Kashif

Privacy Policy

Last updated: July 8, 2026
This is a starting-point template. Have counsel review and replace the bracketed placeholders (legal entity, jurisdiction, contact addresses) before relying on it in production.
This Privacy Policy explains how [Kashif — legal entity name] ("Kashif", "we") handles personal data when Customers use our inbound hiring platform, and how we handle candidate data on our Customers' behalf. For candidate data submitted through a Customer's job posting, the Customer is the data controller and Kashif is the processor.

Data we process

Depending on how the platform is used, we process:

How we use it

We use personal data to provide, secure, and improve the service; to send transactional and account communications; to meter usage and bill for paid plans; and to comply with legal obligations. Candidate-facing communications (confirmations, decisions, interview scheduling) are sent through the Customer's own connected mailbox, not by Kashif.

AI screening and automated decisions

AI scoring is decision support and is human-in-the-loop by default. A hardcoded fairness instruction directs the model to evaluate only job-relevant evidence and never to consider or infer protected characteristics; a Customer's custom prompt cannot remove it. Customers may enable blind screening to redact candidate identity from the model input. Automated moves (such as auto-rejection below a threshold) occur only where a Customer explicitly opts in.

Sharing and subprocessors

We do not sell personal data. We share data with subprocessors that help us run the service, under contract and only as needed, including:

Candidate mail and calendar events flow through the Customer's own workspace integration (Google Workspace or Microsoft 365), which the Customer controls.

Retention and deletion

Customers control retention: an org-level retention window automatically purges old candidate PII, resumes, AI snapshots, and related records, and Customers can redact an individual candidate on request. Account and billing records are kept as long as needed to provide the service and meet legal obligations, then deleted or anonymized.

Security

We use industry-standard measures including encryption in transit, encryption at rest for sensitive secrets (integration credentials, MFA secrets, saved payment tokens), role-based access control, tenant isolation, audit logging, and malware scanning of uploads. No system is perfectly secure; we work to protect data and to respond promptly to incidents.

Your rights

Depending on your jurisdiction you may have rights to access, correct, delete, or port personal data, or to object to certain processing. Candidates should contact the Customer (the employer) they applied to, who controls that data; we support Customers in fulfilling these requests. For account data, or to reach us directly, contact privacy@hirekashif.com.

Data processing terms for Customers

Business Customers can request our Data Processing Addendum (DPA), which sets out the processor terms, security measures, subprocessor list, and international-transfer safeguards. Contact legal@hirekashif.com.

Changes

We may update this policy; material changes will be notified in-product or by email. The "last updated" date above reflects the current version.

Terms·Privacy· Kashif