Last updated April 20, 2026

Pilot placeholder — legal review pending

Privacy Policy

This is a placeholder Privacy Policy issued during HireDepth's private Pilot. A full legally reviewed Privacy Policy will replace this document before general availability. The underlying data-handling commitments below are real and operative today.

1. Who We Are

HireDepth is operated by IntegrAIted Solutions LLC, a Utah limited liability company. We are the processor of personal data on behalf of our Pilot customer organizations, who are the controllers of the employment-related data they upload. For candidates applying directly through HireDepth, we act as the controller of the candidate's self-submitted data.

2. What We Collect

We collect and store the following categories of personal data:

  • Account information — email address, name, password hash, email verification status, role (candidate / employer / admin), and account timestamps.
  • Candidate profile — phone, address, city, state, ZIP, work authorization, salary expectations, availability, and any custom fields the candidate chooses to provide.
  • Resumes — the original file (PDF or DOCX), extracted text, and parsed structured data (work history, skills, education).
  • Applications — which jobs a candidate applied to, match scores, application status history, screening responses, and interview metadata.
  • Application source attribution— when you apply through a HireDepth job link, we record where you came from (e.g. Indeed, LinkedIn, the employer's website, or a custom campaign label set by the employer) along with the referring page's hostname when your browser sends it. We use this only to give employers aggregate counts of how their listings perform per channel; we do not track your visits across sessions and do not place attribution cookies on your device.
  • Employee records (for hired candidates) — role, location, employment terms, training certifications, schedule assignments, and optional personal fields.
  • Operational metadata — rate-limit counters keyed on hashed IP addresses (we never store raw IPs), email-delivery status, audit logs of data changes.

3. How We Use Your Data

We use personal data only to operate the HireDepth service: matching candidates to jobs, managing the hiring pipeline, running HR workflows, sending transactional email, enforcing access control, and defending the platform against abuse. We do not sell personal data. We do not use personal data to train machine-learning models without explicit opt-in.

4. Data Retention

  • Active candidates and employees: data is retained while the account is active and in use.
  • Rejected candidates: resume and contact information is retained for up to 2 years after the most recent rejection, then auto-purged. A minimal anonymized profile shell may remain for statistical integrity.
  • Deleted accounts (non-hired): PII is soft-anonymized immediately on request, with a 30-day grace period during which the deletion can be reversed by contacting the privacy contact below.
  • Hired employees: employment records may be retained as required by law (tax, labor, compliance), typically 4–7 years after employment ends, even if the individual requests deletion.

5. Your Rights

You may have rights under applicable law, including the right to access, port, or delete your personal data. HireDepth's Pilot compliance posture is Utah-first:

  • Utah (UCPA) — you may request access, deletion, or portability. You do not have a right to correct data under UCPA, but you can update your profile directly in the app. We will respond to requests within 45 days.
  • California (CCPA) — best-effort handling of access, deletion, portability, and correction requests for California residents, responded to within 45 days.
  • Other states — the Pilot does not yet extend formal coverage. Requests from other states are handled on a best-effort basis while we expand our compliance posture for general availability.

6. Security

We encrypt personal data at rest in our PostgreSQL database and in Cloudflare R2 object storage, and in transit using TLS on every external connection. Passwords are never stored in plaintext — we use bcrypt with a per-password salt. Access to production is restricted to a small number of authorized operators. Application-level field encryption (beyond at-rest and in-transit) is on the roadmap but not yet implemented.

7. Breach Notification

If we discover a security incident that materially affects your personal data, we will notify affected users within 72 hours of discovery, consistent with industry expectations and applicable law.

8. Subprocessors

We rely on the following third-party services to operate HireDepth:

  • Railway — application hosting and PostgreSQL database (all stored data)
  • Cloudflare R2 — resume file storage
  • Cloudflare Turnstile — bot prevention (IP addresses, ephemeral)
  • Resend — transactional email (recipient address and email body)
  • Upstash Redis — rate limiting and account lockout counters (hashed IPs only)

We may add subprocessors as the platform grows; material additions will be announced before they take effect.

9. Children's Privacy

HireDepth is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has submitted data to HireDepth, contact the privacy contact below and we will delete the account.

10. Changes to This Policy

We will update this placeholder Privacy Policy as we approach general availability, at which point a full legal-reviewed replacement will be published. Material changes will be announced to active users by email at least 7 days before they take effect.

11. Privacy Contact

Questions about this Policy or requests to exercise your data rights go to Jonny, IntegrAIted Solutions LLC, <PRIVACY_CONTACT_EMAIL>. For the operational details of how requests are handled, see our internal Privacy Runbook (available on request).