Privacy Policy

Last updated: December 2024

At Draft (operated by Hubtal OU), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our applicant tracking system.

1. Information We Collect

1.1. Information You Provide

We collect information you voluntarily provide when using Draft, including:

  • Account Information: Name, email address, company name, and password when you create an account
  • Company Information: Business details, logo, careers page content, and hiring preferences
  • Job Postings: Job titles, descriptions, requirements, and application forms you create
  • Candidate Data: Information about candidates you add or that candidates submit through job applications, including resumes, contact information, work history, and application responses
  • Communications: Messages, notes, and feedback you share within the platform
  • Payment Information: If you subscribe to Premium features, we collect billing information (processed securely by our payment provider)

1.2. Information Collected Automatically

When you use Draft, we automatically collect certain information:

  • Usage Data: Pages visited, features used, actions taken within the platform
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, referring URLs
  • Analytics Data: Information about how you interact with our Service

1.3. Candidate Information

When candidates apply to jobs posted on Draft, we collect information they provide including:

  • Name, email, phone number, and location
  • Resume/CV and work history
  • Application form responses
  • Any additional documents they upload

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Operate, maintain, and improve Draft's features and functionality
  • Process Applications: Help you manage candidate applications and hiring workflows
  • Communications: Send you service updates, security alerts, and support messages
  • Analytics: Understand how users interact with Draft to improve our product
  • Candidate Opportunities: As described in our Terms of Service, we may contact candidates (with their consent) about other job opportunities on the platform
  • Legal Compliance: Comply with legal obligations and enforce our terms

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1. With Your Consent

We may share information when you give us explicit permission to do so.

3.2. Service Providers

We work with third-party service providers who help us operate Draft, including:

  • Cloud hosting providers (for data storage)
  • Email service providers (for sending communications)
  • Payment processors (for Premium subscriptions)
  • Analytics providers (for understanding usage patterns)

These providers are contractually bound to protect your information and only use it for the services they provide to us.

3.3. Legal Requirements

We may disclose your information if required by law, legal process, or government request, or when we believe disclosure is necessary to:

  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service
  • Protect against fraud or security issues

3.4. Business Transfers

If Draft is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention

We retain your information for as long as:

  • Your account is active
  • Needed to provide you with our services
  • Required by law or for legitimate business purposes

Candidate data is retained in accordance with your account settings and applicable laws. You can delete candidate data through the platform at any time.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Regular security assessments
  • Access controls and authentication requirements
  • Secure data centers with physical security measures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

6.1. Access and Portability

You can request a copy of your personal data in a portable format.

6.2. Correction

You can update or correct your account information at any time through your account settings.

6.3. Deletion

You can request deletion of your account and associated data. Some information may be retained as required by law or for legitimate business purposes.

6.4. Objection and Restriction

You may object to or request restriction of certain processing of your data.

6.5. Withdraw Consent

Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at privacy@draft.io.

7. GDPR Compliance (For EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on: (a) your consent, (b) performance of a contract, (c) legitimate interests, or (d) legal obligations
  • Data Controller: Hubtal OU is the data controller for the personal data we collect
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
  • Data Transfers: When we transfer data outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses

8. Google Calendar Integration

Draft offers optional integration with Google Calendar to enhance our scheduling features. When you choose to connect your Google Calendar:

8.1. Data We Access

With your explicit consent, we request access to:

  • Calendar Events (Read): We read your calendar's free/busy information to show accurate availability when candidates book interviews
  • Calendar Events (Write): We create calendar events with Google Meet links when interviews are booked

8.2. How We Use This Data

Your Google Calendar data is used exclusively to:

  • Display your availability on public scheduling pages (we only check if times are free or busy, not event details)
  • Create interview calendar events with automatic Google Meet video conferencing links
  • Send calendar invitations to interview participants

8.3. Data Storage and Security

  • We store OAuth tokens securely and encrypted in our database
  • We do not store or access the contents of your calendar events
  • You can disconnect Google Calendar at any time from Settings, which revokes our access and deletes stored tokens

8.4. Third-Party Access

We do not share, sell, or transfer your Google Calendar data to any third parties, except as necessary to provide the integration features described above.

8.5. Google API Services User Data Policy

Draft's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Analyze usage patterns
  • Improve our Service

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of Draft.

10. Children's Privacy

Draft is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.

11. Third-Party Links

Draft may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Your continued use of Draft after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@draft.io
  • Company: Hubtal OU
  • Location: Estonia

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@draft.io.

Last updated: December 2024