← Back to home

Privacy Policy

Last updated: June 17, 2026

This Privacy Policy explains how RoleHive ("RoleHive", "we", "us", or "our") collects, uses, discloses, and safeguards personal data when you use rolehive.ai, rolehive.lovable.app, and related services (the "Service"). We comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy laws.

1. Data Controller

RoleHive acts as the data controller for personal data of website visitors and account holders, and as a data processor for personal data that customers upload or generate inside the Service. For processor activities, our Data Processing Addendum forms part of our Terms of Service.

Contact: privacy@rolehive.ai

2. Personal Data We Collect

  • Account data: name, work email, password hash, organization, role.
  • Authentication data: if you sign in with Google, we receive your email, name, and profile picture from Google OAuth.
  • Billing data: processed by Stripe; we store customer/subscription IDs and invoice metadata, not full card numbers.
  • Content data: job descriptions, prompts, role templates, and other content you create, upload, or generate.
  • Usage data: log events, IP address, browser, device, page views, feature usage, error reports.
  • Communications: support requests, feedback, and email interactions.
  • Cookies: strictly necessary cookies for session and CSRF; optional analytics cookies only with consent where required.

3. How We Use Personal Data

  • Provide and operate the Service, including AI generation features.
  • Authenticate users and secure accounts.
  • Process payments and manage subscriptions.
  • Send transactional emails (receipts, account notices, security alerts).
  • Send product updates and marketing — only with consent where required, with an unsubscribe option in every message.
  • Improve the Service, debug issues, and prevent abuse.
  • Comply with legal obligations and enforce our Terms.

4. Legal Bases (GDPR Article 6)

  • Contract: to deliver the Service you signed up for.
  • Legitimate interests: service security, abuse prevention, and product improvement, balanced against your rights.
  • Consent: optional analytics, marketing emails, and non-essential cookies.
  • Legal obligation: tax, accounting, and lawful requests.

5. AI Processing

RoleHive uses large language models to generate and analyse job descriptions. Prompts and content you submit may be transmitted to model providers (e.g. OpenAI, Anthropic, Google) under contracts that prohibit training on your data. Do not submit special-category personal data or confidential information you are not authorised to share.

6. Sub-processors

We share personal data only with vetted sub-processors, including:

  • Supabase / Lovable Cloud — hosting, database, authentication.
  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Cloudflare — CDN, DNS, and edge runtime.
  • AI model providers — generation features, subject to no-training terms.

A current sub-processor list is available on request.

7. International Transfers

Personal data may be transferred outside the EEA/UK. Where it is, we rely on Standard Contractual Clauses, UK IDTA, or adequacy decisions, and apply additional technical safeguards (encryption in transit and at rest).

8. Retention

We keep account data while your account is active and for up to 12 months after closure to handle disputes and legal obligations. Invoices are kept for up to 10 years where required by tax law. Backups are rotated within 35 days. You can request earlier deletion (see Your Rights).

9. Your Rights

Under GDPR/UK GDPR, you can:

  • Access your personal data.
  • Request correction or erasure.
  • Restrict or object to processing.
  • Port your data to another provider.
  • Withdraw consent at any time.
  • Lodge a complaint with your supervisory authority (e.g. the Irish DPC).

Email privacy@rolehive.ai to exercise any right. We respond within 30 days.

10. Security

We use TLS in transit, encryption at rest, role-based access control, audit logs, and least-privilege engineering access. No system is perfectly secure; we will notify affected users and regulators of a personal-data breach as required by Article 33/34.

11. Children

The Service is not directed to anyone under 16. We do not knowingly collect data from children.

12. Changes

We may update this policy. Material changes will be announced by email or in-app notice. Continued use after the effective date constitutes acceptance.

13. Contact

RoleHive · privacy@rolehive.ai