Legal
Privacy Policy
Effective May 2026
HireForge takes data privacy as seriously as our customers do. This policy describes what we collect, how we use it, where it’s stored, and your rights over it. If anything below is unclear or you need procurement-tier documentation, contact us at hello@hireforge.co.
1. What we collect
We collect three categories of data: identity data (name, email, organization, role), operational data (the brand voice, business context, integration credentials, and knowledge files you provide so agents can work for you), and usage data (which agents you run, when, with what inputs, and the outputs they produce).
2. How we use it
- To run the AI workforce you purchased — every agent reads your operational data at runtime to produce contextually-aware outputs.
- To detect quality regressions — the eval harness compares agent outputs against your historical golden cases to catch drift.
- To improve the platform — anonymized aggregate metrics (agent latency, error rates) flow into our reliability dashboards.
- To bill you — payment and subscription data flows to Stripe.
- For security — anomalous access patterns get flagged, suspicious requests get blocked.
We do not use your operational data to train general-purpose models. Your business knowledge stays your business knowledge.
3. Where it lives
All HireForge infrastructure runs on SOC 2 Type 2 vendors:
- Vercel — application hosting, edge compute
- Clerk — identity, MFA, session management
- Cloudflare — DNS, DNSSEC, network edge
- Anthropic — Claude reasoning (zero-retention API)
- Stripe — billing, payment processing
- Encrypted database (TBD: Neon Postgres or Supabase) — operational data, encrypted at rest
4. Encryption
- In transit: TLS 1.2+ on every request, HSTS preload-eligible.
- At rest: AES-256 at the database layer.
- Field-level: sensitive fields (customer API keys, brand-master files) are encrypted with a per-tenant data encryption key.
5. Your rights
- Access — request a copy of all data we have about you.
- Correct — update incorrect information.
- Delete — request deletion of your account and all associated data within 30 days.
- Export — receive your data in a portable format.
- Opt-out — control marketing email preferences from your account settings.
For GDPR or CCPA-specific requests, email hello@hireforge.co with subject line “Privacy Request”.
6. Cookies and tracking
We use first-party cookies for authentication (Clerk session cookies) and analytics (Vercel Analytics, which respects Do Not Track headers). We do not use third-party advertising trackers, Facebook Pixel, or Google Ads remarketing.
7. Subprocessors
A current list of subprocessors (the third-party vendors that process customer data on our behalf) is available on request. Procurement-tier customers receive automatic notification 30 days before any subprocessor change.
8. Changes to this policy
Material changes will be announced via email to all account owners at least 30 days before they take effect. The effective date at the top of this page reflects the most recent revision.
9. Contact
Privacy questions, requests, or concerns: hello@hireforge.co
This is a public-facing summary of how HireForge handles legal, privacy, and security matters. For procurement-tier documentation (SOC 2 letter, DPA, security questionnaire), contact us.