Welcome to HrThoth!

Your trust matters to us. We're committed to being transparent about how we collect, use, and protect your personal information. Whether you're a job seeker, exploring new opportunities or an employer searching for top talent, this Privacy Policy explains how your data is handled, your rights, and the steps we take to safeguard it.

We encourage you to read this policy carefully. If you have any questions, please don't hesitate to contact us—your privacy is our priority.

1. What Information Do We Collect?

We collect personal data in two main ways:

• Information you provide directly
• Information collected automatically to improve your experience

Types of Personal Data We Collect

Data Sources

We collect personal data through the following means:

• When you provide it directly (creating an account, applying for jobs, contacting support);
• During communications with our team;
• Automatically through your use of our website and services.

2. Cookies & Similar Technologies

We use cookies and similar technologies to enhance your experience, personalize content, analyze traffic, and provide targeted job recommendations.

Cookies help us:

• Remember your login details;
• Track your preferences;
• Improve website performance;
• Understand how users interact with our platform.

You can manage cookie preferences through your browser settings. By using our site, you consent to our use of cookies, unless you disable them.

3. Marketing Communication

We may use your information to send you updates or promotional content related to our services, based on your preferences and interests.

You can opt out at any time. Each message includes clear unsubscribe instructions, and we process opt-out requests within 7 days.

Note: We never use your data unlawfully. All communications are designed to improve your HrThoth experience.

4. Information You Provide

We collect personal information when you:

• Register on our platform;
• Apply for a job;
• Upload your CV or supporting documents;
• Contact our support team.

We only ask for information that is necessary to provide our services efficiently and effectively.

5. Information Collected Automatically

When you visit our site, we automatically collect limited technical data, including:

• IP address (encrypted in accordance with GDPR requirements)
• Session duration (entry and exit timestamps)

This information helps us optimize performance, maintain security, and personalize your experience. All data is secured and protected against unauthorized access.

6. Information from Third Parties

We do not collect data from third parties. All personal data is either:

• Provided directly by you
• Collected through automated tools with your consent

Our partners and APIs are fully GDPR and ISO 27001 compliant, including:

• Supabase (database & authentication);
• AWS / Vercel;
• Google Cloud (used only for anonymized data).

Your application evaluations may be visible to service clients, but identifying information is never shared.

7. How We Use Your Information

8. Who Do We Share Your Data With?

We do not share your personal data. Data is only shared under the following conditions:

• When required by law;
• With carefully selected service providers under confidentiality agreements (e.g., for hosting, analytics).

9. Data Retention

We retain your personal data for up to 15 years, or longer if required for specific legal or operational purposes.

If you close your account or request data deletion, we will securely delete your information within a reasonable period, unless legal obligations require us to retain it.

• Data is encrypted (AES-256);
• Hosted in secure EU-based data centers (Supabase/PostgreSQL);
• No data is stored on local devices, except for secure browser storage.

10. Your Privacy Rights

You have the following rights regarding your personal data:

• Right to Access & Correction – Request access or correction of your personal data;
• Right to Deletion & Restriction – Request deletion or limit processing in certain cases;
• Right to Object – Object to processing, especially for marketing;
• Right to Data Portability – Request your data in a digital format;
• Right to Withdraw Consent – Withdraw consent at any time without affecting prior processing.

11. Data Protection & Security

We implement strong security practices to protect your data, including:

• Encryption
• Access control and authentication
• Routine security audits
• Staff training in data privacy and handling

Access Control

• Role-based system access (RBAC);
• Admin access is monitored via activity logs;
• Support staff can only access data with your explicit consent.

12. International Data Transfers

As a global platform, we may process data in other countries. When doing so, we apply adequate safeguards consistent with international data protection laws, including GDPR.

Data Transfers

• Secure protocols (HTTPS/TLS 1.2+);
• Passwords stored in bcrypt-hashed format;
• Secure authentication (JWT/OAuth).

13. Children's Privacy

HrThoth is not intended for users under 16 years of age. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data immediately.

For users aged 16–18, data is processed in accordance with GDPR standards.

14. Updates to This Policy

We may update this Privacy Policy periodically. The Effective Date at the top reflects the most recent revision. For significant changes, we will notify you directly. We encourage regular review of this policy.

15. Contact Us

For questions or to exercise your data rights, contact us at: privacy@hrthoth.com

Thank you for trusting HrThoth. We are committed to protecting your privacy while helping you reach your goals.