Plain English Summary

  • HireChat helps teams manage interviews using AI, including CV analysis, transcription, interview support, and candidate comparison.
  • We collect account details, uploaded CVs, interview recordings, transcripts, notes, and AI-generated analysis so we can provide the service.
  • We use trusted service providers including Hetzner for hosting, Google for login, AssemblyAI for transcription, and OpenRouter for AI features.
  • Your data is stored on EU-based infrastructure in Germany. Some data may be processed outside the EU through our AI and authentication providers, and we use appropriate transfer safeguards where required.
  • You can ask to access, correct, export, or delete your data. If AI-generated output affects you, you can request human review.
  • We do not use advertising cookies or analytics cookies at launch. We only use necessary authentication cookies and local storage for product settings.

Who We Are

HireChat is an AI-powered interview intelligence tool that helps organizations manage the full interview lifecycle. This includes candidate intake, CV and resume analysis, live interview support, automated transcription, competency-based analysis, interview note-taking, and comparison across multiple candidates.

For the purposes of the General Data Protection Regulation (GDPR) and similar laws, HireChat is the data controller for personal data relating to individual users who use the product directly.

When HireChat is used by a business customer to process candidate data on that customer's behalf, HireChat may act as a data processor and the business customer may be the data controller. In those cases, a separate Data Processing Agreement (DPA) may apply.

Controller contact: Please contact us using the details in the Contact Us section below.

Data Protection Officer (DPO): HireChat has not appointed a formal DPO at this time. Privacy questions can be directed to the contact details below.

Information We Collect

Information you provide directly

  • Name
  • Email address
  • Company or organization name
  • Account login details when using email/password authentication
  • Uploaded CVs or resumes in PDF or DOCX format
  • Interview notes and related hiring information entered into the platform

Interview and candidate data

  • Audio recordings of interviews
  • Video recordings of interviews, where used
  • AI-generated transcripts
  • Speaker labels and diarization data
  • Competency scores, summaries, and structured analysis
  • Candidate comparison data
  • AI-generated interview questions, prompts, and support content

Technical and account data

  • Authentication session information
  • Basic device and browser data needed for security and service delivery
  • Local storage preferences such as theme and sidebar state

How We Use Information

We use personal data to operate, secure, and improve HireChat. In particular, we use data to:

  • Create and manage user accounts
  • Authenticate users through Google OAuth or email/password login
  • Store and organize candidate and interview materials
  • Process uploaded CVs and resumes
  • Transcribe interview audio and video
  • Generate AI-assisted summaries, competency analysis, and candidate comparisons
  • Provide live interview support and question generation
  • Maintain product security, prevent abuse, and troubleshoot issues
  • Respond to user requests and legal obligations

If you are in the European Economic Area, United Kingdom, or another region with similar laws, we rely on one or more of the following legal bases:

  • Contract: to provide HireChat, create accounts, authenticate users, host interview data, and deliver requested features.
  • Legitimate interests: to secure the service, prevent misuse, improve reliability, and support internal administration, provided those interests are not overridden by your rights.
  • Consent: where required by law, such as where a user or customer chooses to submit certain content or where consent is otherwise required for processing.
  • Legal obligation: where we must retain or disclose data to comply with applicable law, regulation, court order, or lawful government request.

Where HireChat processes candidate data on behalf of an employer or recruiter, that employer or recruiter may be responsible for identifying the appropriate legal basis for the collection and use of candidate information.

Categories of Personal Information (CCPA/CPRA)

If you are a California resident, we may collect the following categories of personal information:

  • Identifiers: name, email address, account identifiers, company name
  • Professional or employment-related information: CVs, resumes, work history, qualifications, interview notes
  • Audio, electronic, visual, or similar information: interview recordings, transcripts, and related metadata
  • Internet or network activity information: authentication and session-related technical data
  • Inferences: competency scores, AI-generated assessments, summaries, and comparison outputs

We collect these categories to provide and secure the service, process interviews and candidate materials, support hiring workflows, and comply with legal obligations.

How HireChat Uses AI

HireChat uses AI to help users review candidate materials and interviews more efficiently. This may include:

  • Analyzing CVs and resumes
  • Generating or suggesting interview questions
  • Transcribing interview recordings
  • Summarizing interviews and notes
  • Producing competency-based analysis and scoring
  • Comparing multiple candidates against selected criteria

Important accuracy notice

AI outputs are generated by automated systems and may be incomplete, inaccurate, or biased. They are intended to support human decision-making, not replace it. Users should review AI outputs carefully before relying on them.

Human oversight and review

HireChat is designed to support human oversight. Interviewers and hiring teams should not make decisions based solely on AI-generated outputs. If an individual believes an AI-generated output is incorrect or unfair, they may request human review through the contact details in this policy.

Transparency for high-risk HR use

Because interview and hiring tools may fall within high-risk AI use cases under European law, we aim to be transparent about how AI is used in HireChat. The platform uses AI assistance to process candidate-related information, but final hiring decisions should remain with human reviewers. We are committed to monitoring system quality and taking reasonable steps to identify and reduce unfair bias over time.

How We Share Information and Our Third-Party Services

We do not sell personal information for money. We do not use third-party advertising trackers at launch. We share personal data only as needed to operate HireChat, provide requested features, comply with law, or protect our rights.

1. Hetzner Online GmbH

Role: Cloud hosting provider

What data they may receive: Data stored in HireChat, including account information, uploaded CVs, interview files, transcripts, notes, analysis results, and related application data.

Why: To host HireChat's application and data infrastructure.

Storage location: Nuremberg, Germany (EU)

Transfer mechanism: Data is hosted in the EU.

2. Google

Role: OAuth authentication provider

What data they may receive: Authentication requests and basic account data associated with sign-in, such as your name, email address, and Google account identifier, depending on the permissions you grant.

Why: To allow users to sign in using Google OAuth.

Transfer mechanism: Google may process data internationally. Where required, transfers are subject to appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms used by Google.

3. AssemblyAI

Role: Speech-to-text transcription provider

What data they may receive: Audio or video interview content submitted for transcription, and related metadata needed to generate transcripts and speaker diarization.

Why: To create automated interview transcripts and identify speakers.

Transfer mechanism: AssemblyAI may process data outside the EU. Where required, transfers are subject to appropriate safeguards, such as Standard Contractual Clauses or other lawful transfer mechanisms.

4. OpenRouter

Role: LLM API provider for AI analysis and question generation

What data they may receive: Portions of CV data, transcript text, interview notes, prompts, and related content that are submitted to generate AI-assisted outputs. OpenRouter may route requests to OpenAI GPT models or other model providers.

Why: To provide AI features such as CV analysis, interview support, summarization, competency analysis, and question generation.

Transfer mechanism: OpenRouter and downstream model providers may process data outside the EU. Where required, transfers are subject to appropriate safeguards, such as Standard Contractual Clauses or other lawful transfer mechanisms.

Other disclosures

  • We may disclose information if required by law, subpoena, court order, or other valid legal process.
  • We may disclose information to protect the rights, safety, and security of HireChat, our users, or others.
  • If HireChat is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction, subject to applicable law.

International Data Transfers

HireChat is hosted in the European Union, in Nuremberg, Germany. However, some of our service providers may process data in countries outside the European Economic Area.

When personal data is transferred internationally, we rely on appropriate safeguards where required by law. These may include:

  • European Commission adequacy decisions
  • Standard Contractual Clauses
  • Other valid transfer mechanisms recognized under applicable law

You may contact us for more information about the transfer safeguards relevant to your data.

Data Retention

We retain personal data for as long as your account remains active, unless a longer retention period is required by law or is reasonably necessary for legal, security, or operational reasons.

If you delete your account, we generally keep your data for a 90-day grace period. This allows recovery in case of accidental deletion and helps us address security, fraud, or legal issues. After that period, we will permanently delete or anonymize your data, unless we are legally required to keep it longer.

Data Storage and Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. These measures include access controls, authentication protections, and hosting with an EU-based cloud provider.

No system is completely secure, and we cannot guarantee absolute security. Users should also protect their account credentials and use secure devices and networks.

Your Privacy Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data
  • Request a copy of your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Request human review of certain AI-assisted outputs or decisions
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us using the details in the Contact Us section. We may need to verify your identity before completing your request.

Additional Rights for Individuals in Europe

If GDPR or similar European privacy law applies to you, you may have the right to:

  • Request access to your personal data under Article 15 GDPR
  • Request rectification under Article 16 GDPR
  • Request erasure under Article 17 GDPR
  • Request restriction of processing under Article 18 GDPR
  • Object to processing under Article 21 GDPR
  • Receive data portability under Article 20 GDPR
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, where applicable

If you believe our processing violates applicable law, you may also lodge a complaint with the data protection authority in your country of residence, workplace, or the place of the alleged infringement.

Additional Rights for California Residents

If you are a California resident, you may have the following rights under the California Consumer Privacy Act, as amended by the CPRA:

  • Right to know: You can request information about the categories of personal information we collect, the sources of that information, the purposes for collecting it, and the categories of third parties to whom we disclose it.
  • Right to access: You can request a copy of the personal information we hold about you.
  • Right to correct: You can request that we correct inaccurate personal information.
  • Right to delete: You can request deletion of personal information, subject to exceptions allowed by law.
  • Right to portability: You can request a portable copy of certain information.
  • Right to opt out of sale or sharing: We do not sell personal information and we do not share personal information for cross-context behavioral advertising at launch.
  • Right to limit use of sensitive personal information: To the extent we collect sensitive personal information, we use it only for permitted business purposes and not to infer characteristics beyond the purposes described in this policy, except as allowed by law.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

You may exercise these rights by contacting us using the details below. We may verify your identity before processing your request.

Cookies and Local Storage

HireChat uses limited cookies and browser storage.

Strictly necessary cookies

We use session and authentication cookies through NextAuth v5. These cookies are necessary to sign you in, maintain your session, and secure the service. Because these cookies are strictly necessary, they do not require consent in many jurisdictions.

Local storage

We use browser local storage to remember UI preferences such as theme settings and sidebar state.

No advertising or analytics cookies at launch

At launch, HireChat does not use third-party advertising cookies, analytics cookies, or tracking cookies for behavioral advertising.

Children's Privacy

HireChat is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe that a child has provided personal data to us, please contact us so we can investigate and take appropriate action.

Automated Decision-Making

HireChat uses automated tools to generate transcripts, summaries, scores, and candidate comparisons. These features are designed to assist human users.

HireChat is not intended to make final hiring decisions automatically without human involvement. Users should independently review outputs before making employment-related decisions.

If you are affected by AI-generated analysis and believe it is inaccurate or unfair, you may contact us to request review of the underlying data and, where appropriate, human review of the output.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the effective date above.

Where appropriate, we may also notify users by email or through an in-product notice.

Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact HireChat using the support or contact channel provided in the product or on our website.

Please include enough detail for us to understand and respond to your request, including the email address associated with your account if applicable.