Hireflow
HireflowAI RESUME TAILORING

Privacy Policy

Last updated: January 22, 2026

Introduction

Welcome to Hireflow ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resume tailoring service at tryhireflow.com (the "Service").

Data Controller: Hireflow, operated by an individual in New Zealand, is the data controller responsible for your personal information. For GDPR purposes, we are the controller of your personal data processed in connection with the Service.

By using our Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you create an account, we collect:

  • Name and email address
  • Password (encrypted)
  • Profile information you provide

Resume and Career Information

To provide our Service, we collect and process:

  • Resume content (work experience, education, skills, etc.)
  • Job descriptions you submit for tailoring
  • Cover letters and generated content
  • Application tracking information

Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage statistics and analytics
  • Cookies and similar tracking technologies

How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our Service
  • Generate tailored resumes and cover letters
  • Process payments for Job Search Pass purchases
  • Send you updates, security alerts, and support messages
  • Improve and optimize our Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

AI and Data Processing

Your data is never used to train AI models. We use third-party AI services (such as OpenAI, Anthropic) to process your resume content, but we have agreements in place ensuring:

  • Your data is not used to train their models
  • Your data is not retained beyond the immediate processing
  • Your data is encrypted in transit and at rest

Data Sharing and Disclosure

We do NOT sell your personal information. We may share your information only in these limited circumstances:

  • Service Providers: We share data with trusted third-party service providers (payment processors, hosting, analytics) who help us operate the Service
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information

Key processors: Our current providers may include AI service providers (such as OpenAI or Anthropic), payment processors (such as Stripe), and cloud hosting/storage providers. A current list of processors is available on request.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure database access controls
  • Periodic security reviews and monitoring
  • Limited employee access to personal data

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify affected users without undue delay and as soon as practicable (and within 72 hours where required by law, such as GDPR)
  • Notify relevant data protection authorities as soon as practicable and within 72 hours where required by law
  • Provide clear information about the nature of the breach and steps we are taking to address it
  • Recommend actions you can take to protect yourself

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing emails
  • Restrict Processing: Limit how we use your data

To exercise these rights, contact us at privacy@tryhireflow.com

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we will permanently delete your resume data and personal information within 30 days, except where we are required to retain data for legal or compliance purposes, including:

  • Financial records (payment transactions) - retained as required by applicable tax law (typically up to 7 years in New Zealand)
  • Account information (email, purchase history) - retained as required by legal or tax compliance (typically up to 7 years)
  • Resume content and generated documents - deleted within 30 days of account deletion
  • Usage logs and analytics data - anonymized or deleted within 12 months where feasible

After the retention period expires, we will securely delete or anonymize your personal information in accordance with applicable data protection laws.

Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns with our internal analytics tools
  • Improve user experience

You can control cookies through your browser settings. Note that disabling cookies may limit some functionality. We do not use third-party advertising cookies or tracking pixels.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including countries where our service providers operate (which may include the United States). We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws, including:

  • Standard Contractual Clauses (SCCs): For data transfers from the EEA, UK, and Switzerland, we use the European Commission's approved Standard Contractual Clauses to ensure adequate protection
  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Service Provider Agreements: All third-party service providers (including AI providers, payment processors, hosting providers) are contractually bound to protect your data
  • Compliance: We comply with applicable data protection laws, including GDPR, NZ Privacy Act 2020, and other relevant regulations

If you are located in the EEA, UK, or Switzerland, you have the right to obtain a copy of the safeguards we use for international data transfers by contacting us at privacy@tryhireflow.com.

Children's Privacy

Our Service is not intended for users under the age of majority in their jurisdiction. We do not knowingly collect information from minors. If you believe we have collected information from a child, please contact us immediately.

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing your resume data, generating tailored resumes and cover letters, account management, and payment processing - necessary to provide the Service you requested
  • Legitimate Interests (Article 6(1)(f)): Service improvement, fraud prevention, security monitoring, and analytics - balanced against your privacy rights
  • Legal Obligation (Article 6(1)(c)): Tax records, responding to legal requests, and compliance with applicable laws
  • Consent (Article 6(1)(a)): Marketing communications and optional features - you may withdraw consent at any time

We will respond to your GDPR requests within 30 days. If your request is complex, we may extend this period by an additional 60 days and will inform you of the extension.

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if your information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do NOT sell your data)
  • Right to request deletion
  • Right to non-discrimination for exercising your rights

New Zealand & Australia

Hireflow is operated from New Zealand. We comply with the NZ Privacy Act 2020 and Australian Privacy Principles.

New Zealand Privacy Act 2020

Under the New Zealand Privacy Act 2020, you have the right to:

  • Access your personal information
  • Request correction of inaccurate information
  • Request deletion of your personal information (subject to legal retention requirements)
  • Make a complaint to the New Zealand Privacy Commissioner if you believe we have breached the Privacy Act

Australian Privacy Principles

If you are located in Australia, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You have similar rights to access, correct, and delete your personal information.

If you have concerns about how we handle your personal information, please contact us at privacy@tryhireflow.com or your local Privacy Commissioner.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our Service. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

Contact Us

Hireflow is operated by an individual in New Zealand and is currently in beta. We do not yet have a registered company. If you have questions or concerns about this Privacy Policy, please contact us:

Data Controller: Hireflow (individual operator in New Zealand)

Privacy: privacy@tryhireflow.com

Support: support@tryhireflow.com

GDPR Representative (if required): For users in the European Economic Area, if we are required to appoint a representative under Article 27 of GDPR, we will update this section with their contact information.