Revivesoft LLC ("Company," "we," "us," or "our") operates HireStaq ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service. It applies to all users of HireStaq, including visitors, registered users, and paying subscribers.
By using the Service, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Service.
2. Data Controller
For purposes of applicable data protection laws (including GDPR), Revivesoft LLC is the data controller of your personal data. Contact: support@hirestaq.com.
3. Information We Collect
Account Information
When you create an account, we collect your name, email address, and a bcrypt-hashed version of your password. We never store passwords in plain text.
User Content
When you use the Service, you may upload or enter resumes, job descriptions, work journal entries, cover letters, and other professional content. This content is stored to provide the Service to you and is processed by AI providers on your behalf (see Section 6).
Usage Data
We automatically collect information about how you interact with the Service, including pages visited, features used, workflow completion status, and session duration. This data is used to improve the Service and understand user behavior.
Technical and Device Data
We may collect IP addresses, browser type, device information, and other technical data for security purposes such as rate limiting, abuse prevention, and brute-force protection.
Payment Information
If you purchase a subscription, payment information is collected and processed directly by LemonSqueezy, our third-party payment processor. We do not store your credit card or payment details. We receive and store subscription status, plan tier, and billing period information.
Communications
If you contact us via email or submit feedback through the Service, we collect and retain the content of those communications.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
Performance of a Contract: Processing necessary to provide the Service (account management, resume processing, AI analysis, document export).
Legitimate Interests: Security monitoring, fraud prevention, rate limiting, abuse detection, and Service improvement — balanced against your privacy rights.
Legal Obligation: Compliance with applicable laws, regulations, and lawful requests from public authorities.
Consent: Where we rely on consent (e.g., optional analytics), you may withdraw it at any time by contacting us.
5. How We Use Your Information
We use your information to:
Provide, maintain, and improve the Service
Process your resumes and generate AI-powered analysis and suggestions
Authenticate your identity and secure your account
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without human review.
6. Third-Party Services and Data Sharing
We use the following third-party services to operate. Each acts as a data processor on our behalf, bound by data processing agreements:
AI Providers (OpenAI, Anthropic): Resume content and job descriptions are transmitted to AI providers to generate analysis, suggestions, compatibility scores, ATS (Applicant Tracking System) compatibility assessments, and cover letters. These providers process data under their respective API terms and privacy policies. We do not use your data to train AI models. All outputs from these providers — including resume analysis, gap identification, improvement suggestions, ATS compatibility scores, STAR bullet scoring, and cover letter content — are AI-generated and may contain inaccuracies, errors, or omissions. We make no representation as to the accuracy, completeness, or reliability of any AI-generated output.
Vercel: Hosting, infrastructure, and analytics (aggregate usage data). Data may be processed in the United States.
Upstash: Redis caching for rate limiting, session management, and temporary analysis caching.
LemonSqueezy: Payment processing and subscription management. They are an independent data controller for payment data.
SMTP Provider (SMTP2GO): Transactional email delivery for verification and password reset emails.
We do not sell, rent, or trade your personal information to third parties. We may disclose data if required by law, court order, or to protect our legal rights.
International Transfers: Some of our service providers are located outside the EEA. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms to protect your data.
7. Data Storage and Security
Your data is stored in a PostgreSQL database hosted on Vercel (United States). We implement industry-standard security measures including:
Passwords hashed with bcrypt (salt factor 10)
Verification and reset tokens stored as SHA-256 hashes (single-use)
HTTPS/TLS encryption for all data in transit
Rate limiting and brute-force protection (account lockout after 5 failed logins)
JWT-based session management with 7-day expiration
Input validation and sanitization to prevent injection attacks
While we take reasonable measures to protect your data, no system is completely secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.
8. Data Retention
We retain your account data and content for as long as your account is active or as needed to provide the Service. Specific retention periods:
Account data: Retained until account deletion; deleted within 30 days thereafter
Resume and job content: Retained until you delete it or close your account
AI analysis cache: Content-addressed cache that expires automatically (up to 1 year for analysis results, 1 hour for STAR/bullet analysis, 12 hours for optimization and cover letter results). Cache keys are cryptographic hashes of your content. When you delete a saved resume or close your account, all associated cached analysis data is immediately purged from our cache servers in accordance with your right to erasure.
Session tokens: Expire after 7 days
Email verification tokens: Expire after 24 hours
Password reset tokens: Expire after 1 hour
Usage analytics: Retained in aggregate form for service improvement
We may retain certain data longer if required by law or for legitimate business purposes (such as fraud prevention records).
9. Cookies and Local Storage
The Service uses:
Authentication cookies: JWT session tokens required for login. These are strictly necessary and cannot be disabled without breaking authentication.
Browser localStorage: Used to persist your workflow progress (resume editor state, job descriptions, analysis results) between sessions. This data stays on your device and is not transmitted to our servers except through the auto-save feature (authenticated users only).
We do not use cookies for advertising, cross-site tracking, or third-party behavioral profiling.
10. Your Rights (GDPR — EEA/UK Users)
If you are located in the EEA or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):
Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Restriction: Request that we limit processing of your data in certain circumstances.
Right to Object: Object to processing based on legitimate interests.
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
Right to Lodge a Complaint: File a complaint with your national supervisory authority (e.g., ICO in the UK, or your local EU data protection authority).
To exercise these rights, contact us at support@hirestaq.com. We will respond within 30 days.
11. Your Rights (CCPA — California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights:
Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, our business purposes, and the categories of third parties with whom we share it.
Right to Delete: Request deletion of your personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is required.
Right to Limit Sensitive Data Use: We do not use sensitive personal information for purposes beyond providing the Service.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
Categories of personal information collected: Identifiers (name, email, IP address), internet/network activity (usage data), professional information (resume content), inferences (AI-generated analysis and suggestions).
To submit a CCPA request, contact us at support@hirestaq.com. We will verify your identity before processing requests.
12. Children's Privacy
The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected such data, we will delete it promptly. If you believe a minor has provided us personal information, contact us at support@hirestaq.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a revised "Last updated" date. For significant changes, we will provide additional notice (such as email notification). Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.
14. Contact
For privacy questions, data access requests, or complaints, contact us at: