Privacy Policy

This Privacy Policy describes how Hifinity ("we," "us," or "our") collects, uses, and shares information when you use our AI-powered candidate screening and interview platform.

1. Information We Collect

1.1 Business Account Information

When you create a business account, we collect: company name, business email address, contact name, phone number, billing information, and company size. This information is necessary to provide our service, process payments, and communicate with you about your account.

1.2 Candidate Data

We process candidate information on behalf of our business customers, including: names, email addresses, resumes/CVs, interview responses (text, audio, and video recordings), evaluation scores, and assessment results. Video and audio recordings are transcribed using AI and stored securely for the duration specified by the business customer (typically 12-24 months). All recordings are encrypted and access is restricted to authorized personnel only. We act as a data processor for this information.

1.3 Usage and Technical Information

We automatically collect: IP addresses, browser type, device information, pages visited, features used, time spent on the platform, and interaction data. This helps us improve our platform, ensure security, and provide analytics to our business customers.

1.4 Job Posting and Recruitment Data

We collect job descriptions, required qualifications, interview questions, evaluation criteria, and hiring workflow configurations created by business customers to deliver our AI-powered screening services.

2. How We Use Your Information

2.1 Service Delivery

• Conduct AI-powered candidate interviews and assessments
• Generate interview questions tailored to job requirements
• Analyze candidate responses and provide scoring/ranking
• Deliver analytics and insights to business customers
• Facilitate communication between recruiters and candidates

2.2 Platform Improvement

• Improve AI models and interview quality
• Develop new features and functionality
• Analyze usage patterns and optimize user experience
• Conduct research and development

2.3 Business Operations

• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Send service updates and important notifications
• Ensure platform security and prevent fraud
• Comply with legal and regulatory requirements

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in operating our platform, including: cloud hosting providers (AWS, Google Cloud), payment processors (Stripe), email service providers, and analytics tools. These providers are bound by strict confidentiality agreements and data processing agreements (DPAs) and may only use your information to perform services on our behalf.

3.2 Business Customers

Candidate data is shared with the business customer (employer) who initiated the interview process. Business customers are responsible for their own use of candidate data and must comply with applicable privacy laws.

3.3 Legal Requirements

We may disclose information when required by law, legal process, litigation, or government request, or to protect our rights, property, or safety, or that of our users or the public.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide advance notice and ensure the acquiring party honors this privacy policy.

4. Data Security and Protection

We implement comprehensive security measures to protect your information:

4.1 Technical Security

• All data encrypted in transit using TLS 1.3 encryption
• Data encrypted at rest using AES-256 encryption
• Secure cloud infrastructure with redundancy and backups
• Regular security audits and penetration testing
• Automated vulnerability scanning and patch management

4.2 Access Controls

• Multi-factor authentication (MFA) for all accounts
• Role-based access control (RBAC) for business users
• Strict employee access policies and background checks
• Audit logs for all data access and modifications

4.3 Data Handling

• Video and audio recordings transcribed and stored securely per customer retention settings
• All video recordings encrypted at rest and in transit
• Automated data deletion upon account termination
• Regular backups with encrypted storage
• Incident response plan and security monitoring

5. Your Rights and Choices

5.1 Business Customer Rights

As a business customer, you have the right to:

• Access: Request a copy of your business and candidate data
• Correction: Update or correct your business information
• Deletion: Request deletion of your account and associated data
• Portability: Export candidate data and interview results
• Restriction: Request limitation of data processing
• Object: Object to certain data processing activities

5.2 Candidate Rights

If you are a candidate who participated in an interview through our platform, you have the right to:

• Access: Request a copy of your interview data and assessment results
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your interview data (subject to employer's legal obligations)
• Withdraw Consent: Withdraw consent for data processing where applicable

To exercise these rights, please contact us at support@tradingplus.io or contact the employer who invited you to the interview. We will respond to requests within 30 days.

6. Cookies and Tracking

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze usage patterns and improve our service
• Provide personalized content and recommendations
• Ensure security and prevent fraud

You can control cookies through your browser settings, but this may affect some functionality of our service.

7. Data Retention

We retain data according to the following policies:

• Business Account Data: Retained for the duration of your active subscription plus 90 days
• Candidate Interview Data: Retained according to business customer settings (typically 12-24 months) or as required by law
• Video and Audio Recordings: Retained according to customer configuration, with automatic deletion available. Customers can configure retention periods from 30 days to 36 months
• Billing Records: Retained for 7 years as required by tax and accounting regulations
• Deleted Accounts: Personal data deleted within 30 days, except where legal retention is required

8. GDPR and Privacy Compliance

We are committed to compliance with global privacy regulations, including:

8.1 GDPR (European Union)

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). We process personal data lawfully based on: consent, contractual necessity, legal obligations, and legitimate interests. We provide Data Processing Agreements (DPAs) to business customers and implement appropriate safeguards for international data transfers.

8.2 CCPA (California)

For California residents, we comply with the California Consumer Privacy Act (CCPA). We do not sell personal information. California residents have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt-out of sales (though we don't sell data).

8.3 Data Processing Agreements

We provide Data Processing Agreements (DPAs) to business customers that outline our responsibilities as a data processor, including security measures, data breach notification procedures, and sub-processor management. Contact us to request a DPA.

9. International Data Transfers

Our services are hosted in the United States. If you are accessing our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have that information removed.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new policy on our website and sending you an email notification at least 30 days before the changes take effect. Your continued use of our service after such modifications constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us: