OpenJobs AI Privacy Policy

Last Updated: March 6, 2026 | Effective Date: March 6, 2026 | Previous Version: January 6, 2025

1. Introduction

OpenJobs AI Inc. ("OpenJobs AI", "we", "us", "our") operates an AI-powered recruitment automation platform (the "Service") that helps businesses discover, evaluate, and engage potential candidates. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Service or interact with us.

This policy applies to:

Employers/Clients ("Users"): Businesses and individuals who subscribe to the Service
Candidates: Individuals whose professional information appears on the platform or who are contacted through the Service
Website visitors: Individuals who visit www.openjobs-ai.com

2. Information We Collect

2.1 Information You Provide

Account Information:

Data Type	Examples	Purpose
Identity	Full name	Account creation, communication
Contact	Work email address	Account verification, notifications
Authentication	Password (hashed), Google OAuth token	Account security
Company	Company name, size, industry	Service customization
User source	How you heard about us (optional)	Marketing analytics

Recruitment Content:

Data Type	Examples	Purpose
Job descriptions	Role title, requirements, location, salary range	AI candidate matching
Candidate notes	Your evaluations, interview notes	Candidate management
Communications	Messages sent to/from candidates	Outreach management

2.2 Information We Collect Automatically

Data Type	Examples	Purpose
Device information	Browser type, operating system, device identifiers	Service optimization, security
Usage data	Pages visited, features used, session duration	Product improvement, analytics
IP address	IPv4/IPv6 address	Security, approximate location
Log data	Access times, error logs, API calls	Debugging, security monitoring

2.3 Subscription and Billing Data

Data Type	Examples	Purpose
Subscription details	Plan tier, billing cycle (monthly/annual), subscription start date	Service delivery
Credit transactions	Credits issued, consumed, expired; unlock history	Service delivery, usage tracking
Role quota usage	Roles created per period, quota resets	Service delivery
Payment history	Invoice amounts, payment dates, payment status	Billing, financial records
Billing metadata	Stripe Customer ID, Subscription ID	Payment processing

Important: We do not collect or store your credit card number, CVV, or full payment card details. All payment information is processed directly by our payment processor, Stripe, Inc. (see Section 5.2).

2.4 Candidate Information

We collect professional information about candidates from the following sources:

Publicly available sources:

Professional networking platforms (e.g., LinkedIn public profiles)
Company websites and professional directories
GitHub, portfolio sites, and other public professional profiles
Published articles, conference presentations, and academic publications

Candidate-provided information (when candidates respond to outreach):

Contact information provided in responses
Professional background shared in communications
Expressions of interest or non-interest

Data Type	Source	Purpose
Professional profile	Public sources	AI candidate matching
Work history	Public sources	Qualification assessment
Skills and expertise	Public sources	Role matching
Contact information	Public sources / candidate-provided	Outreach
Response status	Candidate interaction	Candidate management

3. How We Use Your Information

3.1 Service Delivery

Creating and managing your account
Processing your subscription and billing
Issuing and tracking Credits and Role quotas
AI-powered candidate search and matching
AI-assisted resume screening and qualification assessment
Automated and managed outreach to potential candidates
Facilitating communication between you and interested candidates
Sending transactional emails (subscription confirmations, renewal notices, payment failure alerts, trial reminders)

3.2 AI-Powered Features

The Service uses artificial intelligence and machine learning for the following purposes:

AI Feature	Data Used	Output
Candidate Search	Job descriptions, skill requirements	Matched candidate profiles
Resume Screening	Candidate professional data, job requirements	Qualification assessments
Automated Outreach	Job descriptions, candidate profiles	Personalized outreach messages
Candidate Matching	Job requirements, candidate qualifications	Relevance scores

Important disclosures about AI processing:

AI-generated assessments and recommendations are probabilistic and may contain errors
No fully automated decisions with legal or significant effects are made without human involvement (per GDPR Article 22)
You may request information about the logic involved in AI-powered features by contacting us at contact@openjobs-ai.com
Candidate data may be processed by third-party AI/ML service providers (see Section 5)

3.3 Service Improvement

Analyzing usage patterns to improve features and user experience
Monitoring Service performance and diagnosing technical issues
Training and improving AI models (using aggregated and de-identified data where possible)

3.4 Communication

Responding to your inquiries and support requests
Sending Service-related notifications (billing, subscription changes, security alerts)
Sending product updates and feature announcements (with opt-out option)

3.5 Security and Compliance

Detecting and preventing fraud, abuse, and unauthorized access
Enforcing our Terms of Service and Acceptable Use Policy
Complying with legal obligations, law enforcement requests, and regulatory requirements

4. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

Legal Basis	Applicable Processing
Contract performance (Art. 6(1)(b) GDPR)	Account creation, subscription management, Credit/Role tracking, service delivery
Legitimate interest (Art. 6(1)(f) GDPR)	Service improvement, security, fraud prevention, analytics
Consent (Art. 6(1)(a) GDPR)	Marketing communications, optional analytics cookies
Legal obligation (Art. 6(1)(c) GDPR)	Tax records, regulatory compliance, law enforcement requests

For candidate data sourced from public sources, we rely on legitimate interest (connecting candidates with relevant job opportunities). Candidates may opt out of outreach at any time (see Section 8).

5. How We Share Your Information

5.1 Service Providers

We share information with third-party service providers who process data on our behalf:

Provider Category	Examples	Data Shared	Purpose
Payment processing	Stripe, Inc.	Billing metadata, payment amounts	Subscription billing, invoice generation
Cloud infrastructure	AWS, Google Cloud	All Service data (encrypted)	Data storage, computing
AI/ML processing	Third-party AI providers	Job descriptions, candidate data (de-identified where possible)	Candidate matching, resume screening
Email delivery	Transactional email provider	Email addresses, notification content	Service notifications
Analytics	Product analytics tools	Usage data (aggregated)	Service improvement

Stripe, Inc. processes all payment transactions. We do not have access to your full payment card details. Stripe's privacy policy is available at: https://stripe.com/privacy

5.2 Payment Processor - Stripe

Stripe is our sole payment processor and is PCI DSS Level 1 certified
When you enter payment information during checkout, it is transmitted directly to Stripe via Stripe.js / Stripe Elements
We receive only: last 4 digits of your card, card brand, expiration date, billing address, and payment status
Stripe may use cookies and device fingerprinting for fraud prevention purposes
For more information, see Stripe's Privacy Policy: https://stripe.com/privacy

5.3 Employers (for Candidates)

When a candidate is matched with a Role and the employer unlocks the candidate using Credits:

The employer can view the candidate's professional profile, work history, skills, and contact information
The employer can communicate with the candidate through the platform

Data Controller and Processor Roles for Outreach:

When employers use the automated outreach feature, OpenJobs AI acts as a data processor on behalf of the employer (the data controller). We process candidate data and deliver outreach communications based on the employer's instructions (creating Roles and initiating outreach). For details on responsibilities, see our Terms of Service, Section 8.4.

5.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the successor entity. We will notify you via email and/or a prominent notice on the Service before your information becomes subject to a different privacy policy.

5.5 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to:

Comply with applicable law or regulation
Protect the rights, property, or safety of OpenJobs AI, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

6. Data Retention

6.1 Retention Schedule

Data Category	Retention Period	Trigger	Post-Retention
Active account data	Duration of active subscription	Account creation	N/A
Roles and candidate data	90 days after subscription cancellation	Cancellation effective date	Archived to cold storage
Outreach records	90 days after subscription cancellation	Cancellation effective date	Archived to cold storage
Account settings	180 days after subscription cancellation	Cancellation effective date	Soft deleted
Billing and invoices	Minimum 7 years (Stripe retains invoice data permanently on their systems)	Invoice date	Retained for tax/legal compliance (IRS requires minimum 7 years)
Credit transaction logs	Minimum 7 years	Transaction date	Archived for financial audit
Webhook and payment logs	Minimum 7 years	Log date	Archived for financial audit
Candidate data (no engagement)	12 months from last outreach attempt	Last outreach date	Deleted
Support communications	3 years	Ticket closure date	Deleted

6.2 Cold Storage

Data archived to cold storage is:

Encrypted at rest
Not actively processed or accessible through the Service
Available for restoration upon account reactivation (within 90 days of archival upon request; best-effort basis after 90 days)

6.3 Deletion

When data reaches the end of its retention period:

Personal data is deleted or irreversibly anonymized
Aggregated, anonymized data may be retained indefinitely for analytics purposes
Deletion requests are processed within 30 days (see Section 8)
Data subject to legal hold or regulatory requirements may be retained beyond standard retention periods

7. Data Security

7.1 Technical Measures

Measure	Implementation
Encryption in transit	TLS 1.2+ for all communications
Encryption at rest	AES-256 encryption for stored data
Access control	Role-based access control (RBAC) with least-privilege principle
Authentication	Multi-factor authentication for internal systems
Payment security	PCI DSS Level 1 compliance via Stripe (no card data stored)
Infrastructure	Hosted on AWS/Google Cloud with SOC 2 compliance

7.2 Organizational Measures

We are committed to implementing and maintaining the following organizational security measures:

Periodic security assessments, with penetration testing conducted as appropriate based on risk
Employee security awareness training
Vendor security due diligence and execution of data processing agreements with service providers who process personal data on our behalf
Incident response plan with defined escalation procedures

The scope and maturity of these measures will evolve as our organization grows. We continuously evaluate and improve our security posture.

7.3 Incident Response

In the event of a personal data breach:

Supervisory authorities: We will notify the relevant data protection supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals (as required by GDPR Article 33)
Affected individuals: We will notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms (as required by GDPR Article 34)
Breach details: Notifications will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach
California residents: Will be notified as required by Cal. Civ. Code § 1798.82 (notification "in the most expedient time possible and without unreasonable delay")
All users: We will provide information about the nature of the breach, the data affected, and recommended protective measures

8. Your Privacy Rights

8.1 All Users

Regardless of your location, you may:

Right	Description	How to Exercise
Access	Request a copy of your personal data	Email contact@openjobs-ai.com
Correction	Request correction of inaccurate data	Settings > Profile, or email us
Deletion	Request deletion of your personal data	Email contact@openjobs-ai.com
Data export	Export your data in CSV/JSON format	Settings > Billing > Export Data
Opt-out of marketing	Unsubscribe from promotional emails	Unsubscribe link in emails
Account deletion	Delete your account and associated data	Email contact@openjobs-ai.com

8.2 Candidates

If you are a candidate whose information appears on the platform:

Right	Description	How to Exercise
Opt-out of outreach	Stop receiving recruitment messages	Unsubscribe link in outreach emails
Access	Request what information we hold about you	Email contact@openjobs-ai.com
Deletion	Request removal of your profile from the platform	Email contact@openjobs-ai.com
Correction	Request correction of inaccurate information	Email contact@openjobs-ai.com
Object to processing	Object to the use of your publicly available data	Email contact@openjobs-ai.com

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request the categories and specific pieces of personal information we have collected
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by the CPRA
Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at contact@openjobs-ai.com. As an online-only service, email is our designated method for receiving verifiable consumer requests (per Cal. Civ. Code § 1798.130(a)(1)). We will verify your identity before processing your request and will respond within 45 days (with a possible 45-day extension if reasonably necessary).

8.4 EEA/UK/Switzerland Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following additional rights:

Right to Restrict Processing: Request that we restrict the processing of your data in certain circumstances
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Where processing is based on consent, withdraw consent at any time
Right Regarding Automated Decision-Making: Not be subject to decisions based solely on automated processing (including AI) that produce legal effects or similarly significantly affect you, unless necessary for contract performance or based on your explicit consent
Right to Lodge a Complaint: File a complaint with your local data protection authority

Automated Decision-Making Disclosure (GDPR Art. 22):

Our AI-powered features assist in candidate matching and assessment, but no fully automated decisions with legal effects are made. Employers make all final hiring decisions. You may request human review of any AI-assisted assessment by contacting us.

International Data Transfers:

Your data may be transferred to and processed in the United States, where OpenJobs AI is headquartered. For EEA/UK transfers, we use Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational safeguards.

9. Cookies and Tracking Technologies

9.1 Types of Cookies

Cookie Type	Purpose	Examples	Optional?
Essential	Service functionality, authentication, security	Session cookies, CSRF tokens	No (required)
Payment	Fraud prevention, payment processing	Stripe.js cookies and device fingerprinting	No (required for payments)
Analytics	Usage analysis, service improvement	Google Analytics, product analytics	Yes (opt-out available)
Preferences	Remember your settings and preferences	Language, theme, billing cycle toggle	Yes

9.2 Stripe.js Cookies

Our payment processor, Stripe, uses cookies and device fingerprinting technology to detect and prevent fraud. These cookies are placed when you visit pages containing Stripe payment elements. For details, see Stripe's Cookie Policy: https://stripe.com/cookie-settings

9.3 Managing Cookies

You can manage cookie preferences through:

Your browser settings (blocking or deleting cookies)
Our cookie consent banner (where applicable)
Opting out of analytics via browser extensions (e.g., Google Analytics opt-out)

Note: Disabling essential cookies may impair Service functionality.

9.4 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) setting that sends a signal to websites you visit. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals. However, you may opt out of analytics cookies as described in Section 9.3 above. We will update this section if a uniform standard for DNT is established.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at contact@openjobs-ai.com.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will:

Provide at least 30 days' advance notice via email
Post the updated policy on our website with a revised "Last Updated" date
Where required by law, seek your consent to the changes

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes acceptance. If you do not agree to the changes, you may cancel your subscription before the changes take effect.

13. Contact Information

For privacy inquiries, data requests, or complaints:

Privacy email: contact@openjobs-ai.com
Support email: support@openjobs-ai.com
Mailing address: OpenJobs AI Inc., 8 The Green, Ste A, Dover, DE 19901, United States

Data Protection Point of Contact (for EEA/UK inquiries):
Email: contact@openjobs-ai.com

Note: OpenJobs AI has not formally appointed a Data Protection Officer (DPO) under GDPR Article 37 at this time. If our processing activities reach the thresholds requiring a DPO (large-scale processing of special categories of data or systematic monitoring), we will appoint one and update this section accordingly. In the meantime, the above email serves as the primary contact for all data protection inquiries from EEA/UK residents.

We will respond to all privacy requests within 30 days, except where applicable law provides a different timeframe (e.g., CCPA allows up to 45 days with a possible 45-day extension).

14. Regulatory Information

14.1 EU AI Act Compliance

OpenJobs AI uses AI systems in the recruitment domain, which is classified as "high-risk" under the EU AI Act (Regulation (EU) 2024/1689). We are committed to:

Maintaining transparency about our AI systems' capabilities and limitations
Implementing appropriate human oversight in AI-assisted processes
Conducting bias assessments and algorithmic audits on a periodic basis, with frequency determined by risk level and regulatory requirements
Providing documentation of AI system functionality upon request

Our AI systems may reflect biases present in publicly available professional data sources. We are actively working to identify and mitigate such biases, but cannot guarantee that AI-generated outputs are entirely free from bias. Employers using the Service are responsible for making independent, non-discriminatory hiring decisions (see Terms of Service, Section 2.4).

14.2 Data Processing Agreements

We require Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf, in compliance with GDPR Article 28. We are in the process of executing DPAs with all current service providers and will ensure that DPAs are in place before any new service provider processes personal data on our behalf.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.