Privacy Policy

Last Updated: December 2025

1. Introduction

This Privacy Policy describes how HireAegis Interviewer ("we," "our," or "us") collects, uses, and protects your personal information when you use our technical interview platform and related services (collectively, the "Service").

Data Controller

HireAegis Interviewer
96 Clinton Ave Newark Unit 441
Newark, NJ 07114
United States
Email: hello@hireaegis.com
Website: https://hireaegis.com/contact

Note on GDPR Compliance: While our company is located in the United States, our service is hosted on servers in Finland (European Union). We process personal data of users in the European Union and are therefore subject to the General Data Protection Regulation (GDPR). We comply with GDPR requirements for processing EU personal data.

Supervisory Authority

If you are located in the European Union, you have the right to lodge a complaint with your local data protection authority or the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) if you believe we have not handled your personal data in accordance with applicable data protection laws.

Finnish Data Protection Ombudsman
Website: https://tietosuoja.fi/en
Email: tietosuoja@om.fi

Note: As a US-based company processing EU personal data, you may also contact your local EU data protection authority.

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at hello@hireaegis.com or using the contact information provided above.

2. Information We Collect

We collect the following types of information:

Account Information

Authentication Data: User authentication information managed through Clerk, including email addresses and authentication tokens
Profile Information: Name and other profile information you provide through your account

Workspace Data

Workspace Information: Workspace names, descriptions, and settings
Membership Information: Workspace members, their roles (owner, admin, member), and membership status

Interview Room Data

Room Information: Interview room names, scheduled start times, durations, and status
Participant Information: Interviewer and candidate participation records, join times, and activity

Candidate Data

Display Names: Names provided by candidates when joining interview rooms
Optional Email Addresses: Email addresses optionally provided by candidates
Note: Candidates are not required to create accounts; they access interview rooms via token-based links

Code & Project Data

File Content: Code files, project structure, and file contents created during interviews
Build Logs: Build output, error messages, and execution logs from Docker container builds
Project Metadata: File paths, file sizes, and project configuration

AI Conversation Data

Prompts: Questions and requests submitted to the AI assistant by candidates
Responses: AI-generated responses and conversation history
Session Data: AI session identifiers and conversation groupings
Note: All AI conversations are visible to interviewers in real time by design

Subscription Data

Plan Information: Subscription plan (Starter, Professional, Business, or custom), billing period (monthly/yearly)
Billing Information: Payment and billing data processed through Lemon Squeezy (we do not store full payment card information)
Subscription Status: Active, cancelled, expired, or trial status
Subscription Dates: Current billing period dates, cancellation dates, trial end dates

Technical Data

IP Addresses: Internet Protocol addresses used to access the Service
Browser Information: Browser type, version, and user agent strings
Usage Logs: Access logs, error logs, and system logs
Device Information: Device type and operating system information

Docker Container Data

Temporary Execution Data: Code execution results, preview URLs, and container metadata
Note: Docker containers are automatically cleaned up after approximately 6 hours

3. How We Use Information

We use the information we collect for the following purposes:

Service Provision

To provide, maintain, and improve the Service
To authenticate users and manage accounts
To enable interview room creation and management
To facilitate real-time collaboration between interviewers and candidates

Interview Room Management

To create and manage interview rooms
To enable candidate access via token-based links
To track participant activity and interview progress
To store interview artifacts (code, conversations, build logs)

AI Assistant Functionality

To process AI assistant requests and generate responses
To maintain conversation context and session history
To enable real-time visibility of AI conversations for interviewers

Code Execution and Preview

To execute code in Docker containers
To generate preview URLs for candidate projects
To store build logs and execution results

Payment Processing

To process subscription payments through Lemon Squeezy
To manage subscription status and billing cycles
To handle refunds and cancellations

Account Management

To manage user accounts and workspaces
To handle account settings and preferences
To communicate with users about their accounts

Service Improvement

To analyze usage patterns and improve Service functionality
To identify and fix technical issues
To develop new features and functionality

Legal Compliance

To comply with applicable laws and regulations
To respond to legal requests and court orders
To protect our rights and the rights of our users

4. Third-Party Services

We use the following third-party services that may process your personal information:

Clerk (Authentication)

Purpose: User authentication and account management
Data Shared: User authentication data, email addresses, profile information
Location: Clerk may process data in the United States
EU-US Data Transfer: We use Standard Contractual Clauses (SCCs) or other approved mechanisms to ensure adequate protection for EU personal data transferred to the US
Privacy Policy: https://clerk.com/legal/privacy

Lemon Squeezy (Payment Processing)

Purpose: Payment processing and subscription management
Data Shared: Billing information, subscription details, payment transaction data
Location: Lemon Squeezy may process data in the United States
EU-US Data Transfer: We use Standard Contractual Clauses (SCCs) or other approved mechanisms to ensure adequate protection for EU personal data transferred to the US
Privacy Policy: https://www.lemonsqueezy.com/privacy

AI Providers (DeepSeek, OpenAI via RubyLLM)

Purpose: AI assistant functionality and response generation
Data Shared: Interview context, code content, AI conversation history, prompts, and responses
Location: AI providers may process data in the United States or other jurisdictions outside the EU
EU-US Data Transfer: We use Standard Contractual Clauses (SCCs) or other approved mechanisms to ensure adequate protection for EU personal data transferred outside the EU
Privacy Policies:
- DeepSeek: https://www.deepseek.com/privacy (or as provided by DeepSeek)
- OpenAI: https://openai.com/policies/privacy-policy

Hosting & Infrastructure

Purpose: Service hosting, database management, and infrastructure services
Data Location: Primary hosting in the European Union (Finland) on Hetzner servers
Note: Some infrastructure services may involve data transfers outside the EU, which are subject to appropriate safeguards. While our company is US-based, we maintain data processing operations in the EU to comply with GDPR requirements.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

Service Providers

We may share information with third-party service providers who perform services on our behalf, such as:

Payment processing (Lemon Squeezy)
Authentication services (Clerk)
AI service providers (DeepSeek, OpenAI)
Hosting and infrastructure providers

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights and property
Protect the safety of our users or the public
Prevent fraud or abuse

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, in accordance with GDPR requirements:

Security Measures

Encryption: We use encryption (TLS/SSL) for data transmission
Access Controls: We limit access to personal information to authorized personnel only
Authentication: We use secure authentication mechanisms through Clerk
Storage Security: Data is stored in secure databases with access controls

Data Transmission Security

All data transmitted between your device and our servers is encrypted using TLS/SSL encryption.

Storage Security

Our primary data storage is located in the European Union (Finland) on Hetzner servers and is subject to appropriate security measures. While our company is US-based, we maintain data processing operations in the EU to comply with GDPR requirements.

Data Breach Procedures

In the event of a data breach that may affect your personal information, we will:

Notify the relevant supervisory authority (Finnish Data Protection Ombudsman) within 72 hours, as required by GDPR
Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms
Take appropriate measures to mitigate the breach and prevent future incidents

Limitations of Security

While we implement security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

Account Data

We retain account data while your account is active. If you delete your account, we may retain certain information as required by law or for legitimate business purposes.

Interview Data

We may retain interview data (rooms, code, conversations, build logs) for as long as we determine necessary for the purposes of providing the Service and maintaining interview records. Specific retention periods may be determined based on business needs and legal requirements.

Docker Containers

Docker containers and their associated data are automatically deleted after approximately 6 hours. We are not responsible for data loss after container cleanup.

Deleted Account Data

After account deletion, we may retain certain data for a period we determine necessary for legal compliance, dispute resolution, or legitimate business purposes. Some data may be retained indefinitely if required by law.

Legal Hold Requirements

We may retain data beyond normal retention periods if required by law, court order, or legal investigation.

8. Your Rights (GDPR & CCPA)

Your Rights Under GDPR

If you are located in the European Union, you have the following rights regarding your personal data:

Right of Access

You may request access to your personal data and receive information about how we process it. We will respond to your request within one month, as required by GDPR.

Right to Rectification

You may request correction of inaccurate or incomplete personal data. We will update your information as requested, subject to verification.

Right to Erasure ("Right to be Forgotten")

You may request deletion of your personal data. We will delete your data unless we have a legitimate reason to retain it, such as:

Legal obligations
Legitimate business interests
Pending disputes or investigations

Right to Data Portability

You may request a copy of your personal data in a structured, machine-readable format. We will provide your data in a commonly used format.

Right to Object

You may object to processing of your personal data based on legitimate interests. We will stop processing unless we have compelling legitimate grounds that override your interests.

Right to Withdraw Consent

If processing is based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights:

Right to Know

You may request information about the categories and specific pieces of personal information we collect, use, and disclose.

Right to Delete

You may request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale

We do not sell your personal information. However, we provide this disclosure to comply with CCPA requirements.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

Exercising Your Rights

To exercise any of these rights, please contact us using the contact information provided in Section 1. We will respond to your request within the timeframes required by applicable law.

Note: Rights may vary by jurisdiction. We will comply with applicable data protection laws in your jurisdiction.

9. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

If you are between 13 and 18 years of age, you must have the consent of a parent or guardian to use the Service.

10. International Data Transfers

EU Data Transfers

While our service is hosted on servers in the European Union (Finland), our company is located in the United States. Data transfers from the EU to the US are subject to GDPR requirements.

Transfer Mechanisms

For transfers of EU personal data to the United States or other jurisdictions outside the EU, we use appropriate safeguards, including:

Standard Contractual Clauses (SCCs): European Commission-approved Standard Contractual Clauses with our third-party service providers
Adequacy Decisions: Where applicable, transfers to countries with adequacy decisions from the European Commission
Other Approved Mechanisms: Other transfer mechanisms approved by applicable data protection authorities

Third-Party Data Transfers

Third-party services we use (Clerk, Lemon Squeezy, AI providers) may process data in the United States or other jurisdictions outside the EU. We ensure that appropriate safeguards are in place for these transfers, as described in Section 4.

Safeguards

We use appropriate technical and organizational measures to protect your personal data during international transfers, including encryption, access controls, and contractual safeguards.

11. Cookies & Tracking

Use of Cookies

We use cookies and similar technologies to:

Maintain user sessions and authentication
Remember user preferences and settings
Analyze Service usage and performance

Session Management

We use session cookies to maintain your login state and enable Service functionality. These cookies are essential for the Service to function properly.

Analytics

We may use analytics tools to understand how users interact with the Service. Analytics data is used to improve the Service and is processed in accordance with this Privacy Policy.

Cookie Controls

You can control cookies through your browser settings. However, disabling cookies may affect Service functionality.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated Privacy Policy on our website
Updating the "Last Updated" date
Sending email notifications for significant changes (where applicable)

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you may discontinue use of the Service and request deletion of your account.

13. Contact Us

Privacy Inquiries

If you have questions about this Privacy Policy or our data practices, please contact us at hello@hireaegis.com.

Data Subject Requests

To exercise your data protection rights (access, rectification, erasure, portability, etc.), please contact us at hello@hireaegis.com. We will respond to your request within the timeframes required by applicable law.

Right to Lodge Complaint

If you are located in the European Union and believe we have not handled your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu):

Finnish Data Protection Ombudsman
Website: https://tietosuoja.fi/en
Email: tietosuoja@om.fi

Data Protection Officer

If we appoint a Data Protection Officer (DPO), their contact information will be provided here. Currently, we do not have a designated DPO. For data protection inquiries, please contact us at hello@hireaegis.com.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

HireAegis Interviewer
96 Clinton Ave Newark Unit 441
Newark, NJ 07114
United States
Email: hello@hireaegis.com
Website: https://hireaegis.com/contact

Note: This Privacy Policy is drafted with flexible language to allow for future legal review. Specific legal positions, including data retention periods and transfer mechanisms, may be refined by qualified legal counsel. This Privacy Policy should be reviewed by qualified US and EU legal counsel before final publication, given our US-based company operations and EU-hosted services that process EU personal data.