Hired for Business

Legal

Privacy Policy

Last updated: 11 May 2026

This Policy explains what personal information Got Hired (Pty) Ltd collects, why we collect it, how we use it, and your rights. We process personal information in accordance with the Protection of Personal Information Act (POPIA).

1. Information we collect

Account data: name, email, password hash, account type (Job Seeker or Business), and authentication metadata (e.g. last sign-in).

Profile data (Job Seekers): current title, location, years of experience, skills, education, work history, bio, and uploaded resumes.

Profile data (Businesses): company name, contact name, company email, and role searches you have purchased.

Usage data: pages viewed, candidates contacted, emails sent through the platform, and aggregated analytics.

Payment data: handled by Lemon Squeezy. We receive transaction confirmations but never see or store full card details.

2. How we use it

  • To provide the service: matching candidates to role searches, sending emails, processing payments.
  • To verify identity and prevent fraud.
  • To send transactional emails (account confirmations, receipts, feedback requests).
  • To improve the product: aggregated analytics on usage patterns.
  • To comply with legal obligations.

3. Who we share with

Candidate profiles are shown to Businesses that have purchased a Role Unlock matching that candidate's attributes. Personal contact details (email, phone) are only revealed within an active unlock and only to the Business that purchased it.

We use the following sub-processors: Supabase (database, authentication), Lemon Squeezy (payments), Resend (transactional email), Google Cloud (Gmail OAuth for outbound messaging). Each operates under their own privacy controls.

We do not sell personal information.

4. How long we keep it

Account data is kept for as long as your account is active. When you delete your account, profile data is removed within 30 days, except where retention is required by law (e.g. tax records, fraud investigations). Aggregated, de-identified analytics may be retained indefinitely.

5. Your rights

Under POPIA you have the right to:

  • access the personal information we hold about you;
  • correct inaccurate information;
  • request deletion of your account and associated data;
  • object to processing for direct marketing purposes;
  • lodge a complaint with the Information Regulator (South Africa).

You can exercise most of these rights directly from Account Settings. For other requests, contact us via the contact page below.

6. Security

We use industry-standard controls: TLS in transit, encryption at rest, row-level security on the database, and access logging. No system is perfectly secure. We will notify you and the Information Regulator if a breach affects your personal information.

7. Cookies

We use first-party cookies for authentication and a minimal analytics tag (DataFast) for attribution. We do not use third-party advertising trackers.

8. International transfers

Some of our sub-processors are based outside South Africa. We rely on standard contractual clauses and equivalent safeguards to protect your information when it is transferred internationally.

9. Changes

We may update this Policy from time to time. Material changes will be communicated by email or in-app notice.

10. Contact

To exercise your rights or ask a privacy question, reach us at our contact page.