Security & Data Protection

HireUp helps recruiters keep candidate context accurate without introducing new data risk. We process recruiter–candidate communications responsibly, transparently, and with strict security controls — always in support of human decision-making.

Last updated: February 3, 2026

Privacy Policy Terms of Service Subprocessors

Overview

This page explains how we protect data and operate securely. For legal terms and individual rights, please review our Privacy Policy and Terms of Service.

HireUp supports recruiters — it never makes automated hiring or rejection decisions.

Our Security & Privacy Principles

Privacy by design

Data protection is built into our product architecture, not added later.

Data minimization

We process only information relevant to hiring workflows. Irrelevant personal data is filtered out.

Human-in-the-loop

HireUp supports recruiters — it never makes automated hiring or rejection decisions.

Your ATS remains the system of record

HireUp is a communication intelligence layer, not a replacement for existing systems.

What Data We Process

HireUp processes professional recruitment data, including:

  • Candidate skills, experience, availability, and salary expectations
  • Recruiter–candidate communication context
  • Metadata required to sync updates to your ATS or CRM

We do not process sensitive personal data unrelated to hiring, nor do we perform behavioral profiling beyond recruitment use cases.

Lawful Use & Consent

Processing Lawful Grounds

HireUp processes data based on lawful grounds such as:

  • Legitimate interest in recruitment operations
  • Contractual necessity to deliver our services
  • Consent where required for candidate communications

Platform Tools

Our platform includes tools to:

  • Track opt-ins and opt-outs
  • Respect channel-specific communication preferences
  • Immediately suppress outreach when a candidate opts out

How Data Flows Through HireUp

  • Conversations are securely ingested from approved communication channels
  • Relevant hiring context is extracted and structured
  • Updates are synced back to your ATS or CRM
  • Your existing system remains the source of truth. HireUp does not create shadow records or replace customer data ownership.

Security Controls

Encryption

  • Data in transit: TLS 1.2 or higher
  • Data at rest: AES-256 encryption

Access Control

  • Role-based access control (RBAC)
  • Least-privilege access policies
  • Admin tools for redaction and permanent deletion

Authentication

  • Single Sign-On (SSO) support
  • Multi-factor authentication for internal systems

Monitoring & Auditing

  • Centralized logging
  • Access and activity audit trails
  • Regular security reviews and testing

AI Usage & Safeguards

AI is used to:

  • Extract structured hiring information
  • Enable natural language search
  • Support drafting and matching workflows

AI is never used to:

  • Make hiring or rejection decisions
  • Act without recruiter oversight
  • Replace human judgment

Data Retention & Deletion

  • Candidate data is retained only as long as necessary for hiring purposes
  • Default inactivity-based deletion policies apply (configurable per customer)
  • Customers can request deletion or redaction at any time
  • All deletion actions are logged for audit purposes

Incident Response

  • Continuous monitoring
  • Defined escalation and remediation procedures
  • Customer notification in line with applicable regulations
  • Post-incident review and corrective actions

Compliance & Assurance

  • GDPR compliant by design
  • EU data residency supported
  • SOC 2 Type II readiness
  • Regular penetration testing and vendor risk reviews

Relationship to Our Legal Policies

  • Privacy Policy – explains what data we collect, why, and individual rights
  • Terms of Service – governs contractual use of the platform
  • This page – explains how we protect data operationally and technically

Questions?

If you have questions about security, privacy, or compliance, contact us at legal@hireup.cloud.