Privacy Policy

Last updated: May 2026

1. Who we are

ImmyHire ("we", "us") provides an AI-powered hiring assessment platform. This policy explains how we collect, use, and protect personal data.

2. Data we collect

• Candidate email addresses (from hiring managers or ATS integrations)
• Interview responses and transcripts submitted during assessments
• Behavioural scores and personality analysis derived from assessment responses
• Hiring manager account credentials (passwords are bcrypt-hashed and never stored in plain text)

3. How we use data

• To conduct and score candidate assessments on behalf of hiring organisations
• To generate hiring reports for authorised hiring managers
• To improve platform reliability and performance

4. Data storage and security

Candidate personal data (names and email addresses) is encrypted at rest using AES-256 with per-tenant encryption keys. All data in transit is encrypted via TLS. Candidate ATS data is fetched live from integrated ATS systems and is not permanently duplicated. Candidates are assigned unique reference IDs and names are not used in analytical or scoring outputs.

5. Data retention

Assessment data is retained for 12 months from the date of completion unless a deletion request is made. Hiring managers may request deletion of candidate data at any time by contacting us.

6. Your rights

Under the Australian Privacy Act 1988, candidates and hiring managers have the right to request access to, correction of, or deletion of their personal data. To exercise these rights, contact us at privacy@immyhire.com. We will respond within 30 days. Candidates may also request a summary of their assessment results by contacting privacy@immyhire.com.

7. Australian Privacy Act

ImmyHire complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles. In the event of a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the Notifiable Data Breaches scheme.

8. Third-party processors

• OpenAI — interview transcripts are processed to generate soft skill scores and personality summaries
• Merge.dev — ATS integration data is processed via Merge's infrastructure
• SendGrid — interview invitation emails are sent via SendGrid
• Render.com — application and database hosting

9. Contact

For privacy enquiries: privacy@immyhire.com