This Privacy Policy explains how HireBee Inc. (“HireBee”, “we”, “us”, or “our”) collects, uses, and protects personal data when you use our platform at hirebee.io. We are committed to handling your data responsibly and transparently.
1. Overview
HireBee operates as both a data controller (for employer account data) and a data processor (for candidate data collected on behalf of employers). We collect only the data necessary to provide the Service and do not sell personal data to third parties.
In plain English
We collect your account information so you can use HireBee. We store candidate videos securely on your behalf. We don't sell data, we don't show ads, and we don't use candidate videos to train AI.
2. Data We Collect
2.1 Employer account data
- Name and email address (provided at sign-up)
- Company name (optional)
- Billing information (handled by Stripe — we do not store raw card details)
- Account preferences and settings
2.2 Usage and technical data
- IP address and browser type
- Pages visited and features used
- Device type and operating system
- Error logs and performance data
2.3 Content you create
- Job postings, descriptions, and interview questions
- Candidate notes and ratings you write
- Communications with our support team
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Providing the HireBee platform and its features | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Sending product updates and account notifications | Contract performance |
| Improving the Service and fixing bugs | Legitimate interests |
| Preventing fraud and abuse | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Sending marketing emails (with opt-out) | Consent |
4. Candidate Data
Candidates access HireBee via unique links shared by Employers. Candidates do not create accounts. We collect the following data about candidates on behalf of Employers:
- Name and email address (provided voluntarily by the candidate)
- Video recordings of interview answers
- Recording metadata (duration, submission timestamp)
In this context, the Employer is the data controller and HireBee acts as a data processor. Employers are responsible for:
- Having a lawful basis for collecting candidate data
- Informing candidates that their responses will be recorded
- Honoring candidate rights requests (access, deletion, etc.)
If you are a candidate and want to request deletion of your data, please contact the employer who invited you, or email us at privacy@hirebee.io and we will direct your request appropriately.
6. Data Storage & Security
All data is stored on Supabase infrastructure. Video recordings are stored in a private storage bucket and are never publicly accessible — they are served exclusively via time-limited signed URLs.
We implement the following security measures:
- Encryption at rest and in transit (TLS 1.2+)
- Row-Level Security (RLS) on all database tables
- Signed, time-expiring URLs for all video access
- Service-role credentials never exposed to client-side code
- Regular security reviews
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at security@hirebee.io.
7. Data Retention
| Data type | Free plan | Pro plan |
|---|---|---|
| Video recordings | 7 days after submission | 1 year after submission |
| Candidate metadata | Until job deleted | Until job deleted |
| Employer account data | Until account closed + 30 days | Until account closed + 30 days |
| Billing records | 7 years (legal requirement) | 7 years (legal requirement) |
| Support communications | 3 years | 3 years |
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Ask us to correct inaccurate or incomplete data
- Deletion: Request deletion of your personal data
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Ask us to restrict processing in certain circumstances
- Withdraw consent: Withdraw consent for consent-based processing at any time
To exercise any of these rights, email privacy@hirebee.io. We will respond within 30 days.
10. GDPR & International Transfers
HireBee is based in the United States. If you access the Service from the European Economic Area (EEA), UK, or Switzerland, your data may be transferred to and processed in the United States.
We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses (SCCs) with our sub-processors
- Data Processing Agreements (DPAs) available on request for Enterprise customers
If you have concerns about data transfers, contact us at privacy@hirebee.io.
11. Children
HireBee is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
13. Contact
For privacy-related questions or requests, contact our Privacy Team:
You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.