Privacy Policy
Data we process
Depending on how the platform is used, we process:
- Account data — names, work emails, roles, and authentication data for Customer team members;
- Candidate data — information applicants submit or that Customers add: name, contact details, resume/CV, application answers, and pipeline status;
- AI processing records — reproducible snapshots of the inputs and outputs of AI screening (scores, evidence, prompt version) so decisions can be reviewed;
- Usage and billing data — logs, audit records of material actions, plan and payment metadata (card details are handled by our payment processor, not stored by us);
- Operational logs — request and error logs used to run and secure the service.
How we use it
We use personal data to provide, secure, and improve the service; to send transactional and account communications; to meter usage and bill for paid plans; and to comply with legal obligations. Candidate-facing communications (confirmations, decisions, interview scheduling) are sent through the Customer's own connected mailbox, not by Kashif.
AI screening and automated decisions
AI scoring is decision support and is human-in-the-loop by default. A hardcoded fairness instruction directs the model to evaluate only job-relevant evidence and never to consider or infer protected characteristics; a Customer's custom prompt cannot remove it. Customers may enable blind screening to redact candidate identity from the model input. Automated moves (such as auto-rejection below a threshold) occur only where a Customer explicitly opts in.
Sharing and subprocessors
We do not sell personal data. We share data with subprocessors that help us run the service, under contract and only as needed, including:
- cloud hosting and database infrastructure;
- AI model providers used for screening and drafting (job-relevant inputs only; subject to the fairness controls above);
- our payment processor (Moyasar) for billing;
- email/notification delivery for platform and account messages.
Candidate mail and calendar events flow through the Customer's own workspace integration (Google Workspace or Microsoft 365), which the Customer controls.
Retention and deletion
Customers control retention: an org-level retention window automatically purges old candidate PII, resumes, AI snapshots, and related records, and Customers can redact an individual candidate on request. Account and billing records are kept as long as needed to provide the service and meet legal obligations, then deleted or anonymized.
Security
We use industry-standard measures including encryption in transit, encryption at rest for sensitive secrets (integration credentials, MFA secrets, saved payment tokens), role-based access control, tenant isolation, audit logging, and malware scanning of uploads. No system is perfectly secure; we work to protect data and to respond promptly to incidents.
Your rights
Depending on your jurisdiction you may have rights to access, correct, delete, or port personal data, or to object to certain processing. Candidates should contact the Customer (the employer) they applied to, who controls that data; we support Customers in fulfilling these requests. For account data, or to reach us directly, contact privacy@hirekashif.com.
Data processing terms for Customers
Business Customers can request our Data Processing Addendum (DPA), which sets out the processor terms, security measures, subprocessor list, and international-transfer safeguards. Contact legal@hirekashif.com.
Changes
We may update this policy; material changes will be notified in-product or by email. The "last updated" date above reflects the current version.