Product Privacy
Product Privacy
Product Privacy
Updated 19/11/2025
1. Introduction & Scope
This Product Privacy Notice explains how Hyaa AI Pty Ltd (“Hyaa AI”, “we”, “our”, or “us”) collects, uses, processes, and protects personal information when you use the Hyaa AI platform, including:
employer and team accounts
candidate interviews and submissions
audio recordings and transcripts
AI-generated insights, summaries, and scoring
workflows, integrations, and automations
billing, authentication, and usage data
This notice applies to all users of the Hyaa AI platform, including:
employers, customers, and their authorized users
job candidates completing interviews or submitting materials
individuals interacting with Hyaa AI through integrations or workflows
This notice does not apply to information collected through our public Website or marketing pages. Website interactions, cookie usage, and advertising analytics are covered separately in our Website Privacy Policy and Cookie Policy.
This Product Privacy Notice is designed to:
describe the categories of personal data we process
explain how and why we use that data
clarify the role of Hyaa AI as a data processor for most candidate data
outline employer responsibilities when using the platform
detail our AI processing, retention, and security practices
explain your rights and choices relating to personal information
By using the Hyaa AI platform or completing an interview, you agree to the practices described in this Notice.
2. Who We Are
Hyaa AI Pty Ltd is the provider and operator of the Hyaa AI platform. We are responsible for processing personal information as described in this notice, depending on the context of your use.
For most activities within the platform, including candidate interviews and employer workflows, Hyaa AI acts as a data processor or service provider on behalf of the employer or organization using the platform. In some cases, such as managing user accounts, billing, and system security, Hyaa AI acts as a data controller.
Company details:
Hyaa AI Pty Ltd
65 Maroochy Boulevard
Maroochydore QLD 4558
Australia
Privacy and legal enquiries: legal@hyaa.ai
General support: support@hyaa.ai
3. Categories of Data We Process
We process several categories of personal information when you use the Hyaa AI platform. These categories depend on whether you are an employer, an authorized user, or a job candidate.
3.1 Employer and User Account Data
Information provided when an organization or user creates or manages an account, including:
name and email address
password and authentication details
organization name and contact details
billing information and payment records
seat assignments, roles, and permissions
communication preferences
audit logs showing actions taken within the platform
3.2 Candidate Data
Information submitted or generated during the recruitment process, including:
audio recordings and spoken responses
per-question audio files
transcripts of interviews
summaries and structured interview content
resume uploads and extracted resume data
job application materials and attachments
device metadata such as browser type, region, and platform
timestamps, activity logs, and technical metrics
notes added by employers or authorized users
3.3 Data Generated by AI Models and Automation
The platform generates additional information derived from candidate submissions, such as:
automated interview summaries
structured insights
scoring and ranking outputs
extracted skills and classifications
similarity matches to job criteria
text-to-structure transformations
These outputs depend on the inputs provided and the model behaviour at the time of processing.
3.4 System, Device, and Usage Data
Information collected automatically when employers, users, or candidates interact with the platform, including:
IP address and general location
browser type, operating system, and device type
access times and session duration
error logs, performance metrics, and diagnostic data
API usage and integration activity
security logs and authentication events
This data is used for security, troubleshooting, and maintaining platform functionality.
4. How We Use Personal Data
We use personal information within the Hyaa AI platform for the following purposes.
4.1 Providing and Operating the Platform
hosting and delivering interviews
processing audio recordings
generating transcripts, summaries, insights, and scoring
enabling resume parsing and structured data extraction
managing job pipelines, workflows, and team collaboration
delivering notifications and communications
maintaining account access and authentication
4.2 Improving Accuracy, Safety, and Quality
enhancing transcription accuracy, scoring consistency, and model outputs
detecting errors, anomalies, or problematic content
monitoring system performance and reliability
testing and refining features or AI behaviour
reviewing aggregate patterns to improve overall platform performance
Where possible, aggregated or anonymised data is used for these improvements.
4.3 Supporting Employers and Authorized Users
responding to support requests
resolving issues or incidents
providing product guidance or troubleshooting assistance
enabling administrators to manage teams, roles, and permissions
4.4 Analytics and Product Development
We may analyse platform usage trends to:
understand how features are used
prioritise improvements
measure adoption and performance
identify areas where the platform can be enhanced
Analytics does not involve making automated hiring decisions.
4.5 Security, Fraud Prevention, and Compliance
monitoring access patterns to detect suspicious activity
protecting against unauthorized access or abuse
ensuring compliance with employment, privacy, and anti-discrimination laws
meeting legal and regulatory obligations
4.6 Legal, Contractual, and Administrative Purposes
billing and subscription management
enforcing terms and policies
handling disputes
responding to lawful requests from authorities
maintaining internal records and documentation
5. Legal Bases for Processing
Where required by applicable laws, we process personal information within the Hyaa AI platform on the following legal bases.
5.1 Contractual Necessity
We process personal information as needed to:
create and manage user accounts
provide access to the platform
process interviews, transcripts, scoring, and related data
deliver features included in your subscription or agreement
maintain system functionality and security
Without this processing, the platform cannot operate as intended.
5.2 Legitimate Interests
We rely on legitimate interests to:
ensure the security and integrity of the platform
prevent misuse or unauthorized access
analyse usage to improve features and performance
support employers with account management and troubleshooting
maintain internal administrative records
develop new capabilities and product enhancements
We balance these interests against user and candidate privacy rights.
5.3 Consent
For certain processing activities, we rely on consent:
candidates providing interview responses through pre-interview consent screens
use of audio recordings for automated transcription and summarization
any optional features clearly identified as consent-based
communication preferences where required by law
Candidates may withdraw consent at any time by contacting the employer or Hyaa AI, depending on the context.
5.4 Legal Obligations
We may process personal information where necessary to
comply with applicable laws, regulations, or orders
respond to lawful requests from authorities
maintain records required for compliance or audits
assist employers in meeting their own legal obligations
5.5 Acting as a Data Processor
For most candidate-related processing, Hyaa AI acts as a data processor on behalf of the employer.
In these cases:
the employer is responsible for having a lawful basis
Hyaa AI processes data only according to the employer’s instructions and configuration
the employer is responsible for notices, disclosures, and compliance with hiring laws
6. Data Sharing and Subprocessors
We share personal information only when necessary to operate the Hyaa AI platform, deliver the features you have selected, meet legal obligations, or support core business functions. We do not sell personal information.
6.1 Service Providers and Subprocessors
We use third-party service providers to support hosting, audio processing, AI inference, communications, billing, workflow automation, and related operational functions. These subprocessors may process personal information on our behalf and only in accordance with our instructions.
We require all subprocessors to:
implement appropriate security measures
maintain confidentiality
comply with privacy and data protection requirements
process information only for the purposes specified by Hyaa AI
We maintain a current list of approved subprocessors on a separate page, which is updated as needed to reflect changes in our service providers.
6.2 Sharing with Employers and Authorized Users
If you are a candidate, your personal information (including audio recordings, transcripts, summaries, scoring, resume data, and interview metadata) is shared with the employer or organization managing the role you applied for. They determine how they use this information for their recruitment activities.
Employers and authorized users may add notes or classifications within the platform, which form part of your application record.
6.3 Integrations and Connected Tools
If an employer enables integrations with third-party tools (such as ATS platforms, CRMs, or communication services), we may share relevant data as instructed by the employer to support those integrations.
We do not control how third parties handle information once it is transferred according to employer instructions.
6.4 Legal, Compliance, and Safety Disclosures
We may disclose personal information when we believe it is necessary to:
comply with applicable laws or lawful requests
respond to legal proceedings or regulatory authorities
enforce our terms and agreements
detect, prevent, or address fraud, security issues, or harmful activity
protect the rights, property, or safety of Hyaa AI, our users, or others
6.5 Aggregated or Anonymised Information
We may use and share aggregated or anonymised information that cannot reasonably be used to identify any individual. This type of information is not considered personal data under applicable laws.
7. AI Processing & Automated Decision Making
The Hyaa AI platform uses artificial intelligence to assist employers in evaluating and managing interview data. AI features operate within defined limits and do not replace human decision-making.
7.1 How AI Is Used
We use AI models to generate:
transcripts of spoken responses
summaries and structured interview content
extracted skills, classifications, and key points
scoring, ranking, and similarity assessments
resume parsing and structured field extraction
These outputs are generated from the information provided by the candidate and the context supplied by the employer.
7.2 No Fully Automated Hiring Decisions
The platform does not make hiring decisions automatically. AI-generated outputs are tools intended to support employer review, not replace it. Employers are responsible for:
interpreting AI-generated insights
ensuring fair and lawful decision-making
applying their own judgment in each hiring process
7.3 Human Review and Overrides
Employers can review, modify, disregard, or supplement AI outputs at any time. AI outputs do not determine whether a candidate is shortlisted, rejected, or advanced unless the employer manually configures their own internal rules or workflows outside the platform.
7.4 Fairness, Accuracy, and Limitations
AI outputs may contain inaccuracies or inconsistencies and should not be treated as statements of fact. Performance may vary depending on:
audio quality
phrasing
context provided
model behaviour at the time of processing
Employers should not rely solely on AI scoring or summaries when evaluating a candidate.
7.5 Model Providers
AI processing is performed through third-party providers, including OpenAI, ElevenLabs, and ScrapingBee. These providers process data only as needed to generate the outputs requested through the platform and do not retain data for their own training unless explicitly disclosed.
7.6 Candidate Awareness and Consent
Candidates are informed that their interview responses will be processed using AI through pre-interview consent screens and related notices. Candidates may withdraw consent by contacting the employer or Hyaa AI, depending on the jurisdiction and the nature of the request.
8. Candidate Consent & Candidate Rights
8.1 Candidate Consent Before an Interview
Candidates are shown a pre-interview notice that explains:
the nature of the interview
that audio will be recorded
that AI models will generate transcripts, summaries, insights, and scoring
how their information will be shared with the employer
how long the information will be stored
By proceeding with the interview, candidates provide consent to this processing where consent is required by applicable laws.
8.2 Right to Access
Candidates may request access to the personal information processed about them, including:
interview recordings
transcripts
summaries
resume data
information provided by the employer (such as notes)
Requests may be directed to the employer managing the job application or to Hyaa AI, depending on the jurisdiction.
8.3 Right to Correction
Candidates may request correction of inaccurate or incomplete personal information.
Employers are responsible for updating employer-provided data such as notes or classifications.
8.4 Right to Deletion
Candidates may request deletion of their personal information.
Deletion will be performed in line with:
legal requirements
employer obligations
the platform’s retention policy
Certain information may need to be retained for audit, security, or legal compliance purposes.
8.5 Right to Withdraw Consent
Where processing is based on consent, candidates may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Withdrawing consent may prevent the candidate from completing or continuing the interview process.
8.6 Right to Object or Restrict Processing
Depending on the jurisdiction, candidates may have the right to:
object to certain types of processing
request temporary restrictions on how data is used
Employers may need to review these requests depending on their hiring practices and obligations.
8.7 Right to Data Portability
Where applicable, candidates may request a copy of their personal information in a structured and portable format.
8.8 Submitting a Privacy Request
Candidates can submit privacy requests through:
the employer managing the job
Hyaa AI directly at legal@hyaa.ai
We may need to verify identity before responding. Some requests may be routed to the employer if they are the data controller for the relevant processing.
9. International Data Transfers
We operate using a combination of global service providers and may process personal information in multiple regions depending on where our infrastructure is hosted and where our subprocessors operate.
9.1 Hosting and Storage Regions
Core platform data, including candidate information, is hosted using cloud providers such as Supabase and Vercel.
These providers may store or process data in regions including:
Australia
the United States
the European Union
other regions where their infrastructure operates
We select providers that offer appropriate security and compliance measures.
9.2 Transfers to Service Providers
Personal information may be transferred to service providers located in other countries where necessary to:
operate the platform
support audio processing
deliver AI inference
send emails or messages
manage billing and subscriptions
handle workflows or automation
These transfers are limited to what is required for the requested features to function properly.
9.3 Safeguards for International Transfers
When information is transferred outside of Australia, the European Union, the United Kingdom, or similar jurisdictions, we rely on legally recognised safeguards such as:
Standard Contractual Clauses (SCCs)
contractual commitments requiring adequate protection
compliance certifications or recognised frameworks
data processing terms offered by the service providers
These measures ensure that personal information continues to receive protection consistent with applicable laws.
9.4 Employer Responsibilities
Employers using the platform may also choose to store, download, export, or transfer candidate information through their own systems or tools. Hyaa AI is not responsible for how employers handle information outside the platform.
10. Data Retention
We retain personal information only for as long as it is needed to operate the Hyaa AI platform, support employers in their recruitment processes, and comply with legal or contractual requirements.
10.1 Candidate Data
Candidate information, including audio recordings, transcripts, summaries, scoring, resume data, and interview metadata, is retained for a fixed period of 12 months from the date of collection, unless a shorter period is required by law.
At the end of this period, candidate data is securely deleted or anonymised.
10.2 Employer and User Account Data
Information related to employer accounts, billing, team management, and administrative activity is retained:
for as long as the account remains active, and
for additional periods needed for tax, audit, or legal compliance.
10.3 System Logs and Security Data
Authentication logs, technical diagnostics, and security records are retained for periods necessary to:
detect and investigate incidents
maintain system integrity
meet legal and regulatory obligations
These periods may vary depending on operational and security requirements.
10.4 Aggregated or Anonymised Data
We may continue to use aggregated or anonymised information after deletion of personal data. This information cannot be used to identify individuals.
10.5 Employer Exports or Copies
If employers export or download candidate information from the platform, they are responsible for retaining and deleting that data according to their own policies. Such exports are not covered by Hyaa AI’s retention schedule.
11. Security Measures
We take reasonable and appropriate steps to protect personal information processed through the Hyaa AI platform. Our security measures are designed to maintain confidentiality, integrity, and availability of data throughout its lifecycle.
11.1 Technical Safeguards
We implement technical controls such as:
encryption of data in transit and at rest
secure authentication and session handling
role-based access controls for employer accounts
network and infrastructure protections provided by our hosting providers
storage isolation for customer and candidate records
restricted access to production systems
11.2 Operational and Administrative Safeguards
Operational measures include:
limiting access to personal information to authorized personnel
internal access reviews and permission management
policies governing data handling and internal use
monitoring for unusual activity or unauthorized access
controlled deployment practices
backup and recovery processes
11.3 Third-Party Security
We select subprocessors that maintain their own security standards and certifications suitable for the services they provide. Each subprocessor is contractually required to
protect data to an appropriate standard
use information only for the intended purpose
maintain confidentiality and access controls
11.4 Incident Response
We maintain internal procedures for identifying, assessing, and responding to security incidents. Where required by law, we will notify affected customers or individuals and any relevant authorities within the applicable timeframes.
11.5 Shared Responsibility
Employers and authorized users also play a role in maintaining security.
This includes:
protecting login credentials
configuring roles and permissions appropriately
managing authorized users within their organization
complying with applicable laws and internal policies
12. User & Candidate Rights
Individuals who use the Hyaa AI platform or participate in interviews may have certain rights regarding their personal information. These rights vary depending on the laws that apply in their region, but we aim to support all reasonable requests where feasible.
12.1 Right to Access
You may request a copy of the personal information we process about you, including interview data, transcripts, summaries, resume information, and relevant system records.
12.2 Right to Correction
You may request correction of inaccurate or incomplete personal information. Employers are responsible for correcting information they have added, such as notes or classifications.
12.3 Right to Deletion
You may request deletion of your personal information.
Deletion requests may be limited by:
legal obligations
security requirements
the employer’s own obligations
the platform’s data retention policy
Some information may be retained as necessary for compliance or recordkeeping.
12.4 Right to Withdraw Consent
Where processing is based on consent, such as interview participation or audio recording, you may withdraw your consent at any time. Withdrawal does not affect prior processing and may prevent further participation in the recruitment process.
12.5 Right to Object or Restrict Processing
In certain situations, you may object to or request a temporary restriction of processing.
Requests of this nature may need to be reviewed by the employer if they control the relevant data.
12.6 Right to Data Portability
Where applicable, you may request your information in a structured and portable format.
12.7 Rights Under Regional Laws
Depending on your location, additional rights may apply, including:
the right not to be subject to automated decision-making
the right to know how information is used or shared
the right to opt out of certain uses of personal information
the right to lodge a complaint with a supervisory authority
12.8 How to Submit a Request
Requests can be submitted through:
the employer managing the job application
Hyaa AI at legal@hyaa.ai
We may require identity verification before responding to any request.
If the employer controls the data, we may redirect the request to them.
13. Employer Responsibilities
Employers and organizations using the Hyaa AI platform are responsible for ensuring that their use of the platform complies with applicable privacy, employment, and discrimination laws. Hyaa AI processes candidate data on behalf of the employer and according to their instructions unless otherwise stated in this notice.
13.1 Lawful Use of Candidate Data
Employers are responsible for:
providing accurate and lawful notices to candidates
ensuring that they have a valid legal basis to collect and process candidate information
using AI-generated outputs in a fair, non-discriminatory manner
complying with local recruitment and hiring regulations
13.2 Candidate Communications
Employers must ensure that:
candidates are notified about the use of recordings and AI processing
requests from candidates (access, deletion, corrections) are responded to when the employer is the controller
any additional notices required by local law are provided
13.3 Data Accuracy and Integrity
Employers control:
job descriptions
interview configurations
custom questions
notes, tags, and internal classifications
decisions made based on candidate information
Hyaa AI does not verify the accuracy or appropriateness of these inputs.
13.4 Access Management
Employers are responsible for:
managing their users, team members, and permissions
restricting access to candidate information appropriately
removing users who no longer require access
ensuring internal security practices for passwords and accounts
13.5 Exported, Downloaded, or External Copies
If employers export or move candidate data outside the platform, they are responsible for:
storage
retention
deletion
access control
compliance with applicable laws
These external copies are not covered by Hyaa AI’s retention schedule or platform safeguards.
13.6 Integration Management
If employers connect third-party tools or ATS systems, they are responsible for ensuring that:
data shared with those tools is handled lawfully
appropriate agreements exist with those third parties
configuration is correct and secure
Hyaa AI processes integrations only according to employer instructions.
14. Changes to This Notice
We may update this Product Privacy Notice from time to time to reflect changes in our practices, technologies, services, or legal requirements. When changes are made, we will update the “Last Updated” date at the top of the notice.
If the changes are significant, we may provide additional notice through the platform or other reasonable methods. Continued use of the platform after the updated notice takes effect indicates acceptance of the changes.
If you do not agree with the updated notice, you should stop using the platform and contact us regarding your data.
15. Contact Information
If you have questions, concerns, or requests regarding this Product Privacy Notice or the way personal information is handled within the Hyaa AI platform, you can contact us at:
Hyaa AI Pty Ltd
65 Maroochy Boulevard
Maroochydore QLD 4558
Australia
Privacy and legal enquiries: legal@hyaa.ai
General support: support@hyaa.ai
We will respond to all legitimate requests within a reasonable timeframe and in accordance with applicable laws.
Updated 19/11/2025
1. Introduction & Scope
This Product Privacy Notice explains how Hyaa AI Pty Ltd (“Hyaa AI”, “we”, “our”, or “us”) collects, uses, processes, and protects personal information when you use the Hyaa AI platform, including:
employer and team accounts
candidate interviews and submissions
audio recordings and transcripts
AI-generated insights, summaries, and scoring
workflows, integrations, and automations
billing, authentication, and usage data
This notice applies to all users of the Hyaa AI platform, including:
employers, customers, and their authorized users
job candidates completing interviews or submitting materials
individuals interacting with Hyaa AI through integrations or workflows
This notice does not apply to information collected through our public Website or marketing pages. Website interactions, cookie usage, and advertising analytics are covered separately in our Website Privacy Policy and Cookie Policy.
This Product Privacy Notice is designed to:
describe the categories of personal data we process
explain how and why we use that data
clarify the role of Hyaa AI as a data processor for most candidate data
outline employer responsibilities when using the platform
detail our AI processing, retention, and security practices
explain your rights and choices relating to personal information
By using the Hyaa AI platform or completing an interview, you agree to the practices described in this Notice.
2. Who We Are
Hyaa AI Pty Ltd is the provider and operator of the Hyaa AI platform. We are responsible for processing personal information as described in this notice, depending on the context of your use.
For most activities within the platform, including candidate interviews and employer workflows, Hyaa AI acts as a data processor or service provider on behalf of the employer or organization using the platform. In some cases, such as managing user accounts, billing, and system security, Hyaa AI acts as a data controller.
Company details:
Hyaa AI Pty Ltd
65 Maroochy Boulevard
Maroochydore QLD 4558
Australia
Privacy and legal enquiries: legal@hyaa.ai
General support: support@hyaa.ai
3. Categories of Data We Process
We process several categories of personal information when you use the Hyaa AI platform. These categories depend on whether you are an employer, an authorized user, or a job candidate.
3.1 Employer and User Account Data
Information provided when an organization or user creates or manages an account, including:
name and email address
password and authentication details
organization name and contact details
billing information and payment records
seat assignments, roles, and permissions
communication preferences
audit logs showing actions taken within the platform
3.2 Candidate Data
Information submitted or generated during the recruitment process, including:
audio recordings and spoken responses
per-question audio files
transcripts of interviews
summaries and structured interview content
resume uploads and extracted resume data
job application materials and attachments
device metadata such as browser type, region, and platform
timestamps, activity logs, and technical metrics
notes added by employers or authorized users
3.3 Data Generated by AI Models and Automation
The platform generates additional information derived from candidate submissions, such as:
automated interview summaries
structured insights
scoring and ranking outputs
extracted skills and classifications
similarity matches to job criteria
text-to-structure transformations
These outputs depend on the inputs provided and the model behaviour at the time of processing.
3.4 System, Device, and Usage Data
Information collected automatically when employers, users, or candidates interact with the platform, including:
IP address and general location
browser type, operating system, and device type
access times and session duration
error logs, performance metrics, and diagnostic data
API usage and integration activity
security logs and authentication events
This data is used for security, troubleshooting, and maintaining platform functionality.
4. How We Use Personal Data
We use personal information within the Hyaa AI platform for the following purposes.
4.1 Providing and Operating the Platform
hosting and delivering interviews
processing audio recordings
generating transcripts, summaries, insights, and scoring
enabling resume parsing and structured data extraction
managing job pipelines, workflows, and team collaboration
delivering notifications and communications
maintaining account access and authentication
4.2 Improving Accuracy, Safety, and Quality
enhancing transcription accuracy, scoring consistency, and model outputs
detecting errors, anomalies, or problematic content
monitoring system performance and reliability
testing and refining features or AI behaviour
reviewing aggregate patterns to improve overall platform performance
Where possible, aggregated or anonymised data is used for these improvements.
4.3 Supporting Employers and Authorized Users
responding to support requests
resolving issues or incidents
providing product guidance or troubleshooting assistance
enabling administrators to manage teams, roles, and permissions
4.4 Analytics and Product Development
We may analyse platform usage trends to:
understand how features are used
prioritise improvements
measure adoption and performance
identify areas where the platform can be enhanced
Analytics does not involve making automated hiring decisions.
4.5 Security, Fraud Prevention, and Compliance
monitoring access patterns to detect suspicious activity
protecting against unauthorized access or abuse
ensuring compliance with employment, privacy, and anti-discrimination laws
meeting legal and regulatory obligations
4.6 Legal, Contractual, and Administrative Purposes
billing and subscription management
enforcing terms and policies
handling disputes
responding to lawful requests from authorities
maintaining internal records and documentation
5. Legal Bases for Processing
Where required by applicable laws, we process personal information within the Hyaa AI platform on the following legal bases.
5.1 Contractual Necessity
We process personal information as needed to:
create and manage user accounts
provide access to the platform
process interviews, transcripts, scoring, and related data
deliver features included in your subscription or agreement
maintain system functionality and security
Without this processing, the platform cannot operate as intended.
5.2 Legitimate Interests
We rely on legitimate interests to:
ensure the security and integrity of the platform
prevent misuse or unauthorized access
analyse usage to improve features and performance
support employers with account management and troubleshooting
maintain internal administrative records
develop new capabilities and product enhancements
We balance these interests against user and candidate privacy rights.
5.3 Consent
For certain processing activities, we rely on consent:
candidates providing interview responses through pre-interview consent screens
use of audio recordings for automated transcription and summarization
any optional features clearly identified as consent-based
communication preferences where required by law
Candidates may withdraw consent at any time by contacting the employer or Hyaa AI, depending on the context.
5.4 Legal Obligations
We may process personal information where necessary to
comply with applicable laws, regulations, or orders
respond to lawful requests from authorities
maintain records required for compliance or audits
assist employers in meeting their own legal obligations
5.5 Acting as a Data Processor
For most candidate-related processing, Hyaa AI acts as a data processor on behalf of the employer.
In these cases:
the employer is responsible for having a lawful basis
Hyaa AI processes data only according to the employer’s instructions and configuration
the employer is responsible for notices, disclosures, and compliance with hiring laws
6. Data Sharing and Subprocessors
We share personal information only when necessary to operate the Hyaa AI platform, deliver the features you have selected, meet legal obligations, or support core business functions. We do not sell personal information.
6.1 Service Providers and Subprocessors
We use third-party service providers to support hosting, audio processing, AI inference, communications, billing, workflow automation, and related operational functions. These subprocessors may process personal information on our behalf and only in accordance with our instructions.
We require all subprocessors to:
implement appropriate security measures
maintain confidentiality
comply with privacy and data protection requirements
process information only for the purposes specified by Hyaa AI
We maintain a current list of approved subprocessors on a separate page, which is updated as needed to reflect changes in our service providers.
6.2 Sharing with Employers and Authorized Users
If you are a candidate, your personal information (including audio recordings, transcripts, summaries, scoring, resume data, and interview metadata) is shared with the employer or organization managing the role you applied for. They determine how they use this information for their recruitment activities.
Employers and authorized users may add notes or classifications within the platform, which form part of your application record.
6.3 Integrations and Connected Tools
If an employer enables integrations with third-party tools (such as ATS platforms, CRMs, or communication services), we may share relevant data as instructed by the employer to support those integrations.
We do not control how third parties handle information once it is transferred according to employer instructions.
6.4 Legal, Compliance, and Safety Disclosures
We may disclose personal information when we believe it is necessary to:
comply with applicable laws or lawful requests
respond to legal proceedings or regulatory authorities
enforce our terms and agreements
detect, prevent, or address fraud, security issues, or harmful activity
protect the rights, property, or safety of Hyaa AI, our users, or others
6.5 Aggregated or Anonymised Information
We may use and share aggregated or anonymised information that cannot reasonably be used to identify any individual. This type of information is not considered personal data under applicable laws.
7. AI Processing & Automated Decision Making
The Hyaa AI platform uses artificial intelligence to assist employers in evaluating and managing interview data. AI features operate within defined limits and do not replace human decision-making.
7.1 How AI Is Used
We use AI models to generate:
transcripts of spoken responses
summaries and structured interview content
extracted skills, classifications, and key points
scoring, ranking, and similarity assessments
resume parsing and structured field extraction
These outputs are generated from the information provided by the candidate and the context supplied by the employer.
7.2 No Fully Automated Hiring Decisions
The platform does not make hiring decisions automatically. AI-generated outputs are tools intended to support employer review, not replace it. Employers are responsible for:
interpreting AI-generated insights
ensuring fair and lawful decision-making
applying their own judgment in each hiring process
7.3 Human Review and Overrides
Employers can review, modify, disregard, or supplement AI outputs at any time. AI outputs do not determine whether a candidate is shortlisted, rejected, or advanced unless the employer manually configures their own internal rules or workflows outside the platform.
7.4 Fairness, Accuracy, and Limitations
AI outputs may contain inaccuracies or inconsistencies and should not be treated as statements of fact. Performance may vary depending on:
audio quality
phrasing
context provided
model behaviour at the time of processing
Employers should not rely solely on AI scoring or summaries when evaluating a candidate.
7.5 Model Providers
AI processing is performed through third-party providers, including OpenAI, ElevenLabs, and ScrapingBee. These providers process data only as needed to generate the outputs requested through the platform and do not retain data for their own training unless explicitly disclosed.
7.6 Candidate Awareness and Consent
Candidates are informed that their interview responses will be processed using AI through pre-interview consent screens and related notices. Candidates may withdraw consent by contacting the employer or Hyaa AI, depending on the jurisdiction and the nature of the request.
8. Candidate Consent & Candidate Rights
8.1 Candidate Consent Before an Interview
Candidates are shown a pre-interview notice that explains:
the nature of the interview
that audio will be recorded
that AI models will generate transcripts, summaries, insights, and scoring
how their information will be shared with the employer
how long the information will be stored
By proceeding with the interview, candidates provide consent to this processing where consent is required by applicable laws.
8.2 Right to Access
Candidates may request access to the personal information processed about them, including:
interview recordings
transcripts
summaries
resume data
information provided by the employer (such as notes)
Requests may be directed to the employer managing the job application or to Hyaa AI, depending on the jurisdiction.
8.3 Right to Correction
Candidates may request correction of inaccurate or incomplete personal information.
Employers are responsible for updating employer-provided data such as notes or classifications.
8.4 Right to Deletion
Candidates may request deletion of their personal information.
Deletion will be performed in line with:
legal requirements
employer obligations
the platform’s retention policy
Certain information may need to be retained for audit, security, or legal compliance purposes.
8.5 Right to Withdraw Consent
Where processing is based on consent, candidates may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Withdrawing consent may prevent the candidate from completing or continuing the interview process.
8.6 Right to Object or Restrict Processing
Depending on the jurisdiction, candidates may have the right to:
object to certain types of processing
request temporary restrictions on how data is used
Employers may need to review these requests depending on their hiring practices and obligations.
8.7 Right to Data Portability
Where applicable, candidates may request a copy of their personal information in a structured and portable format.
8.8 Submitting a Privacy Request
Candidates can submit privacy requests through:
the employer managing the job
Hyaa AI directly at legal@hyaa.ai
We may need to verify identity before responding. Some requests may be routed to the employer if they are the data controller for the relevant processing.
9. International Data Transfers
We operate using a combination of global service providers and may process personal information in multiple regions depending on where our infrastructure is hosted and where our subprocessors operate.
9.1 Hosting and Storage Regions
Core platform data, including candidate information, is hosted using cloud providers such as Supabase and Vercel.
These providers may store or process data in regions including:
Australia
the United States
the European Union
other regions where their infrastructure operates
We select providers that offer appropriate security and compliance measures.
9.2 Transfers to Service Providers
Personal information may be transferred to service providers located in other countries where necessary to:
operate the platform
support audio processing
deliver AI inference
send emails or messages
manage billing and subscriptions
handle workflows or automation
These transfers are limited to what is required for the requested features to function properly.
9.3 Safeguards for International Transfers
When information is transferred outside of Australia, the European Union, the United Kingdom, or similar jurisdictions, we rely on legally recognised safeguards such as:
Standard Contractual Clauses (SCCs)
contractual commitments requiring adequate protection
compliance certifications or recognised frameworks
data processing terms offered by the service providers
These measures ensure that personal information continues to receive protection consistent with applicable laws.
9.4 Employer Responsibilities
Employers using the platform may also choose to store, download, export, or transfer candidate information through their own systems or tools. Hyaa AI is not responsible for how employers handle information outside the platform.
10. Data Retention
We retain personal information only for as long as it is needed to operate the Hyaa AI platform, support employers in their recruitment processes, and comply with legal or contractual requirements.
10.1 Candidate Data
Candidate information, including audio recordings, transcripts, summaries, scoring, resume data, and interview metadata, is retained for a fixed period of 12 months from the date of collection, unless a shorter period is required by law.
At the end of this period, candidate data is securely deleted or anonymised.
10.2 Employer and User Account Data
Information related to employer accounts, billing, team management, and administrative activity is retained:
for as long as the account remains active, and
for additional periods needed for tax, audit, or legal compliance.
10.3 System Logs and Security Data
Authentication logs, technical diagnostics, and security records are retained for periods necessary to:
detect and investigate incidents
maintain system integrity
meet legal and regulatory obligations
These periods may vary depending on operational and security requirements.
10.4 Aggregated or Anonymised Data
We may continue to use aggregated or anonymised information after deletion of personal data. This information cannot be used to identify individuals.
10.5 Employer Exports or Copies
If employers export or download candidate information from the platform, they are responsible for retaining and deleting that data according to their own policies. Such exports are not covered by Hyaa AI’s retention schedule.
11. Security Measures
We take reasonable and appropriate steps to protect personal information processed through the Hyaa AI platform. Our security measures are designed to maintain confidentiality, integrity, and availability of data throughout its lifecycle.
11.1 Technical Safeguards
We implement technical controls such as:
encryption of data in transit and at rest
secure authentication and session handling
role-based access controls for employer accounts
network and infrastructure protections provided by our hosting providers
storage isolation for customer and candidate records
restricted access to production systems
11.2 Operational and Administrative Safeguards
Operational measures include:
limiting access to personal information to authorized personnel
internal access reviews and permission management
policies governing data handling and internal use
monitoring for unusual activity or unauthorized access
controlled deployment practices
backup and recovery processes
11.3 Third-Party Security
We select subprocessors that maintain their own security standards and certifications suitable for the services they provide. Each subprocessor is contractually required to
protect data to an appropriate standard
use information only for the intended purpose
maintain confidentiality and access controls
11.4 Incident Response
We maintain internal procedures for identifying, assessing, and responding to security incidents. Where required by law, we will notify affected customers or individuals and any relevant authorities within the applicable timeframes.
11.5 Shared Responsibility
Employers and authorized users also play a role in maintaining security.
This includes:
protecting login credentials
configuring roles and permissions appropriately
managing authorized users within their organization
complying with applicable laws and internal policies
12. User & Candidate Rights
Individuals who use the Hyaa AI platform or participate in interviews may have certain rights regarding their personal information. These rights vary depending on the laws that apply in their region, but we aim to support all reasonable requests where feasible.
12.1 Right to Access
You may request a copy of the personal information we process about you, including interview data, transcripts, summaries, resume information, and relevant system records.
12.2 Right to Correction
You may request correction of inaccurate or incomplete personal information. Employers are responsible for correcting information they have added, such as notes or classifications.
12.3 Right to Deletion
You may request deletion of your personal information.
Deletion requests may be limited by:
legal obligations
security requirements
the employer’s own obligations
the platform’s data retention policy
Some information may be retained as necessary for compliance or recordkeeping.
12.4 Right to Withdraw Consent
Where processing is based on consent, such as interview participation or audio recording, you may withdraw your consent at any time. Withdrawal does not affect prior processing and may prevent further participation in the recruitment process.
12.5 Right to Object or Restrict Processing
In certain situations, you may object to or request a temporary restriction of processing.
Requests of this nature may need to be reviewed by the employer if they control the relevant data.
12.6 Right to Data Portability
Where applicable, you may request your information in a structured and portable format.
12.7 Rights Under Regional Laws
Depending on your location, additional rights may apply, including:
the right not to be subject to automated decision-making
the right to know how information is used or shared
the right to opt out of certain uses of personal information
the right to lodge a complaint with a supervisory authority
12.8 How to Submit a Request
Requests can be submitted through:
the employer managing the job application
Hyaa AI at legal@hyaa.ai
We may require identity verification before responding to any request.
If the employer controls the data, we may redirect the request to them.
13. Employer Responsibilities
Employers and organizations using the Hyaa AI platform are responsible for ensuring that their use of the platform complies with applicable privacy, employment, and discrimination laws. Hyaa AI processes candidate data on behalf of the employer and according to their instructions unless otherwise stated in this notice.
13.1 Lawful Use of Candidate Data
Employers are responsible for:
providing accurate and lawful notices to candidates
ensuring that they have a valid legal basis to collect and process candidate information
using AI-generated outputs in a fair, non-discriminatory manner
complying with local recruitment and hiring regulations
13.2 Candidate Communications
Employers must ensure that:
candidates are notified about the use of recordings and AI processing
requests from candidates (access, deletion, corrections) are responded to when the employer is the controller
any additional notices required by local law are provided
13.3 Data Accuracy and Integrity
Employers control:
job descriptions
interview configurations
custom questions
notes, tags, and internal classifications
decisions made based on candidate information
Hyaa AI does not verify the accuracy or appropriateness of these inputs.
13.4 Access Management
Employers are responsible for:
managing their users, team members, and permissions
restricting access to candidate information appropriately
removing users who no longer require access
ensuring internal security practices for passwords and accounts
13.5 Exported, Downloaded, or External Copies
If employers export or move candidate data outside the platform, they are responsible for:
storage
retention
deletion
access control
compliance with applicable laws
These external copies are not covered by Hyaa AI’s retention schedule or platform safeguards.
13.6 Integration Management
If employers connect third-party tools or ATS systems, they are responsible for ensuring that:
data shared with those tools is handled lawfully
appropriate agreements exist with those third parties
configuration is correct and secure
Hyaa AI processes integrations only according to employer instructions.
14. Changes to This Notice
We may update this Product Privacy Notice from time to time to reflect changes in our practices, technologies, services, or legal requirements. When changes are made, we will update the “Last Updated” date at the top of the notice.
If the changes are significant, we may provide additional notice through the platform or other reasonable methods. Continued use of the platform after the updated notice takes effect indicates acceptance of the changes.
If you do not agree with the updated notice, you should stop using the platform and contact us regarding your data.
15. Contact Information
If you have questions, concerns, or requests regarding this Product Privacy Notice or the way personal information is handled within the Hyaa AI platform, you can contact us at:
Hyaa AI Pty Ltd
65 Maroochy Boulevard
Maroochydore QLD 4558
Australia
Privacy and legal enquiries: legal@hyaa.ai
General support: support@hyaa.ai
We will respond to all legitimate requests within a reasonable timeframe and in accordance with applicable laws.
Updated 19/11/2025
1. Introduction & Scope
This Product Privacy Notice explains how Hyaa AI Pty Ltd (“Hyaa AI”, “we”, “our”, or “us”) collects, uses, processes, and protects personal information when you use the Hyaa AI platform, including:
employer and team accounts
candidate interviews and submissions
audio recordings and transcripts
AI-generated insights, summaries, and scoring
workflows, integrations, and automations
billing, authentication, and usage data
This notice applies to all users of the Hyaa AI platform, including:
employers, customers, and their authorized users
job candidates completing interviews or submitting materials
individuals interacting with Hyaa AI through integrations or workflows
This notice does not apply to information collected through our public Website or marketing pages. Website interactions, cookie usage, and advertising analytics are covered separately in our Website Privacy Policy and Cookie Policy.
This Product Privacy Notice is designed to:
describe the categories of personal data we process
explain how and why we use that data
clarify the role of Hyaa AI as a data processor for most candidate data
outline employer responsibilities when using the platform
detail our AI processing, retention, and security practices
explain your rights and choices relating to personal information
By using the Hyaa AI platform or completing an interview, you agree to the practices described in this Notice.
2. Who We Are
Hyaa AI Pty Ltd is the provider and operator of the Hyaa AI platform. We are responsible for processing personal information as described in this notice, depending on the context of your use.
For most activities within the platform, including candidate interviews and employer workflows, Hyaa AI acts as a data processor or service provider on behalf of the employer or organization using the platform. In some cases, such as managing user accounts, billing, and system security, Hyaa AI acts as a data controller.
Company details:
Hyaa AI Pty Ltd
65 Maroochy Boulevard
Maroochydore QLD 4558
Australia
Privacy and legal enquiries: legal@hyaa.ai
General support: support@hyaa.ai
3. Categories of Data We Process
We process several categories of personal information when you use the Hyaa AI platform. These categories depend on whether you are an employer, an authorized user, or a job candidate.
3.1 Employer and User Account Data
Information provided when an organization or user creates or manages an account, including:
name and email address
password and authentication details
organization name and contact details
billing information and payment records
seat assignments, roles, and permissions
communication preferences
audit logs showing actions taken within the platform
3.2 Candidate Data
Information submitted or generated during the recruitment process, including:
audio recordings and spoken responses
per-question audio files
transcripts of interviews
summaries and structured interview content
resume uploads and extracted resume data
job application materials and attachments
device metadata such as browser type, region, and platform
timestamps, activity logs, and technical metrics
notes added by employers or authorized users
3.3 Data Generated by AI Models and Automation
The platform generates additional information derived from candidate submissions, such as:
automated interview summaries
structured insights
scoring and ranking outputs
extracted skills and classifications
similarity matches to job criteria
text-to-structure transformations
These outputs depend on the inputs provided and the model behaviour at the time of processing.
3.4 System, Device, and Usage Data
Information collected automatically when employers, users, or candidates interact with the platform, including:
IP address and general location
browser type, operating system, and device type
access times and session duration
error logs, performance metrics, and diagnostic data
API usage and integration activity
security logs and authentication events
This data is used for security, troubleshooting, and maintaining platform functionality.
4. How We Use Personal Data
We use personal information within the Hyaa AI platform for the following purposes.
4.1 Providing and Operating the Platform
hosting and delivering interviews
processing audio recordings
generating transcripts, summaries, insights, and scoring
enabling resume parsing and structured data extraction
managing job pipelines, workflows, and team collaboration
delivering notifications and communications
maintaining account access and authentication
4.2 Improving Accuracy, Safety, and Quality
enhancing transcription accuracy, scoring consistency, and model outputs
detecting errors, anomalies, or problematic content
monitoring system performance and reliability
testing and refining features or AI behaviour
reviewing aggregate patterns to improve overall platform performance
Where possible, aggregated or anonymised data is used for these improvements.
4.3 Supporting Employers and Authorized Users
responding to support requests
resolving issues or incidents
providing product guidance or troubleshooting assistance
enabling administrators to manage teams, roles, and permissions
4.4 Analytics and Product Development
We may analyse platform usage trends to:
understand how features are used
prioritise improvements
measure adoption and performance
identify areas where the platform can be enhanced
Analytics does not involve making automated hiring decisions.
4.5 Security, Fraud Prevention, and Compliance
monitoring access patterns to detect suspicious activity
protecting against unauthorized access or abuse
ensuring compliance with employment, privacy, and anti-discrimination laws
meeting legal and regulatory obligations
4.6 Legal, Contractual, and Administrative Purposes
billing and subscription management
enforcing terms and policies
handling disputes
responding to lawful requests from authorities
maintaining internal records and documentation
5. Legal Bases for Processing
Where required by applicable laws, we process personal information within the Hyaa AI platform on the following legal bases.
5.1 Contractual Necessity
We process personal information as needed to:
create and manage user accounts
provide access to the platform
process interviews, transcripts, scoring, and related data
deliver features included in your subscription or agreement
maintain system functionality and security
Without this processing, the platform cannot operate as intended.
5.2 Legitimate Interests
We rely on legitimate interests to:
ensure the security and integrity of the platform
prevent misuse or unauthorized access
analyse usage to improve features and performance
support employers with account management and troubleshooting
maintain internal administrative records
develop new capabilities and product enhancements
We balance these interests against user and candidate privacy rights.
5.3 Consent
For certain processing activities, we rely on consent:
candidates providing interview responses through pre-interview consent screens
use of audio recordings for automated transcription and summarization
any optional features clearly identified as consent-based
communication preferences where required by law
Candidates may withdraw consent at any time by contacting the employer or Hyaa AI, depending on the context.
5.4 Legal Obligations
We may process personal information where necessary to
comply with applicable laws, regulations, or orders
respond to lawful requests from authorities
maintain records required for compliance or audits
assist employers in meeting their own legal obligations
5.5 Acting as a Data Processor
For most candidate-related processing, Hyaa AI acts as a data processor on behalf of the employer.
In these cases:
the employer is responsible for having a lawful basis
Hyaa AI processes data only according to the employer’s instructions and configuration
the employer is responsible for notices, disclosures, and compliance with hiring laws
6. Data Sharing and Subprocessors
We share personal information only when necessary to operate the Hyaa AI platform, deliver the features you have selected, meet legal obligations, or support core business functions. We do not sell personal information.
6.1 Service Providers and Subprocessors
We use third-party service providers to support hosting, audio processing, AI inference, communications, billing, workflow automation, and related operational functions. These subprocessors may process personal information on our behalf and only in accordance with our instructions.
We require all subprocessors to:
implement appropriate security measures
maintain confidentiality
comply with privacy and data protection requirements
process information only for the purposes specified by Hyaa AI
We maintain a current list of approved subprocessors on a separate page, which is updated as needed to reflect changes in our service providers.
6.2 Sharing with Employers and Authorized Users
If you are a candidate, your personal information (including audio recordings, transcripts, summaries, scoring, resume data, and interview metadata) is shared with the employer or organization managing the role you applied for. They determine how they use this information for their recruitment activities.
Employers and authorized users may add notes or classifications within the platform, which form part of your application record.
6.3 Integrations and Connected Tools
If an employer enables integrations with third-party tools (such as ATS platforms, CRMs, or communication services), we may share relevant data as instructed by the employer to support those integrations.
We do not control how third parties handle information once it is transferred according to employer instructions.
6.4 Legal, Compliance, and Safety Disclosures
We may disclose personal information when we believe it is necessary to:
comply with applicable laws or lawful requests
respond to legal proceedings or regulatory authorities
enforce our terms and agreements
detect, prevent, or address fraud, security issues, or harmful activity
protect the rights, property, or safety of Hyaa AI, our users, or others
6.5 Aggregated or Anonymised Information
We may use and share aggregated or anonymised information that cannot reasonably be used to identify any individual. This type of information is not considered personal data under applicable laws.
7. AI Processing & Automated Decision Making
The Hyaa AI platform uses artificial intelligence to assist employers in evaluating and managing interview data. AI features operate within defined limits and do not replace human decision-making.
7.1 How AI Is Used
We use AI models to generate:
transcripts of spoken responses
summaries and structured interview content
extracted skills, classifications, and key points
scoring, ranking, and similarity assessments
resume parsing and structured field extraction
These outputs are generated from the information provided by the candidate and the context supplied by the employer.
7.2 No Fully Automated Hiring Decisions
The platform does not make hiring decisions automatically. AI-generated outputs are tools intended to support employer review, not replace it. Employers are responsible for:
interpreting AI-generated insights
ensuring fair and lawful decision-making
applying their own judgment in each hiring process
7.3 Human Review and Overrides
Employers can review, modify, disregard, or supplement AI outputs at any time. AI outputs do not determine whether a candidate is shortlisted, rejected, or advanced unless the employer manually configures their own internal rules or workflows outside the platform.
7.4 Fairness, Accuracy, and Limitations
AI outputs may contain inaccuracies or inconsistencies and should not be treated as statements of fact. Performance may vary depending on:
audio quality
phrasing
context provided
model behaviour at the time of processing
Employers should not rely solely on AI scoring or summaries when evaluating a candidate.
7.5 Model Providers
AI processing is performed through third-party providers, including OpenAI, ElevenLabs, and ScrapingBee. These providers process data only as needed to generate the outputs requested through the platform and do not retain data for their own training unless explicitly disclosed.
7.6 Candidate Awareness and Consent
Candidates are informed that their interview responses will be processed using AI through pre-interview consent screens and related notices. Candidates may withdraw consent by contacting the employer or Hyaa AI, depending on the jurisdiction and the nature of the request.
8. Candidate Consent & Candidate Rights
8.1 Candidate Consent Before an Interview
Candidates are shown a pre-interview notice that explains:
the nature of the interview
that audio will be recorded
that AI models will generate transcripts, summaries, insights, and scoring
how their information will be shared with the employer
how long the information will be stored
By proceeding with the interview, candidates provide consent to this processing where consent is required by applicable laws.
8.2 Right to Access
Candidates may request access to the personal information processed about them, including:
interview recordings
transcripts
summaries
resume data
information provided by the employer (such as notes)
Requests may be directed to the employer managing the job application or to Hyaa AI, depending on the jurisdiction.
8.3 Right to Correction
Candidates may request correction of inaccurate or incomplete personal information.
Employers are responsible for updating employer-provided data such as notes or classifications.
8.4 Right to Deletion
Candidates may request deletion of their personal information.
Deletion will be performed in line with:
legal requirements
employer obligations
the platform’s retention policy
Certain information may need to be retained for audit, security, or legal compliance purposes.
8.5 Right to Withdraw Consent
Where processing is based on consent, candidates may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Withdrawing consent may prevent the candidate from completing or continuing the interview process.
8.6 Right to Object or Restrict Processing
Depending on the jurisdiction, candidates may have the right to:
object to certain types of processing
request temporary restrictions on how data is used
Employers may need to review these requests depending on their hiring practices and obligations.
8.7 Right to Data Portability
Where applicable, candidates may request a copy of their personal information in a structured and portable format.
8.8 Submitting a Privacy Request
Candidates can submit privacy requests through:
the employer managing the job
Hyaa AI directly at legal@hyaa.ai
We may need to verify identity before responding. Some requests may be routed to the employer if they are the data controller for the relevant processing.
9. International Data Transfers
We operate using a combination of global service providers and may process personal information in multiple regions depending on where our infrastructure is hosted and where our subprocessors operate.
9.1 Hosting and Storage Regions
Core platform data, including candidate information, is hosted using cloud providers such as Supabase and Vercel.
These providers may store or process data in regions including:
Australia
the United States
the European Union
other regions where their infrastructure operates
We select providers that offer appropriate security and compliance measures.
9.2 Transfers to Service Providers
Personal information may be transferred to service providers located in other countries where necessary to:
operate the platform
support audio processing
deliver AI inference
send emails or messages
manage billing and subscriptions
handle workflows or automation
These transfers are limited to what is required for the requested features to function properly.
9.3 Safeguards for International Transfers
When information is transferred outside of Australia, the European Union, the United Kingdom, or similar jurisdictions, we rely on legally recognised safeguards such as:
Standard Contractual Clauses (SCCs)
contractual commitments requiring adequate protection
compliance certifications or recognised frameworks
data processing terms offered by the service providers
These measures ensure that personal information continues to receive protection consistent with applicable laws.
9.4 Employer Responsibilities
Employers using the platform may also choose to store, download, export, or transfer candidate information through their own systems or tools. Hyaa AI is not responsible for how employers handle information outside the platform.
10. Data Retention
We retain personal information only for as long as it is needed to operate the Hyaa AI platform, support employers in their recruitment processes, and comply with legal or contractual requirements.
10.1 Candidate Data
Candidate information, including audio recordings, transcripts, summaries, scoring, resume data, and interview metadata, is retained for a fixed period of 12 months from the date of collection, unless a shorter period is required by law.
At the end of this period, candidate data is securely deleted or anonymised.
10.2 Employer and User Account Data
Information related to employer accounts, billing, team management, and administrative activity is retained:
for as long as the account remains active, and
for additional periods needed for tax, audit, or legal compliance.
10.3 System Logs and Security Data
Authentication logs, technical diagnostics, and security records are retained for periods necessary to:
detect and investigate incidents
maintain system integrity
meet legal and regulatory obligations
These periods may vary depending on operational and security requirements.
10.4 Aggregated or Anonymised Data
We may continue to use aggregated or anonymised information after deletion of personal data. This information cannot be used to identify individuals.
10.5 Employer Exports or Copies
If employers export or download candidate information from the platform, they are responsible for retaining and deleting that data according to their own policies. Such exports are not covered by Hyaa AI’s retention schedule.
11. Security Measures
We take reasonable and appropriate steps to protect personal information processed through the Hyaa AI platform. Our security measures are designed to maintain confidentiality, integrity, and availability of data throughout its lifecycle.
11.1 Technical Safeguards
We implement technical controls such as:
encryption of data in transit and at rest
secure authentication and session handling
role-based access controls for employer accounts
network and infrastructure protections provided by our hosting providers
storage isolation for customer and candidate records
restricted access to production systems
11.2 Operational and Administrative Safeguards
Operational measures include:
limiting access to personal information to authorized personnel
internal access reviews and permission management
policies governing data handling and internal use
monitoring for unusual activity or unauthorized access
controlled deployment practices
backup and recovery processes
11.3 Third-Party Security
We select subprocessors that maintain their own security standards and certifications suitable for the services they provide. Each subprocessor is contractually required to
protect data to an appropriate standard
use information only for the intended purpose
maintain confidentiality and access controls
11.4 Incident Response
We maintain internal procedures for identifying, assessing, and responding to security incidents. Where required by law, we will notify affected customers or individuals and any relevant authorities within the applicable timeframes.
11.5 Shared Responsibility
Employers and authorized users also play a role in maintaining security.
This includes:
protecting login credentials
configuring roles and permissions appropriately
managing authorized users within their organization
complying with applicable laws and internal policies
12. User & Candidate Rights
Individuals who use the Hyaa AI platform or participate in interviews may have certain rights regarding their personal information. These rights vary depending on the laws that apply in their region, but we aim to support all reasonable requests where feasible.
12.1 Right to Access
You may request a copy of the personal information we process about you, including interview data, transcripts, summaries, resume information, and relevant system records.
12.2 Right to Correction
You may request correction of inaccurate or incomplete personal information. Employers are responsible for correcting information they have added, such as notes or classifications.
12.3 Right to Deletion
You may request deletion of your personal information.
Deletion requests may be limited by:
legal obligations
security requirements
the employer’s own obligations
the platform’s data retention policy
Some information may be retained as necessary for compliance or recordkeeping.
12.4 Right to Withdraw Consent
Where processing is based on consent, such as interview participation or audio recording, you may withdraw your consent at any time. Withdrawal does not affect prior processing and may prevent further participation in the recruitment process.
12.5 Right to Object or Restrict Processing
In certain situations, you may object to or request a temporary restriction of processing.
Requests of this nature may need to be reviewed by the employer if they control the relevant data.
12.6 Right to Data Portability
Where applicable, you may request your information in a structured and portable format.
12.7 Rights Under Regional Laws
Depending on your location, additional rights may apply, including:
the right not to be subject to automated decision-making
the right to know how information is used or shared
the right to opt out of certain uses of personal information
the right to lodge a complaint with a supervisory authority
12.8 How to Submit a Request
Requests can be submitted through:
the employer managing the job application
Hyaa AI at legal@hyaa.ai
We may require identity verification before responding to any request.
If the employer controls the data, we may redirect the request to them.
13. Employer Responsibilities
Employers and organizations using the Hyaa AI platform are responsible for ensuring that their use of the platform complies with applicable privacy, employment, and discrimination laws. Hyaa AI processes candidate data on behalf of the employer and according to their instructions unless otherwise stated in this notice.
13.1 Lawful Use of Candidate Data
Employers are responsible for:
providing accurate and lawful notices to candidates
ensuring that they have a valid legal basis to collect and process candidate information
using AI-generated outputs in a fair, non-discriminatory manner
complying with local recruitment and hiring regulations
13.2 Candidate Communications
Employers must ensure that:
candidates are notified about the use of recordings and AI processing
requests from candidates (access, deletion, corrections) are responded to when the employer is the controller
any additional notices required by local law are provided
13.3 Data Accuracy and Integrity
Employers control:
job descriptions
interview configurations
custom questions
notes, tags, and internal classifications
decisions made based on candidate information
Hyaa AI does not verify the accuracy or appropriateness of these inputs.
13.4 Access Management
Employers are responsible for:
managing their users, team members, and permissions
restricting access to candidate information appropriately
removing users who no longer require access
ensuring internal security practices for passwords and accounts
13.5 Exported, Downloaded, or External Copies
If employers export or move candidate data outside the platform, they are responsible for:
storage
retention
deletion
access control
compliance with applicable laws
These external copies are not covered by Hyaa AI’s retention schedule or platform safeguards.
13.6 Integration Management
If employers connect third-party tools or ATS systems, they are responsible for ensuring that:
data shared with those tools is handled lawfully
appropriate agreements exist with those third parties
configuration is correct and secure
Hyaa AI processes integrations only according to employer instructions.
14. Changes to This Notice
We may update this Product Privacy Notice from time to time to reflect changes in our practices, technologies, services, or legal requirements. When changes are made, we will update the “Last Updated” date at the top of the notice.
If the changes are significant, we may provide additional notice through the platform or other reasonable methods. Continued use of the platform after the updated notice takes effect indicates acceptance of the changes.
If you do not agree with the updated notice, you should stop using the platform and contact us regarding your data.
15. Contact Information
If you have questions, concerns, or requests regarding this Product Privacy Notice or the way personal information is handled within the Hyaa AI platform, you can contact us at:
Hyaa AI Pty Ltd
65 Maroochy Boulevard
Maroochydore QLD 4558
Australia
Privacy and legal enquiries: legal@hyaa.ai
General support: support@hyaa.ai
We will respond to all legitimate requests within a reasonable timeframe and in accordance with applicable laws.
