Privacy Policy
Last updated: May 5, 2026
1. Who we are
Hiroo is an AI-powered career coaching service that helps job seekers find direction, prepare applications, and practice for interviews. Hiroo is operated as an independent software product.
For any privacy-related questions or requests, contact us at: legal@hiroo.pro
1.1 Data Controller
Hiroo is operated by AC Services, sole proprietorship of an individual entrepreneur, VAT IT17907271005 (Italy).
The full registered business name is available via the Italian Company Register or upon written request to legal@hiroo.pro.
Postal address available upon written request via legal@hiroo.pro.
For privacy-related inquiries, GDPR rights requests, or any formal communications, contact: legal@hiroo.pro.
2. Data we collect
We collect only the data necessary to provide the service:
- Account data: email address, first name, city, nationality, LinkedIn URL, and job title.
- Career data: your CV, work history, conversations with the AI, job applications you create, interview sessions, and salary research.
- Usage data: features you use, packages generated, and session metadata needed to operate the service.
- Payment data: payments are processed entirely by Stripe. We never store your card details or payment credentials.
3. Why we process your data
We process your data for the following purposes:
- Delivering the AI career coaching service you signed up for.
- Sending transactional emails (email confirmation, plan upgrade confirmations).
- Maintaining and improving the quality of Hiroo's AI outputs.
Legal basis: processing is based on the performance of a contract with you (Art. 6(1)(b) GDPR). We do not use your data for advertising or sell it to third parties.
4. Sub-processors and third parties
To operate Hiroo, we share data with the following sub-processors. All transfers outside the EEA are covered by Standard Contractual Clauses (SCCs) as required by GDPR Chapter V.
| Provider | Country | Purpose |
|---|---|---|
| Anthropic | USA | AI processing of career data |
| Supabase | USA | Database hosting and authentication |
| Stripe | USA | Payment processing |
| Resend | USA | Transactional email delivery |
| Perplexity | USA | Web research for Company Intelligence Briefs |
5. Data retention
- Your data is retained for as long as your account is active.
- Upon account deletion, your personal data and career content are permanently deleted within 30 days.
- Payment records are retained by Stripe according to their own retention policies and applicable financial regulations.
6. Your rights (GDPR Art. 15–22)
As a data subject under GDPR, you have the right to:
- Access — obtain a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your data ("right to be forgotten"). You can also delete your account directly from Account settings.
- Data portability — receive your data in a structured, machine-readable format.
- Objection — object to processing in certain circumstances.
To exercise any of these rights, email us at legal@hiroo.pro. We will respond within 30 days.
7. Cookies
Hiroo uses only technically necessary cookies required for authentication and session management. We do not use advertising, tracking, or third-party analytics cookies. No cookie consent banner is required beyond this disclosure.
8. Changes to this policy
We may update this Privacy Policy from time to time. For significant changes, we will notify you by email at least 14 days before the changes take effect. The date at the top of this page always reflects the most recent update.