Privacy Policy
Last updated: April 14, 2026
1. Who we are APP 1
HireAI is operated by InnMotion (Brendan Fernandez, sole trader), Melbourne, Victoria, Australia. InnMotion is the entity that collects and holds your personal information for the purposes of the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This policy describes how we collect, hold, use, and disclose personal information in connection with the HireAI platform at hirerai.com. We are committed to handling your personal information openly and transparently in compliance with all 13 APPs.
Contact: brendan@innmotion.com.au
2. Anonymity and pseudonymity APP 2
You may browse HireAI without identifying yourself. However, to use the Living Resume service (candidates) or the recruiter intelligence tools (recruiters), you must provide personal information. Pseudonymous use is not practicable for these services because they require real identity data to function (resume content, recruiter contact details, payment information).
3. What personal information we collect APP 3
We only collect personal information that is reasonably necessary for our functions. We collect the following categories:
| Category | What we collect | Who provides it |
|---|---|---|
| Resume data | Resume text you paste or upload, including name, employment history, education, skills, and contact details contained within | Candidates (directly) or recruiters (on candidates' behalf) |
| Account details | Email address, name, role/title | Candidates and recruiters |
| Email subscription | Email address, name | Anyone subscribing to updates |
| Payment data | Handled entirely by Stripe; we never see or store full card numbers | Recruiters |
We do not collect sensitive information (as defined in the Privacy Act 1988 s6) unless it appears incidentally in resume text you provide. We do not solicit sensitive information and recommend you omit it from resumes.
4. Unsolicited personal information APP 4
If we receive personal information we did not solicit, we will assess whether we could have collected it under APP 3. If not, and the information is not contained in a Commonwealth record, we will destroy it as soon as practicable.
5. How we notify you of collection APP 5
We notify you of collection at or before the time we collect your personal information through:
- This privacy policy (linked from every page)
- Consent checkboxes at the point of data entry (resume upload, email subscription)
- Clear labelling on forms describing what data is collected and why
6. How we use and disclose your information APP 6
We use your personal information only for the primary purpose for which it was collected, or for a directly related secondary purpose you would reasonably expect:
- Resume text — sent to the Anthropic Claude API for AI enhancement into a Living Resume
- Email addresses — used to deliver subscription content via the Resend email API, and to send transactional notifications
- Internal notifications — subscription and form events are relayed to a private Discord webhook for operational awareness (no personal information beyond email and name is included)
- Payment processing — handled by Stripe to manage recruiter subscriptions
- Product improvement — aggregated, de-identified usage patterns to improve the platform
We do not sell, rent, or trade personal information. We do not use personal information for direct marketing unless you have explicitly opted in (email subscription).
7. Direct marketing APP 7
We will only use your personal information for direct marketing if you have opted in via our email subscription form. Every marketing email includes a functional unsubscribe mechanism as required by the Spam Act 2003 (Cth). You can opt out at any time by clicking the unsubscribe link or emailing brendan@innmotion.com.au.
8. Cross-border disclosure APP 8
Your personal information may be disclosed to the following overseas recipients:
| Recipient | Country | Purpose |
|---|---|---|
| Anthropic (Claude API) | United States | AI processing of resume text to generate Living Resumes |
| Resend | United States | Transactional and subscription email delivery |
| Stripe | United States | Payment processing for recruiter subscriptions |
| Discord (webhook) | United States | Internal operational notifications |
| Netlify | United States | Website hosting and serverless function execution |
Under APP 8.1, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs. However, we cannot guarantee that overseas recipients will handle your personal information in accordance with the APPs. By using HireAI, you consent to this cross-border disclosure. This consent means that under s 16C of the Privacy Act 1988, InnMotion may not be accountable under APP 8.1 if the overseas recipient handles your information in breach of the APPs — though we will still take all reasonable steps to protect your data.
9. Government-related identifiers APP 9
We do not adopt, use, or disclose government-related identifiers (such as Tax File Numbers, Medicare numbers, or driver's licence numbers). If such identifiers appear in resume text you upload, we recommend you remove them before submission.
10. Data quality APP 10
We take reasonable steps to ensure personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant. Because resume data is provided directly by you (or by a recruiter acting on your behalf), accuracy depends on what is submitted. You can update your information at any time by contacting us.
11. Data security APP 11
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure:
- No server-side persistence. HireAI is stateless. Resume data processed through our Netlify Functions is not stored on our servers after the API response is returned. Generated Living Resumes are held in
sessionStoragein your browser only and are cleared when you close the browser tab. - Encryption in transit. All data is transmitted over HTTPS (TLS 1.2+). Strict-Transport-Security headers enforce encrypted connections.
- Security headers. Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers are enforced site-wide.
- No cookies, no analytics, no tracking. We do not use cookies, do not run analytics scripts, and do not employ any third-party tracking on HireAI.
- Third-party security. Anthropic, Resend, Stripe, and Netlify each maintain their own security practices and certifications. We select providers with strong security postures.
When personal information is no longer needed for any purpose for which it may be used or disclosed under the APPs, and is not required by law to be retained, we will take reasonable steps to destroy or de-identify it.
Data breach notification
We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach involving your personal information, we will notify both you and the Office of the Australian Information Commissioner (OAIC) as required by the Act.
12. Access to your personal information APP 12
You have the right to request access to the personal information we hold about you. Because HireAI is stateless (no server-side database), the personal information we may hold is limited to:
- Email subscription records (email address, name) held by Resend
- Payment records held by Stripe
- Discord notification logs (email, name)
To request access, email brendan@innmotion.com.au. We will respond within 30 days. We will not charge for making a request, but may charge a reasonable fee for providing access if the request requires substantial effort to fulfil.
13. Correction of your personal information APP 13
You have the right to request correction of personal information we hold about you that is inaccurate, out-of-date, incomplete, irrelevant, or misleading. To request a correction, email brendan@innmotion.com.au. We will respond within 30 days. If we refuse to correct information, we will provide a written explanation and advise you of your right to make a complaint.
Data retention
- sessionStorage data (Living Resumes, form inputs) — cleared automatically when you close the browser tab. We have no access to this data.
- Anthropic API — Anthropic may retain input/output data in accordance with their own data retention policy. We use the API in a zero-retention configuration where available.
- Email subscription data — retained by Resend until you unsubscribe, at which point it is deleted.
- Payment data — retained by Stripe as required by financial regulations and their privacy policy.
- Discord notifications — operational logs retained in a private channel; no public access.
Children
HireAI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from someone under 18, we will take reasonable steps to delete it promptly.
Complaints
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us:
- Contact us first: Email brendan@innmotion.com.au with the subject line "Privacy Complaint". We will acknowledge your complaint within 7 days and respond substantively within 30 days.
- If unresolved: You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, by phone on 1300 363 992, or by mail to GPO Box 5218, Sydney NSW 2001.
Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically. Continued use of HireAI after changes constitutes acceptance of the revised policy.
Applicable legislation
This privacy policy is governed by and construed in accordance with the laws of Victoria, Australia, including:
- Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs 1-13)
- Notifiable Data Breaches scheme (Part IIIC, Privacy Act 1988)
- Spam Act 2003 (Cth)
- Australian Consumer Law (Schedule 2, Competition and Consumer Act 2010 (Cth))
This is compliance tooling, not legal advice. Consult a qualified Australian solicitor for binding guidance.