← Back to hired.fit

Legal

Privacy Policy

Last updated: 18 May 2026

1. Introduction

Welcome to hired.fit. hired.fit is a product of Reeply B.V. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, create an account, upload your CV, use AI-powered career features, purchase a subscription, or otherwise interact with the service.

We aim to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. If this policy uses terms such as "we," "us," or "our," it refers to Reeply B.V. as the operator of hired.fit.

2. Data Controller

The data controller responsible for hired.fit is:

Reeply B.V.

High Tech Campus 5

5656 AE Eindhoven

Netherlands

Email: contact@reeply.net

Chamber of Commerce (KvK): 92955479

3. What Data We Process

The exact data we process depends on how you use hired.fit. In general, we may process the following categories:

Account and identity data

Name, email address, authentication identifiers, account status, sign-in and sign-up metadata, and related session data provided through our authentication provider.

CV, profile, and career data

CV uploads, extracted CV text, structured profile information, experience, education, skills, extracurricular activities, contact details you add to your profile, and any personal context or career preferences you provide.

Job and application data

Job descriptions, job links, companies, salaries, requirements, fit analyses, job tracking statuses, tailored CVs, cover letters, application answers, and related output generated or stored in your workspace.

Interview and audio data

Interview preparation notes, mock interview turns, interview evaluations, company research, optional audio uploads, and transcriptions where voice-based practice features are used.

Billing data

Subscription status, plan information, Stripe customer and subscription identifiers, billing events, usage and entitlement records, and limited checkout metadata. We do not store full payment card numbers on our own servers.

Technical and security data

IP address, browser and device information, request metadata, security logs, rate limiting and abuse-prevention data, and system events required to keep the service stable and secure.

Please avoid uploading special category personal data unless it is strictly necessary for your own use of the service. CVs and job application materials can naturally include sensitive personal details, so you should review what you upload.

4. Why We Process Your Data

We process personal data to provide and operate hired.fit, including:

  • to create and manage your account and secure sign-in sessions;
  • to parse and structure your CV and profile information;
  • to match your profile with relevant jobs and career opportunities;
  • to generate tailored CVs, cover letters, application answers, fit analyses, and other career materials;
  • to provide interview preparation, transcription, and feedback;
  • to process subscriptions, billing, and entitlement logic;
  • to operate scouting, scheduling, background jobs, and product reliability workflows;
  • to maintain security, prevent fraud, and stop abuse of the service;
  • to comply with legal obligations, including tax, accounting, and regulatory requirements.

5. GDPR Legal Bases

Depending on the processing activity, we rely on one or more of the following legal bases under GDPR:

  • Performance of a contract for account creation, subscriptions, AI-assisted product features, billing, and delivery of the service you request.
  • Legitimate interests for service security, abuse prevention, debugging, infrastructure stability, and internal operational improvement where those interests are not overridden by your rights and freedoms.
  • Consent where legally required, for example if we later introduce optional non-essential cookies or marketing features that require consent.
  • Legal obligation where we must retain or disclose certain data to meet applicable legal, tax, accounting, or regulatory duties.

6. AI Processing and Automated Workflows

hired.fit uses third-party AI APIs to provide core product features, including CV parsing, fit analysis, job extraction, salary analysis, document generation, application-answer drafting, company research, interview practice, and transcription.

To provide these features, relevant user content may be sent to one or more AI providers. This can include CV text, job descriptions, profile details, prompts, interview content, and generated outputs. We use API services rather than public consumer chat interfaces.

We intend to use providers under their business or API terms. Where providers state in those terms that API data is not used to train their underlying models, we rely on those commitments. Provider terms may change over time, so users should understand that processing is also subject to the applicable provider documentation and agreements.

7. Payments and Subscriptions

If you purchase a paid plan, payment details are processed by Stripe. We receive limited billing-related information such as the Stripe customer ID, subscription ID, plan status, and billing period data so that we can activate and manage access. Full payment card details are handled by Stripe and are not stored on our own servers.

8. Cookies and Tracking

Based on the current hired.fit product setup, we do not intentionally use advertising pixels or broad marketing analytics tools such as Meta Pixel or PostHog in this codebase. We may still use essential cookies or equivalent technologies required for authentication, security, session management, and core product functionality.

If we later add optional analytics, advertising, or retargeting tools that require consent, we will update this Privacy Policy and, where required, introduce an appropriate consent mechanism.

9. Subprocessors and Service Providers

We use third-party providers to operate hired.fit. These providers may process personal data on our behalf or, in the case of payment providers, as independent controllers for their own regulated payment processing activities.

Clerk

Authentication, account creation, secure sessions, and user identity management.

Processed according to Clerk's infrastructure, privacy terms, and applicable transfer safeguards.

MongoDB Atlas

Database hosting for profiles, CV data, jobs, generated documents, scouting preferences, billing metadata, and workspace data.

Configured for EU region hosting where available.

Stripe

Subscription billing, checkout, billing portal, fraud prevention, and payment-related records.

Processed according to Stripe's infrastructure, privacy terms, and payment compliance framework.

Anthropic

AI text generation for fit analysis, cover letters, tailored CVs, application answers, and interview workflows where enabled.

API processing under business/API terms and applicable data processing terms.

Google Generative AI

CV parsing, salary analysis, company research, job extraction, and other AI-supported product workflows where enabled.

API processing under Google's applicable business, privacy, and transfer terms.

OpenAI

Audio transcription for interview practice and related voice-based features where enabled.

API processing under OpenAI's applicable business/API terms and safeguards.

Inngest

Background jobs and scheduled scouting workflows.

Processed according to Inngest's infrastructure and applicable data processing terms.

Job data providers such as TheirStack

Job search, job discovery, job metadata, and scouting workflows.

Processed according to the relevant provider's infrastructure and applicable service terms.

10. International Data Transfers

Some of the service providers we use may process data outside the European Economic Area (EEA), including in the United States or other countries that may not have the same level of data protection as your home jurisdiction.

Where required, we seek to rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), supplementary measures, applicable adequacy decisions, or equivalent lawful transfer mechanisms offered by the relevant provider.

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, including the provision of the service, security, billing, dispute handling, and compliance with legal obligations.

In practice, this means:

  • account and workspace data are generally retained while your account remains active;
  • generated content, job data, CV data, and interview content are retained while needed to provide your workspace and related product functions;
  • billing and transaction-related records may be retained longer where required for accounting, tax, fraud prevention, or legal reasons;
  • security and operational logs may be retained for a limited period proportionate to security and reliability needs.

If you request deletion of your account, we will delete or anonymize data where reasonably possible, subject to records we must retain for legal, accounting, security, or evidentiary reasons.

12. Security

We implement appropriate technical and organizational measures to help protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Your GDPR Rights

If you are located in the EEA, UK, or another jurisdiction that gives you similar rights, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your personal data;
  • request restriction of processing;
  • request data portability where applicable;
  • object to processing based on legitimate interests;
  • withdraw consent where processing relies on consent.

To exercise your rights, contact us at contact@reeply.net. You also have the right to lodge a complaint with your local data protection authority, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), if you believe our processing violates applicable law.

14. Children's Privacy

hired.fit is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided personal data to us, please contact us so that we can review and delete the data where appropriate.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or product changes. If we make material changes, we will update the "Last updated" date on this page and may provide additional notice where appropriate.

16. Contact

For privacy questions, requests, or complaints, contact Reeply B.V. at contact@reeply.net.