Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, and authentication credentials.
• Profile data: skills, work experience, education, job preferences, target roles, desired locations, and professional summary.
• Resume content: any resume or CV you upload, including its full text and extracted data.
• Job applications: records of jobs you apply to, application status, and related notes.
• Payment information: billing details processed by Stripe. We do not store credit card numbers on our servers.

1.2 Sensitive Personal Information

We collect certain information that may be considered sensitive, including:

• Salary expectations: your desired compensation range and current salary information.
• Visa and work authorization status: your eligibility to work in specific countries or regions, visa type, and sponsorship requirements.

This sensitive information is collected solely to provide accurate job matching and is never sold or shared for purposes unrelated to the Service.

1.3 Information Collected Automatically

• Usage data: pages visited, features used, interaction patterns, job search queries, and click-through data (including clicks on affiliate job listings).
• Wellbeing data: daily application counts used to calculate burnout risk assessments. Mood check-in responses are stored locally on your device and optionally synced to your account for personal tracking purposes only.
• Google Analytics data: we use Google Analytics to collect anonymized usage data including page views, feature interactions, and conversion events (such as job applications, cover letter generation, and interview starts). Google Analytics may set cookies on your device to distinguish users and sessions.
• Device and browser data: IP address, browser type and version, operating system, and screen resolution.
• Cookies and similar technologies: as described in Section 7 below.

2. How We Use Your Information

We use the information we collect to:

• Provide job matching: score and rank job listings based on your profile, skills, experience, salary expectations, and work authorization status.
• Power AI features: generate tailored cover letters, provide interview preparation coaching, deliver salary negotiation guidance, analyze your resume, and identify skill gaps (see Section 3 for details on AI processing).
• Send notifications: deliver job alerts, daily and weekly digest emails, application status updates, and company repost notifications.
• Process payments: manage subscriptions and billing through Stripe.
• Track affiliate clicks: record clicks on cost-per-click (CPC) affiliate job listings from partner sources for revenue tracking and analytics.
• Improve the Service: analyze usage patterns, optimize matching algorithms, and develop new features.
• Ensure security: detect and prevent fraud, abuse, and unauthorized access.

3. AI Processing Disclosure

Illinois HB 3773 Disclosure: Hiro uses artificial intelligence systems to process your personal information. This section provides the transparency required under Illinois law regarding automated decision-making.

3.1 AI Systems We Use

• Google Gemini: powers cover letter generation, interview preparation, salary negotiation coaching, resume tailoring, and skill gap analysis.
• Google Vertex AI: generates text embeddings used for semantic job search and content similarity matching.

3.2 How AI Processes Your Data

When you use AI-powered features, relevant portions of your profile data, resume content, skills, work history, and job listing information are sent to these AI services to generate personalized outputs. Specifically:

• Resume analysis and tailoring: your resume content is processed to suggest improvements and tailor it to specific job descriptions.
• Job matching: your profile data and skills are used to compute relevance scores against available job listings.
• Cover letter generation: your profile, resume, and job description are used to generate personalized cover letters.
• Interview preparation: your profile and target job information are used to generate practice questions and feedback.
• Salary negotiation coaching: your compensation data and job details are used to provide negotiation guidance.

3.3 Your Right to Opt Out of AI Processing

You may opt out of AI processing at any time by contacting us at sharven.rane@hirocareers.com. If you opt out, AI-powered features (cover letter generation, interview preparation, salary negotiation coaching, resume tailoring, and skill gap analysis) will be unavailable to you, but all other Service functionality will remain accessible.

3.4 Data Training

We do not use your personal data to train AI models. Your data is sent to AI providers solely to generate real-time outputs for you.

4. Third Parties and Data Sharing

We share your information with the following categories of service providers, solely to operate and improve the Service:

• Google Cloud Platform: cloud hosting, database storage (Cloud SQL), and infrastructure services. Data is stored in the us-central1 region.
• Google: AI processing for cover letters, interviews, resume analysis, coaching features, and text embeddings used in semantic job search.
• Stripe: payment processing for subscription billing. Stripe receives your billing information directly.
• Firebase (Google): user authentication services.
• Google Analytics: anonymized website usage analytics, including page views, feature interactions, and conversion tracking. Google Analytics does not receive your personal profile data.
• CareerJet: affiliate job listing provider. When you click on a CareerJet job listing, your click is tracked for revenue purposes. CareerJet does not receive your personal profile data.
• Jooble: affiliate job listing provider. When you click on a Jooble job listing, your click is tracked for revenue purposes. Jooble does not receive your personal profile data.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

5. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

5.1 Your Rights

• Right to Know: you may request the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: you may request that we delete your personal information, subject to certain exceptions (such as completing a transaction or complying with legal obligations).
• Right to Correct: you may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: we do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary, but we honor such requests regardless.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive different pricing, service quality, or access levels.

5.2 Categories of Personal Information Collected

• Identifiers (name, email address, IP address)
• Professional or employment-related information (work history, skills, resume content)
• Education information
• Commercial information (subscription and payment history)
• Internet or electronic network activity (usage data, click-through data)
• Sensitive personal information (salary expectations, work authorization status)
• Inferences drawn from the above (job match scores, skill assessments)

5.3 Exercising Your Rights

To exercise any of these rights, contact us at sharven.rane@hirocareers.com. We will verify your identity before processing your request. We will respond to verifiable requests within 45 days.

We do not sell or share your personal information as defined under the CCPA/CPRA.

6. Do Not Sell My Personal Information

Mistiq does not sell your personal information to third parties for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising purposes. This applies to all users, regardless of location.

7. Cookies and Tracking Technologies

7.1 Cookies We Use

• Session cookie: an authentication cookie used to keep you logged in. This is strictly necessary for the Service to function and expires after 5 days.
• Analytics cookies: Google Analytics cookies (e.g., _ga, _gid) used to understand how users interact with the Service, including page views, feature usage, and conversion events. These help us improve the platform. Google Analytics data is processed by Google in accordance with their privacy policy.

7.2 How to Opt Out

You can disable cookies through your browser settings. Note that disabling the session cookie will prevent you from logging in. You can disable analytics cookies without affecting core functionality.

8. Global Privacy Control

We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of your personal information (though we do not engage in such activities) and will limit non-essential data collection accordingly.

9. Data Retention

• Active accounts: we retain your personal data for as long as your account remains active and as needed to provide the Service.
• Account deletion: when you delete your account, all personal data (including your profile, resume, applications, and preferences) will be permanently deleted within 30 days.
• Aggregated data: anonymized and aggregated analytics data that cannot be used to identify you may be retained indefinitely for Service improvement.
• Legal obligations: we may retain certain data as required by law, such as transaction records for tax purposes.

10. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption in transit: all data transmitted between your browser and our servers is protected by SSL/TLS encryption.
• Encryption at rest: data stored in our databases is encrypted at rest using Google Cloud's encryption mechanisms.
• Access controls: access to personal data is restricted to authorized personnel on a need-to-know basis.
• Authentication security: user authentication is handled by Firebase Authentication with industry-standard security practices.
• Payment security: payment information is processed directly by Stripe and is never stored on our servers.

11. International Data Transfers

Your personal data is processed and stored in the United States, specifically in Google Cloud's us-central1 region. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

12. Children's Privacy

Hiro is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at sharven.rane@hirocareers.com.

13. Browser Extension

The Hiro browser extension only activates on job listing pages (LinkedIn, Indeed, Glassdoor). It reads job listing data from the current page to calculate fit scores and enable one-click import. It does not track browsing history, collect data from other websites, or access any information outside of job listing pages.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email at the address associated with your account and update the "Last updated" date at the top of this page. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, contact us at: