Privacy Policy

Last updated: 18 April 2026

This page is published in English for all users. It describes how Hirago operates today; if anything conflicts with mandatory local law, mandatory law prevails.

This Privacy Policy explains how Hirago ("we", "us", "our") collects, uses, stores, and shares personal data when you use our website and related services (collectively, the "Service") as a job seeker. The Service is designed to help you discover job opportunities, build a profile, store a CV or resume, apply to roles, track applications, and manage an optional paid subscription.

We take privacy seriously because recruitment involves sensitive information about your identity, career, and sometimes location and background. If you do not agree with this Policy, please do not use the Service.

1. Who is responsible for your data?

The data controller for personal data processed through the Service is the Hirago entity operating the website and services. For privacy requests and questions, contact us at support@hirago.com.

2. Scope and relationship to other notices

This Policy applies to visitors and registered users of the Service. It should be read together with our Terms of Service (including rules on user content and applications) and our GDPR & UK GDPR informationpage, which summarises certain rights for people in the European Economic Area ("EEA"), the EU, and the UK.

Job listings and employer information on Hirago may originate from third-party sources or employers. When you choose to apply for a role, the employer or their systems (not Hirago) may process your data under their own privacy notices. This Policy covers Hirago's processing, not the employer's.

3. Personal data we collect

Depending on how you use the Service, we may process the categories below.

3.1 Account and authentication data

  • Registration and profile: name, email address, password hash (we do not store your password in plain text), and optional profile fields you choose to provide (for example phone number or location if we offer those fields).
  • Social sign-in:if you sign in with a provider such as Google, we receive certain identifiers and profile details from that provider according to your settings and the provider's terms.
  • Security and abuse prevention: login timestamps, session identifiers, device or browser signals, and similar technical data used to protect accounts and detect fraud or misuse.

3.2 Job search, applications, and CV

  • CV / resume and attachments: files and extracted text you upload (for example PDF, DOC, or DOCX within the limits stated in the product), plus any structured profile data you enter that mirrors CV content (skills, experience, education, links).
  • Application activity: jobs you save, apply to, or track through the Service; application status where we display it; timestamps and metadata needed to operate application features.
  • Communications you send us: content of support messages, feedback, or other correspondence.

3.3 Usage, diagnostics, and cookies

  • Technical and log data: IP address, approximate location derived from IP where we use it for localisation or security, user agent, referring URL, pages viewed, and error logs.
  • Cookies and similar technologies: identifiers stored on your device for session management, preferences, security (for example CSRF protection), analytics where enabled, and to remember choices such as language. You can control many cookies through your browser settings; blocking essential cookies may affect functionality.

3.4 Payments

  • Billing data: subscription status, plan, renewal dates, and transaction references. Payment card details are collected and stored by our payment processor (Stripe), not on Hirago servers. We receive limited billing metadata from Stripe to confirm payment and manage your subscription.

3.5 Information we do not intend to collect

We do not ask you to send special categories of personal data (such as health data, trade union membership, or biometric data) unless the product explicitly requires it and we provide a clear legal basis. Please do not upload unnecessary sensitive information in your CV or messages.

4. How and why we use personal data (purposes)

We use personal data for the following purposes:

  • Providing the Service: creating and managing your account, hosting your profile and CV, enabling search, filters, job detail pages, and application flows, and showing you relevant listings where the product supports personalisation.
  • Facilitating applications: transmitting application materials to employers or application endpoints as you direct when you apply. Employers receive the information you submit as part of that application.
  • Subscriptions and customer operations: processing payments, invoices where applicable, cancellations, dunning, and account-related notices.
  • Security and integrity: detecting, investigating, and preventing abuse, fraud, scraping, malware, and violations of our Terms; enforcing rate limits; and protecting users and the platform.
  • Improving the Service: understanding feature usage, diagnosing errors, and developing new functionality (often using aggregated or de-identified data where feasible).
  • Communications: service announcements, security alerts, responses to support requests, and marketing only where we have a lawful basis and you have appropriate control (for example marketing emails with unsubscribe where required by law).
  • Legal compliance: responding to lawful requests from public authorities, preserving records where the law requires, and establishing, exercising, or defending legal claims.

5. Legal bases (EEA, UK, and similar regimes)

Where GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

  • Contract (Art. 6(1)(b)): processing necessary to provide the Service you request — for example account creation, hosting your CV, processing applications you initiate, and taking payment for a subscription you purchase.
  • Legitimate interests (Art. 6(1)(f)): processing that is reasonably necessary and balanced against your rights — for example securing the platform, preventing abuse, improving features, limited analytics, and suggesting improvements to your profile where the product supports this, provided we comply with marketing and profiling rules.
  • Consent (Art. 6(1)(a)): where we rely on consent (for example certain cookies or optional marketing), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Legal obligation (Art. 6(1)(c)): where we must process data to comply with applicable law.

6. Sharing and disclosure

We share personal data only as described in this Policy or when you direct us to.

  • Employers and application systems: when you apply for a job, we share the application package you submit (which typically includes profile and CV data) with the recipient identified in the application flow. That recipient may be the employer or a third-party applicant tracking system.
  • Service providers (processors): vendors that host infrastructure, send email, process payments (Stripe), provide authentication (for example Google), analytics, error monitoring, or customer support tooling. They may process personal data on our instructions and under contractual obligations.
  • Business transfers: if we are involved in a merger, acquisition, or asset sale, personal data may be transferred as a business asset. We will require the successor to honour this Policy or notify you of changes as required by law.
  • Legal and safety: disclosure if we believe in good faith that it is necessary to comply with law, enforce our Terms, protect rights and safety, or investigate fraud.

We do not sell your personal data in the conventional sense of exchanging data for money.

7. International transfers

We may use infrastructure and subprocessors in countries outside your own, including outside the EEA or UK. Where GDPR or UK GDPR requires safeguards for transfers to countries not subject to an adequacy decision, we implement appropriate measures such as the EU Standard Contractual Clauses and the UK Addendum or International Data Transfer Agreement, together with supplementary measures where appropriate.

8. Retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to resolve disputes, enforce agreements, comply with tax and accounting rules, and recover charges. CVs and application records may be retained for the periods needed to provide history in the product and for legal claims. When retention ends, we delete or anonymise data where feasible. You may request deletion of your account subject to any legal exceptions — see Section 10.

9. Security

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit where standard for web traffic, secure handling of credentials, and vendor due diligence. No method of transmission or storage is completely secure; we encourage strong passwords and protecting your devices.

10. Your rights and choices

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority. Hirago users in the EEA, EU, or UK should also read our GDPR & UK GDPR information page.

To exercise rights, contact support@hirago.com. We may need to verify your identity before fulfilling certain requests.

11. Automated decision-making and profiling

We do not use solely automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR Article 22, unless we introduce such a feature with clear notice and, where required, a lawful basis. Search ranking and recommendations, if offered, are intended to assist discovery and do not replace human review by employers.

12. Children

The Service is not directed at individuals under the age of 16 (or the higher age required in your jurisdiction for valid consent to online services). We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will take appropriate steps to delete it.

13. Third-party sites and listings

The Service may contain links to third-party websites or embed third-party content. This Policy does not apply to those sites. Job listings may be aggregated or indexed from third parties; accuracy and availability are governed by our Terms and by the third party or employer.

14. Changes to this Policy

We may update this Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Where changes are material and the law requires, we will provide additional notice (for example by email or in-product message).

15. Contact

For privacy-related questions or requests: support@hirago.com.

This Policy is provided for transparency and does not constitute legal advice. If you need advice about your specific situation, consult a qualified professional.