HiringCoachAI

Acceptable use

Last reviewed 2026-05-06

All employees, contractors, interns, and volunteers with approved HiringCoachAI access acknowledge this policy or an access-scoped confidentiality equivalent before access is granted. For limited internal-document volunteers, the Security Officer may use a short confidentiality / acceptable-use acknowledgment instead of the full personnel onboarding packet.

You will

  • Use HiringCoachAI systems only for legitimate business purposes.
  • Protect customer data like it's your own: treat every user's resume, job application, and contact list as confidential.
  • Use MFA on every work account (Vercel, Firebase, GCP, Stripe, SendGrid, Sentry, GitHub, email, domain).
  • Keep your work device's full-disk encryption on (FileVault / BitLocker) and its screen locked when away (≤10 min timeout).
  • Keep your OS and browser patched (current LTS).
  • Report suspected security incidents immediately to the Security Officer: even if you're not sure.
  • Use a reputable password manager (1Password, Bitwarden, etc.).
  • Mark PRs touching security-sensitive code for Security Officer review.

You will not

  • Share credentials, including via Slack, email, or screenshot.
  • Copy production data to personal devices, personal cloud accounts, or non-approved tools.
  • Disable required security tooling (endpoint protection, MFA) without approval by the Security Officer.
  • Install unapproved software on work devices. Preferred tools are listed internally; request additions.
  • Connect work accounts to personal browser profiles.
  • Use AI tools with production customer data unless the tool is an approved processor (see the sub-processors).
  • Commit secrets, API keys, service-account files, environment files, or customer data to git.
  • Bypass rate limiting or Firestore Security Rules "just to get something working."
  • Post production screenshots containing PII to public channels.

Communications

  • Use work email for HiringCoachAI business.
  • Customer support communications go through approved channels (SendGrid-sent emails, in-app).
  • Public disclosures about the product require executive approval.

Device hygiene

  • Work device is encrypted, password-protected, auto-locks after 10 min.
  • OS and browser up to date.
  • No unknown USB drives.
  • Screen privacy filter recommended when working in public spaces.

Personal use

Limited personal use of work accounts is permitted if it does not (a) violate this policy, (b) interfere with work, (c) involve illegal activity, or (d) expose production data.

Offboarding

On leaving HiringCoachAI you will:

  • Return or destroy any work-device data under the Security Officer's direction
  • Sign off work accounts and surrender access tokens
  • Not retain any customer data, source code, or credentials

Enforcement

Violations are investigated by the Security Officer. Consequences may include access revocation, employment action, or legal referral depending on severity.

Acknowledgment

> I have read and agree to abide by this Acceptable Use Policy. > > Acknowledged by authenticated checkbox in the admin onboarding portal.

Signed acknowledgments are recorded through /admin/onboarding in Firestore complianceTrainingLog, with latest rollups under users/{uid}/complianceAcknowledgments/{documentId}.

← Back to the trust center

showUpgradeModal: false, modalType: migration, planName: