Privacy Policy

1. Who We Are

We operate the Hiring Copilot (HCP) platform and act as:

• Data Processor / Service Provider when processing personal data on behalf of our customers, and
• Data Controller for certain account-level and operational data.

Contact Email: [email protected]

2. Information We Collect

We collect personal information to provide and improve the Services.

2.1 Information You Provide

• Account Information:
  Name, email, password (hashed), organization, job title, and authentication details (including LinkedIn SSO if used).
• Requisition Information:
  Uploaded job descriptions, requirements, structured variables, filters, role metadata, and sourcing parameters.
• Hiring Decisions:
  Approvals, rejections, comments, calibration inputs, candidate evaluation feedback.
• Billing and Subscription Information:
  Payment method (processed by Stripe), billing contact, invoices, plan details.
  We do not store complete payment card numbers.
• Communications:
  Emails, support requests, and messages sent to our team.

2.2 Information Automatically Collected

• Usage Logs:
  Log-ins, clicks, viewed pages, credit spending, timestamped actions.
• Technical Data:
  IP address, browser type, device identifiers, operating system, session metadata.
• Cookies:
  Essential cookies for authentication, security, and analytics.

2.3 Information Generated by the Services

HCP generates structured and unstructured Output, including:

• AI-generated candidate recommendations
• Tags, filters, structured variables, match parameters
• Model-generated sourcing strategies
• Suggested outreach sequences and predicted response likelihood
• Candidate summaries, suitability scores, and job-to-candidate mapping
• Analytical insights (e.g., sourcing success metrics, response trends)

2.4 Information from Third-Party Sources

• Public professional profiles (e.g., LinkedIn, GitHub)
• Data made publicly available by individuals
• Data provided by customers, recruiters, or hiring teams

3. How We Use Personal Information

We use personal information to:

• Provide, operate, and maintain the Services
• Process job descriptions and generate AI-assisted Output
• Deliver interview-ready candidates and sourcing strategies
• Manage accounts, subscriptions, credits, and billing
• Communicate with users regarding service updates or support
• Improve platform performance, predictive models, and user experience
• Detect, prevent, and investigate misuse or security incidents
• Comply with legal, regulatory, and contractual requirements

We do not use Customer Data to train external AI models or build competing datasets.

4. How We Share Personal Information

We do not sell personal information.

We may share personal data with:

4.1 Service Providers

Trusted vendors that support:

• Cloud hosting
• Authentication
• Email delivery
• Payment processing
• Infrastructure monitoring
• Logging and analytics
• AI model inference

These providers may only process data as needed to support the Services.

4.2 Within Customer Organizations

If you join an organization using HCP, authorized members may see your:

• Name, role, and account status
• Comments, feedback, evaluations
• Activity related to shared hiring projects

4.3 Legal Requirements

We may disclose personal information:

• When required by law
• To comply with valid legal requests
• To protect OCBridge and its users
• To prevent harm, fraud, or security threats

4.4 Business Transactions

If OCBridge undergoes a merger, acquisition, restructuring, or sale, personal information may be transferred as part of the transaction.

5. Use of Third-Party APIs

We use third-party APIs (e.g., OpenAI API, LlamaIndex API) for certain AI-powered features.

We ensure:

• Data is used only for inference, not training
• APIs comply with their respective data usage policies

6. How We Protect Your Information

We implement administrative, technical, and organizational safeguards:

• Encryption in transit
• Access control and authentication
• Role-based permissioning
• Secure hosting environments
• Audit logging and monitoring
• Limited internal access on a need-to-know basis
• Industry-standard vulnerability management

While no system is entirely risk-free, we follow best practices to protect your information.

7. Data Retention

We retain data for as long as an organization maintains an active subscription.

After cancellation:

• 0–90 days: Account becomes read-only
• After 90 days: Customer Data may be permanently deleted

Aggregated or de-identified data (which does not identify individuals) may be retained indefinitely.

8. Your Rights

Depending on your location, you may be entitled to request:

• Access to your personal data
• Correction of inaccurate data
• Deletion of your data
• Restriction or objection to certain processing
• Export of your data (data portability)
• Opt out of certain uses under CCPA/CPRA
• Withdrawal of consent (if applicable)

We will respond to verified requests as required by law.

Contact: [email protected]

9. Cross-Border Data Transfers

OCBridge is headquartered in the United States.

Personal data may be transferred to and processed in countries where we or our service providers operate.

Where required by law, we implement safeguards such as:

• EU Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum
• Additional security and contractual measures

10. Children's Privacy

The Services are not directed to children under 16.

We do not knowingly collect personal information from children.

11. California Consumer Privacy Act (CCPA/CPRA)

If you reside in California, you may exercise:

• Right to know what we collect
• Right to access your data
• Right to delete your data
• Right to correct your data
• Right to opt out of selling or sharing (we do not sell)
• Right to non-discrimination

Submit requests to: [email protected]

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

If we make material changes, we will notify you by email or in-product notice.

Your continued use of HCP constitutes acceptance of the updated Privacy Policy.

13. Contact Us

For privacy questions or requests:

[email protected]