Privacy Policy of HireFire

HireFire collects some Personal Data from its Users.

Personal Data processed for the following purposes and using the following services:

    • Data transfer outside the EU

      • Data transfer abroad based on standard contractual clauses and Data transfer to countries that guarantee European standards

        Personal Data: various types of Data

    • Displaying content from external platforms

      • Gravatar

        Personal Data: email address; Usage Data

    • Handling payments

      • ChargeBee and Stripe

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Hosting and backend infrastructure

      • Heroku and GitHub Pages

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Infrastructure monitoring

      • Bugsnag

        Personal Data: various types of Data as specified in the privacy policy of the service

      • New Relic

        Personal Data: Trackers; Usage Data; various types of Data as specified in the privacy policy of the service

    • Managing contacts and sending messages

      • Mailgun

        Personal Data: email address

    • Managing support and contact requests

      • Help Scout

        Personal Data: Data communicated while using the service; Tracker; various types of Data as specified in the privacy policy of the service

    • Registration and authentication provided directly by HireFire

      • Direct registration

        Personal Data: email address; password

    • Traffic optimization and distribution

      • Cloudflare

        Personal Data: Tracker; various types of Data as specified in the privacy policy of the service

Further information about the processing of Personal Data

    • Application status services

      SorryApp (SorryApp, Ltd)

      SorryApp is a hosted statuspage service provided by SorryApp Ltd.

      HireFire uses SorryApp to host status.hirefire.io to keep Users informed about the current status of HireFire in the event of an incident or to notify about an upcoming maintenance operation. Users can freely visit this page for more information. Users may optionally choose to provide their Personal Data such as an email address or slack channel to receive notifications when updates as posted.

      Personal Data collected: email address, slack channel.

      Place of processing: UK - Privacy Policy

    • Databases

      Providers
      HireFire makes use of databases provided, managed, and secured by Heroku Inc.

      Security
      All data transferred between HireFire's services and the databases are secured using TLS.

      Backup/Retention of Personal Data
      Backups containing Personal Data are retained for no longer than 30 days. Incremental (continuous) backups are created to minimize data loss in the event of a disaster. Backups are used exclusively for the purpose of disaster recovery. Recovering from a backup may result in the restoration of previously-deleted Personal Data. HireFire maintains a separate database of references to previously deleted Personal Data. These references are used to re-delete previously deleted Personal Data upon recovery from a backup. References have a retention period of 30 days.

    • Integrations

      Heroku Platform API (Heroku, Inc.)

      HireFire integrates with the Heroku Platform API using OAuth 2.0 with the write scope. This allows HireFire to perform scaling operations on your behalf without exposing sensitive information such as application configuration variables. You can revoke access at any time from the Heroku Dashboard.

      HireFire performs API calls against your Heroku Account for the following purposes:

      1. Fetching the email address of the authorized Heroku Account.
      2. Fetching the current dyno formation for an application.
      3. Updating the dyno formation for an application (scaling).
      4. Restarting crashed dynos for an application (disabled by default).

      Personal Data collected: email address (Heroku Account), access token (Heroku Account), refresh token (Heroku Account)


      New Relic API (New Relic, Inc.)

      HireFire integrates with the New Relic API using a User-provided New Relic API Key and New Relic App ID. New Relic's API is used exclusively for the purpose of fetching metrics required to autoscale User's Heroku Application.

      Personal Data collected: api key (New Relic Account), app id (New Relic Account)

    • Hosting and backend infrastructure

      This type of service has the purpose of hosting Data and files that enable HireFire to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of HireFire. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

      Hetzner (Hetzner Online GmbH)

      Hetzner is a hosting service provided by Hetzner Online GmbH.

      Personal Data collected: various types of Data as specified in the privacy policy of the service.

      Place of processing: Germany – Privacy Policy.

    • Logdrain

      HireFire (optionally) provides a logdrain service ("Logdrain"). The Logdrain is used to provide the Logplex autoscaling strategy. The Logdrain consumes the Heroku logs of User's Heroku Application when they are explicitly forwarded, by the User, to the Logdrain endpoint at https://logdrain.hirefire.io

      The received logs are parsed exclusively for the purpose of extracting certain performance metrics about User's Heroku Application. The metrics extracted are service, connect, queue, load1m, load5m, and load15m. These metrics are then stored in memory for a period of no longer than 60 seconds. All other log data is discarded immediately.

      The Logdrain only accepts log data when transferred over a secure connection, and will not respond when trying to connect over an unsecured connection.

    • Sessions

      We store the name, as well as the ip address of the device that was used to log in. These two pieces of information receive application-level encryption in addition to database-level encryption. This information is used to allow users to list, identify and logout sessions from the web interface and/or api.

    • The Service is not directed to children under the age of 13

      Users declare themselves to be adult according to their applicable legislation. Minors may use HireFire only with the assistance of a parent or guardian. Under no circumstance persons under the age of 13 may use HireFire.

Contact information

    • Owner and Data Controller

      Final Creation
      Gooimeerpromenade 111, 1277EW Huizen
      North Holland, The Netherlands

      Owner contact email: privacy@hirefire.io