Privacy Policy

CoffeeRMS collects various types of information to provide, maintain, and improve our recruitment management services. The information we collect falls into several categories:

1.1 Account and Organization Information

When you create an account or register your organization with CoffeeRMS, we collect:

• Full name, email address, and phone number
• Company name, size, and industry
• Job title and department
• Billing and payment information
• Organization settings and preferences
• User role and access permissions within your organization

1.2 Candidate Information

As part of the recruitment process, we collect and process candidate data including:

• Personal details (name, contact information, location)
• Professional information (work history, education, skills)
• Resumes, cover letters, and portfolio materials
• Interview recordings, transcripts, and evaluation scores
• Pre-screening questionnaire responses
• Communication history and notes from recruiters
• Social media profiles and professional network links (LinkedIn, GitHub, etc.)
• AI-generated research and fit analysis reports

1.3 Recruitment Campaign Data

Information related to your hiring activities:

• Job descriptions and position requirements
• Target company lists and industry preferences
• Recruitment campaign configurations and strategies
• Position allocation and team assignments
• Interview schedules and calendar integrations
• Hiring pipeline stages and workflow configurations

1.4 Usage and Technical Information

We automatically collect certain information when you use CoffeeRMS:

• Device information (type, operating system, browser)
• IP address and geographic location
• Log data (access times, pages viewed, actions taken)
• Performance metrics and error reports
• Feature usage statistics and interaction patterns
• Cookies and similar tracking technologies

1.5 Integration Data

When you connect CoffeeRMS with third-party services:

• Data from ChatGPT and other conversational AI platforms
• Calendar integration data (Google Calendar, Outlook)
• Email service provider information
• Video conferencing platform data (for AI interviews)
• Authentication tokens and API credentials

CoffeeRMS uses the information we collect for various purposes related to providing and improving our recruitment management platform:

2.1 Service Delivery and Operations

• Provide access to the CoffeeRMS platform and its features
• Process and manage recruitment campaigns and job postings
• Facilitate candidate applications through conversational interfaces
• Enable AI-powered screening and interview scheduling
• Maintain candidate profiles and recruitment pipelines
• Generate deep research reports and fit analysis for candidates
• Process payments and manage billing for subscriptions

2.2 Communication and Collaboration

• Send service-related notifications and updates
• Facilitate communication between recruiters and candidates
• Deliver interview invitations and pre-screening forms
• Share candidate profiles and recruitment updates with team members
• Provide customer support and respond to inquiries
• Send marketing communications (with your consent)

2.3 AI and Machine Learning

• Generate AI-powered candidate insights and recommendations
• Conduct automated screening and fit scoring
• Perform AI interviews and generate transcripts
• Create recruiter summaries and hiring recommendations
• Train and improve our AI models for better accuracy
• Analyze conversation patterns to enhance candidate experience

2.4 Platform Improvement and Analytics

• Analyze usage patterns to enhance user experience
• Monitor platform performance and identify technical issues
• Conduct research and development for new features
• Generate aggregate analytics and industry insights
• Optimize recruitment workflows and processes
• Ensure platform security and prevent fraud

2.5 Legal and Compliance

• Comply with legal obligations and regulations
• Enforce our Terms & Conditions and policies
• Protect against fraud, abuse, and security threats
• Respond to legal requests and prevent harm
• Maintain records for audit and compliance purposes

We do not sell your personal data to third parties. However, we may share information in specific circumstances to provide our services and comply with legal obligations:

3.1 Within Your Organization

• Team members and colleagues based on role-based access controls
• Hiring managers and recruiters involved in specific campaigns
• Organization administrators with appropriate permissions
• Users assigned to specific positions or candidate pipelines

3.2 With Candidates

• Job descriptions and company information during application process
• Interview schedules and pre-screening forms
• Feedback and evaluation results (when appropriate)
• Communication from recruiters and hiring teams

3.3 Service Providers and Partners

We work with trusted third-party service providers who assist us in operating CoffeeRMS:

• Cloud hosting and infrastructure providers (AWS, Google Cloud)
• AI and machine learning service providers (OpenAI, Claude AI)
• Video conferencing platforms for AI interviews (LiveKit)
• Email delivery and communication services
• Payment processors and billing systems
• Analytics and monitoring tools
• Customer support and help desk platforms

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.4 Legal and Compliance Requirements

• When required by law, regulation, or legal process
• To respond to government requests or court orders
• To protect our rights, property, or safety
• To prevent fraud, security threats, or illegal activities
• To enforce our Terms & Conditions and policies

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.

3.6 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

We retain your data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods vary based on the type of data:

4.1 Account and Organization Data

We retain your account information for the duration of your active subscription and for a reasonable period after account closure to comply with legal obligations and resolve any disputes. Typically, this is 3-7 years depending on local regulations.

4.2 Candidate Data

Candidate information is retained according to your organization's data retention policies and applicable employment laws. We recommend reviewing and updating candidate data regularly. You can delete candidate records at any time through the platform, subject to legal requirements.

4.3 Interview and Communication Records

Interview transcripts, recordings, and communication history are retained for the duration of the recruitment process and for a period afterward as specified by your organization's policies or legal requirements (typically 1-3 years).

4.4 Usage and Analytics Data

Technical logs and analytics data are typically retained for 12-24 months for security, troubleshooting, and platform improvement purposes. Aggregated and anonymized data may be retained indefinitely for research and analytics.

4.5 Data Deletion Requests

You may request deletion of your data at any time by contacting us at privacy@coffeerms.com. We will process your request within 30 days, subject to:

• Legal obligations to retain certain records
• Ongoing disputes or legal proceedings
• Fraud prevention and security requirements
• Legitimate business purposes (e.g., financial records)

After deletion, some information may remain in backup systems for a limited period before being permanently removed.

Depending on your location and applicable laws (including GDPR, CCPA, and other privacy regulations), you have certain rights regarding your personal information:

5.1 Right to Access

You have the right to request access to the personal information we hold about you. This includes:

• What personal data we collect and process
• The purposes for which we use your data
• The categories of third parties with whom we share your data
• How long we retain your information
• The source of your data if not collected directly from you

5.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information. You can update most information directly through your CoffeeRMS account settings, or contact us for assistance.

5.3 Right to Deletion (Right to be Forgotten)

You can request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there's no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required to comply with legal obligations

5.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can export your data through the CoffeeRMS platform or request a copy from us.

5.5 Right to Object and Restrict Processing

You can object to or request restriction of processing of your personal data in certain situations:

• Object to processing based on legitimate interests
• Object to direct marketing communications
• Object to automated decision-making and profiling
• Request restriction while we verify accuracy of disputed data
• Request restriction instead of deletion

5.6 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

5.7 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing message or by updating your communication preferences in your account settings. Note that you will still receive essential service-related communications.

5.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@coffeerms.com. We will respond to your request within 30 days. You may need to verify your identity before we can process your request.

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction:

6.1 Technical Security Measures

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Regular security audits and vulnerability assessments
• Secure authentication and access controls
• Multi-factor authentication for user accounts
• Regular security patches and updates

6.2 Organizational Security Measures

• Role-based access controls limiting data access to authorized personnel
• Employee training on data protection and security best practices
• Confidentiality agreements with employees and contractors
• Incident response and breach notification procedures
• Regular backup and disaster recovery procedures

6.3 Your Responsibility

While we implement robust security measures, you also play a role in protecting your data:

• Keep your account credentials confidential
• Use strong, unique passwords
• Enable multi-factor authentication
• Report any suspicious activity immediately
• Log out of your account when using shared devices

Despite our security measures, no system is completely secure. If you believe your account has been compromised, please contact us immediately at privacy@coffeerms.com.

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our services.

7.1 Types of Cookies We Use

Essential Cookies

These cookies are necessary for the platform to function properly. They enable core functionality such as security, authentication, and session management. You cannot opt out of these cookies.

Performance and Analytics Cookies

These cookies help us understand how users interact with CoffeeRMS by collecting anonymous usage data. This includes:

• Pages visited and features used
• Time spent on different sections
• Error messages and technical issues
• User flow and navigation patterns

Functionality Cookies

These cookies remember your preferences and settings to provide a personalized experience, such as language preferences, display settings, and saved filters.

Marketing and Advertising Cookies

With your consent, we may use cookies to deliver relevant advertisements and measure campaign effectiveness. These cookies may track your activity across different websites.

7.2 Third-Party Cookies

We may allow trusted third-party services to set cookies for analytics, advertising, and other purposes:

• Google Analytics for usage analytics
• Marketing platforms for campaign tracking
• Customer support tools for help desk functionality

7.3 Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to refuse or delete cookies)
• Our cookie consent banner when you first visit the site
• Your account preferences for certain functionality cookies
• Opt-out tools provided by third-party services

Note that disabling certain cookies may affect the functionality of CoffeeRMS.

CoffeeRMS operates globally, and your information may be transferred to, stored, and processed in countries other than your own. These countries may have different data protection laws than your jurisdiction.

8.1 Legal Safeguards

When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with third-party service providers
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules for intra-group transfers

8.2 Data Processing Locations

Your data may be processed in the following regions:

• United States (primary data centers)
• European Union (for EU customers)
• Other regions where our service providers operate

CoffeeRMS is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@coffeerms.com, and we will delete such information.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@coffeerms.com or call our toll-free number. We will verify your identity before processing your request.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice on our platform
• Provide a summary of key changes
• Give you the opportunity to review the updated policy

We encourage you to review this Privacy Policy periodically. Your continued use of CoffeeRMS after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please indicate "URGENT" in your email subject line.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.