Privacy Policy | hireable

1. Information We Collect

We collect information you provide directly when you create an account, including your name, email address, and profile information through our authentication providers (Google, Apple, GitHub, X, or email/password).

When you use Hireable, we collect:

Job listings you save, track, and manage
Professional contacts and networking information you add
Resume content you upload for AI-powered tailoring
Interview preparation notes and debriefs
Outreach messages and communication logs
Calendar events related to your job search
Usage data and interaction patterns within the platform

2. Third-Party Integrations

With your explicit consent, we may connect to the following services. You can disconnect any integration at any time from your Settings page.

Google (Gmail & Google Calendar): See section 3 below for the exact scopes we request and how the data is used.
Microsoft (Outlook Mail & Calendar): See section 4 below for the exact scopes we request and how the data is used.
Google Sheets: Used only when you explicitly export your jobs, contacts, or offers. The export uses Replit's managed Google Sheets connector and writes only to spreadsheets you authorize.
LinkedIn & Email (via Unipile): Executive tier users may connect messaging accounts to auto-sync conversations. Messages are stored securely and associated with your contacts.
Stripe: Payment information is processed directly by Stripe and never stored on our servers.
OpenAI: Used to power features such as resume tailoring, outreach drafts, and interview prep. Relevant context (e.g., job descriptions, contact summaries) is sent to OpenAI for processing. We do not allow OpenAI to use your data to train its models.

3. How We Use Your Google Data

When you connect a Google account, Hireable requests the following OAuth scopes. We request the minimum set required for the features you see in the app and remove any scope we no longer use.

Scope	What it lets us do	Why
gmail.readonly	Read your Gmail messages and metadata.	Detect recruiter emails, application replies, and interview invites and link them to your saved jobs and contacts.
gmail.send	Send messages from your Gmail address.	Send replies, follow-ups, and outreach you compose and approve inside Hireable from your own address so threads stay together.
calendar.readonly	List your calendars and read events.	Detect upcoming interview events and surface them on your job-search agenda.
calendar.events	Add, update, or remove events on your primary calendar.	Create or change interview events when you schedule, reschedule, or cancel an interview inside Hireable.

Where it is stored: OAuth tokens are encrypted at rest in our PostgreSQL database (hosted by Replit in the United States). Email and calendar content we have classified for you is stored in the same database, scoped to your account.

How long we keep it: Synced email and calendar data is retained while your account is active and your integration is connected. Disconnecting Gmail or Google Calendar from Settings stops further sync immediately. Deleting your account removes all synced Google data within 30 days.

How to revoke access: You can disconnect Google at any time from Settings → Integrations, and you can additionally revoke Hireable's access at myaccount.google.com/permissions.

Limited Use disclosure: Hireable's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use Gmail and Google Calendar data only to provide the user-facing job-search features described above.
We do not transfer Gmail or Google Calendar data to third parties except as needed to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition with notice to users.
We do not use Gmail or Google Calendar data for advertising.
We do not allow humans to read your Gmail or Google Calendar data unless we have your explicit consent for specific messages, it is necessary for security (e.g., investigating abuse), to comply with applicable law, or for internal operations on aggregated, anonymized data.
We do not use Gmail or Google Calendar data to develop, improve, or train generalized AI or machine-learning models.

4. How We Use Your Microsoft Data

When you connect an Outlook account, Hireable requests the following Microsoft Graph permissions. Outlook calendar access is read-only — we do not write to your Outlook calendar.

Permission	What it lets us do	Why
openid, profile, email, User.Read	Identify the connected mailbox and show its address in Settings.	Label which Outlook account is connected and prevent duplicate connections.
offline_access	Keep your account connected without signing in repeatedly.	Sync new mail and calendar events in the background.
Mail.Read	Read your Outlook mail.	Detect recruiter emails, application replies, and interview invites.
Mail.Send	Send messages from your Outlook address.	Send replies and outreach you compose and approve inside Hireable from your own address.
Calendars.Read	Read your Outlook calendar.	Detect upcoming interview events and surface them on your job-search agenda.

Where it is stored: OAuth tokens are encrypted at rest in our PostgreSQL database. Synced email and calendar data is scoped to your account.

How long we keep it: While your account is active and your integration is connected. Disconnecting Outlook from Settings stops further sync immediately. Deleting your account removes all synced Microsoft data within 30 days.

How to revoke access: Disconnect Outlook from Settings → Integrations, and additionally revoke Hireable's access at myaccount.microsoft.com under "Apps and services that can access your data."

5. How We Use Your Information

We use your information to:

Provide and improve the Hireable platform and its features
Generate AI-powered recommendations, outreach messages, and interview preparation
Send relevant notifications about your job-search activities
Process payments and manage subscriptions
Analyze usage patterns to improve the product

6. AI-Powered Features

Hireable uses OpenAI's language models to power features such as resume tailoring, outreach message generation, interview prep, and salary negotiation assistance. When you use these features, relevant context (such as job descriptions or contact information) is sent to OpenAI for processing on your behalf during your session. We do not use your data — including data received from Google or Microsoft APIs — to train AI or machine-learning models.

7. Data Storage & Security

Your data is stored securely in PostgreSQL databases hosted by Replit. OAuth refresh and access tokens for Google and Microsoft are encrypted at rest using AES-GCM. We use industry-standard security measures including encrypted connections (TLS), session-based authentication, and secure API practices. File uploads are stored in encrypted object storage.

8. Data Retention & Deletion

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time through the Settings page. Upon deletion request, we will remove all your personal data within 30 days, including jobs, contacts, messages, resumes, and any data synced from Google or Microsoft.

9. Your Rights

You have the right to:

Access your personal data
Export your data (CSV or Google Sheets)
Correct inaccurate information
Delete your account and all associated data
Disconnect third-party integrations
Opt out of non-essential notifications

10. Cookies & Analytics

We use essential session cookies for authentication. We may use Google Analytics to understand usage patterns. You can control cookie preferences through your browser settings.

11. Contact

For privacy-related questions or data requests, contact us at privacy@hireable.app. For general support, contact support@hireable.app.