Privacy Policy

1. Introduction

Promtitude ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our recruitment platform, web application, and Chrome browser extension.

By using Promtitude, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Account information (name, email, company, job title)
• Password (encrypted) or OAuth tokens (for Google Sign-in users)
• Resume data and candidate information you upload
• Interview recordings and transcriptions
• Messages and communications through our platform
• Payment information (processed securely through third-party providers)

2.2 Browser Extension (Optional)

If you choose to use our browser extension:

• The extension only processes content on pages you open and interact with
• It does not bypass logins, rate-limits, or technical protections
• It does not perform bulk automated collection
• We only process information you choose to import that is visible to you at the time of use
• Import queue data and preferences are stored locally and synced with your account

2.3 Information We Collect Automatically

• Usage data (features used, searches performed, time spent)
• Device information (browser type, operating system)
• IP address and approximate location
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information to:

• Provide and maintain our services
• Process and analyze resumes using AI
• Generate interview insights and recommendations
• Analyze anonymized telemetry to improve service reliability (we do NOT train shared models on your data)
• Communicate with you about our services
• Ensure platform security and prevent fraud
• Comply with legal obligations

3.1 Lawful Bases (GDPR)

We process your data under the following legal bases:

• Contract: To provide the service you requested (account, search, uploads, analysis)
• Legitimate interests: To improve reliability, prevent abuse, and keep the service secure
• Consent: For analytics cookies and interview recordings where required by law

4. Data Isolation and Security

We implement strict data isolation and security measures:

• User Data Isolation: Each user's data is strictly isolated - you can only see profiles and data you've imported
• Shared Browser Protection: In shared browser environments, user data remains private to each account
• Chrome Extension Security: Extension data is stored per-user and isolated between accounts
• Encryption: All data transmission is encrypted using TLS 1.2 or higher
• Secure Storage: Session tokens are stored securely (HttpOnly, Secure cookies where applicable)
• Password Security: Passwords are hashed using industry-standard bcrypt algorithm

5. Third-Party Platform Terms

When using our browser extension with third-party sites:

• Your use of third-party sites (e.g., LinkedIn) remains subject to those sites' terms and policies
• You are responsible for ensuring your use of the extension complies with such terms
• Profile data is collected only through user-initiated actions on pages you visit
• If we learn of a conflict with platform terms, we may limit or disable features
• You control which profiles to import and can delete them at any time

6. Data Sharing and Third Parties

We may share your information with:

• AI Service Providers: OpenAI (for GPT models) and Anthropic (for Claude models) to power our AI features
• Cloud Infrastructure: Vercel (web app and serverless API) and Railway (databases and background workers)
• Analytics Services: To understand usage patterns and improve our service
• Legal Requirements: When required by law or to protect our rights

We do not sell, trade, or rent your personal information to third parties.

6.1 Controller vs Processor Roles

For recruiter accounts, Promtitude acts as a processor for resume data and transcripts, and as a controller for account, billing, and service analytics data. A Data Processing Addendum (DPA) is available upon request.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Object: Object to certain types of processing
• Restrict: Request limited processing of your data

To exercise these rights, please contact us at promtitude@gmail.com. We respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest
• Regular security audits and penetration testing
• Access controls and authentication
• Employee training on data protection

9. Data Retention

We retain personal data only as long as necessary to provide the service or as required by law. Default targets during beta are:

• Profile/account data — retained while your account is active
• Resume data — retained while your organization's account is active; deleted on request
• Interview transcripts/recordings — default TTL of 180 days (configurable); deletion on request
• Backups — point-in-time backups with scheduled expiry
• Browser extension queue data — cleared after successful processing

We honor deletion requests and aim to complete them within 30 days, subject to legal holds and backup windows.

10. Cookies & Tracking

We use cookies and similar technologies for:

• Essential cookies: For authentication and core functionality
• Analytics cookies: To understand product usage and improve our service (optional)

You can manage non-essential cookies through your browser settings. Essential cookies are required for the service to function. To update your cookie preferences, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Where data is processed outside your country, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) where required.

For customers acting as controllers, our Data Processing Addendum (including SCCs) is available upon request.Request DPA →

12. Interview Recording Consent

If you record interviews using our platform:

• You are responsible for obtaining all required notices and consents under applicable law
• This includes compliance with two-party consent jurisdictions where applicable
• We provide tools to help you honor access and deletion requests for these recordings
• Interview data is processed solely for your recruitment purposes

13. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at promtitude@gmail.com for immediate deletion.

14. Subprocessors

We use the following subprocessors to provide our services:

• Vercel: Web application and serverless API hosting
• Railway: Database and background worker infrastructure
• OpenAI: AI model provider for resume analysis and insights
• Email providers: For transactional communications
• Analytics/Monitoring: For service reliability and performance

For a complete and updated list,request our subprocessor list →

15. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

For security-related inquiries, please visit ourSecurity & Compliance page.

17. Changelog