Privacy-Policy — JuggleHire - JuggleHire.com
Limited Time: Lifetime Deal — $139 One-Time Payment0d 0h 0m 0sGrab the Deal →
HomePrivacy Policy

Privacy Policy

Last Updated: May 7, 2026

This Privacy Policy describes how JuggleHire ("we," "us," or "our") collects, uses, and shares information when you use our hiring platform. Please read this policy carefully to understand our practices regarding your personal data.

Who this policy is for

This policy is written for three audiences. Where treatment differs, we say so:

  • Customers — recruiters, hiring managers, and team owners who sign up for a JuggleHire workspace. For customer account data, JuggleHire is the data controller.
  • Candidates — job applicants whose information is uploaded to or generated within a customer's JuggleHire workspace. For candidate data, the customer is the data controller and JuggleHire is the data processor acting on the customer's documented instructions. Candidates exercising rights against a JuggleHire customer should use the public request flow at https://{your-employer}.jugglehire.com/privacy/request (see Section 8).
  • Visitors — anyone browsing jugglehire.com without an account. JuggleHire is the controller for the limited data we collect from you (cookies, contact-form submissions).

Where this policy refers to "your data," it means the data we hold about you in whichever role you interact with us. If you are a candidate and want a copy of your data, or want it deleted, the route is the public request flow on your employer's tenant subdomain — not this page.

1. Information We Collect

Personal Information

  • Account Information: Name, email address, password, company details, job title
  • Profile Information: Employment history, educational background, skills, profile picture
  • Candidate Data: Information you collect from job applicants through our platform
  • Payment Information: Billing information and transaction records
  • Business Information: Company size, industry, business address, tax identification numbers
  • Communication Data: Email correspondence, support tickets, chat messages, feedback submissions
  • Integration Data: Information shared through third-party integrations you enable

Usage Data

  • Service Usage: How you interact with our platform, features used, time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, features used, crashes, system activity
  • Performance Data: Response times, error rates, system uptime metrics
  • Aggregated Statistics: Anonymized data about hiring processes, conversion rates, hiring funnels
  • Feature Adoption: Which features are used most frequently by your team

Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to collect information about your interactions with our platform and to enhance your user experience.

2. How We Use Your Information and Lawful Basis

Under the EU and UK General Data Protection Regulation (GDPR), every processing activity must rely on a lawful basis set out in Article 6. The table below sets out, for each purpose, what we do, what data we use, and the lawful basis we rely on. For automated candidate scoring specifically, see Section 10 (Automated Decision-Making).

  • Provide and operate the JuggleHire service — Account creation, workspace access, candidate pipeline management, interview scheduling, offer letters. Lawful basis: performance of a contract (Art. 6(1)(b)) for customers; legitimate interests (Art. 6(1)(f)) of the customer for candidate data processing on their behalf.
  • Process payments and manage subscriptions — Billing, invoicing, plan changes via Stripe. Lawful basis: performance of a contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for tax / accounting record-keeping.
  • Send service and transactional communications — Verification emails, password resets, candidate application notifications, system alerts. Lawful basis: performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)) in keeping users informed of activity on their account.
  • Send marketing communications — Product updates, newsletters, occasional offers (customers only; never to candidates). Lawful basis: consent (Art. 6(1)(a)) where required, or legitimate interests(Art. 6(1)(f)) under the soft-opt-in for existing customers. You can unsubscribe at any time via the link in any marketing email.
  • Improve the platform and analyse usage — Product analytics, feature adoption metrics, bug diagnostics. Lawful basis: legitimate interests (Art. 6(1)(f)) in operating and improving a recruitment platform; consent (Art. 6(1)(a)) for non-essential cookies on the public career-page surfaces (see Section 11).
  • Detect, prevent, and respond to fraud and abuse — Account abuse, brute-force attempts, spam detection, suspicious activity in candidate flows. Lawful basis: legitimate interests (Art. 6(1)(f)) in keeping the service safe and reliable.
  • Comply with legal obligations — Responding to law-enforcement requests, tax record retention, enforcing terms of service. Lawful basis: legal obligation (Art. 6(1)(c)).
  • Generate AI candidate summaries, ranking, and assessment scoring — See Section 10. Lawful basis: legitimate interests (Art. 6(1)(f)) of the customer in efficient candidate evaluation, with safeguards described in Section 10.

3. Third-Party Services We Use

We use various third-party services to support our platform:

  • Authentication: Google Auth for user login
  • Communications: Gmail for sending email messages
  • Scheduling: Google Calendar for interview scheduling, Google Meet for virtual interviews
  • Analytics: PostHog to track usage data and improve our services
  • Customer Support: Third-party customer service tools to assist with support requests
  • Payment Processing: Stripe for secure payment processing
  • Marketing: Affiliate marketing software, email marketing platforms

These third-party services may collect information sent by your browser as part of their operations. Their use of your information is governed by their respective privacy policies.

For the complete, up-to-date list of sub-processors — including the entity, processing location, and international transfer mechanism for each — see our Sub-Processors page.

4. Google API Data Usage and Privacy

What Google Data We Access

JuggleHire integrates with Google services to streamline recruitment workflows:

Gmail Integration:

  • What we access: Permission to send emails from your Gmail account (gmail.send scope)
  • Why we need it: To send candidate communications (interview invitations, status updates, outreach) directly from your professional email address
  • What we do NOT access: We cannot read your emails or access your inbox. We only have permission to send emails on your behalf.

Google Calendar Integration:

  • What we access: Permission to read and create calendar events (calendar.events scope)
  • Why we need it: To schedule interview appointments, check your availability, and sync interview schedules with your calendar
  • What we access: Event details, times, and availability information

Google Forms Integration:

  • What we access: Permission to read your Google Forms structure and responses (forms.body.readonly and forms.responses.readonly scopes)
  • Why we need it: To import candidate applications submitted through your Google Forms directly into JuggleHire, mapping form responses to candidate profiles
  • What we access: Form questions, field types, and submitted responses including any file attachments uploaded by applicants
  • What we do NOT do: We cannot modify your forms, delete responses, or access forms you haven't explicitly selected for import

User Profile Information:

  • What we access: Your email address and basic profile information (userinfo.email and userinfo.profile scopes)
  • Why we need it: To identify your account and personalize your JuggleHire experience

How We Use Google Data

  • Email Sending: When you send a message to a candidate through JuggleHire, we use gmail.send to deliver it from your Gmail account
  • Calendar Scheduling: When you schedule an interview, we create a calendar event in your Google Calendar with interview details and Google Meet links
  • Forms Import: When you import candidates from Google Forms, we read your form structure to enable field mapping, then read form responses to create candidate profiles in JuggleHire. File attachments (such as resumes) are downloaded and stored securely in your JuggleHire account.
  • Account Management: We use your email and profile to manage your JuggleHire account and provide personalized features

Data Storage and Security

  • Email content: We store the text of emails you compose through JuggleHire until you manually delete them
  • Calendar data: We store interview event details until you manually delete them
  • Google Forms data: Imported candidate data from Google Forms responses is stored as candidate profiles in your JuggleHire account. File attachments are downloaded once and stored securely; we do not maintain ongoing access to your Google Forms responses after import.
  • Security measures: All Google OAuth tokens are encrypted at rest and in transit using industry-standard encryption (AES-256)
  • Access controls: Only authorized system components can access Google API credentials

Data Sharing

  • We do NOT sell, rent, or share your Google data with third parties
  • We do NOT use your Google data for advertising or marketing purposes
  • Your Google data is used exclusively within JuggleHire for the recruitment features you've authorized

Your Rights and Controls

You can:

  • Revoke access: Disconnect Google integration at any time through Settings → Integrations in your JuggleHire account
  • View connected permissions: Check your Google Account permissions at myaccount.google.com/permissions
  • Request data deletion: Contact hello@jugglehire.com to request deletion of your Google-related data
  • Export your data: Available through your account settings

Google API Services User Data Policy Compliance

JuggleHire's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Data Retention

  • Email content: Retained until manually deleted by the organization owner
  • Calendar events: Retained until manually deleted by the organization owner
  • Google Forms imported data: Candidate profiles created from Google Forms imports are retained until manually deleted by the organization owner. We do not store raw Google Forms responses; only the mapped candidate data is retained.
  • OAuth tokens: Retained while your integration is active, deleted immediately upon disconnection

Updates to Google Data Handling

We will notify users of any material changes to our Google data handling practices via email and in-app notifications at least 30 days before changes take effect.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With Your Consent: When you authorize us to share your information
  • Service Providers: With third-party vendors who provide services on our behalf
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law, legal process, or government request
  • Protection of Rights: To protect our rights, privacy, property, or safety, and that of our users

We do not sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your information. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain personal data only as long as necessary for the purposes set out in this policy, after which we either delete it or anonymise it. The default windows are:

  • Rejected candidate records: 730 days (24 months) by default, after which the candidate is automatically purged. Customers can override this from Organization → Data retention in the app, with a minimum of 30 days and a maximum of 3,650 days.
  • Inactive candidate records (applied but never reached an outcome): 1,095 days (36 months) by default, configurable per workspace.
  • Soft-deleted candidates and applications: 30-day grace period before hard-deletion. During grace, a recruiter may restore the record.
  • Soft-deleted workspaces: 30-day grace period before the entire team and its data are hard-deleted.
  • Audit and activity logs: 6 months in primary storage; archived to encrypted cold storage for an additional 18 months; hard-deleted at 24 months.
  • Subject-access-request verification tokens: 72 hours from issuance. Download links for completed exports: rotated single-use token with a 5-minute presigned URL on each click.
  • Billing and tax records: 7 years, as required by applicable tax law.
  • Account data after closure: deleted or anonymised within 30 days, except where retention is required for legal, tax, or fraud-prevention purposes.

Customers can configure per-workspace retention windows for rejected and inactive candidate records at Organization → Data retention inside the app. Setting a shorter window does not reduce statutory retention obligations (e.g. billing records).

8. Your Rights and How to Exercise Them

If you are in the EEA, the UK, Switzerland, California, or another jurisdiction with comparable privacy law, you have the following rights regarding personal data we hold about you:

  • Right of access (Art. 15) — Confirmation of whether we process your data, and a copy of it.
  • Right to rectification (Art. 16) — Correction of inaccurate or incomplete data.
  • Right to erasure / right to be forgotten (Art. 17) — Deletion of your data, subject to lawful exceptions.
  • Right to restrict processing (Art. 18) — Request that we limit how we process your data.
  • Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format (we provide a ZIP bundle with a JSON manifest).
  • Right to object (Art. 21) — Object to processing based on legitimate interests, including profiling.
  • Right not to be subject to automated decision-making (Art. 22) — See Section 10 for how this applies to AI candidate ranking.
  • Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint (Art. 77) — File a complaint with your local supervisory authority. For EU residents, find your authority at edpb.europa.eu/about-edpb/about-edpb/members.

How to exercise these rights

The route depends on your relationship with JuggleHire:

  • If you are a candidate who applied for a role through a JuggleHire customer's career page, the customer (your prospective employer) is the data controller. Use their public request flow at https://{your-employer}.jugglehire.com/privacy/request — you'll be asked for your email, you'll get a verification link, and once verified you can download your data or request deletion. We respond within 30 days.
  • If you are a customer (recruiter or team owner), you can manage retention, anonymise candidates, or delete candidate records directly from inside your workspace. For requests about your own customer-account data, email hello@jugglehire.com.
  • If you are a visitor, email hello@jugglehire.com with your request.

We may need to verify your identity before fulfilling a request. Where we cannot identify you in our records (for example, because you applied to a customer's career page that has since been deleted) we will tell you so without disclosing whether your data is held by any other tenant.

9. Sub-Processors and Data Processing Addendum

We engage trusted third-party service providers (sub-processors) to help us deliver the JuggleHire platform — for example, Cloudflare R2 for file storage, OpenAI for AI summaries and assessment scoring, Stripe for billing. The full up-to-date list, including the entity, processing location, and international transfer mechanism for each, lives at jugglehire.com/sub-processors. That list is incorporated by reference into this policy and into our Data Processing Addendum (DPA).

Customers requiring an executed DPA for EU candidate data processing can review and accept our DPA at jugglehire.com/dpa or in-app under Organization → Settings. Acceptance is recorded with timestamp, acceptor identity, and DPA version.

We commit to providing at least 30 days' advance notice of any new sub-processor that will process customer personal data, giving customers time to object on reasonable grounds. To subscribe to change notifications, email hello@jugglehire.com with the subject line "Subscribe to sub-processor changes."

10. Automated Decision-Making and AI Processing

JuggleHire uses AI to help recruiters review candidates faster. Specifically, we use OpenAI models to:

  • Generate a short summary and verdict ("Strong Yes / Yes / Maybe / No") on each candidate's profile
  • Rank candidates within a job posting based on the job description and resume content
  • Score open-ended assessment answers and produce a recommended overall score
  • Transcribe candidate video responses (Whisper)
  • Parse uploaded resumes into structured fields (skills, work experience, education)

These outputs are recommendations to the recruiter. They do not by themselves produce a hiring decision, an offer, or a rejection. A human recruiter reviews and decides every stage move, every offer, and every rejection. Under Article 22 of the GDPR, this means our AI processing is decision-support, not solely-automated decision-making, because a human is meaningfully involved in every consequential outcome.

Safeguards. AI-generated summaries are clearly labelled in the recruiter UI. The recruiter sees the underlying resume, application answers, and assessment responses alongside the AI verdict. Recruiters can regenerate or ignore an AI summary at any time. AI is never used to auto-reject candidates without a recruiter-configured automation rule (which the recruiter sets up explicitly).

Candidate rights. If you are a candidate and you do not want AI processing applied to your application — for example, because you'd prefer your application be reviewed without an AI summary or rank — you can request this via the public request flow at your prospective employer's tenant subdomain (see Section 8). We are working to ship a self-service AI opt-out toggle on the candidate-facing privacy request form; until then, customer-side recruiters can honour this objection manually on a per-candidate basis.

11. International Data Transfers

JuggleHire is a US-based service, and several of our sub-processors are based in the United States or operate global infrastructure. When personal data of EEA, UK, or Swiss data subjects is transferred outside those regions, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs). The European Commission's Standard Contractual Clauses, Module 2 (controller-to-processor), as published in Commission Implementing Decision (EU) 2021/914.
  • EU-US Data Privacy Framework. Where a sub-processor is self-certified under the DPF (Cloudflare, OpenAI, Stripe, Zoom, Google — see the sub-processor list for current status), transfers to that sub-processor additionally rely on that adequacy mechanism.
  • UK International Data Transfer Addendum. For transfers from the UK, we incorporate the UK IDTA to the SCCs.

For UK and Swiss transfers, equivalent safeguards apply via the UK IDTA and the Swiss Federal Act on Data Protection (FADP) respectively.

12. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. The updated version will be effective as of the date stated at the top of this policy. We will notify customers of any material changes by email and via in-app notification at least 30 days before the change takes effect.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: hello@jugglehire.com
Data protection inquiries: hello@jugglehire.com (subject line: "Data protection")
Website: www.jugglehire.com/contact

By using JuggleHire, you acknowledge that you have read and understood this Privacy Policy.