Account information — your email address, used for passwordless authentication.
Candidate CVs — PDF files you upload for analysis. These are processed in memory and are not stored long-term.
Job descriptions — text or PDF files you provide for candidate matching.
Analysis results — scored candidate data generated by our AI analysis, stored temporarily in our database.
Payment information — billing details processed securely by Stripe. We do not store card numbers.
Usage data — credit balances, analysis history metadata, and workspace settings.
Referral data — if you sign up via a referral link, we record the link between you and the referring user so we can award 25 free CV screens to both parties.
Analytics telemetry — anonymised page-view and performance data collected by Vercel Analytics and Speed Insights. This data does not identify you personally and is not linked to your account.
2.How we use your data
AI analysis — CVs and job descriptions are sent to the Anthropic Claude API for semantic scoring, interview question generation, and report creation. Data is processed per-request and is not used to train AI models.
Authentication — your email is used to send one-time login codes via Supabase Auth.
Billing — payment processing and subscription management via Stripe.
Service improvement — anonymised, aggregated usage patterns may be used to improve scoring accuracy.
3.Data retention
Uploaded CV files — the original PDF files are processed in memory during analysis and are not persisted to disk or database.
Analysis results — derived candidate data (such as extracted name, skills, experience summary, and AI scoring) is stored in our database as part of your analysis record, and is automatically deleted 30 days after creation via a scheduled cleanup job.
Account data — retained while your account is active. You can request deletion at any time.
4.Third-party services
We use the following third-party services to operate HireBrief:
Anthropic (Claude API) — AI-powered candidate analysis and content generation.
Supabase — authentication, database, and user management.
Stripe — payment processing and subscription billing.
Vercel — application hosting and deployment.
Upstash — rate limiting to protect the service from abuse.
Vercel Analytics & Speed Insights — anonymised, cookieless page-view and performance telemetry to help us understand traffic and improve site performance.
Each service processes data in accordance with their own privacy policies. We select providers that offer strong data protection guarantees.
5.Where your data is stored
Application hosting — HireBrief is deployed on Vercel infrastructure (United States).
Database — your account, analysis results, and subscription data are stored in Supabase, hosted on AWS ap-southeast-2 (Sydney, Australia).
AI processing — CV and job description content sent for analysis is processed by the Anthropic API (United States) and is not retained by Anthropic after the request completes.
Payments — payment data is stored and processed by Stripe (United States).
By using HireBrief, you acknowledge that your data may be transferred to and processed in countries outside your own, including the United States and Australia.
6.Your rights
Access — you can request a copy of the data we hold about you.
Deletion — you can request deletion of your account and all associated data.
Portability — you can export your analysis results while they are available.
Correction — you can request correction of inaccurate personal data.
These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit your Account Settings page or email us at support@hirebrief.com.au.
7.Cookies
HireBrief uses only strictly necessary cookies required for authentication (Supabase session cookies). We do not use advertising cookies or cross-site tracking cookies. Our analytics provider (Vercel Analytics) is cookieless by default — it collects anonymised page-view and performance data without storing identifiers in your browser or linking visits across sites.
You can control or delete cookies via your browser settings. Most browsers allow you to refuse cookies or delete existing ones. Please note that disabling cookies will prevent you from signing in to HireBrief.
8.Data security
All data is transmitted over HTTPS. Access to production systems is restricted to authorised personnel. We use row-level security policies in our database to ensure users can only access their own data.
9.Do we make updates to this notice?
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated 'Last updated' date at the top of this page. If we make material changes, we may notify you by prominently posting a notice or by sending you an email. We encourage you to review this policy periodically.
10.Contact
If you have questions about this privacy policy or wish to exercise your data rights, please email us at support@hirebrief.com.au.