1. Scope of This Policy
This Policy applies to personal information we process through the Service, our website, and related communications. It does not apply to third-party websites, products, or services that we do not control, or to the independent data-handling practices of our customers. Your use of the Service is also governed by our Terms of Service.
2. Our Role: Controller and Processor
HireGrin serves two roles depending on the information involved:
- As a controller / business: For information about our customers, their Authorized Users, website visitors, and prospects — such as account, billing, and usage data — we determine the purposes and means of processing and act as a controller (or “business” under U.S. state privacy laws).
- As a processor / service provider: For interview recordings, transcripts, résumés, scorecards, and other information about candidates that our customers submit or generate through the Service (“Candidate Data”), our customer is the controller. We process Candidate Data on the customer’s behalf and in accordance with our agreement with them and their instructions.
If you are a candidate and have questions about how your information is used in a hiring process, please contact the organization you interviewed with, as they control that information. We will support our customers in responding to such requests.
3. Information We Collect
Information you provide to us
- Account and profile information such as your name, email address, employer, job title, and password.
- Billing information such as your billing contact and transaction details. Payment card details are processed by our payment processors and are not stored by us in full.
- Communications you send us, including support requests, survey responses, and feedback.
Interview and candidate data
When customers use the Service to run interviews, we process Candidate Data on their behalf, which may include:
- Audio and, where enabled, video from interviews, and the transcripts generated from them;
- Speaker attribution, follow-up questions, notes, ratings, scorecards, signals, and summaries;
- Résumés or CVs, role descriptions, rubrics, and related documents that customers upload.
Candidate Data may include information that is sensitive or subject to special protection under applicable law. Customers are responsible for providing required notices and obtaining any consents before submitting such information.
Information collected automatically
- Usage and device data such as IP address, browser and device type, operating system, pages and features used, and timestamps;
- Log and diagnostic data used to operate, secure, and troubleshoot the Service;
- Cookies and similar technologies as described in the “Cookies” section below.
Information from third parties
We may receive information from integrations you enable (such as video conferencing tools, calendars, applicant tracking systems, and single-sign-on providers), and from analytics and security providers, consistent with your settings and applicable law.
4. How We Use Information
We use personal information to:
- Provide, operate, maintain, and secure the Service;
- Transcribe interviews, generate follow-up questions, produce summaries and scorecards, and deliver other Service features;
- Authenticate users and manage accounts, subscriptions, and billing;
- Provide customer support and respond to your requests and inquiries;
- Monitor, analyze, and improve the performance, quality, and safety of the Service;
- Detect, prevent, and address fraud, abuse, security incidents, and technical issues;
- Send administrative and, where permitted, marketing communications (which you can opt out of); and
- Comply with legal obligations and enforce our agreements.
Where we rely on consent or legitimate interests as a legal basis under applicable law, we will do so consistent with that law. We process Candidate Data only as needed to provide the Service to our customers and per their instructions.
5. Automated Processing and AI
The Service uses machine-learning models and automated processing to generate transcripts, suggestions, summaries, and scores. These outputs are decision-support tools intended for human review; they are not designed to make automated decisions that produce legal or similarly significant effects about an individual without human involvement. Customers are responsible for ensuring meaningful human review of any hiring decision. We may use aggregated or de-identified data to develop and improve our models, in a form that does not identify you or any candidate, unless we have a separate agreement or consent that permits otherwise.
6. Cookies and Similar Technologies
We and our providers use cookies, local storage, and similar technologies to keep you signed in, remember preferences, measure and analyze usage, and maintain security. Some cookies are strictly necessary for the Service to function; others help us understand and improve it. You can control non-essential cookies through your browser settings or, where available, our cookie controls. Disabling certain cookies may affect functionality.
7. How We Share Information
We do not sell your personal information for money, and we do not “share” it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws. We disclose information only in the following circumstances:
- Service providers and subprocessors that host infrastructure, provide transcription or AI processing, process payments, or provide analytics and support, under contracts that limit their use of the information to providing services to us;
- Integrations you enable, where data is exchanged at your direction;
- Within your organization, with other Authorized Users of your account, as configured by your administrators;
- Legal and safety reasons, to comply with law, respond to lawful requests, or protect the rights, property, or safety of Come Back Agency, our users, or the public;
- Business transfers, in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy; and
- With your direction or consent, or in aggregated or de-identified form that cannot reasonably identify you.
8. Data Retention
We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Candidate Data is retained according to our customer’s configuration and instructions; when a customer deletes data or closes an account, we delete or de-identify the associated data within a commercially reasonable period, except where retention is required by law or for legitimate business purposes such as security and backup.
9. Security
We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, and alteration, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping your credentials confidential and configuring access appropriately.
10. International Data Transfers
We are based in the United States and may process information in the United States and other countries where we or our providers operate. These countries may have data-protection laws that differ from those in your jurisdiction. Where required, we use appropriate safeguards — such as standard contractual clauses — for cross-border transfers.
11. Your Privacy Rights
Depending on where you live, you may have rights regarding your personal information, which may include the right to:
- Access or receive a copy of the personal information we hold about you;
- Correct inaccurate information;
- Request deletion of your information;
- Restrict or object to certain processing;
- Data portability;
- Withdraw consent where processing is based on consent; and
- Opt out of the “sale” or “sharing” of personal information and to non-discrimination for exercising your rights.
To exercise these rights, contact us at [email protected]. We may need to verify your identity before responding. If we process your information on behalf of a customer as a processor, we will refer your request to that customer and support them in responding. You may also have the right to lodge a complaint with a supervisory authority.
12. Marketing Choices
You can opt out of marketing emails at any time by using the unsubscribe link in those emails or by contacting us. We may still send you non-promotional messages about your account or the Service.
13. Children’s Privacy
The Service is intended for business use by adults and is not directed to children under sixteen (16). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can delete it.
14. Third-Party Links and Services
The Service may contain links to, or integrate with, third-party websites and services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after an update becomes effective indicates your acceptance of the revised Policy.
16. Contact Us
If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, please contact us at [email protected].
Come Back Agency, LLC
United States