Hireloom

Legal

Privacy Policy

This policy explains how Hireloom handles personal data for users in Ireland, the EEA, and globally.

Last updated: 12 March 2026

1. Who we are

Hireloom is an Ireland-based resume and job-application platform. For GDPR purposes, Hireloom acts as the data controller for account and product data described in this policy. Contact: support@hireloom.app.

2. Data we collect

We may collect:

  • Account data such as name, email, and authentication identifiers.
  • Content you upload or create, including resumes, job descriptions, cover letters, and notes.
  • Billing data such as subscription status and Stripe customer/subscription identifiers.
  • Support data you submit via our contact forms and support email.
  • Technical/usage data such as logs, device/browser metadata, and error diagnostics.

3. How we use personal data

We process personal data to:

  • Provide and maintain the service, including resume tailoring and document generation.
  • Authenticate users, secure accounts, and prevent abuse or fraud.
  • Process payments, subscriptions, and billing support.
  • Respond to support requests and improve reliability and performance.
  • Comply with legal and regulatory obligations.

4. Legal bases (GDPR)

  • Contract: to deliver the product and paid features you request.
  • Legitimate interests: to secure, monitor, and improve the service.
  • Legal obligation: to meet tax, accounting, and legal compliance duties.
  • Consent: where required (for example, optional communications).

5. Processors and sharing

We use selected service providers (processors), including providers for authentication, database hosting, payments, email delivery, and AI processing. We do not sell personal data. We may disclose data where legally required or to protect rights, safety, and platform integrity.

6. International transfers

Because some providers operate outside the EEA, personal data may be transferred internationally. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses and related transfer measures.

7. Retention

We keep data only as long as needed for service delivery, legal compliance, dispute resolution, and enforcement. You can request deletion of your account and data from within the product or by contacting support. Some records (for example billing/tax records) may be retained for legally required periods.

8. Your rights

Depending on your location, you may have rights to access, rectify, delete, restrict, object, or port your personal data. EEA/UK users also have the right to lodge a complaint with their supervisory authority, including the Irish Data Protection Commission.

9. Security

We use technical and organizational safeguards designed to protect personal data. No system is completely secure, but we work to reduce risk through secure infrastructure, access controls, and monitoring.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the date above and, where appropriate, by additional notice.