If you are a candidate
A company using Hirona invited you to interview. They are the data controller; we process your data on their behalf as a processor. Your rights below apply against us jointly.
Privacy notice
What we collect, why, and the rights you have over it.
Plain-English on top; GDPR / PDPA / CCPA citations next to each claim so your legal team can verify. For subprocessor lists, certifications, and residency mechanics, see the Trust center.
Last reviewed: 2026-04-17 · Controller: Hirona Pte. Ltd., Singapore
Who this applies to
Hirona is a two-sided platform. Different parts of this notice apply depending on your relationship with us.
If you are a tenant admin
You signed your company up. You are the controller of all candidate data inside your tenant; Hirona is your processor under the DPA you accepted at sign-up.
Data we collect
Company admin data
Company- Work email, full name, role title (from Clerk sign-up)
- Organisation name, billing address, tax ID
- Chosen GCP region + retention preferences
- Audit of every console action (who clicked what, when)
Candidate data
Candidate- Resume contents and any fields you submit on the consent form
- Interview audio + transcript (only after you click Consent)
- Calendar availability you share to book a slot
- Free-text answers you volunteer during the interview
Derived AI artifacts
AI output- Structured scorecard against the role rubric
- Tool-call trace with evidence snippets cited
- Model version, prompt hash, and confidence interval
- Human-review flag + reviewer decision (if escalated)
Why we process it
Each processing purpose, its GDPR Art. 6 legal basis, and how long we keep the underlying data. PDPA, CCPA, and PIPEDA map to analogous obligations unless noted.
- Purpose
- Run the recruiting screen you applied for
- Legal basis
- Contract performance (GDPR Art. 6(1)(b)) + your explicit consent
- Retention
- Active role + 90 days; earlier on request
- Purpose
- Generate an explainable scorecard for the hiring manager
- Legal basis
- Legitimate interest (GDPR Art. 6(1)(f)) with Art. 22 human-review safeguard
- Retention
- Active role + 90 days; earlier on request
- Purpose
- Satisfy audit + regulator obligations (EU AI Act, NYC LL 144, SOC2)
- Legal basis
- Legal obligation (GDPR Art. 6(1)(c))
- Retention
- 7 years — minimum required by EU AI Act Art. 12
- Purpose
- Detect fraud, abuse, and platform health issues
- Legal basis
- Legitimate interest (GDPR Art. 6(1)(f))
- Retention
- 90 days
- Purpose
- Bill tenants for platform + metered usage
- Legal basis
- Contract performance + legal obligation (tax records)
- Retention
- 7 years (tax) + account lifetime
Automated decision-making
Hirona uses LLMs to conduct voice interviews and generate scorecards. These are decision-support, not final rejections. Every recommendation is reviewable, and every rejection is delivered with a one-click path to human review. We classify this system as high-risk under the EU AI Act (Annex III.4) and operate it accordingly:
- Logic: structured rubric scoring against explicit criteria the hiring manager set. The model cites evidence from the transcript for each rubric dimension.
- Significance: a scorecard can influence whether you advance, but never unilaterally reject you without a human in the loop when the model confidence is below our threshold or when you request review.
- Bias audit: independent annual audit published under NYC Local Law 144 covering gender + race impact ratios. Latest audit available to verified candidates on request.
- Opt-out: request a fully human screen at any point before your interview starts; we will route your application to the hiring team without AI involvement.
Your rights
Exercise any of these by emailing privacy@hirona.ai with enough information to verify your identity. We respond within 30 days at no cost.
Right to human review
Every rejected candidate sees a one-click "Request human review" button. A qualified reviewer re-scores the interview without the AI output. Guaranteed under GDPR Art. 22, EU AI Act Art. 14, and Colorado CAIA.
Access + portability
Request a machine-readable export of everything tied to your candidate ID: resume, transcript, scorecard, decision log. Delivered within 30 days of verified request.
Rectification
If any stored data is wrong, email the DPO below. Corrections propagate to the immutable decision log as an append-only amendment, not an erasure.
Erasure
Deletion cascades across Cloud SQL, GCS, LLM provider logs (where reversible), and subprocessor systems. EU AI Act audit records are kept in pseudonymised form for 7 years even after erasure — we will tell you what remains.
Object to processing
You can withdraw consent for your interview to be retained beyond the role decision. Doing so ends the automated process; you may request a fully human screen instead.
Complain to a supervisor
EEA: your local DPA. UK: ICO. Singapore: PDPC. California: OAG. NYC: DCWP. We will cooperate with any jurisdictional inquiry.
International transfers
Your tenant picks a GCP region at sign-up. Cloud SQL, GCS, and KMS keyrings pin to that region. Cross-border transfer — for example, routing inference to a US LLM provider — only happens with candidate consent and the Standard Contractual Clauses in place. The full subprocessor list and transfer mechanism is on the Trust center.
Children's data
Hirona is a B2B hiring product. Candidates must be of working age in their jurisdiction; we do not knowingly process data from anyone under 16 (or the applicable local threshold). If you believe a minor has been onboarded, email the DPO below and we will purge within 72 hours.
How this notice changes
Material changes are announced 30 days in advance via email to tenant admins and on the Trust center changelog. Non-material edits (typo fixes, clarifications) are logged with a bumped last-reviewed date.
Email the DPO directly.
Data subject requests, DPA negotiations, or specific clarifications on this notice. EU / UK representative available on request under GDPR Art. 27.