Privacy Policy

This Privacy Policy describes how HireUp AI (Pty) Ltd ("HireUp," "we," "us," or "our") collects, uses, shares, and protects personal data obtained through the platform at app.hireup.pro and www.hireup.pro (the "Platform").

HireUp operates a recruitment marketplace connecting Employers, Recruiters, and Candidates globally. For the purposes of data protection laws — including the General Data Protection Regulation (GDPR), the South African Protection of Personal Information Act (POPIA), US State Privacy Laws (including the California CCPA/CPRA), the United Arab Emirates Personal Data Protection Law (UAE PDPL), and the Kingdom of Saudi Arabia Personal Data Protection Law (KSA PDPL) — HireUp acts as the Data Controller for your general account data, and as a Data Processor for Candidate data flowing through an Employer's specific hiring pipeline.

We collect data strictly necessary to operate our recruitment marketplace. We do not collect biometric data, we do not continuously track your precise geolocation, and we do not collect sensitive personal data unless you voluntarily provide it in your CV.

A. Data You Provide Directly

• Candidates: Name, email, phone number, general location, professional history (CV/resume, education, skills, qualifications), and desired salary/preferences.
• Employers: Company details, contact person names and emails, job posting details, and KYC/billing information.
• Recruiters: Name, email, phone number, professional specialisations, KYC documents (ID/proof of address), and payout account details.

B. Data Collected Automatically

When you use the Platform, we automatically collect technical usage data. This includes your IP address, browser type, device information, pages visited, and session activity. We use cookies to collect this data; please see our Cookie Policy for full details.

C. Data from Third Parties

We may receive data from third parties if a Candidate applies via an affiliate Recruiter link, or if you authenticate your account using a third-party login provider.

We process your personal data based on the following legal grounds:

• Contractual Necessity: To create your account, provide the Platform services, process applications, and calculate Recruiter rewards.
• Legitimate Interest: To improve the Platform, ensure network security, prevent fraud, and conduct anonymised platform analytics.
• Consent: For sending marketing communications, deploying non-essential cookies, and processing any special category data you voluntarily upload in your CV.
• Legal Obligation: To comply with tax, accounting, and legal KYC (Know Your Customer) requirements.

HireUp integrates Artificial Intelligence (AI) to enhance the platform experience. Transparency regarding our AI is critical.

What our AI does

• CV Parsing: When a Candidate uploads a CV, AI extracts structured text data (skills, history, education) to quickly pre-populate their profile.
• Professional Summaries: AI generates a suggested professional summary paragraph based on the Candidate's parsed CV data. Candidates can review, edit, or delete this summary.
• Job Description Assist: AI helps Employers parse and structure job requirements.
• Candidate Matching: When a Candidate applies for a role, AI evaluates how well their profile aligns with the job requirements, generating a fit score that helps Employers identify well-matched candidates. This works in the Candidate's favour — strong alignment with a role means a better chance of being reviewed.

What our AI does NOT do

• AI is strictly assistive. No automated hiring, shortlisting, or rejection decisions are made by AI.
• AI fit scores are a decision-support tool for Employers only. They do not automatically accept or reject any application. All hiring decisions are made entirely by human Employers.
• Under GDPR Article 22 (and equivalent global laws), you have the right not to be subject to solely automated decision-making. HireUp strictly adheres to this; human oversight applies to all recruitment outcomes.

We utilise Anthropic and Google Gemini as our AI model providers. No personally identifiable information (PII) beyond the text contained in your CV/Job Description is sent to these models, and your data is not used to train their foundational models.

Data sharing is strictly segmented by user role:

• Candidate Data: Shared with an Employer only when the Candidate actively applies to their vacancy or is placed in their pipeline. Shared with a referring Recruiter only in limited form (status updates) to calculate rewards.
• Employer Data: Company profiles and job details are visible to Candidates. Job briefs are visible to Recruiters, but the Employer's identity may be anonymised to protect the integrity of the marketplace.
• Recruiter Data: The identity and contact details of Recruiters are never shared with Employers or Candidates.

Service Providers (Sub-processors)

We share data with trusted third parties who provide platform infrastructure. These include:

• Supabase: Database, authentication, and file storage (Hosted in Frankfurt, Germany).
• Vercel: Application hosting and CDN (Global).
• Anthropic & Google Gemini: AI processing (United States).
• Resend: Transactional email delivery (United States).
• Google Maps API: Location search and autocomplete (Global).

We never sell your personal data. We may only share data outside of these parameters if required by law enforcement, a court order, or during a corporate merger/acquisition.

HireUp is a global platform. Your data is primarily hosted securely within the European Union (AWS eu-central-1 in Frankfurt, Germany via Supabase).

Some data may be processed in the United States (via Vercel, Resend, or our AI providers) or accessed by our team in South Africa. We safeguard these international transfers using standard legal mechanisms:

• For EU/UK Users: We rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum.
• For South African Users: Transfers to the EU are compliant, as POPIA recognises the EU as having adequate data protection laws.
• For UAE and Saudi Arabian Users: Transfers of data outside the UAE and KSA are conducted in accordance with the respective national PDPL requirements, utilising adequate jurisdictions or legally approved safeguards.

We retain your personal data for as long as your account is active.

• If you close your account, your data is scheduled for deletion within 30 days.
• Candidate application records may be retained for 12 months after the last activity for Employer compliance tracking, after which they are anonymised.
• Backups of the database are securely purged within 90 days.
• We may retain specific transactional data (e.g., invoices, KYC documents) for longer periods as required by local tax and corporate laws.

Depending on your location, you have specific legal rights regarding your data:

• GDPR (Europe/UK), POPIA (South Africa), UAE PDPL & KSA PDPL: You have the right to access, rectify, or erase your personal data. You may restrict or object to processing, request data portability, and withdraw consent at any time. You have the right to lodge a complaint with your relevant national data protection authority.
• US State Privacy Laws (e.g., CCPA/CPRA): You have the right to know what specific pieces of data we collect, request deletion, and opt-out of the "sale" or "sharing" of your data for cross-context behavioural advertising (though we do neither). You have the right to non-discrimination for exercising these rights.

How to exercise your rights: You can manage most data directly in your account settings. Alternatively, you can email our Data Protection Officer at support@hireup.pro. We will respond to all verified requests within the timeframes required by your local law (typically 30 to 45 days).

The HireUp Platform is intended solely for professionals and individuals of legal working age. We do not knowingly collect personal data from anyone under the age of 16. If we become aware that a minor has provided us with personal data, we will take steps to delete such information immediately.

We implement robust technical and organisational measures to protect your data. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production databases is strictly limited via role-based access controls (RBAC), and we conduct regular security assessments of our infrastructure.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or by placing a prominent notice on the Platform at least 30 days before the changes take effect.

Data Controller: HireUp AI (Pty) Ltd

Address: 216, 8th Street, Voelklip, Hermanus, 7200, South Africa

Privacy Contact: support@hireup.pro

Data Protection Officer (DPO): Reino Jonker

Email: reino@hireup.pro

Phone: +27665223970

If you believe your data protection rights have been violated, you have the right to contact the Information Regulator (South Africa) at enquiries@inforegulator.org.za, or your applicable local data protection authority.