Privacy & Data Practices

PerfectRecruit collects and processes the following categories of data:

• Candidate profiles — LinkedIn, GitHub, Stack Overflow, and Indeed profile data fetched via third-party APIs, plus resumes uploaded as PDFs
• Career site applications — name, email, resume text, cover letters, and responses to role-specific questions submitted by applicants
• Org charts — organizational hierarchy, positions, departments, and employment types
• Activity journals — AI-generated summaries of your email and calendar activity (requires explicit Google OAuth consent)
• Feedback submissions — bug reports and feature suggestions submitted through the chat widget
• Usage data — API call counts, token usage, and feature usage for billing and analytics

PerfectRecruit uses AI to power AI skill evaluation, skills generation, outreach drafting, activity organization, and more. Here is how your data is processed:

• Anthropic Claude API — Powers all AI features. Your data is sent to Anthropic for processing but is not used to train their models. Anthropic retains API inputs/outputs for up to 30 days for trust and safety purposes only. See Anthropic's API data policy.
• Voyage AI — Used for generating text embeddings for the chatbot knowledge base search. Input text is processed for embedding generation only and is not used for training.
• AI evaluation of career site applications is advisory only — a human recruiter reviews every application. There is no automated decision-making or auto-rejection.

• All data is stored in PostgreSQL hosted on Neon, encrypted at rest (AES-256) and in transit (TLS 1.3)
• Google OAuth tokens are encrypted with AES-256-GCM before storage — the encryption key is separate from the database
• All data is scoped by organization — multi-tenant isolation ensures Org A data is never accessible to Org B
• Passwords are never stored — authentication is handled by a separate auth platform with bcrypt hashing

To maintain and improve AI quality, PerfectRecruit logs the prompts and responses sent to and received from the AI provider. These logs:

• Are stored in the same encrypted database as other application data
• Are accessible only to platform administrators for quality review
• Are automatically deleted after the configured retention period (default: 90 days)
• Are used for aggregate pattern analysis, not individual data review

Default retention periods (configurable per organization):

• AI observability logs — 90 days (prompts, responses, token counts)
• Candidate data — 12 months from last activity (profiles, analyses, outreach)
• Career site applications — retained as long as the associated role is open, then follows candidate retention policy
• Organization data — retained for the lifetime of the account
• Daily/weekly journals — retained for the lifetime of the account (user can delete individually)

Administrators can configure retention periods from Settings. Data past its retention period is permanently deleted or anonymized.

If you applied for a position through a PerfectRecruit-powered career site:

• Your application is evaluated by AI to match skills against role requirements — this is advisory only
• A human recruiter reviews every application — there is no automated rejection
• Your data is stored securely and only accessible to the hiring organization
• You can request a copy of your data or its deletion by contacting the hiring organization or PerfectRecruit directly
• AI scoring uses evidence-based evaluation with career gap neutrality — employment gaps are not penalized

• Access — Request a copy of all data we hold about you
• Correction — Request corrections to inaccurate data
• Deletion — Request permanent deletion of your data
• Portability — Receive your data in a machine-readable format
• Objection — Object to specific processing activities

We comply with GDPR, CCPA, and applicable data protection regulations. Requests are processed within 30 days.

For privacy inquiries, data requests, or questions about our data practices:

Email: privacy@perfectrecruit.ai