Privacy Policy

1. Information We Collect

2. How We Use Your Information

We use the collected information to:

• Provide recruitment services: AI-powered CV screening, candidate matching, interview scheduling, and pipeline management
• Process candidate applications: Analyze resumes, conduct automated assessments, and generate candidate scores
• Calendar integration: Receive interview booking events from your Google Calendar to automatically update candidate interview status (scheduled, rescheduled, or cancelled) in your recruitment pipeline. Calendar data is not used for any other purpose
• Communication: Send interview invitations, assessment links, and status updates to candidates on behalf of recruiters
• Analytics: Provide hiring metrics, pipeline analytics, and recruitment insights to improve your hiring process
• Service improvement: Enhance our AI models and platform features based on aggregated, anonymized usage data

3. Google API Services — Limited Use Disclosure

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request access to the minimum Google Calendar scopes necessary for our Service to function (calendar.readonly, calendar.events.readonly, userinfo.email, userinfo.profile)
• Google Calendar data is used exclusively to receive interview booking events and update candidate scheduling status. It is not used for any other purpose
• We do not use Google Calendar data for advertising, analytics, profiling, or any purpose unrelated to interview scheduling
• We do not sell, rent, or share Google Calendar data with any third parties
• Calendar data is only accessible to authorized users within your organization (tenant)
• Users can disconnect Google Calendar access at any time, which immediately stops data collection and removes stored tokens

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data only in the following circumstances:

• Within your organization: Data is shared among authorized team members within the same tenant/workspace as configured by your administrator
• AI processing: CV analysis and candidate scoring are processed using third-party AI services (Google Gemini, OpenAI). Only the minimum necessary data is sent for processing
• Service providers: We use trusted infrastructure providers for hosting, database management, and email delivery
• Legal requirements: We may disclose information when required by law, legal process, or government request

5. Data Security

We implement industry-standard security measures to protect your data:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted password storage using secure hashing algorithms
• OAuth 2.0 tokens stored securely and refreshed automatically
• Role-based access control (RBAC) to restrict data access within organizations
• Regular security audits and monitoring

6. Data Retention

• Account data: Retained for the duration of your account. Deleted upon account termination and after a reasonable retention period
• Candidate data: Retained as long as needed for the recruitment process and in accordance with your organization's retention policies
• Calendar data: Calendar event data is synced and stored only for active interview tracking. Historical calendar data older than 30 days is periodically cleaned up
• Google OAuth tokens: Revoked and deleted when you disconnect your Google Calendar integration

7. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Disconnect: Revoke Google Calendar access at any time through your account settings or through your Google Account permissions
• Export: Request an export of your data in a portable format

8. Third-Party Services

Our Service integrates with the following third-party services:

• Google Calendar: For receiving interview booking events only (read-only access)
• Google Authentication: For secure sign-in via Google accounts
• Calendly: For alternative interview scheduling via booking links
• AI Providers (Google Gemini, OpenAI): For CV analysis, candidate scoring, and automated assessments
• WhatsApp Cloud API: For candidate communication (when enabled)

Each third-party service has its own privacy policy. We encourage you to review their policies.

9. Cookies and Tracking

We use essential cookies and local storage to maintain your authentication session and preferences. We do not use third-party advertising cookies or tracking pixels.

10. Children's Privacy

Our Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. International Data Transfers

Your data may be processed and stored in servers located outside your country of residence. We ensure appropriate safeguards are in place for any international data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: https://boxloop.ai