Privacy Policy

1. Information we collect

Depending on how you use the Service, we may process:

• Account and authentication data. When you sign in with LinkedIn (our current identity provider), we receive identifiers and profile details that LinkedIn shares with us under your authorization, such as name, email address, profile image, and professional headline, consistent with the scopes you approve. We may also store a structured snapshot of your professional profile information (for example, in a JSON field) as provided by your identity provider or as enriched from professional data partners when you run analysis features, to power gap comparisons and related features.
• Profile and career inputs. Information you provide or confirm, such as a public professional profile URL, target employers or roles, and related preferences used to run analyses and show results.
• Professional and cohort data. To generate insights, we process professional information about you and about other individuals derived from public or licensed sources (for example, career history and skills as made available through data partners), and we store derived outputs needed to operate features you request.
• Information about professionals in target cohorts. When you use features that compare you to people in a target role at a company, we obtain and process professional information about up to ten individuals per analysis (depending on availability) from licensed data partners, who source publicly available or licensed professional information. We use this to compute aggregate patterns and role insights; we do not use it to make automated decisions about hiring or employment for those individuals. Under GDPR, processing personal data obtained without the data subject's direct involvement (such as from a data partner) generally requires a legal basis (for example legitimate interests or contract) and, where Article 14 applies, providing information to those individuals—this is separate from “consent” in many cases. Publicly available professional data affects the analysis but does not remove GDPR obligations entirely. This Privacy Policy serves as part of that transparency; individuals may contact support@hiredlens.io to exercise their rights. We may rely on Article 14(5) exemptions (such as disproportionate effort) where applicable and still honor valid requests we receive.
• Payment-related data. When you purchase credits or paid features, our payment processor receives payment details. We do not receive or store full payment card numbers. We receive and store transaction records (such as purchase amount, credits issued, and date of purchase) as needed to fulfill and support your purchases and comply with financial and tax obligations.
• Technical and usage data. The Service runs in your web browser; we do not request access to device sensors, your contacts, photos, or other native app-style permissions. We may collect IP address, browser and device type (from standard headers, e.g. user agent), pages visited, and product events. We do not collect precise GPS location; we may derive an approximate region (such as country or region) from IP address for security, fraud prevention, or analytics. We use this data for security, fraud prevention, debugging, and to understand how the Service is used.
• Communications. When you contact us (for example by email), we keep the content of your message and contact details to respond and improve support.

2. How we use information

We use personal information to:

• Provide, operate, and improve the Service, including pattern analysis and gap insights;
• Authenticate your account and maintain security;
• Process payments and fulfill purchases;
• Communicate with you about the Service, including transactional and support messages;
• Measure usage, troubleshoot issues, and develop new features;
• Comply with law, enforce our Terms, and protect rights, safety, and security.

We do not sell or share your personal information as those terms are defined under applicable U.S. state privacy laws (including the California Consumer Privacy Act and similar statutes). We do not use your data to train third-party AI providers' general-purpose models for their unrelated products; our current AI provider processes inputs under our contract for the purpose of providing the Service.

3. Legal bases (EEA, UK, and similar regions)

Where GDPR or similar laws apply, we rely on one or more of the following:

• Contract: to provide the Service you request;
• Legitimate interests: to secure and improve the Service, analytics in a privacy-respecting way, and direct communication about the Service;
• Consent: where required for specific processing (for example, non-essential cookies or marketing, if offered);
• Legal obligation: where we must retain or disclose information by law.

4. How we share information

We share personal information only as needed to operate the Service:

• Service providers who help us operate the Service under confidentiality and security obligations, including hosting and authentication, cloud databases, email delivery, payment processing, AI inference, enrichment of public professional profiles, and product analytics.
• Identity providers when you choose to sign in through them (currently LinkedIn), as governed by their terms and your settings.
• Legal and safety: when required by law, legal process, or to protect the rights, property, or safety of Company, users, or others.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

5. Cookies and similar technologies

Essential cookies and storage. We use cookies and similar technologies that are strictly necessary to operate the Service, including session and authentication cookies from our identity and hosting providers. These cannot be disabled if you wish to use signed-in features.

Analytics. We use product analytics tools that may set cookies or use local storage to distinguish sessions and measure usage. Where required by law, we will obtain your consent before enabling non-essential analytics; you may withdraw consent through your browser settings or any cookie controls we provide.

Session replay. We may use session replay technology to record how you interact with the Service (such as clicks, scrolling, and on-screen content) for debugging and product improvement. Input fields are masked where technically configured. You may opt out of analytics tracking through your browser settings or by contacting us; disabling certain storage may limit some features.

Do Not Track. Some browsers send a “Do Not Track” (DNT) signal. There is no consistent industry or legal standard for how websites must respond. We do not treat the DNT signal alone as a complete opt-out of all analytics; you can limit non-essential cookies through your browser settings or any cookie banner we provide, and you may contact us about tracking preferences.

6. Artificial intelligence and profiling

The Service uses automated processing, including AI systems, to compare your professional profile against patterns in a target role cohort and to generate gap analyses, summaries, and recommendations. This constitutes profiling under GDPR in the sense of automated processing used to evaluate aspects of your professional situation. The outputs are informational and advisory only; they do not constitute hiring decisions or produce legal effects. You may request human review of concerns about outputs by contacting support@hiredlens.io.

Inputs may be sent to our AI provider (currently in the United States) under a data processing agreement. Under our contract, inputs you submit through the Service are processed to provide the Service and are not used to train the provider's general-purpose models for their unrelated products, subject to the provider's then-current policies.

Do not submit highly sensitive information you are not comfortable having processed for this purpose.

7. International transfers

We may process and store information in the United States and other countries where we or our providers operate. Our AI and other subprocessors may process data in the United States. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

8. Retention

We retain personal information only as long as needed for the purposes described in this policy: for example, for the duration of your account, to provide saved analyses and features you use, to operate technical caches and databases, and to meet legal, tax, and accounting obligations. Transaction records may be retained for the periods required by financial and tax rules. When we no longer need information, we delete or de-identify it in line with our practices and applicable law. Specific retention periods vary by data category; you may ask for more detail by contacting us.

9. Security

We implement organizational and technical measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Children

The Service is not directed to individuals under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take steps to delete it.

11. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal information; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. We will respond to requests in accordance with applicable law.

United States residents: Several U.S. states (including California, Virginia, Colorado, Connecticut, Texas, and others) provide additional privacy rights. You may exercise any rights available to you under applicable state law by contacting us as described below. We do not discriminate against you for exercising rights granted by law.

EEA and UK: GDPR Article 27 may require a representative in the EU or UK if we offer goods or services to people there and do not have an establishment there—whether that applies depends on your scale and targeting; counsel can confirm. We do not currently publish a separate EU/UK representative; inquiries and rights requests may be sent to support@hiredlens.io. If we appoint a representative, we will update this policy.

12. Requests and deletion

To exercise privacy rights or request deletion of your account and associated data, email support@hiredlens.io. We will verify your request and respond within the timeframes required by applicable law (for example, within 45 days for many U.S. state requests, or within one month for many GDPR requests, subject to extension where permitted). Where we cannot verify your identity, we may be unable to fulfill certain requests.

We aim to complete deletion without undue delay after a verified request, and within a reasonable period—often within about 30 days—unless a longer period is required or permitted by law.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. For material changes, we will provide additional notice where required by law (including by email where we have your address).

14. Contact

Questions about this Privacy Policy or to exercise your rights: support@hiredlens.io

Data controller: Renaissance Labs LLC, Delaware, United States. If you need a postal address for formal correspondence (including where required by privacy law), request it at the email above.