HireMatchBack

Privacy Policy

Last updated: May 6, 2026

1. Who we are

HireMatch ("we", "us", "our") operates the hire-match.app platform, an evidence-backed candidate matching service for hiring teams and job seekers.

2. Data we collect

We collect the minimum data necessary to provide our service:

  • Account data: name, email address, hashed password.
  • Profile data (candidates): career history, skills, domains, workstyle preferences — all voluntarily provided.
  • Organization data (hiring): company name, role descriptions, team composition.
  • Integration activity: work activity metadata (event types, timestamps, counts) from connected tools (GitHub, Slack, Google Workspace, Jira, Confluence, Linear). We never store message content, email bodies, document text, or chat messages.
  • Usage data: page visits, feature usage for product improvement.

3. Data we never collect

By design, HireMatch does not collect, infer, or score:

  • Protected characteristics (race, gender, age, disability, religion, sexual orientation)
  • Private message content or chat messages
  • Email bodies or attachments
  • Document content or file contents
  • Meeting conversation content
  • Health, financial, or personal relationship information

4. How we use your data

  • Matching: candidate profiles are scored against open roles using a deterministic, auditable algorithm across four dimensions (skills, trajectory, team fit, environment fit).
  • Performance insights: work activity metadata is aggregated into performance dimensions for managers. Individual event details are sanitized — titles are truncated and sensitive topics are automatically redacted.
  • Communication: transactional emails for match notifications and account management.

5. Data protection

  • Integration tokens are encrypted at rest using pgcrypto symmetric encryption.
  • Row-level security restricts data access by role (owner, manager, member).
  • All connections use TLS 1.2+.
  • Event titles are sanitized for prompt injection and sensitive content before processing.
  • AI analysis outputs are post-processed to remove any leaked sensitive context.

6. Data retention

Activity events are retained for a maximum of 180 days (configurable per organization) and automatically purged. Profile snapshots are retained for up to 365 days. You can request immediate deletion of all your data at any time.

7. Your rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Opt out of discovery matching at any time

8. Third-party services

We use the following third-party services to operate HireMatch:

  • Supabase — database and authentication (EU hosting available)
  • Vercel — application hosting
  • OpenAI — AI-powered analysis (no data retention by provider)
  • Resend — transactional email delivery

9. Contact

For privacy-related questions or to exercise your rights, contact us at support@hire-match.app.