← Back to Smart Signal

Privacy Policy

Last updated: February 1, 2026

1. Introduction

Smart Signal ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our applicant tracking and recruiting platform ("Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Organization name
  • Password (securely hashed)

2.2 Candidate Data

When you use our Service to manage candidates, you may upload or enter:

  • Candidate names and contact information
  • Resumes and application materials
  • Interview notes and feedback
  • Employment history and qualifications
  • Communication history (emails sent through the platform)
  • Calendar events and scheduled interviews
  • Meeting attendee information

2.3 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Feature usage patterns

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our Service
  • Process your recruiting workflows
  • Send emails on your behalf to candidates
  • Provide AI-powered features (resume parsing, candidate matching)
  • Improve our Service and develop new features
  • Communicate with you about your account
  • Ensure security and prevent fraud

4. AI and Automated Processing

Our Service uses artificial intelligence provided by OpenAI to enhance recruiting workflows. AI features include:

  • Resume Parsing - Automatic extraction of candidate information from uploaded resumes
  • Candidate Scoring - AI-generated assessments based on job requirements (advisory only)
  • Email Drafting - Suggested email content for candidate communications
  • Job Description Generation - AI-assisted creation of job postings

Important disclosures:

  • Candidate data processed by AI is sent to OpenAI's API servers in the United States
  • OpenAI does not use API data to train their models (per their data usage policy)
  • AI-generated scores and suggestions are recommendations only; hiring decisions must be made by humans
  • We do not use your data to train any AI models
  • You can disable AI features for your organization in Settings

You are responsible for disclosing AI usage in your hiring process to candidates where required by law.

5. Data Sharing and Third Parties

We share data with the following service providers:

  • Supabase - Authentication and database hosting
  • Resend - Email delivery service
  • OpenAI - AI processing for smart features
  • Vercel - Application hosting
  • Fly.io - Backend API hosting
  • Google - Calendar integration (when connected)

We do not sell your personal information or candidate data to third parties.

International Data Transfers

Your data may be transferred to and processed in the United States, where our service providers are located. By using our Service, you consent to this transfer. We ensure appropriate safeguards are in place through our agreements with service providers, including Standard Contractual Clauses where applicable.

6. Data Retention

We retain different types of data for different periods:

  • Account data - Retained while your account is active, plus 30 days after deletion request
  • Candidate data - Retained until you delete it or close your account
  • Usage logs - Retained for 90 days
  • Email records - Retained for 2 years for compliance purposes
  • Backup copies - May persist for up to 90 days after deletion

Your retention responsibilities: As the data controller for candidate information, you should establish retention policies that comply with applicable laws. Many jurisdictions require you to delete candidate data after a certain period if they are not hired. We provide bulk deletion tools in Settings to help you comply with these requirements.

7. Data Security

We implement appropriate security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure password hashing
  • Access controls and authentication
  • Regular security reviews

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

  • Access - Request a copy of your data
  • Correction - Update inaccurate information
  • Deletion - Request deletion of your data
  • Export - Receive your data in a portable format
  • Objection - Object to certain processing

To exercise these rights, contact us at support@ssignal.app or use the data export/deletion features in Settings.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your CCPA rights

To make a CCPA request, email us at support@ssignal.app with "CCPA Request" in the subject line.

9. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies - Required for authentication and session management. Cannot be disabled.
  • Preference cookies - Remember your settings (theme, language). Can be cleared in browser settings.

We do not currently use analytics or advertising cookies. We do not engage in cross-site tracking or sell data to advertisers. If this changes, we will update this policy and provide opt-out options.

10. Data Breach Notification

In the event of a data breach that affects your personal information or candidate data, we will:

  • Notify affected organizations within 72 hours of becoming aware of the breach
  • Provide details about what data was affected
  • Describe the measures taken to address the breach
  • Offer guidance on steps you can take to protect yourself and your candidates

As the data controller for candidate information, you are responsible for notifying affected candidates and relevant authorities as required by applicable law.

11. Data Processing Roles

Understanding our respective roles helps clarify responsibilities:

  • You (the organization) are the data controller for candidate information. You determine why and how candidate data is processed and are responsible for compliance with data protection laws.
  • Smart Signal is a data processor acting on your behalf. We process candidate data only according to your instructions through your use of our Service.
  • For your account and usage data, Smart Signal is the data controller.

Enterprise customers may request a Data Processing Agreement (DPA) by contacting us at support@ssignal.app.

12. Candidate Privacy Rights

If you are a job candidate whose information has been uploaded to our platform by an employer:

  • Your data is controlled by the organization that uploaded it, not by Smart Signal
  • To access, correct, or delete your data, contact the organization directly
  • If you cannot reach the organization, contact us and we will attempt to assist

Candidates can contact us at support@ssignal.app with questions about how their data is being processed.

13. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

For material changes that significantly affect how we process your data, we will provide additional notice via email or through the Service at least 30 days before the changes take effect.

15. Contact Us

If you have questions about this Privacy Policy, please contact us at:

support@ssignal.app

Terms of ServiceSign In