Privacy Policy
Last updated: February 1, 2026
Who we are
MENAHIRE ("we", "us", "our") operates the recruitment platform menahire.com (the "Platform"). This Privacy Policy explains how we collect, use, store, and share personal data, and how individuals can exercise their rights under applicable data protection laws, including GDPR and PDPL.
Roles
Organizations and Independent Recruiters act as independent controllers for hiring-related processing they determine (e.g., job creation, candidate evaluation, hiring decisions).
MENAHIRE acts as:
- Processor for hiring data processed on behalf of Organizations/Independent Recruiters within the Platform.
- Controller for Platform operations (accounts, billing, security), support, service communications, product analytics (with consent), and compliance.
Categories of data we process
- Applicants (job seekers): profile data, CV/resume, application history, communications with recruiters, and activity on the Platform.
- Recruiters & Organization users: account details (name, email, role), job postings, hiring/invite data, communications with applicants.
- Device/usage data: logs, device/browser info, and interaction events. Analytics are collected only with consent where required by law.
Purposes and legal bases
We map each activity to at least one legal basis recognized under applicable law.
| Processing activity | Purpose | Legal basis |
|---|---|---|
| Account registration & authentication | Provide and secure the Platform | Contract necessity; Legitimate interests (security) |
| Applicant CV upload & profile management | Deliver core recruitment services | Contract necessity |
| Recruiter applicant messaging (inc. Google integration) | Enable communications related to hiring | Contract necessity; Legitimate interests (service operation) |
| Candidate ranking/matching (AI-assisted) | Help recruiters find relevant candidates | Legitimate interests (service improvement); Consent where required |
| Sharing an applicant's CV with expanded opportunities for candidates outside the original application flow | Expand opportunities for candidates | Explicit consent (opt-in) |
| Customer support | Diagnose and resolve issues | Contract necessity; Legitimate interests (service quality) |
| Security/fraud prevention, auditing | Protect users and systems | Legitimate interests; Legal obligation where applicable |
| Product analytics (Profiling) | Improve UX and platform features | Consent (where required); Legitimate interests |
| Marketing communications (if any) | Inform user about new features | Consent (opt-in) |
Automated decision-making & AI transparency
Recruiters make all hiring decisions. Our automated systems only surface analysis, scores, and summaries to assist recruiters. We do not make decisions that produce legal or similarly significant effects based solely on automated processing. The outputs are recommendations for human review, and human decision-makers retain full control and can disregard or override them at any time.
Individuals may request: (a) an explanation of the factors considered, (b) human review, (c) to express their viewpoint, and (d) to contest a result.
Data sharing
We share personal data only as described below:
- With Organizations/Independent Recruiters for jobs to which an applicant applies.
- With other recruiters only when the applicant has given explicit consent to share their CV outside the original application flow. Consent is recorded and can be withdrawn at any time.
- Service providers (subprocessors) that help us operate the Platform (see Subprocessor List).
- Google integration: for recruiter–applicant communications (see Google Integration Disclosure).
- Legal and compliance: to comply with legal obligations, enforce terms, or protect rights, safety, and security.
We do not sell personal data.
Google/Gmail integration (Google API user data)
If you choose to connect a Gmail account, we access and process limited Google user data solely to enable recruiter–applicant communications from your mailbox within MENAHIRE. You can disconnect the integration at any time.
Data accessed from Google
- Account identifier: your Google account email address and basic account information needed to connect to the integration.
- OAuth tokens: access/refresh tokens required to maintain the connection (stored securely).
- Email send data (outbound): email message metadata (e.g., to/from, subject, timestamps, message IDs) and message content for emails you send via MENAHIRE, and, where enabled, related threads with applicants — so communications can be displayed inside the Platform.
Attachments (if you add them)
File attachments you include when sending an email via MENAHIRE using Gmail.
How we use Google user data
- Send emails to applicants on your behalf through Gmail when you choose Gmail as the service.
- Display and store recruiter–applicant communications in MENAHIRE to provide collaboration, continuity, and an audit trail (localized to the hiring context).
- Maintain security and troubleshoot integration issues (e.g., failed sends, revoked access).
We do not use Google user data and we do not use it for advertising.
Sharing of Google user data
- With Google (as the email service processor) to execute the integration and deliver messages.
- With email recipients (e.g., applicants) when you send emails — this is inherent in email delivery.
- With our service providers who operate and secure the Platform (e.g., hosting, monitoring), under confidentiality and data-processing obligations.
We do not share Google user data with third parties for their own marketing purposes.
Storage and protection
- Integration data (including tokens) is transmitted over TLS and stored with appropriate technical and organizational safeguards (including encryption at rest where required).
- Access is restricted to authorized personnel and systems on a need-to-know basis, using least-privilege controls and audit logging.
- We monitor the connection health when you disconnect and monitor for abuse and unauthorized access.
Retention and deletion (Google data)
- OAuth tokens are retained only while the Gmail integration remains connected; disconnecting Gmail removes/invalidates the connection on our side.
- Any email content stored in MENAHIRE follows the retention schedule in this Policy (see recruiter-applicant communications).
- You can request deletion of your data (including Google integration data) via in-product Privacy Request or email.
- You may also revoke MENAHIRE's access at any time from your Google Account security settings.
Data subject rights & requests (DSARs)
Individuals can request: access, rectification, erasure, restriction, portability (where applicable), and objection; and may withdraw consent at any time before it affects past processing.
How to submit: via in-product Privacy Request or email support@menahire.com.
Response time: we aim to respond within 30 days. We may verify identity and, where appropriate, consult the relevant Organization controller.
Retention schedule
Retention follows the principle of storage limitation.
| Data category | Retention |
|---|---|
| CV raw files | Archived after 2 years from upload; deleted per backup cycles when beyond retention |
| Structured CV/profile data | Accessible for 5 years from the latest CV upload date, then deleted or anonymized |
| Job records | Deleted 5 years after creation |
| Recruiter–applicant messages | Retained up to the longer of the job lifecycle or email audit/dispute windows, then deleted in line with the above |
| Account & billing records | Kept for the duration of the account and longer if required for compliance, disputes, or auditing; then deleted or anonymized |
| Backups & logs | Rotated and deleted per standard cycles; access is restricted and monitored |
Justification for 5 years: to support repeat applications, quality assurance, audit trails, and the resolution of complaints or disputes. We periodically review retention.
International processing & transfers
Data may be processed in multiple jurisdictions. Where transfers require safeguards, we implement appropriate contractual and technical protections consistent with applicable law.
Children
The Platform is not designed for minors. We will delete such data upon request.
Security overview (summary)
We employ encryption in transit and at rest, strict access controls, multi-factor authentication for privileged access, audit logging, vulnerability management, employee training, and incident response procedures.
Changes
We may update this Policy. Material changes will be communicated through the Platform. Continued use signifies acceptance of updates.
Contact
For privacy requests or questions:
support@menahire.com