Helping You Hire
Helping You Hire ("Company," "we," "us," or "our") is committed to protecting the privacy and security of personal information entrusted to us by our clients, candidates, website visitors, and users of our services. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices available to you regarding your information.
This Privacy Policy applies to information collected through our website (helpinguhire.org), our mobile and web applications, our SMS/text messaging services, our use of third-party financial data aggregation services (including Plaid), and any other services we provide.
By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.
We may collect the following categories of personal information that you voluntarily provide to us: name, email address, phone number, mailing address, and other contact information; professional information such as resume data, employment history, education, and qualifications; financial account information provided through third-party services such as Plaid for the purpose of payment processing or account verification; and any other information you choose to provide through our forms, applications, or communications.
When you interact with our website or applications, we may automatically collect certain technical information, including your IP address, browser type and version, operating system, referring URLs, pages visited, and the dates and times of your visits. We may use cookies or similar technologies to facilitate this collection. You may control the use of cookies through your browser settings.
When you choose to connect a financial account through our application using Plaid or a similar third-party financial data aggregation service, we may receive information about your financial accounts, including account names and numbers, balances, and transaction history. We collect only the information necessary to provide the services you have requested, and only with your explicit authorization. Your use of Plaid is also subject to the Plaid End User Privacy Policy.
When you opt in to receive SMS or text messages from us, we collect your mobile phone number and records of your consent. We may also collect information about your interactions with our text messages, such as delivery status and opt-out requests.
We use the information we collect for the following purposes: to provide, maintain, and improve our recruiting and staffing services; to process transactions and verify account information through third-party financial data services; to communicate with you about our services, including sending SMS/text messages for which you have opted in; to respond to your inquiries and provide customer support; to comply with legal obligations and enforce our agreements; and to protect the security and integrity of our systems and data.
We do not sell your personal information to third parties. We do not use financial data obtained through Plaid for any purpose other than the specific service you have authorized.
We will only send you SMS or text messages if you have affirmatively opted in to receive them. Your consent to receive text messages is not a condition of purchasing any goods or services from us. Message frequency may vary. Message and data rates may apply.
You may opt out of receiving text messages at any time by replying STOP to any message you receive from us. Upon receiving your opt-out request, we will confirm your removal and cease sending messages within a reasonable period. You may also contact us directly using the information provided in Section 12 to request removal.
We will not share your opt-in to an SMS short code campaign with any third party for purposes unrelated to supporting you in connection with that campaign. We may share your personal data with third parties that help us provide the messaging service, including but not limited to platform providers, phone companies, and other vendors who assist us in the delivery of text messages.
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Our application uses Plaid Inc. ("Plaid") to gather your financial data. By using our service to connect your financial accounts, you acknowledge and agree that the terms of the Plaid End User Privacy Policy will govern Plaid's use of such information. We use Plaid to retrieve account and transaction information from your financial institution. We request only the data necessary to provide the services you have authorized.
Through your authorized connection via Plaid, we may access the following categories of financial data: account holder name and contact information; account type, name, and number (masked); account balances; and transaction history, including dates, amounts, and merchant or payee descriptions. We do not access, store, or have visibility into your financial institution login credentials. These credentials are transmitted directly to Plaid and are never shared with us.
We use financial data obtained through Plaid solely for the purposes you have authorized, which may include account verification, payment processing, transaction monitoring, and personal financial management. We do not sell, rent, or trade your financial data. We do not use your financial data for marketing purposes. We do not share your financial data with unaffiliated third parties except as necessary to provide the services you have requested or as required by law.
Financial data transmitted through Plaid and stored in our systems is protected using AES-256 encryption at rest and TLS 1.2 or later in transit. Access to financial data within our organization is restricted to authorized personnel on a need-to-know basis. API credentials and access tokens associated with financial data services are stored in encrypted configuration files and are never committed to source code repositories. We retain financial data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. You may request deletion of your financial data at any time by contacting us using the information provided in Section 12.
Our application requires multi-factor authentication before any financial data access or third-party account linking interface (including Plaid Link) is presented to the user. This ensures that only authenticated and authorized users may initiate financial data connections.
We may disclose your personal information in the following circumstances:
Service Providers: We may share your information with third-party vendors and service providers who perform services on our behalf, such as hosting, payment processing, messaging, and data analytics. These providers are contractually obligated to use your information only for the purposes of providing services to us and are required to protect your information consistent with this Privacy Policy.
Financial Data Aggregators: When you authorize a connection to your financial institution, your data is transmitted through Plaid in accordance with their privacy policy. Plaid acts as an independent data controller with respect to the data it processes.
Legal Compliance: We may disclose your information when we believe in good faith that disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request; to enforce our agreements or protect our rights; or to protect the safety of any person.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
Affiliates: We may disclose personal data to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal data will be subject to this Privacy Policy.
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.
We implement and maintain administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These safeguards include encrypted storage of all data at rest using AES-256 or equivalent standards; encryption of all data in transit using TLS 1.2 or later; multi-factor authentication for access to systems containing personal or financial data; access controls based on the principle of least privilege; regular monitoring and auditing of systems for unauthorized access; and timely application of security patches and updates.
While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining industry-standard protections.
We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law. The following retention periods apply to specific categories of data:
Financial account data (account information, balances, and transaction history obtained through Plaid or similar services): retained for a maximum of 24 months from the date of collection or the duration of the active service relationship, whichever is shorter, unless a longer period is required for compliance with applicable tax and financial recordkeeping laws.
Financial aggregation access tokens (Plaid access tokens and equivalent credentials): retained for the duration of the active account connection. Tokens are revoked and deleted within 30 days of a user disconnecting their account or terminating the service relationship.
SMS opt-in records and consent data: retained for the duration of the user's active consent plus 6 months following an opt-out request, to maintain evidence of consent and comply with telecommunications regulations.
Professional and recruiting data (resumes, employment history, candidate profiles): retained for the duration of the active recruiting engagement plus 12 months, after which it is deleted unless the individual requests continued retention.
Technical and log data (IP addresses, access logs, system event records): retained for a maximum of 12 months for security monitoring and incident response purposes.
Upon expiration of the applicable retention period, personal data is permanently deleted using cryptographic erasure (destruction of the encryption key rendering the data unrecoverable) for encrypted storage, or secure overwriting for unencrypted media. Deletion is performed within 30 days of the retention period expiration. Backup copies containing expired personal data are purged on the next scheduled backup rotation cycle, not to exceed 90 days.
You may request deletion of your personal data at any time by contacting us using the information provided in Section 12. Upon receiving a verified deletion request, we will delete or anonymize your data within 30 days, except where retention is required by law. We will confirm the completion of your deletion request in writing.
Our data retention and deletion practices are designed to comply with the following applicable data privacy laws and regulations: the Gramm-Leach-Bliley Act (GLBA) and its Safeguards Rule, governing the protection of nonpublic personal financial information; the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), providing California residents with rights to access, delete, and opt out of the sale of personal information; the Lei Geral de Proteção de Dados (LGPD), Brazil's general data protection law, governing the processing of personal data of individuals in Brazil; the Telephone Consumer Protection Act (TCPA), governing consent and opt-out requirements for SMS and telephone communications; and any other applicable federal, state, or international data protection laws relevant to the jurisdictions in which we operate or in which our users reside.
This data retention and deletion policy is reviewed at least annually as part of our Information Security Policy review cycle. Reviews assess whether retention periods remain appropriate in light of current business needs, legal requirements, and changes in applicable data privacy laws. Material changes resulting from the review are documented in the revision history and communicated to affected users through an updated Privacy Policy.
Depending on your location and applicable law, you may have certain rights regarding your personal information. These may include the right to access the personal information we hold about you; the right to request correction of inaccurate information; the right to request deletion of your personal information; the right to opt out of certain data processing activities; and the right to withdraw consent where processing is based on your consent.
To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to your request within the timeframe required by applicable law.
You may disconnect your financial accounts from our service at any time. You may also manage your Plaid connections directly through the Plaid Portal.
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised effective date. We encourage you to review this Privacy Policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Helping You Hire
Email: [email protected]
Website: helpinguhire.org