Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

1. Introduction and Scope

ZenithHire, Inc. ("ZenithHire," "we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information from users of our AI-powered recruiting platform, website (zenithhire.org), and related services (collectively, the "Services").

This Privacy Policy applies to:

• Enterprise customers and their authorized users ("Customers")
• Job candidates whose information is processed through our platform ("Candidates")
• Website visitors and prospective customers ("Visitors")
• Business partners and service providers

Important: If you are a Candidate whose information is processed by one of our Customer organizations, that organization is the data controller of your personal information. Please contact the organization directly regarding your privacy rights. ZenithHire acts as a data processor on behalf of our Customers.

2. Information We Collect

2.1 Information from Enterprise Customers

Account Information: When you create an account, we collect business contact information including name, email address, phone number, job title, company name, and billing information.

Platform Usage Data: We automatically collect information about how you use our Services, including:

• Log data (IP address, browser type, operating system, access times)
• Device information (device type, unique device identifiers)
• Feature usage and interaction patterns
• Search queries and filters applied
• Communication preferences and settings

2.2 Candidate Information Processed on Behalf of Customers

Our Customers upload and process the following types of Candidate information through our platform:

Basic Information:

• Name, contact information (email, phone, address)
• Resume/CV content and work history
• Education history and credentials
• Skills, certifications, and professional qualifications
• LinkedIn profile and social media links (if provided)

Application and Assessment Data:

• Job applications and cover letters
• Interview notes and evaluations
• Skills assessments and test results
• Reference check information
• Background check results (if applicable)
• Compensation expectations and negotiation history

AI-Generated Insights:

• Candidate matching scores and rankings
• Skills gap analysis
• Predicted job fit and success likelihood
• Communication analysis (tone, sentiment)

Protected Characteristics (for diversity analytics only): When explicitly authorized by Customers and permitted by law, we may process aggregated, anonymized data related to diversity metrics such as gender, ethnicity, veteran status, and disability status. This data is used solely for EEOC reporting and diversity analytics and is never used in candidate evaluation or ranking algorithms.

2.3 Website and Marketing Data

When you visit our website or interact with our marketing:

• Contact form submissions and demo requests
• Email engagement (opens, clicks)
• Webinar and event registrations
• Marketing cookies and tracking pixels (see Cookie Policy)
• Third-party analytics data (Google Analytics, LinkedIn Insights)

3. How We Use Information

3.1 To Provide and Improve Our Services

• Operate and maintain the ZenithHire platform
• Process job applications and candidate workflows on behalf of Customers
• Generate AI-powered candidate matching and insights
• Provide customer support and respond to inquiries
• Improve our algorithms, features, and user experience
• Detect, prevent, and address technical issues and security threats

3.2 For Business Operations

• Process payments and manage subscriptions
• Send account notifications and service updates
• Conduct internal analytics and research
• Comply with legal obligations and enforce our Terms of Service

3.3 For Marketing and Communication (with consent)

• Send promotional emails about new features and offerings
• Invite you to webinars, events, and surveys
• Display personalized advertising on third-party platforms
• Analyze marketing campaign effectiveness

Opt-Out: You can opt out of marketing communications at any time by clicking "unsubscribe" in our emails or contacting privacy@zenithhire.org.

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Services you've requested
• Legitimate Interests: Improving our Services, fraud prevention, network security
• Legal Obligation: Complying with laws, regulations, and legal processes
• Consent: Marketing communications, optional features, and cookies (where required)

5. Information Sharing and Disclosure

5.1 We Share Information With:

Service Providers: Third-party vendors who perform services on our behalf, including:

• Cloud infrastructure providers (AWS, Google Cloud)
• Payment processors (Stripe)
• Customer support tools (Zendesk, Intercom)
• Analytics providers (Google Analytics, Mixpanel)
• Email service providers (SendGrid)

All service providers are bound by data processing agreements and required to protect your information.

Business Transfers: If ZenithHire is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

Legal Requirements: We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect the rights, property, or safety of ZenithHire, our users, or the public
• Prevent fraud or abuse of our Services
• Enforce our Terms of Service

5.2 We Do Not:

• Sell personal information to third parties
• Share Candidate information with other Customers or unauthorized parties
• Use Candidate data to train AI models for other Customers (data isolation is strictly maintained)
• Disclose information for advertising purposes without consent

6. Data Security and Retention

6.1 Security Measures

We implement industry-standard security measures to protect personal information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
• Network Security: Firewalls, intrusion detection systems, and regular security audits
• Compliance: SOC 2 Type II certified, GDPR and CCPA compliant
• Employee Training: All employees complete annual security and privacy training
• Incident Response: 24/7 security monitoring and documented incident response procedures

6.2 Data Retention

Customer Account Data: Retained for the duration of your subscription plus 90 days after termination (unless you request earlier deletion).

Candidate Data: Retained according to Customer instructions and applicable legal requirements. Customers control retention periods for Candidate information processed through our platform. Upon Customer deletion request, we permanently delete Candidate data within 30 days, except where retention is required by law.

Marketing Data: Retained until you opt out or request deletion, or for 3 years from last interaction if no objection is received.

Backup Data: Data in backups is retained for up to 90 days and automatically purged thereafter.

7. Your Privacy Rights

7.1 Rights for EEA, UK, and Swiss Users (GDPR)

You have the following rights regarding your personal information:

• Right of Access: Request a copy of the personal information we hold about you
• Right to Rectification: Request correction of inaccurate information
• Right to Erasure ("Right to be Forgotten"): Request deletion of your information
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing (where consent is the legal basis)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 Rights for California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt out of "sale" or "sharing" of personal information (Note: We do not sell personal information)
• Right to Limit Use of Sensitive Personal Information: Limit use of sensitive information (if applicable)
• Right to Non-Discrimination: You will not be discriminated against for exercising your rights

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@zenithhire.org
• Postal Mail: ZenithHire Privacy Team, 350 Market Street, Suite 800, San Francisco, CA 94105
• Online Form: https://zenithhire.org/privacy-request

We will respond to your request within 30 days (GDPR) or 45 days (CCPA). If you are a Candidate and your information was provided by a Customer organization, please contact that organization directly as they control your data.

8. International Data Transfers

ZenithHire is based in the United States. If you are located in the EEA, UK, Switzerland, or other regions with data protection laws, your personal information may be transferred to, stored, and processed in the United States and other countries.

We ensure adequate protection for international transfers through:

• Standard Contractual Clauses (SCCs): EU Commission-approved SCCs for transfers from the EEA
• UK International Data Transfer Agreement: For transfers from the UK
• Swiss-U.S. Privacy Shield Principles: Self-certification for transfers from Switzerland
• Customer Data Residency Options: Enterprise customers can choose data storage locations (US, EU, UK)

9. Children's Privacy

ZenithHire's Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@zenithhire.org and we will delete such information.

10. Automated Decision-Making and AI

Our platform uses AI and machine learning to provide candidate matching, ranking, and insights. While these tools assist in recruitment decisions, final hiring decisions are always made by human recruiters and hiring managers, not by automated systems alone.

Key points about our AI systems:

• Human Oversight: All AI-generated recommendations are reviewed by authorized users
• Bias Mitigation: Our models are regularly audited for fairness and bias across protected characteristics
• Transparency: Users can view the factors contributing to match scores
• Right to Contest: Candidates can contest automated assessments by contacting the hiring organization

If you are in the EEA or UK, you have the right not to be subject to decisions based solely on automated processing that produces legal effects or similarly significantly affects you. This right does not apply when the decision is necessary for entering into a contract, authorized by law, or based on your explicit consent.

11. Cookie Policy

We use cookies and similar tracking technologies on our website and platform. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

12. Third-Party Links

Our Services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying an in-app notification (for platform users)

Your continued use of our Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

14. Contact Information

14.1 Privacy Team

For general privacy questions or to exercise your privacy rights:

• Email: privacy@zenithhire.org
• Phone: +1 (555) 123-4567
• Address: ZenithHire Privacy Team, 350 Market Street, Suite 800, San Francisco, CA 94105, United States

14.2 Data Protection Officer (DPO)

For EEA and UK inquiries:

• Email: dpo@zenithhire.org
• Name: Jennifer Williams, Data Protection Officer

14.3 EU Representative

ZenithHire has appointed an EU representative as required under Article 27 of the GDPR:

• Company: EU Privacy Services Ltd.
• Email: zenithhire@euprivacyservices.com
• Address: 123 Dublin Road, Dublin 2, Ireland

14.4 UK Representative

For UK residents:

• Company: UK Data Protection Services Ltd.
• Email: zenithhire@ukdataprotection.co.uk
• Address: 456 London Street, London EC1A 1BB, United Kingdom

15. Supervisory Authorities

If you are located in the EEA, UK, or Switzerland and have concerns about how we handle your personal information, you have the right to lodge a complaint with your local data protection authority:

• EEA: Contact your country's data protection authority (full list available at https://edpb.europa.eu)
• UK: Information Commissioner's Office (ICO) - https://ico.org.uk
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch

We encourage you to contact us first at privacy@zenithhire.org so we can address your concerns directly.

This Privacy Policy was last updated on January 1, 2025. Previous versions are available upon request.