Plain English Summary

  • HireChat helps teams manage interviews using AI, including CV analysis, transcription, interview support, and candidate comparison.
  • We collect account details, uploaded CVs, interview recordings, transcripts, notes, and AI-generated analysis so we can provide the service.
  • We use trusted service providers including Hetzner for hosting, Google for login, AssemblyAI for transcription, and OpenRouter for AI features.
  • Your data is stored on EU-based infrastructure in Germany. Some data may be processed outside the EU through our AI and authentication providers, and we use appropriate transfer safeguards where required.
  • You can ask to access, correct, export, or delete your data. If AI-generated output affects you, you can request human review.
  • We do not use advertising cookies or analytics cookies at launch. We only use necessary authentication cookies and local storage for product settings.

Who We Are

HireChat is an AI-powered interview intelligence tool that helps organizations manage the full interview lifecycle. This includes candidate intake, CV and resume analysis, live interview support, automated transcription, competency-based analysis, interview note-taking, and comparison across multiple candidates.

For the purposes of the General Data Protection Regulation (GDPR) and similar laws, HireChat is the data controller for personal data relating to individual users who use the product directly.

When HireChat is used by a business customer to process candidate data on that customer's behalf, HireChat may act as a data processor and the business customer may be the data controller. In those cases, a separate Data Processing Agreement (DPA) may apply.

Controller contact: Please contact us using the details in the Contact Us section below.

Data Protection Officer (DPO): HireChat has not appointed a formal DPO at this time. Privacy questions can be directed to the contact details below.

Information We Collect

Information you provide directly

  • Name
  • Email address
  • Company or organization name
  • Account login details when using email/password authentication
  • Uploaded CVs or resumes in PDF or DOCX format
  • Interview notes and related hiring information entered into the platform

Interview and candidate data

  • Audio recordings of interviews
  • Video recordings of interviews, where used
  • AI-generated transcripts
  • Speaker labels and diarization data
  • Competency scores, summaries, and structured analysis
  • Candidate comparison data
  • AI-generated interview questions, prompts, and support content

Psychometric assessment data

  • Personality assessment responses and scores (Big Five personality dimensions)
  • Integrity scale responses and scores
  • Situational judgment test (SJT) responses and scores
  • Cognitive ability test responses and scores
  • Emotional intelligence assessment responses and scores
  • Unified scoring outputs that combine assessment results with interview evidence
  • Trait alignment profiles mapping assessment results to role-specific blueprints

Psychometric assessment data may reveal information about a candidate's cognitive abilities, personality traits, and behavioral tendencies. This data is processed solely for the purpose of supporting hiring decisions and is never used for purposes unrelated to recruitment.

Case study and structured interview data

  • AI-generated case study scenarios, prompts, and BARS (Behaviorally Anchored Rating Scale) rubrics
  • Interviewer-selected case materials used during sessions
  • Per-prompt BARS scores (1-5) derived from transcript analysis
  • Transcript evidence mapped to specific case study prompts
  • Custom scoring blueprints with competency weights defined by hiring teams

Technical and account data

  • Authentication session information
  • Basic device and browser data needed for security and service delivery
  • Local storage preferences such as theme and sidebar state

How We Use Information

We use personal data to operate, secure, and improve HireChat. In particular, we use data to:

  • Create and manage user accounts
  • Authenticate users through Google OAuth or email/password login
  • Store and organize candidate and interview materials
  • Process uploaded CVs and resumes
  • Transcribe interview audio and video
  • Generate AI-assisted summaries, competency analysis, and candidate comparisons
  • Administer and score psychometric assessments (personality, integrity, SJT, cognitive ability, emotional intelligence)
  • Generate case study scenarios with BARS rubrics for structured interviews
  • Score case study responses against rubric anchors using transcript evidence
  • Compute unified candidate scores combining interview evidence, psychometric results, and blueprint criteria
  • Provide live interview support and question generation
  • Maintain product security, prevent abuse, and troubleshoot issues
  • Respond to user requests and legal obligations

If you are in the European Economic Area, United Kingdom, or another region with similar laws, we rely on one or more of the following legal bases:

  • Contract: to provide HireChat, create accounts, authenticate users, host interview data, and deliver requested features.
  • Legitimate interests: to secure the service, prevent misuse, improve reliability, and support internal administration, provided those interests are not overridden by your rights.
  • Consent: where required by law, such as where a user or customer chooses to submit certain content or where consent is otherwise required for processing.
  • Legal obligation: where we must retain or disclose data to comply with applicable law, regulation, court order, or lawful government request.

Where HireChat processes candidate data on behalf of an employer or recruiter, that employer or recruiter may be responsible for identifying the appropriate legal basis for the collection and use of candidate information.

Categories of Personal Information (CCPA/CPRA)

If you are a California resident, we may collect the following categories of personal information:

  • Identifiers: name, email address, account identifiers, company name
  • Professional or employment-related information: CVs, resumes, work history, qualifications, interview notes
  • Audio, electronic, visual, or similar information: interview recordings, transcripts, and related metadata
  • Internet or network activity information: authentication and session-related technical data
  • Inferences: competency scores, AI-generated assessments, psychometric profiles, BARS rubric scores, unified candidate scores, summaries, and comparison outputs
  • Sensitive personal information: psychometric assessment results that may reveal information about cognitive abilities, personality traits, or behavioral tendencies. We use this information only for the permitted business purpose of supporting hiring decisions.

We collect these categories to provide and secure the service, process interviews and candidate materials, support hiring workflows, and comply with legal obligations.

How HireChat Uses AI

HireChat uses AI to help users review candidate materials and interviews more efficiently. This may include:

  • Analyzing CVs and resumes
  • Generating or suggesting interview questions
  • Transcribing interview recordings
  • Summarizing interviews and notes
  • Producing competency-based analysis and scoring
  • Comparing multiple candidates against selected criteria
  • Scoring psychometric assessments (personality, integrity, situational judgment, cognitive ability, emotional intelligence)
  • Generating case study scenarios with behaviorally anchored rating scales (BARS)
  • Analyzing interview transcripts against case study rubrics to produce per-prompt BARS scores with evidence
  • Computing unified candidate scores that combine interview evidence with psychometric assessment results
  • Mapping candidate traits to role-specific scoring blueprints defined by hiring teams

Important accuracy notice

AI outputs are generated by automated systems and may be incomplete, inaccurate, or biased. They are intended to support human decision-making, not replace it. Users should review AI outputs carefully before relying on them.

Human oversight and review

HireChat is designed to support human oversight. Interviewers and hiring teams should not make decisions based solely on AI-generated outputs. If an individual believes an AI-generated output is incorrect or unfair, they may request human review through the contact details in this policy.

Transparency for high-risk HR use

Because interview and hiring tools may fall within high-risk AI use cases under European law (including the EU AI Act, effective August 2026), we aim to be transparent about how AI is used in HireChat. The platform uses AI assistance to process candidate-related information, but final hiring decisions should remain with human reviewers. We are committed to monitoring system quality and taking reasonable steps to identify and reduce unfair bias over time.

Psychometric assessment processing

HireChat administers psychometric assessments that measure personality traits (Big Five dimensions), integrity, situational judgment, cognitive ability, and emotional intelligence. These assessments produce structured scores that may be combined with interview evidence into a unified candidate profile.

Psychometric results may constitute special category data under GDPR Article 9 where they reveal information about health or cognitive characteristics. We process this data on the basis of explicit consent obtained at the point of assessment administration, or on the basis of the employer's legitimate interest in evaluating candidates for employment, as applicable.

Psychometric assessment data is:

  • Used solely for the recruitment purpose for which it was collected
  • Never used to train AI models or shared with third parties beyond what is necessary to operate the service
  • Subject to the same retention and deletion policies as other candidate data
  • Available for candidate access, correction, or deletion upon request

Case study and BARS rubric processing

HireChat uses AI to generate case study scenarios with Behaviorally Anchored Rating Scales (BARS) for structured interviews. During case study sessions, the AI analyzes interview transcripts against the rubric to produce per-prompt scores (1-5) with direct transcript evidence. These scores are qualitative assessments intended to support interviewer judgment — they do not automatically determine hiring outcomes.

EU AI Act compliance

HireChat recognizes that AI systems used in recruitment and employment decisions are classified as high-risk under the EU AI Act (Regulation (EU) 2024/1689). We are committed to compliance with applicable requirements, including:

  • Risk management: We maintain documented risk management processes to identify and mitigate potential harms from our AI systems, including algorithmic discrimination.
  • Data quality: AI models are developed using data that is relevant, representative, and as free of errors as practicable.
  • Transparency: This privacy policy and our in-product disclosures inform users and candidates about how AI systems are used and their role in hiring decisions.
  • Human oversight: HireChat is designed so that qualified humans review and can override AI outputs before final employment decisions are made.
  • Record-keeping: We maintain audit trails and documentation of AI system performance as required by applicable law.

How We Share Information and Our Third-Party Services

We do not sell personal information for money. We do not use third-party advertising trackers at launch. We share personal data only as needed to operate HireChat, provide requested features, comply with law, or protect our rights.

1. Hetzner Online GmbH

Role: Cloud hosting provider

What data they may receive: Data stored in HireChat, including account information, uploaded CVs, interview files, transcripts, notes, analysis results, and related application data.

Why: To host HireChat's application and data infrastructure.

Storage location: Nuremberg, Germany (EU)

Transfer mechanism: Data is hosted in the EU.

2. Google

Role: OAuth authentication provider

What data they may receive: Authentication requests and basic account data associated with sign-in, such as your name, email address, and Google account identifier, depending on the permissions you grant.

Why: To allow users to sign in using Google OAuth.

Transfer mechanism: Google may process data internationally. Where required, transfers are subject to appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms used by Google.

3. AssemblyAI

Role: Speech-to-text transcription provider

What data they may receive: Audio or video interview content submitted for transcription, and related metadata needed to generate transcripts and speaker diarization.

Why: To create automated interview transcripts and identify speakers.

Transfer mechanism: AssemblyAI may process data outside the EU. Where required, transfers are subject to appropriate safeguards, such as Standard Contractual Clauses or other lawful transfer mechanisms.

4. OpenRouter

Role: LLM API provider for AI analysis and question generation

What data they may receive: Portions of CV data, transcript text, interview notes, prompts, and related content that are submitted to generate AI-assisted outputs. OpenRouter may route requests to OpenAI GPT models or other model providers.

Why: To provide AI features such as CV analysis, interview support, summarization, competency analysis, and question generation.

Transfer mechanism: OpenRouter and downstream model providers may process data outside the EU. Where required, transfers are subject to appropriate safeguards, such as Standard Contractual Clauses or other lawful transfer mechanisms.

Other disclosures

  • We may disclose information if required by law, subpoena, court order, or other valid legal process.
  • We may disclose information to protect the rights, safety, and security of HireChat, our users, or others.
  • If HireChat is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction, subject to applicable law.

International Data Transfers

HireChat is hosted in the European Union, in Nuremberg, Germany. However, some of our service providers may process data in countries outside the European Economic Area.

When personal data is transferred internationally, we rely on appropriate safeguards where required by law. These may include:

  • European Commission adequacy decisions
  • Standard Contractual Clauses
  • Other valid transfer mechanisms recognized under applicable law

You may contact us for more information about the transfer safeguards relevant to your data.

Data Retention

We retain personal data for as long as your account remains active, unless a longer retention period is required by law or is reasonably necessary for legal, security, or operational reasons.

If you delete your account, we generally keep your data for a 90-day grace period. This allows recovery in case of accidental deletion and helps us address security, fraud, or legal issues. After that period, we will permanently delete or anonymize your data, unless we are legally required to keep it longer.

Data Storage and Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. These measures include access controls, authentication protections, and hosting with an EU-based cloud provider.

No system is completely secure, and we cannot guarantee absolute security. Users should also protect their account credentials and use secure devices and networks.

Your Privacy Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data
  • Request a copy of your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Request human review of certain AI-assisted outputs or decisions
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us using the details in the Contact Us section. We may need to verify your identity before completing your request.

Additional Rights for Individuals in Europe

If GDPR or similar European privacy law applies to you, you may have the right to:

  • Request access to your personal data under Article 15 GDPR
  • Request rectification under Article 16 GDPR
  • Request erasure under Article 17 GDPR
  • Request restriction of processing under Article 18 GDPR
  • Object to processing under Article 21 GDPR
  • Receive data portability under Article 20 GDPR
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, where applicable

If you believe our processing violates applicable law, you may also lodge a complaint with the data protection authority in your country of residence, workplace, or the place of the alleged infringement.

Additional Rights for California Residents

If you are a California resident, you may have the following rights under the California Consumer Privacy Act, as amended by the CPRA:

  • Right to know: You can request information about the categories of personal information we collect, the sources of that information, the purposes for collecting it, and the categories of third parties to whom we disclose it.
  • Right to access: You can request a copy of the personal information we hold about you.
  • Right to correct: You can request that we correct inaccurate personal information.
  • Right to delete: You can request deletion of personal information, subject to exceptions allowed by law.
  • Right to portability: You can request a portable copy of certain information.
  • Right to opt out of sale or sharing: We do not sell personal information and we do not share personal information for cross-context behavioral advertising at launch.
  • Right to limit use of sensitive personal information: To the extent we collect sensitive personal information, we use it only for permitted business purposes and not to infer characteristics beyond the purposes described in this policy, except as allowed by law.
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

You may exercise these rights by contacting us using the details below. We may verify your identity before processing your request.

Cookies and Local Storage

HireChat uses limited cookies and browser storage.

Strictly necessary cookies

We use session and authentication cookies through NextAuth v5. These cookies are necessary to sign you in, maintain your session, and secure the service. Because these cookies are strictly necessary, they do not require consent in many jurisdictions.

Local storage

We use browser local storage to remember UI preferences such as theme settings and sidebar state.

No advertising or analytics cookies at launch

At launch, HireChat does not use third-party advertising cookies, analytics cookies, or tracking cookies for behavioral advertising.

Children's Privacy

HireChat is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe that a child has provided personal data to us, please contact us so we can investigate and take appropriate action.

Automated Decision-Making (GDPR Article 22)

HireChat uses automated tools to generate transcripts, summaries, competency scores, psychometric assessment results, case study BARS scores, unified candidate scores, and candidate comparisons. These features are designed to assist human users — not to make hiring decisions autonomously.

No solely automated decisions: HireChat is not intended to make final hiring decisions automatically without meaningful human involvement. AI-generated scores, assessments, and recommendations are advisory outputs. Users should independently review all outputs before making employment-related decisions.

Right to human review: Under GDPR Article 22, individuals have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects. If you are a candidate affected by AI-generated analysis and believe it is inaccurate or unfair, you have the right to:

  • Obtain an explanation of how the automated assessment was produced
  • Request meaningful human review of the decision
  • Express your point of view and contest the outcome

To exercise these rights, contact us using the details in the Contact Us section below.

Logic of automated processing: HireChat's AI systems analyze candidate data (CVs, transcripts, assessment responses) against structured criteria (competency frameworks, BARS rubrics, psychometric norms) to produce scores and summaries. The scoring logic uses:

  • Transcript evidence mapped to competency-specific rubric anchors
  • Psychometric scoring based on validated I/O psychology instruments
  • Blueprint-weighted aggregation of multiple data sources into unified scores

These outputs highlight patterns in the data but do not account for all factors relevant to hiring. Human judgment remains essential.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the effective date above.

Where appropriate, we may also notify users by email or through an in-product notice.

Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact HireChat using the support or contact channel provided in the product or on our website.

Please include enough detail for us to understand and respond to your request, including the email address associated with your account if applicable.