Privacy Policy

Last updated: October 15, 2025

This policy describes how Shortlist Hire ("Shortlist Hire," "we," "us," or "our") collects, uses, and shares information when you use shortlisthire.com and related services. If you do not agree, do not use the Service.

1. Who we are

Shortlist Hire provides recruiting software, including candidate sourcing, shortlisting, and interview scheduling tools.

Contact: support@shortlisthire.com

Privacy inquiries: privacy@shortlisthire.com

2. Scope

This policy applies to the websites, applications, and APIs we operate. It also covers integrations you choose to connect (e.g., Google Sign‑In, Google Calendar).

3. Information we collect

We collect the following categories of information:

3.1 Account and organization

  • Name, email, organization name, role.
  • Credentials you create (hashed; we never store your plaintext password).
  • Google Sign‑In profile data (name, email, Google ID) if you sign in with Google.

3.2 Product data you input

  • Job descriptions, role details, budgets, locations, and other fields you provide.
  • Candidate records you create or import (e.g., name, email, profile data you input).
  • Timeline events and status changes created by your actions.

3.3 Scheduling data (if you connect Google Calendar)

  • Availability data used to compute free/busy slots.
  • Interview events we create on your behalf, including event ID, start/end time, attendee emails, and (if applicable) video‑conference links.
  • We do not read the contents of unrelated calendar events.

3.4 Communications

Service emails and notifications we send (e.g., verification codes, status updates, candidate invitations).

3.5 Technical data

  • IP address, device and browser data, and service logs.
  • Cookies and similar technologies (see Section 9).

3.6 Payments (if applicable)

Payment identifiers (e.g., Stripe customer ID, payment intent ID) and transaction metadata. We do not store full payment card numbers; payments are processed by our payment provider.

3.7 AI features you use (optional)

Prompts and content you choose to send to our AI features to generate summaries, suggestions, or other outputs.

4. How we use information

We use information to:

  • Operate, maintain, and secure the Service.
  • Authenticate users; send verification codes; prevent fraud and abuse.
  • Process your inputs to create candidate shortlists and manage jobs.
  • Provide scheduling, including computing availability and creating interview events when you connect Google Calendar.
  • Send transactional communications you request (e.g., candidate invitations, shortlist‑ready notices).
  • Improve reliability and performance, and comply with legal obligations.

5. Integrations and data sharing

We share information with service providers acting on our behalf. These processors are restricted to using data only to provide their services to us.

Infrastructure and DevOps

Hosting, data storage, compute, and content delivery services.

Email delivery

Transactional email service to send verification codes, notifications, and interview invitations.

Identity and scheduling

Google Sign‑In for authentication. Google Calendar (only if you connect it) to read availability and create interview events.

Payments (if used)

Payment processor for charging fees and managing billing identifiers.

Sourcing and enrichment (feature‑dependent)

Public web sources and developer platforms' APIs to discover candidate profiles based on your queries.

AI providers (optional)

When you use AI features, your prompts and relevant context may be sent to AI model providers to generate outputs you request.

We do not sell your personal information.

6. Google Services Integration

6.1 Google OAuth Authentication

When you sign in with Google, Shortlist Hire collects and uses your Google account information to authenticate your identity and create your account.

Scopes requested:

  • openid – Verify your identity
  • email – Access your email address
  • profile – Access your basic profile information (name, profile picture)

Purpose: These scopes are used only for secure login and personalizing your account.

6.2 Google Calendar Integration

If you connect Google Calendar, Shortlist Hire accesses your calendar to view free/busy status and create, update, or delete interview events that you initiate.

Scopes requested:

  • calendar.readonly – View your calendar availability
  • calendar.events.owned – Create, update, and delete events initiated through Shortlist Hire

What We Access:

  • Calendar free/busy information to determine your availability
  • Event metadata (title, time, attendees, location, video conference links) for events created through Shortlist Hire
  • We do not access or read the contents of calendar events you created outside of Shortlist Hire

How We Use Calendar Data:

  • Calendar data is used solely to schedule interviews and display your availability
  • We store minimal event metadata (event ID, start/end time, attendee emails, meeting links) needed for rescheduling and notifications
  • Calendar data is not shared with advertisers or third parties for any unrelated purpose

User Controls:

  • You can disconnect Calendar at any time in your Shortlist Hire account settings
  • You can also revoke access through your Google Account permissions at https://myaccount.google.com/permissions
  • All calendar data is deleted or anonymized once you disconnect the integration

Data Retention:

  • Calendar metadata is retained only as long as needed to support rescheduling and audit history
  • Upon disconnection, all calendar data is deleted in accordance with our retention policies

6.3 Limited Use Compliance

Shortlist Hire's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Google user data is used only to provide user-facing features visible and described within Shortlist Hire
  • We do not use Google data for serving advertisements
  • We do not sell Google user data to third parties
  • We do not use or transfer Google user data for purposes unrelated to the core functionality of Shortlist Hire (authentication and interview scheduling)
  • We do not use or transfer Google user data to determine creditworthiness or for lending purposes

Shortlist Hire's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. For more information, visit: https://developers.google.com/terms/api-services-user-data-policy

7. Data retention

  • Account and organization records: retained while your account is active. On request we delete or de‑identify data unless we must retain it for legal reasons.
  • One‑time verification codes: short‑lived and removed after use or expiry.
  • Calendar metadata we store for scheduling: retained as long as needed to support rescheduling and audit history.
  • Logs: retained for a limited period for security and debugging.

8. Your choices and rights

  • Access, correction, deletion: Email support@shortlisthire.com to request a copy, correction, or deletion of your data.
  • Revoke Google access: Google Account → Security → Third‑party access.
  • Disconnect integrations: If provided in‑app, you can disconnect integrations in settings.
  • Marketing: We currently send only transactional messages necessary to operate the Service.

9. Cookies

We use cookies and similar technologies to operate sign‑in, maintain sessions, and measure product usage.

  • Essential cookies: required for authentication and core functionality, including an HTTP‑only refresh‑token cookie with a limited lifetime.
  • Analytics: we use analytics to understand feature adoption and reliability. Analytics may set cookies or use similar identifiers. Where offered, you can adjust analytics preferences in settings or via applicable regional consent prompts.

10. Security

TLS for data in transit. Role‑based access controls. Principle of least privilege. Regular reviews of credentials and secrets. We do not store plaintext passwords.

11. International transfers

We and our processors may operate globally. Where required, we use contractual and technical safeguards for cross‑border transfers.

12. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from them.

13. Changes

We will update this policy as the Service evolves. Material changes will be noted by updating the "Last updated" date and, where appropriate, providing additional notice.

Annex A: Integration‑specific details

A.1 Google Sign‑In

  • Data received: name, email, Google account ID, profile image.
  • Purpose: account creation and authentication.

A.2 Google Calendar (optional scheduling)

  • Data used: free/busy for availability; event creation fields you provide. We store minimal event metadata needed for rescheduling and notifications. We do not read unrelated event contents.
  • Revocation: you may revoke our access at any time in your Google Account.

A.3 Email delivery

We send service emails (e.g., verification codes, shortlist‑ready notices, candidate invitations). Providers process recipient addresses and message content to deliver emails.

A.4 AI features (optional)

Prompts and context you submit to AI features may be sent to model providers to generate outputs you request. Do not include sensitive personal information unless necessary for your use case.

A.5 Payments (if enabled)

We store payment identifiers and billing metadata. Card processing is handled by Stripe; we do not store full card details on our servers.

Regional disclosures (summary)

EEA/UK

Where applicable, our legal bases include contract (to provide the Service), legitimate interests (to secure and improve it), and consent (for optional integrations and analytics). You may have rights of access, deletion, portability, and objection.

California

We do not sell personal information. You may request deletion and access.

Questions about our Privacy Policy?

We're here to help

Contact Support