Last updated: 18 April 2026
What we collect
If you're browsing without an account: minimal server logs (IP, user-agent, path, timestamp) for abuse prevention. Retained 30 days.
If you create an account: email, name, OAuth sub (if you sign in with Google/SSO), and any saved searches or alerts you configure.
If you apply via our interface: we pass you through to the employer's site. We don't receive or store the contents of your application.
What we don't collect
- Tracking pixels for advertising networks — we don't run ads.
- Behavioural profiles for resale.
- Resume text unless you explicitly upload one for agent-assisted search.
Cookies
We set one session cookie (hs_session) when you sign in. A short-lived OIDC state cookie is set during the sign-in flow. See the cookie policy.
Third parties
Authentication is handled by Keycloak (self-hosted). If you choose Sign in with Google, Google will process your identity per its own policy. No third-party analytics SDKs.
Your rights
Under GDPR and similar frameworks, you can request access, correction, export, or deletion of your personal data. Email privacy@hiredsignal.com — we respond within 30 days.
Data location
Infrastructure is EU-hosted. Employer listings and company metadata are public-web sources; user-specific data (email, searches) stays within the EU unless you use a region-specific agent integration.
Changes
Material changes are emailed to account holders and announced by banner for 30 days.
This document is a plain-language summary pending final legal review.