HThe Hiring System

Privacy Notice

Last updated: May 11, 2026

1. Who is responsible for your data

The Hiring Blueprint ("we", "us", "our"), trading as The Hiring System, is the data controller for the personal information described in this notice. The Service is available at thehiringsystem.co. If you have any questions about this notice or your data, please use our contact page.

2. What data we collect and why

We collect and process the following categories of personal data:

  • Account data — name, email address, password (stored hashed), and authentication identifiers if you sign in with Google. We use this to create and secure your account, give you access to your members area, and contact you about your purchase.Legal basis: performance of a contract.
  • Purchase and billing data — your email, the package you bought, the transaction ID, amount and currency. We do not see or store full card details; those are collected and processed by Paddle. We use this to fulfil your order, give you access to the right tier, and meet our record-keeping obligations.Legal basis: performance of a contract and legal obligation.
  • Marketing and lead data — if you sign up for a free guide, the scorecard, or our email list, we collect your name and email and (where applicable) your scorecard answers and score. We use this to send you the content you asked for and, where appropriate, related marketing.Legal basis: consent and legitimate interest.
  • Support and communications — any messages you send us, including via the contact form or email. We use these to respond to you and improve the Service.Legal basis: legitimate interest.
  • Technical and usage data — IP address, device and browser information, pages viewed, and similar telemetry, gathered automatically when you use the Service. We use this for security, fraud prevention, debugging and product improvement.Legal basis: legitimate interest.

3. Who we share data with

We do not sell your personal data. We share it only with the following categories of recipients, and only as needed to run the Service:

  • Paddle — our Merchant of Record. Paddle processes all payments, calculates and remits sales tax/VAT, issues invoices, handles refund and chargeback requests, and acts as a recipient of personal data for those purposes. See Paddle's Privacy Policy.
  • Hosting and infrastructure providers — including our database, authentication, file storage, and serverless hosting partners. They process data on our behalf under contract.
  • Email and communications providers — used to send transactional emails (receipts, members area access) and marketing emails where you have opted in.
  • Analytics and security tooling — used to understand how the Service is used and to detect abuse.
  • Professional advisers — such as accountants and lawyers, where reasonably needed.
  • Authorities — where we are required by law to disclose information.

4. International transfers

Some of our service providers operate outside your country, including in the United States and the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or recognised adequacy decisions.

5. How long we keep your data

We keep your account data for as long as your account is active and for a reasonable period afterwards in case you return. We keep purchase and billing records for as long as required by tax and accounting law (typically 6–10 years). Marketing data is kept until you unsubscribe, after which we retain a suppression record so we do not contact you again. When data is no longer needed, we delete or anonymise it.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, to withdraw consent at any time, and to lodge a complaint with a supervisory authority. You can exercise most of these rights by emailing us via our contact page. We will respond within one month, or as required by applicable law. You can unsubscribe from marketing emails at any time using the link in the email.

7. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, hashed passwords, and isolated environments for production data. No system is perfectly secure, but we take reasonable steps to limit the risk of unauthorised access, loss, or disclosure.

8. Cookies

We use cookies and similar technologies that are strictly necessary to run the Service (for example, to keep you signed in) and a small number of analytics cookies to understand how the Service is used. You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent parts of the Service from working.

9. Children

The Service is intended for use by adults in the course of their work. It is not directed to children under 18, and we do not knowingly collect personal data from them.

10. Changes to this notice

We may update this notice from time to time. When we do, we will update the "Last updated" date and, for material changes, give you reasonable notice.