HiringCoachAI

Privacy policy

Last reviewed 2026-05-18

This policy describes how HiringCoachAI collects, uses, shares, protects, and retains Personal Data when you use the service.

1. Who we are

Elite Ad Operations, LLC d/b/a JumpYield ("HiringCoachAI", "we", "us") operates the HiringCoachAI platform. Our contact for privacy questions is [email protected].

2. What this policy covers

This policy covers Personal Data we collect about you when you use HiringCoachAI through our website.

3. Personal Data we collect

CategoryExamplesPurposeLawful basis (GDPR)
AccountEmail, name, profile photo, authentication identifiersProvide the service; authenticate youContract (Art. 6(1)(b))
ContentResumes, cover letters, job-application notes, contacts you add, questions you askDeliver the core productContract
Voice & audioRecordings of your spoken responses (interview coaching). Audio is sent to our transcription provider for transient processing and is not retained as audio by HiringCoachAI after the transcript is produced; transcripts and any generated audio outputs you save (e.g., text-to-speech playback) are retained per the data retention policy until account deletion. No biometric voiceprint is created or storedTranscription and feedback: processed transientlyContract
PaymentStripe customer ID, subscription status. No payment-card primary account number (PAN), card verification value (CVV), or card-track data reaches us: Stripe handles card captureBillingContract, legal obligation (tax records)
Device & usageIP address, browser type, pages visited, clicks, session IDsSecurity, product analytics, fraud detectionLegitimate interest (security, essential product analytics); consent (browser analytics and marketing tracking)
Session recordingDOM events, clicks, scrolls, mouse movement, recorded during sessions where you have granted analytics consent; password and payment fields are masked per vendor defaultProduct debugging and UX improvementConsent (analytics)
Institution or sponsor programPilot membership, cohort or subgroup labels, activation status, and engagement or usage metrics for participants in a sponsored programAdminister sponsored programs, report authorized engagement metrics to program administrators, and support participantsContract, legitimate interest, institution authorization where applicable
CommunicationsEmails you send us, support ticketsCustomer serviceContract, legitimate interest
Marketing preferencesEmail subscriptions, cookie preferencesDeliver what you asked forConsent

HiringCoachAI is not designed to request, and we do not intentionally solicit, government-issued ID numbers, Social Security numbers, driver's license numbers, health information (PHI), biometric identifiers, children's personal information, payment-card numbers, card verification values, card-track data, credentials, secrets, or third-party personal data submitted without appropriate rights or consent. Users must not submit those categories to the service. Because the product includes free-text career content, users may inadvertently include unexpected regulated information; if that happens, we treat it under our confidential-data safeguards and data-request/deletion processes rather than as an intended data category.

4. How we use your data

  • Operate the service (account, content, billing).
  • Authenticate you (via Google, LinkedIn, or Facebook if you choose; Google and LinkedIn are the primary options for institutional and professional users, and Facebook is retained as a consumer fallback).
  • Generate AI-assisted drafts (resumes, cover letters, coaching) using approved AI providers: see "AI" below.
  • Send transactional emails (signin links, receipts, security notices).
  • Send marketing emails if you opted in (withdraw anytime).
  • Keep the service secure (rate limiting, abuse detection, audit logs).
  • Improve the product (essential server-side analytics under legitimate interest; browser analytics consent-gated).
  • Administer institution- or sponsor-supported programs and provide authorized program administrators with participation and engagement reports when you participate in such a program.
  • Comply with legal obligations.

5. AI

HiringCoachAI uses AI providers to generate draft content. Per our AI Use Disclosure at /ai-disclosure:

  • Providers we use: OpenAI, Perplexity, ElevenLabs, Deepgram, Google Cloud Text-to-Speech. The complete sub-processor inventory and routing detail is at /sub-processors.
  • Minimized provider retention and transcript exposure: we pass per-request controls where the provider supports them (for OpenAI, store: false; for Deepgram, redact=true to redact sensitive number-like entities from transcripts). We have not signed Zero Data Retention amendments with any AI provider; each provider's then-current standard API retention windows apply, and we do not have access to provider-side abuse-monitoring logs.
  • No training: we rely on each provider's then-current standard API terms. We also pass store: false on OpenAI Chat Completions and Responses API calls so generated responses are not stored as OpenAI application state for later retrieval. Our no-training posture is based on standard API terms rather than a separate enterprise no-training amendment.
  • Notice: AI processing is named in the cookie/privacy banner you saw on your first visit, described in this policy, and detailed on our AI Disclosure page (linked from the banner and the footer of every page). The disclosure page describes how we use AI in the product, the categories of data sent to AI providers, and whether calls are user-initiated or anticipatory (some flows pre-compute AI results in the background: e.g., entering job-description data triggers a Fit Analysis so it is ready when you open the job).
  • How to avoid AI processing: AI runs only when you use an AI-assisted feature. Manual product areas remain available without AI processing, and account deletion remains available.
  • User review and context: Resume, cover-letter, pitch, and similar drafting outputs are intended for you to review and edit before use. Other AI outputs, such as interview-practice scoring, transcription, task breakdowns, and value-proposition suggestions, are informational aids. AI outputs are never sent to third parties without your action.

6. Sharing

We share Personal Data with:

  • Sub-processors listed at /sub-processors: each bound by a Data Processing Agreement.
  • Institution or sponsor program administrators when you participate in a sponsored program, for authorized program administration, engagement reporting, and participant support. By default, sponsor administrators receive usage and engagement metadata only. Where the applicable program terms explicitly authorize advisor-level coaching access, limited advisor views may include the participant content identified in those terms, such as drafts, feedback, or AI-assisted fit analysis.
  • Law enforcement / regulators when legally required, with notice to you where law permits.
  • Business transfers if HiringCoachAI is acquired or merged (you'll be notified and offered choices per applicable law).

We do not sell your Personal Data, and we do not share it for cross-context behavioral advertising except where you have specifically consented via the cookie banner.

7. International transfers

HiringCoachAI is based in the United States. Data is stored in the US by default. If you're in the EU, UK, or another jurisdiction with transfer restrictions, we rely on:

  • 2021 EU Standard Contractual Clauses (Decision 2021/914)
  • UK International Data Transfer Addendum
  • Adequacy decisions where available

8. Retention

  • Active account: data retained while your account is active.
  • After deletion: cascading deletion across active product systems per the data retention policy. For sponsored pilot programs, direct identifiers are removed from usage records so historical program reporting can continue without identifying the deleted account. Self-service account deletion is final in the product after required checks complete. Admin recovery snapshots used only for accidental internal deletion recovery may be retained for up to 30 days when that recovery path is used.
  • Audit record of deletion: 365 days (no user content, only confirmation metadata).
  • Operational logs: Application audit log (security and account events, no user content) 2 years; AI call audit metadata (no prompts or completions) 1 year; deleted-account recovery snapshot up to 30 days. Full per-data-class schedule at /trust/docs/data-retention.
  • Backups: production backup settings are managed in Google Cloud. Firestore PITR (7-day window) and managed daily Firestore backups are enabled, with backup-schedule retention of 98 days. Backup/export buckets use versioning, soft delete, and a retention policy. Account-deletion takes effect in active storage promptly and propagates to backups as the backup window rotates.
  • Billing records: retained up to 7 years per tax law.

9. Your rights

Depending on where you live, you may have rights including:

  • Access: request a copy of your data. Built-in export at /account/export.
  • Rectification: correct inaccurate data; edit in your account settings.
  • Erasure: delete your account and data: /account/delete.
  • Portability: receive your data in machine-readable form: same export.
  • Objection / restriction: contact [email protected].
  • Withdraw consent: for marketing and analytics cookies: manage via the cookie banner or in settings.
  • Avoid AI processing: AI runs only when you use an AI-assisted feature (resume optimization, cover letter generation, fit analysis, pitch studio, interview coaching, voice features, company intel, including features that pre-compute results in the background such as fit analysis from job-description data). Manual product areas remain available without AI processing.
  • Not subject to automated decisions: HiringCoachAI does not make decisions producing legal or similarly significant effects about you based solely on automated processing (GDPR Art. 22). AI-assisted outputs are drafts and informational aids; the user reviews them and makes the decision.
  • Non-discrimination (California): we will not discriminate against you for exercising your rights.
  • Complain: to your local supervisory authority (ICO for UK, Irish DPC for many EU users, your state AG in the US).

California-specific rights (CCPA/CPRA). If you are a California resident, you also have the right to (a) receive a Notice at Collection describing the categories of personal information we collect, the purposes, and the categories we share, summarized in this policy and the cookie policy; (b) request the specific pieces of personal information we have collected about you in the preceding 12 months; (c) request correction of inaccurate personal information; (d) limit the use and disclosure of any Sensitive Personal Information (SPI) to purposes permitted by Cal. Civ. Code §1798.121; (e) designate an authorized agent to submit a request on your behalf, subject to identity verification; and (f) have the service recognize a Global Privacy Control browser signal as a valid opt-out request under §1798.135(c). To exercise these rights, use the in-product tools above or contact [email protected].

Response SLA: 30 days, extendable by 60 days for complex requests with notice.

10. Security

We follow a defense-in-depth program aligned with NIST CSF 2.0 and CIS Critical Controls v8 IG1. Details at /security. Highlights: TLS in transit, at-rest encryption, least-privilege access, TOTP-based application-level multi-factor authentication available as an opt-in user setting; current administrative accounts required by policy to use Google Account MFA; audit logging of security-sensitive actions, dependency scanning, and quarterly internal audits.

11. FERPA (educational institutions)

HiringCoachAI does not process "education records" as defined under 34 CFR §99.3 in its default scope; the service processes career content provided directly by individual end users (resumes, application drafts, interview practice content), which is not, by itself, an education record under §99.3.

If you are an educational institution subject to FERPA (20 U.S.C. § 1232g; 34 CFR Part 99) and wish to share education records with HiringCoachAI — or direct end users to share institution-controlled education records through the service — FERPA scope must be defined in a signed Data Processing Agreement before any such records are submitted. The applicable FERPA addendum designates HiringCoachAI as a school official with a legitimate educational interest under 34 CFR §99.31(a)(1)(i)(B), under the institution's direct control with respect to the use and maintenance of the education records, and governs re-disclosure under §99.33(a), directory-information handling, parental and eligible-student rights, deletion on institution request, and retention limits.

The DPA template is published at /trust/docs/dpa-template. For execution or a countersigned PDF, contact [email protected].

12. Children

HiringCoachAI is intended for adult users (18+) per the Terms of Service, and we do not knowingly collect Personal Data from people under 18. If you believe data from someone under 18 has been provided to us, email [email protected] and we'll delete it promptly.

13. Cookies and similar

See our Cookie Policy at /cookies. You control non-essential cookies via the banner and in your account settings.

14. Changes

We post changes here and aim to email registered users at least 30 days in advance of material changes, except where legal obligation or security risk requires shorter notice.

15. Contact

Privacy Officer / data protection contact Elite Ad Operations, LLC d/b/a JumpYield Email: [email protected]

For security concerns, see also /responsible-disclosure and [email protected].

← Back to the trust center

showUpgradeModal: false, modalType: migration, planName: