In one sentence: We store the data you put into HireFlow so the platform can do its job. We do not sell it, share it, profile it, or feed it to AI models. Offer data is yours.
Hosting and infrastructure
HireFlow runs on infrastructure located in the European Union. All data — accounts, offers, candidate details, audit logs — is stored on servers within the EU. We do not transfer personal data outside the EU/EEA without the appropriate legal safeguards.
Encryption
- All connections to the platform use HTTPS with modern TLS
- Database storage uses encryption at rest at the infrastructure layer
- Database backups are encrypted and stored separately from the live database
- Sensitive credentials (SMTP passwords, API keys, where applicable) are encrypted in storage
Access control
- Each account is isolated — other accounts cannot see your offers, your candidates or your audit log
- Within an account, role-based permissions separate admins, managers and standard users
- Popcorns staff access to customer data is restricted to support and operations roles, logged, and only used when necessary to operate the service or respond to a support request
- Offer documents shared via public link use unique, hard-to-guess identifiers — but anyone with the link can view the offer (this is intentional, since the link is what the company sends to the candidate)
What we collect
Account-level data: company name, country, tax ID, contact details, user accounts, login history.
Offer content: candidate name and contact (if you choose to add it), job title, compensation, benefits, dates, terms, status changes.
Operational data: view counts and timestamps when the public offer link is opened, IP address and basic browser/device information for security and audit purposes.
What we do not do
- We do not sell your data to third parties
- We do not use your offer content or candidate data to train AI models
- We do not market to candidates whose details you enter into the system
- We do not share your data with recruiters, job boards, or data brokers
- We do not use advertising or analytics cookies that profile users across sites
Retention
- Active account data is retained while your account is active
- Offer content is retained for as long as the offer exists in your account
- On account closure, all data is deleted within thirty days, except records we are legally required to keep (such as billing records for tax compliance)
- Unverified accounts that remain inactive for ninety days may be deleted
Audit log
Every meaningful action on an offer — created, edited, sent, status changed, viewed — is logged with timestamp, the user who performed the action, and the IP address. This audit log is visible to account admins. It exists so that, if there is ever a question about who did what and when, the answer is in the system rather than in someone's memory.
Candidate data
When you enter a candidate's details into an offer, you are the data controller and Popcorns acts as a data processor. You are responsible for having a legal basis to process the candidate's data — typically that you are actively in a hiring process with them. Candidate data is stored only inside your account, used only to deliver and track the offer, and deleted when you delete the offer.
Incident response
We monitor the platform for security issues. If a breach affects your data, we will notify affected accounts within the timeframe required by applicable law (typically seventy-two hours under GDPR), describe what happened, what data was affected, and what you should do.
Your rights
If you are in the EU, EEA or in a jurisdiction with comparable data protection law, you have rights to access, correct, delete, port and object to processing of your personal data. To exercise these rights or to ask any question about how data is handled, write to privacy@popcorns.ch.