Privacy Policy of HireFire

HireFire collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Data transfer outside the EU

      • Data transfer from the EU and/or Switzerland to the U.S based on Privacy Shield, Data transfer abroad based on standard contractual clauses and Data transfer to countries that guarantee European standards

        Personal Data: various types of Data

    • Displaying content from external platforms

      • Gravatar

        Personal Data: email address; Usage Data

    • Handling payments

      • ChargeBee and Stripe

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Hosting and backend infrastructure

      • Amazon Web Services (AWS) and Heroku

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Infrastructure monitoring

      • Bugsnag

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Managing contacts and sending messages

      • Mailgun

        Personal Data: email address

    • Managing support and contact requests

      • Help Scout

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Registration and authentication

      • Direct registration

        Personal Data: email address; password

Further information about Personal Data

    • Application status services

      SorryApp (SorryApp, Ltd)

      SorryApp is a hosted statuspage service provided by SorryApp Ltd.

      HireFire uses SorryApp to host status.hirefire.io to keep Users informed about the current status of HireFire in the event of an incident or to notify about an upcoming maintenance operation. Users can freely visit this page for more information. Users may optionally choose to provide their Personal Data such as an email address or slack channel to receive notifications when updates as posted.

      Personal Data collected: email address, slack channel.

      Place of processing: UK - Privacy Policy

    • Databases

      Providers
      HireFire makes use of databases provided, managed, and secured by Heroku Inc. and Redis Labs Inc.

      Security
      All data transferred between HireFire's services and the databases are secured using SSL.

      High Availability
      All databases are configured to be highly available through replication and failover, minimizing or completely avoiding data loss and downtime in the event of a disaster.

      Backup/Retention of Personal Data
      Backups containing Personal Data are retained for no longer than 30 days. Incremental backups (minutely) are created to minimize data loss in the event of a disaster. Backups are used exclusively for the purpose of disaster recovery. Recovering from a backup may result in the restoration of previously-deleted Personal Data. HireFire maintains a separate database of references to previously deleted Personal Data. These references are used to re-delete previously deleted Personal Data upon recovery from a backup. References have a retention period of 30 days.

    • Integrations

      Heroku Platform API (Heroku, Inc.)

      HireFire integrates with the Heroku Platform API using OAuth 2.0 with the write scope. This allows HireFire to perform scaling operations on your behalf without exposing sensitive information such as application configuration variables. You can revoke access at any time from the Heroku Dashboard.

      HireFire performs API calls against your Heroku Account for the following purposes:

      1. Fetching the email address of the authorized Heroku Account.
      2. Fetching the current dyno formation for an application.
      3. Updating the dyno formation for an application (scaling).
      4. Restarting crashed dynos for an application (disabled by default).

      Personal Data collected: email address (Heroku Account), access token (Heroku Account), refresh token (Heroku Account)


      New Relic API (New Relic, Inc.)

      HireFire integrates with the New Relic API using a User-provided New Relic API Key and New Relic App ID. New Relic's API is used exclusively for the purpose of fetching metrics required to autoscale User's Heroku Application.

      Personal Data collected: api key (New Relic Account), app id (New Relic Account)

    • Hosting and backend infrastructure

      This type of service has the purpose of hosting Data and files that enable HireFire to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of HireFire. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

      Hetzner (Hetzner Online GmbH)

      Hetzner is a hosting service provided by Hetzner Online GmbH.

      Personal Data collected: various types of Data as specified in the privacy policy of the service.

      Place of processing: Germany – Privacy Policy.


      Redis Labs (Redis Labs, Inc.)
      Redis Labs is a Database-as-a-Service provided by Redis Labs, Inc.

      Personal Data collected: various types of Data as specified in the privacy policy of the service.

      Place of processing: United States – Privacy Policy.

    • Logdrain

      HireFire (optionally) provides a logdrain service ("Logdrain"). The Logdrain is used to provide the Logplex autoscaling strategy. The Logdrain consumes the Heroku logs of User's Heroku Application when they are explicitly forwarded, by the User, to the Logdrain endpoint at https://logdrain.hirefire.io

      The received logs are parsed exclusively for the purpose of extracting certain performance metrics about User's Heroku Application. The metrics extracted are service, connect, queue, load1m, load5m, and load15m. These metrics are then stored in memory for a period of no longer than 60 seconds. All other log data is discarded immediately.

      The Logdrain only accepts log data when transferred over a secure connection, and will not respond when trying to connect over an unsecured connection.

    • System Logs

      HireFire uses Amazon Web Services, Inc. to store system logs.

      System logs contain Personal Data including, but not limited to, email addresses and ip addresses, and are retained for no longer than 6 month. System logs are securely transferred and are encrypted at rest.

    • Sessions

      We store the name, as well as the ip address of the device that was used to log in. These two pieces of information receive application-level encryption in addition to database-level encryption. This information is used to allow users to list, identify and logout sessions from the web interface and/or api.

    • The Service is not directed to children under the age of 13

      Users declare themselves to be adult according to their applicable legislation. Minors may use HireFire only with the assistance of a parent or guardian. Under no circumstance persons under the age of 13 may use HireFire.

Contact information

    • Owner and Data Controller

      Final Creation
      Gooimeerpromenade 111, 1277EW Huizen
      North Holland, The Netherlands

      Owner contact email: privacy@hirefire.io