Privacy Policy

We collect and process the following categories of data:

• Account data — name, email address, organization name, role within your organization, authentication credentials (handled by our auth provider; we never store passwords directly)
• Candidate data — profiles from LinkedIn, GitHub, Stack Overflow, and Indeed fetched via third-party APIs; resumes uploaded as PDFs; AI-generated skill evaluations, scores, and narratives
• Career site applications — name, email, phone, resume text, cover notes, gap question responses, culture pulse responses, and AI-generated evaluation summaries submitted by applicants
• Org chart data — organizational hierarchy, positions, departments, functions, activities, KPIs, employment types, and budget status
• AI Worker data — system prompts, task definitions, SOPs, run history, approval records, guardrail violations, briefings, and manager feedback
• Activity journals — AI-generated summaries of email and calendar activity (requires explicit Google OAuth consent)
• Interview data — scheduled interviews, interviewer scorecards, prep questions, and candidate feedback
• Outreach data — email drafts, sequences, delivery status, and reply tracking
• Feedback submissions — bug reports and feature suggestions submitted through the chat widget
• Usage data — API call counts, token usage, feature usage, and billing records

• Recruiting — evaluating candidates, generating outreach, managing interview pipelines, producing skill scoring and calibration
• Workforce planning — org chart design, function mapping, activity organization, KPI tracking, and success metrics generation
• AI Worker execution — compiling system prompts from position data, executing tasks under manager-approved SOPs, running guardrail checks, and generating briefings
• Career site — evaluating applicant fit, generating feedback summaries, asking gap questions, and surfacing status updates to applicants
• Billing — processing subscriptions and usage-based charges through Stripe
• Platform improvement — aggregate analytics on feature usage, AI quality calibration (comparing AI scores to human interviewer scores), and response to feedback
• Security — activity logging, access control, and guardrail enforcement

PerfectRecruit uses AI extensively. Here is exactly what data is processed by which provider:

Claude by Anthropic

Used for: candidate evaluation, skill scoring, outreach drafting, interview prep, AI Worker task execution, SOP generation, guardrail scope and content checks, career site application evaluation, gap question generation, and activity organization.

Data sent: candidate profiles, resume text, role descriptions, position functions, AI Worker SOPs and context, outreach drafts, application responses.

Anthropic’s policy: API inputs are not used for model training. Retained up to 30 days for trust and safety monitoring only. See Anthropic’s data policy.

Voyage AI

Used for: generating text embeddings for chatbot knowledge base search and AI Worker knowledge base.

Data sent: knowledge article text, search queries.

Policy: Processing only. Not used for training.

For a detailed breakdown of what AI does and does not do, see our AI Disclosure page.

We share data with the following third parties, strictly for operating the service:

We do not sell, rent, or share your data with third parties for their marketing purposes. Ever.

Default retention periods (configurable per organization from Settings):

• AI observability logs — 90 days (prompts, responses, token counts)
• Candidate data — 12 months from last activity
• Career site applications — retained while the role is open, then follows candidate retention
• AI Worker run history — 90 days (run outputs, approvals, guardrail violations)
• Organization data — lifetime of the account
• After account termination — data available for export for 30 days, then permanently deleted

Data past its retention period is permanently deleted or irreversibly anonymized. Administrators can configure retention from Settings.

PerfectRecruit uses only essential cookies for authentication:

• access_token — session authentication (30-day max-age, SameSite=Lax)
• refresh_token — token refresh (30-day max-age, SameSite=Lax)

No analytics, advertising, or third-party cookies. No cookie consent banner is needed (essential-only cookies are exempt under GDPR/ePrivacy). See our Cookie Policy for details.

Regardless of your location, you have the following rights regarding your data:

• Access — request a copy of all data we hold about you
• Correction — request corrections to inaccurate data
• Deletion — request permanent deletion of your data
• Portability — receive your data in a machine-readable format (JSON export)
• Objection — object to specific processing activities, including AI evaluation
• Withdraw consent — revoke OAuth consents (Google, Stripe) at any time from Settings

We comply with GDPR, CCPA, and applicable data protection regulations. Requests are processed within 30 days. Contact us at privacy@perfectrecruit.ai.

PerfectRecruit is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

• All data encrypted at rest (AES-256) and in transit (TLS 1.3)
• OAuth tokens encrypted with AES-256-GCM before storage; encryption key stored separately from the database
• Multi-tenant isolation — organization data is scoped by org ID at every query level
• Role-based access control with permission checks on every API route
• AI Worker guardrails enforce scope limits and content safety on every action
• Activity logging for audit trail of all significant platform actions
• Passwords are never stored — authentication is handled by a separate auth platform

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. The current version is always available at perfectrecruit.ai/privacy.

For privacy inquiries, data requests, or questions:

Email: privacy@perfectrecruit.ai

Entity: CARDAPPS LLC, Houston, Texas, USA