Privacy Policy

Last updated: March 8, 2026

1. Introduction

Hiriso, Inc. (“Hiriso,” “we,” “us,” or “our”) provides an interview intelligence platform and applicant tracking system designed with privacy, security, and data ownership as core principles.

This Privacy Policy explains how we collect, use, protect, and provide control over personal data processed through:

  • hiriso.com
  • app.hiriso.com
  • Hiriso desktop and mobile recording applications
  • Related APIs and AI-powered services

Hiriso does not sell personal data, does not share customer data for advertising, and does not reuse interviews or recordings for unrelated purposes or model training.

2. Roles Under Data Protection Law

Depending on context:

  • Hiriso acts as a Data Processor for candidate and interview data processed on behalf of customers.
  • Hiriso acts as a Data Controller for account, billing, and website usage data.

3. Categories of Personal Data

3.1 Account & Organization Data

  • Name, email address, company name
  • User roles and permissions
  • Authentication credentials (securely hashed)

3.2 Candidate & Recruitment Data

  • Candidate profiles and resumes
  • Interview notes, evaluations, and scores
  • Hiring pipeline status

3.3 Interview Content

  • Audio recordings (microphone and system audio where enabled)
  • Transcripts and structured Q&A
  • AI-generated insights, summaries, and signals

3.4 Technical Data

  • IP address
  • Device and browser type
  • Session identifiers
  • Error and performance logs

4. Purpose of Processing

We process data solely to:

  • Provide and operate the Services
  • Enable interviews, recordings, transcription, and analysis
  • Manage recruitment workflows
  • Improve security, reliability, and performance
  • Comply with legal obligations

5. AI & Automated Processing

Hiriso uses AI strictly for customer-initiated features, including transcription, scoring, summarization, and search.

Guarantees:

  • No interview data is used to train public or shared AI models
  • AI processing is tenant-isolated
  • Outputs remain private to the customer organization

5.1 Candidate Identity Protection (PII Redaction)

Hiriso enforces a strict privacy-by-design layer that prevents candidate personally identifiable information (PII) from being transmitted to any external AI or large language model (LLM) provider. Specifically:

  • Names are never sent to AI. All AI-powered analysis, scoring, summarization, and evaluation is performed on anonymized data. Candidates are identified internally by opaque system IDs and professional context (e.g., role and company) rather than by name.
  • Addresses and contact details are stripped. Street-level addresses, email addresses, and phone numbers are automatically redacted from any text before it reaches an external AI model. City-level location data may be retained where relevant for job-matching purposes.
  • Centralized redaction engine. All AI endpoints pass through a centralized PII redaction layer that systematically strips identifying information. This applies to interview summaries, candidate scoring, competency evaluation, AI chat assistance, question suggestions, and candidate snapshot generation.
  • Optional AI resume parsing. When a candidate resume is uploaded, the AI can process the raw document once to extract structured data (name, skills, experience). This is the only workflow where unredacted text is sent to an AI model, and it is fully optional. Organizations can disable AI resume parsing entirely in Settings > Privacy, requiring candidates to be created manually instead. When disabled, no candidate PII is ever transmitted to any AI model under any circumstance. Even when enabled, the candidate's name and contact details are never included in any subsequent AI requests after the initial extraction.
  • Bias reduction. By removing candidate names from AI evaluation, Hiriso helps reduce the potential for name-based bias in automated assessments.

6. Data Sharing

Hiriso never sells or resells personal data.

We may engage vetted subprocessors (cloud hosting, speech-to-text, email delivery) under strict contractual safeguards:

  • Confidentiality
  • Limited purpose processing
  • No independent data use

7. Data Retention & Deletion

  • Customers control retention settings
  • Data can be deleted at any time
  • Expiration (TTL) policies may automatically remove data
  • Deleted data is permanently removed within a reasonable timeframe

8. Data Security

We implement industry-standard safeguards:

  • Encryption in transit and at rest
  • Role-based access controls
  • Secure session management
  • Tenant isolation
  • Audit logging

9. Your Rights (GDPR & CCPA)

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to processing
  • Export your data
  • Withdraw consent where applicable

Requests can be made via the application or by contacting privacy@hiriso.com.

10. International Transfers

Where data is transferred internationally, Hiriso applies appropriate safeguards, including contractual protections consistent with GDPR requirements.

11. Contact

Hiriso, Inc.
Back to home
privacy@hiriso.com