interactions, audit log events

2. How We Use Your Data

Your data is used solely to:

• Provide and improve the HireAstra service
• Generate AI-tailored resumes and job match recommendations
• Process billing and manage your subscription
• Send transactional emails (welcome, trial reminders, billing alerts)
• Maintain compliance records (ToS acceptance, work status disclaimer)
• Investigate fraud, abuse, or Terms violations

Your data is never sold to third parties. Your resume and application data are used only to power your own applications.

3. AI Processing

When you use AI features (resume scoring, avatar generation, job description parsing), your resume content and job description text are sent to our AI provider for processing. We strip sensitive PII patterns (Social Security Numbers, credit card numbers, etc.) before any AI processing. Contact information (email, phone) is retained for resume parsing purposes.

AI providers process your data in accordance with their own privacy policies. We use Anthropic or Google Gemini as AI providers depending on configuration.

4. Data Sharing

We share data only with:

• Stripe — payment processing
• Supabase — database and authentication hosting
• Resend — transactional email delivery
• AI providers (Anthropic / Google) — resume and JD processing
• Law enforcement — only when required by valid legal process

We do not share your data with employers, recruiters, job boards, or any other third parties.

5. Data Retention

• Active accounts: data retained for the life of the account
• After cancellation: data remains accessible for 30 days, then archived
• Archived data: stored securely, not accessible through the Platform, retained as required by applicable law
• Deletion requests: contact support@hireastra.com

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention obligations)
• Export your data in a machine-readable format (CSV or JSON)
• Withdraw consent for non-essential processing

To exercise these rights, use the export function in Account Settings or contact support@hireastra.com.

7. Cookies & Tracking

HireAstra uses session cookies for authentication (managed by Supabase Auth). We do not use advertising cookies, cross-site tracking, or third-party analytics that collect personally identifiable information without consent.

8. Security

We implement industry-standard security measures including: TLS encryption in transit, encrypted storage at rest, row-level security (RLS) on all database tables, and role-based access controls. No system is perfectly secure — we encourage you to use a strong, unique password.

9. Children

HireAstra is not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at support@hireastra.com.

10. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of [Jurisdiction — Canada / USA, to be confirmed by lawyer]. For users in Canada, relevant protections include PIPEDA and applicable provincial privacy laws.

11. Changes to This Policy

We will notify you of material changes via email and in-app notice. Continued use after notification constitutes acceptance of the updated policy.

12. Contact

Privacy enquiries: legal@hireastra.com
Data export / deletion: support@hireastra.com