Privacy Policy

debriefus.com ("we", "us", "our") is committed to protecting the personal data of our customers and the candidates whose data is processed through the Service. This Privacy Policy explains what data we collect, how we use it, and your rights.

By using the Service, you agree to the collection and use of information as described in this policy.

Account data: When you sign up, we collect your name, email address, and Google account information via Google OAuth.

Company data: Company name, domain, and configuration settings you provide when setting up your account.

Candidate data: Resumes (PDF/DOCX), names, email addresses, phone numbers, and any other information candidates submit when applying for jobs posted through the Service.

Interview data: Audio/video transcripts from AI-conducted interviews, interview scores, and evaluation reports generated by our AI systems.

Usage data: Log data, browser type, IP address, and how you interact with the Service, for security and performance purposes.

• To provide, operate, and maintain the Service
• To process job applications and conduct AI-assisted resume screening
• To schedule and conduct AI-led video interviews
• To generate evaluation reports for HR review
• To send transactional emails (invitations, reminders, reports)
• To monitor and improve Service performance and security
• To comply with legal obligations

We do not sell your data or candidate data to third parties. We do not use candidate data for training our AI models without explicit consent.

We use the following third-party services to operate the platform:

• Anthropic (Claude AI) — AI model used for resume screening, email composition, and interview evaluation. Data is processed per Anthropic's API terms.
• Vapi.ai — AI voice infrastructure used for conducting video interviews. Audio data is processed per Vapi's terms of service.
• Google (OAuth, Gmail, Calendar) — Used to authenticate the HR user, sync candidate emails from their own company inbox (Gmail), send hiring emails on their behalf (Gmail), and create and manage interview events (Calendar). See the "Google API Services" section below. Subject to Google's Privacy Policy.
• LinkedIn — Used to post job listings when you connect your LinkedIn account. Subject to LinkedIn's Privacy Policy.

debriefus.com's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

The HR user connects their own company Google account. We request the following scopes for the sole purpose of operating the hiring workflow the user explicitly enables:

• gmail.readonly — to read candidate replies and resume attachments in the HR user's own inbox and update the hiring pipeline. We do not read personal email unrelated to hiring.
• gmail.send — to send interview invitations, scheduling confirmations, reminders, and rejection emails from the HR user's own inbox.
• calendar — to create, update, and delete interview events and to check availability on the HR user's own calendar.

Specifically, data accessed via these Google APIs is used only to provide and improve these features. We do not:

• transfer this data to others, except as necessary to provide the Service, for security purposes, or to comply with applicable law;
• use this data for serving advertisements;
• use this data to train generalized AI and/or ML models;
• allow humans to read this data, unless (a) we have the user's affirmative consent for specific messages, (b) it is necessary for security purposes such as investigating abuse, (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized and used for internal operations.

We retain your account data for as long as your account is active. Candidate data is retained for 12 months after the hiring process concludes, after which it is permanently deleted.

You may request deletion of your data at any time by contacting us at hello@debriefus.com. Deletion requests will be processed within 30 days, subject to legal retention obligations.

We implement industry-standard security measures including encrypted data storage (at rest and in transit), access controls, and regular security reviews. OAuth tokens and API keys are stored encrypted.

Despite our best efforts, no method of transmission over the internet is 100% secure. In the event of a data breach, we will notify affected users within 72 hours of becoming aware of the breach.

As a company using the Service to process job applications, you are a data controller for candidate personal data. You are responsible for:

• Ensuring candidates are informed that their data is being processed using AI
• Obtaining any necessary consents under applicable employment and data protection laws
• Complying with GDPR, CCPA, or other applicable privacy regulations

debriefus.com acts as a data processor on your behalf for candidate data.

Depending on your location, you may have the following rights regarding your data:

• Right to access the data we hold about you
• Right to correct inaccurate data
• Right to deletion ("right to be forgotten")
• Right to data portability
• Right to object to processing

To exercise any of these rights, contact us at hello@debriefus.com.

We use essential cookies and local storage to maintain your session and remember your theme preference. We do not use advertising or tracking cookies. No third-party analytics (e.g. Google Analytics) are used on the dashboard.

Our third-party service providers (such as Anthropic and Vapi.ai) may process data in the United States or other countries. By using the Service, you consent to this transfer. We ensure all third-party providers have adequate data protection measures in place.

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors.

We may update this Privacy Policy from time to time. We will notify you of material changes by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your rights, contact us at: hello@debriefus.com