Privacy Policy

Last updated: June 13, 2026

This Privacy Policy explains how JobsAI Enterprise collects, uses, shares, and protects personal data when employers and recruiting teams use our platform.

1. Who we are

JobsAI Enterprise ("JobsAI", "we", "us", "our") provides an AI-powered talent acquisition platform — applicant tracking, recruiting CRM, AI sourcing, AI interviews, outreach, workflow automation, and analytics — to employers, recruiting agencies, and staffing firms (each a "Customer").

This policy explains how we handle personal data across the JobsAI Enterprise platform. For any privacy question, contact us at support@jobsai.work.

2. Controller and processor roles

For the personal data of candidates and contacts that a Customer uploads, sources, or manages in the platform, the Customer is the data controller and JobsAI acts as a data processor, processing that data on the Customer's instructions to provide the service. A Data Processing Agreement (DPA) is available on request and forms part of our agreement with Customers.

For account, billing, and platform-usage data of our Customers and their users, JobsAI is the controller. This policy describes both relationships.

3. Data we process

Depending on how the platform is configured, we process:

  • Customer account & user data — recruiter and admin names, work emails, roles and permissions, managed through our authentication provider (Clerk).
  • Candidate & contact data — names, contact details, resumes/CVs, parsed profile fields, application and pipeline status, notes, scores, and communications managed by the Customer.
  • Sourcing & outreach data — sourced candidate profiles, outreach campaign enrollments, email subject lines, and send/open/reply tracking.
  • Interview data — for AI voice and avatar interviews: audio provided by participants and the resulting transcripts, scores, and feedback.
  • Integration data — information exchanged with connected systems (e.g. ATS, calendar, email) at the Customer's direction.
  • Billing data — subscription and invoicing records (card details are handled directly by Stripe; we never store full card numbers).
  • Usage & technical data — device, browser, IP, log and diagnostic data used to keep the service reliable and secure.

4. How we use data

We use data to:

  • Provide and operate the platform — tracking, screening, scoring, sourcing, scheduling, interviewing, outreach, and reporting at the Customer's direction.
  • Power AI features — candidate scoring and recommendations, AI sourcing, AI-generated outreach and interview content, and AI interviews.
  • Process payments and manage Customer subscriptions and add-ons.
  • Maintain reliability, security, and product quality.
  • Send service messages, and — only with consent — marketing emails to Customers.
  • Detect, prevent, and address fraud, abuse, and security issues, and to comply with law.

5. AI processing & model providers

Certain features send the minimum necessary content (for example, a job description, a candidate summary, or a draft message) to AI providers to generate outputs. Depending on the feature these include OpenAI (candidate scoring, sourcing relevance, outreach and interview-content generation, and voice processing) and HeyGen/LiveAvatar (the streaming video presenter used in avatar interviews). We instruct providers not to use Customer or candidate content to train their models, and outputs are stored in the Customer's workspace only for as long as needed to deliver the feature.

Outreach Campaigns may use AI to personalize individual emails at send time; this is configurable per step and can be turned off.

6. Candidate communications & tracking

When a Customer sends outreach or campaign emails through the platform, we deliver those messages and may record delivery, open, and reply signals so the Customer can measure engagement and manage follow-ups. Candidates can ask to be removed, and Customers are responsible for honoring opt-outs and for the lawful basis of their outreach.

7. Google user data — connected Google account (Gmail & Calendar)

If a recruiter connects their Google account, we request only the permissions needed for the feature: sending email on your behalf from your own address (the gmail.send scope) — for example candidate communications, outreach, and follow-ups — and creating or updating calendar events (the calendar.events scope) so we can add interviews to your calendar. We do NOT request permission to read, list, or download your existing Gmail messages. Incoming emails reach the in-app inbox through email forwarding, not through the Gmail API.

How we use it: we use these permissions solely to (a) send emails that the recruiter explicitly composes, approves, or sends from within the app, and (b) create or update interview events on the recruiter's calendar at their request. We do not read, scan, or store existing emails, and we do not access unrelated calendar data.

Storage & retention: we store the OAuth access and refresh tokens needed to perform these actions, encrypted at rest, and retain them only until the account is disconnected or deleted — at which point they are deleted.

Sharing & purpose limits: we do not sell Google user data, do not use it for advertising, and do not use it to develop, improve, or train generalized or non-personalized AI/ML models. We transfer it only to Google's own APIs to carry out the actions above, or where required by law.

Limited Use: JobsAI's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Revoking access: you can disconnect your Google account at any time in the app, or revoke access directly at https://myaccount.google.com/permissions.

8. How we share data

We do not sell or rent personal data. We share it only as needed to run the service:

  • Service providers (sub-processors) acting on our behalf — e.g. Clerk (authentication), Supabase (database/storage), OpenAI (AI text and voice generation), HeyGen/LiveAvatar (avatar interviews), Stripe (payments), Resend (transactional email), Merge.dev (ATS integrations, where enabled), and PostHog (product analytics).
  • Connected systems chosen by the Customer (e.g. their ATS, calendar, or email provider) when integrations are enabled.
  • Authorities or third parties when required by law, or to protect our rights, our Customers, or the security of the service.

9. International transfers

Our providers may process data in the United States and other countries. Where data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses) offered by our providers.

10. Data retention

We retain Customer workspace data for as long as the Customer's account is active, and according to any retention policies the Customer configures. Logs and diagnostics are kept for a limited period (typically up to 12–24 months). When a Customer deletes data or closes the account, we remove it from active systems and purge it from backups within a reasonable period, subject to legal retention requirements.

11. Security

We use reasonable technical and organizational measures to protect data, including encryption in transit and at rest, access controls, and role-based permissions. Our database/storage provider (Supabase) maintains SOC 2 Type II controls. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

12. Candidate and individual rights

Individuals whose data is processed in the platform may have rights to access, correct, delete, restrict, or object to processing, and to data portability. Because JobsAI typically acts as a processor for candidate data, requests from candidates are generally directed to the Customer that controls that data; we will assist Customers in responding. For data where JobsAI is the controller, email support@jobsai.work to exercise your rights. You may also complain to your local data protection authority.

13. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice where required.

Questions about this policy? Contact us at support@jobsai.work.