FlowHire

Privacy Policy

Last updated: April 2026

1. Who We Are

FlowHire is an AI-powered hiring platform operated from Ireland. We help employers screen candidates, generate outreach, and manage hiring pipelines. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and Irish data protection law.

2. Data We Collect

Account Data: When you sign up, we collect your name, email address, password (hashed), and company name (for employers).

Candidate Data: Employers upload candidate CVs for screening. We extract names, contact details, skills, experience, and education. CV file content is processed in real-time and not permanently stored — only the extracted analysis results are saved.

Usage Data: We collect information about how you use the platform, including pages visited, features used, and timestamps.

Payment Data: Payments are processed by Stripe. We store your Stripe Customer ID and subscription status but never store credit card numbers or bank details on our servers.

Analytics Data: We use Google Analytics (GA4) to understand site usage. This collects anonymised data about page views, scrolls, and outbound clicks.

3. How We Use Your Data

  • To provide and improve our AI-powered hiring tools
  • To manage your account and subscriptions
  • To process candidate screenings and generate outreach messages
  • To send transactional emails (password resets, outreach notifications)
  • To analyse platform usage and improve our services
  • To comply with legal obligations

4. Legal Basis for Processing

We process your data based on:

  • Contract: Necessary to provide our services when you create an account
  • Legitimate Interest: To improve our platform and prevent abuse
  • Consent: For non-essential cookies and analytics (you can opt out)
  • Legal Obligation: To comply with Irish and EU law

5. Third-Party Services

We share data with the following service providers, all of whom operate under appropriate data processing agreements:

  • Stripe — Payment processing (PCI DSS compliant)
  • Google Analytics — Website analytics (anonymised)
  • AWS (Amazon Web Services) — Cloud infrastructure and file storage
  • AI Language Models — For CV analysis and outreach generation (data is processed in transit, not retained by the AI provider)

6. Data Retention

We retain your account data for as long as your account is active. Candidate screening data is retained while your account is active and deleted within 30 days of account closure. You can request earlier deletion at any time.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data
  • Portability — Receive your data in a structured format
  • Restriction — Limit how we use your data
  • Objection — Object to processing based on legitimate interest
  • Withdraw Consent — For consent-based processing at any time

To exercise your rights, contact us at [email protected].

8. Cookies

We use essential cookies for authentication and session management, and optional analytics cookies (Google Analytics). You can manage your cookie preferences via the cookie consent banner shown on your first visit. See our Terms of Service for more detail.

9. Data Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), and secure cloud infrastructure. Access to personal data is restricted to authorised personnel only.

10. Contact & Complaints

If you have questions about this policy or wish to make a complaint, contact us at [email protected].

You also have the right to lodge a complaint with the Data Protection Commission (DPC) of Ireland at www.dataprotection.ie.