[ Legal ]
Privacy Policy
What data HireRank collects, why, and exactly what happens to it.
Last updated — March 2026
1. Who I Am
HireRank is a personal project built and run by me — Shivam Singh, an independent developer based in India. There is no company, no legal entity, no team. Just me, and a project I've been working on because I genuinely care about how developer talent gets evaluated.
For GDPR purposes, I am the data controller.
Personal website: terra01.dev
Privacy contact: [email protected]
EU Representative (Art. 27 GDPR): To be appointed before EU-targeted launch. Contact [email protected] in the meantime.
2. What Data Is Collected and Why
2.1 Account Data
When you create an account, the following is collected:
- Name and email address (from OAuth providers or Magic Link sign-in)
- Authentication provider information (Google or email)
Lawful basis: Contractual necessity (GDPR Art. 6(1)(b)) — required to provide the Service.
2.2 Portfolio Content
All content you enter into HireRank — including your work experience, education, skills, projects, certifications, and achievements — is stored in the database and used to generate your portfolio, resume PDF, and (if you opt in) your Talent Directory profile.
Lawful basis: Contractual necessity (GDPR Art. 6(1)(b)).
2.3 Uploaded Files
HireRank stores two types of files you may upload:
- Profile image: resized to 400×400px WebP and stored in Cloudflare R2 (EU jurisdiction)
- CV/Resume PDF: stored as uploaded in Cloudflare R2 (EU jurisdiction), accessible only to you via time-limited private links
These files are never publicly accessible via a guessable URL. Access requires a server-generated signed URL scoped to your authenticated session.
Lawful basis: Contractual necessity (GDPR Art. 6(1)(b)).
2.4 AI Processing (Consent Required)
Two features in HireRank use AI: Magic Import (which reads your CV text and extracts structured data from it) and the ATS Optimizer (which rewrites sections of your profile to match a job description you paste in). Before either of these runs, you will be asked for explicit consent — there is no pre-ticked checkbox, no implied agreement, just a clear explanation and a deliberate choice.
What is actually sent to the AI provider is the text content of your resume — not your uploaded PDF file, not your email address, not any contact information. Just the career content you've written.
AI text processing uses Google Gemini. No API data is used for model training. This is contractually specified in Google's data processing terms.
You can withdraw consent at any time from Account Settings → Privacy & AI. Withdrawing consent immediately disables both AI features (Magic Import and ATS Optimizer). If you have opted into the Talent Directory, your existing profile listing remains active — but your embedding cannot be refreshed until consent is re-granted.
Lawful basis: Explicit consent (GDPR Art. 6(1)(a)).
2.5 Talent Directory (Opt-In Only)
The Talent Directory is currently under development and not yet available to users.
When launched, if you opt in, a semantic embedding vector will be generated from a subset of your portfolio data (name, headline, skills, and job titles only — no contact information, no CV content). This vector will be a mathematical representation and cannot be used to reconstruct your original text. It will be stored in the database linked to your portfolio ID. This embedding will be used to make your profile discoverable in recruiter searches via cosine similarity matching.
The embedding will be generated using a cloud-based AI service, with EU region endpoints used for all users regardless of location. The AI provider will not use this data for model training. Opting out or deleting your account will immediately set the stored embedding to null, breaking any link between the vector and your identity.
Lawful basis: Explicit consent (GDPR Art. 6(1)(a)).
2.6 Authentication Logs and Security
HireRank keeps a consent audit log that records specific events: when you gave or withdrew AI consent, when your age was verified, when you requested a data export, and when your account was deleted. This log does not record what you typed, what your portfolio contains, or anything about the content of your work. Only the event type and a timestamp.
Why does this log survive account deletion? Because if there is ever a compliance dispute — a regulator asking whether a user gave consent before AI processing ran, for example — I need to be able to demonstrate that it happened. Without a record, there is no way to prove it. This is the only reason this log exists, and it is the only data that persists after your account is gone.
When your account is deleted, your user ID in this log is immediately replaced with a one-way cryptographic hash (SHA-256 combined with a server-side secret that I hold). After that replacement, I cannot determine whose record it was — not from the log alone, not from any reverse lookup. The entry becomes an anonymous timestamp: proof that the event happened, but with no link back to you.
Abuse suppression record. When an account is deleted, a separate suppression record is created using a hashed version of your email address. This exists for one specific reason: to prevent someone from gaming the system by repeatedly creating and deleting accounts to refresh free AI credits. It expires automatically after 30 days, after which it is deleted. Your raw email address is never stored in this record — only a one-way hash that cannot be reversed.
Lawful basis: Legitimate interest (GDPR Art. 6(1)(f)) — maintaining an auditable compliance record and preventing system abuse.
2.7 Portfolio View Analytics
Portfolio views are tracked via PostHog's cookieless analytics. No fingerprinting is used, no IP addresses are hashed or stored, and no deduplication table exists. PostHog counts pageviews on published portfolio URLs using anonymous, non-persistent session identifiers.
Lawful basis: Legitimate interest (GDPR Art. 6(1)(f)).
2.8 Landing Page Analytics
HireRank uses PostHog EU Cloud for product analytics — a privacy-first analytics platform hosted in the European Union (Frankfurt, Germany). PostHog is configured in cookieless mode: no cookies are set, no persistent identifiers are stored in the browser, and no individual visitors are tracked across sessions or page loads.
For unauthenticated visitors (landing page, published portfolios, guest editor), PostHog collects aggregate data only: total pageviews, referrer domain, approximate country (derived server-side by PostHog, never stored as an IP address), device category, and browser name.
For authenticated users (builder, ATS Matrix), anonymized product usage events are linked to your account via an internal identifier for product improvement purposes. Your email, name, and resume content are never sent to PostHog.
Lawful basis: Legitimate interest (GDPR Art. 6(1)(f)).
3. Age Requirement
HireRank is intended for users aged 18 and over. Personal data from anyone under 18 is not knowingly collected. In compliance with GDPR Article 8 and DPDP Act Section 9, you must confirm you are 18 or older during onboarding. If I become aware that a user is under 18, their account and all associated data will be deleted immediately.
4. How Your Data Is Stored
Database: PostgreSQL hosted on Neon (eu-central-1, Frankfurt, Germany). All data — regardless of where you are located — is stored in the EU.
File Storage: Cloudflare R2, EU jurisdiction. Your uploaded files (profile image, CV PDF) are stored exclusively within the European Union.
Caching: Upstash Redis, EU region. Used for rate limiting and atomic operations. No personal data is stored in Redis beyond temporary session-scoped keys that expire automatically.
Authentication: Auth.js v5 with Prisma adapter. Session tokens are stored in the database and expire automatically.
5. Sub-Processors
HireRank uses the following third-party services (sub-processors) that may process your personal data:
| Processor | Purpose | Location | Data Processed |
|---|---|---|---|
| Neon | Database hosting | EU (Frankfurt) | All personal data |
| Cloudflare | File storage (R2) | EU jurisdiction | Uploaded files |
| Vercel | Application hosting | Global CDN | Request logs, deployments |
| Upstash | Redis caching | EU region | Temporary rate-limit keys |
| Resend | Transactional email | US (SCCs in place) | Email address (magic links only) |
| Google (Gemini API) | AI text processing | US (SCCs in place) | Resume text when AI used |
| Google (Vertex AI) | Embedding generation (planned — not yet active) | EU region (all users) | Portfolio subset — name, headline, skills, job titles only. No contact PII. Cannot reconstruct original text. |
| Mistral AI | AI text processing (inactive fallback) | EU (France) | Resume text (only if activated as emergency fallback) |
| GitHub | OAuth connection (Proof of Work) | US (SCCs in place) | Public repository data, username |
| Google (OAuth) | OAuth authentication | US (SCCs in place) | Name, email, avatar |
| Dodo Payments Inc. | Payment processing, subscription billing, tax compliance (MoR) | US (SCCs in place) | Email, name, billing country, payment method details |
| PostHog Inc. | Product analytics | EU (Frankfurt) | Anonymous pageview events, anonymized usage events (authenticated users). No PII. |
All US-based sub-processors have Standard Contractual Clauses (SCCs) in place as required by GDPR Chapter V.
6. Data Retention
Active account data
Retained for the duration of your account. Deleted immediately and permanently on account deletion.
Uploaded files (R2)
Deleted immediately on account deletion or when you remove them from the editor.
Consent audit log
Retained indefinitely in anonymized form (cryptographically hashed user ID). Required for legal compliance. Cannot be linked back to your identity after account deletion.
Abuse suppression record
30 days from account deletion, then automatically deleted. Contains only a hashed email — no other personal data.
Magic link tokens
24 hours, then automatically deleted.
7. Your Rights
Under GDPR (EU users) and DPDP Act (Indian users), you have the following rights:
RIGHT OF ACCESS (Art. 15 GDPR)
Request a copy of all personal data HireRank holds about you.
→ Account Settings → “Export My Data”. Rate-limited to once per 30 days.
RIGHT TO ERASURE (Art. 17 GDPR)
Permanently delete your account and all associated data: portfolio content, uploaded files (purged from R2), authentication records, and GitHub/coding profile data. The only data retained is an anonymized audit log entry and a 30-day abuse suppression record — neither can be linked back to you.
→ Account Settings → Danger Zone → “Delete Account”
RIGHT TO RECTIFICATION (Art. 16 GDPR)
Edit or correct any data HireRank holds about you at any time.
→ Edit directly in the HireRank editor
RIGHT TO DATA PORTABILITY (Art. 20 GDPR)
Download a complete copy of everything HireRank holds about you as a structured JSON file.
→ Account Settings → “Export My Data”
RIGHT TO WITHDRAW CONSENT (Art. 7(3) GDPR)
Withdraw AI processing consent at any time. Withdrawal immediately disables AI features. Your Talent Directory listing (if active) remains in place but cannot be refreshed. To remove yourself from the directory entirely, use the separate Talent Directory opt-out toggle in Settings.
→ Account Settings → Privacy & AI
RIGHT TO OBJECT (Art. 21 GDPR)
Object to processing based on legitimate interest (analytics).
→ Email [email protected]
RIGHT TO RESTRICT PROCESSING (Art. 18 GDPR)
Request that HireRank limit how your data is processed in certain circumstances.
→ Email [email protected]
8. Cookies
HireRank does not use tracking cookies, advertising cookies, or analytics cookies of any kind. There is no cookie banner because there is nothing requiring one.
The only thing stored in your browser is a session cookie set by the authentication library (Auth.js) to keep you logged in. This is strictly necessary for the service to function — without it, you would be logged out on every page load. Strictly necessary cookies are exempt from GDPR consent requirements.
If you clear this cookie, you will be logged out. That is the full extent of HireRank's use of browser storage.
9. International Data Transfers
I am based in India and HireRank's infrastructure is primarily EU-based. Where personal data is transferred to processors outside the EU (Vercel, Resend, GitHub, Google OAuth — all US-based), I rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal transfer mechanism.
10. Security
All data in transit uses TLS 1.2 or higher. Your CV PDF and uploaded files are accessible only through signed URLs that expire after one hour — there is no permanent public link to your files that could be shared or guessed. IP addresses are never written to the database in readable form; any value derived from an IP goes through SHA-256 hashing with a server-side secret first. Session tokens expire and are rotated. The database has no public-facing connection — only the application server can reach it.
I want to be honest about something: HireRank is a solo project, not a company with a security team or a bug bounty program. The measures above are solid and appropriate for this scale. But if you find a vulnerability, I would genuinely appreciate you telling me directly before it becomes a problem. Email: [email protected]
11. Changes to This Policy
If this policy changes in a way that affects how your data is handled, two things will happen: the “Last updated” date at the top of this page will change, and I will send an email notification to all registered users before the change takes effect. You will have a chance to review the change before it applies to you.
Minor updates — fixing a typo, clarifying a sentence without changing what it means, updating a sub-processor's location — may happen without an email notification. If you're ever unsure whether something changed, the date at the top of this page is the source of truth.
12. Contact
For privacy questions, data subject requests, or to exercise any of your rights — use the in-app tools where available, or reach out directly.