Post one job to 20+ job boards in a click. Start free.

hiremınt

Legal

Data Processing Agreement

Last updated: May 23, 2026

This Data Processing Agreement (“DPA”) is incorporated by reference into the Hiremint Terms of Service and applies wherever Hiremint processes personal data on behalf of a Customer. Capitalized terms not defined here have the meanings given in the Terms of Service.

For a signed copy of this DPA — including Standard Contractual Clauses where required — email legal@hiremint.com and we will send a countersigned copy within one business day.

1. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person that Customer uploads or generates within the Hiremint Service (primarily: job applicant names, contact details, resumes, and hiring notes).

“Controller” means the party that determines the purposes and means of processing Personal Data. “Processor” means the party that processes Personal Data on behalf of the Controller.

“Applicable Data Protection Law” means GDPR, UK GDPR, CCPA/CPRA, and any other data-protection legislation that applies to the processing described in this DPA.

2. Roles

With respect to Personal Data that Customer submits to the Service, Customer is the Controller and Hiremint is the Processor. With respect to account and billing data that Hiremint holds about Customer’s employees or administrators, Hiremint is the Controller; the Hiremint Privacy Policy governs that processing.

3. Scope and purpose of processing

Hiremint processes Personal Data only to provide and improve the Service in accordance with Customer’s documented instructions — primarily, storing and displaying applicant data so Customer can manage its hiring process. Hiremint will not process Personal Data for any other purpose without Customer’s explicit consent, except where required by law.

4. Customer instructions

Customer’s use of the Service constitutes its instructions to Hiremint to process Personal Data as described in this DPA. If Hiremint believes an instruction would violate Applicable Data Protection Law, it will notify Customer promptly and may decline to carry out that instruction.

5. Technical and organizational security measures

Hiremint maintains technical and organizational measures appropriate to the risk, including:

  • Encryption of Personal Data in transit (TLS 1.2+) and at rest.
  • Principle of least privilege: production system access is restricted to a small, named set of engineers and is reviewed regularly.
  • Multi-factor authentication on all privileged accounts and admin systems.
  • Audit logging of access to Personal Data.
  • Vendor risk reviews for all sub-processors prior to onboarding.
  • A documented incident response process.

A current Technical and Organizational Measures (TOMs) document is available on request at legal@hiremint.com.

6. Confidentiality

Hiremint ensures that personnel authorized to process Personal Data are bound by appropriate confidentiality obligations and have received training on data protection requirements.

7. Sub-processors

Hiremint uses a limited set of sub-processors to provide the Service, including providers for cloud hosting, payment processing, transactional email, customer support tooling, and analytics. A current list is available on request. Hiremint will give Customer at least 14 days’ prior written notice (via email or in-product) before engaging a new sub-processor. If Customer objects to a new sub-processor on reasonable data-protection grounds and Hiremint cannot accommodate the objection, Customer may terminate the relevant subscription without penalty by notifying us within 14 days.

8. International data transfers

Hiremint primarily stores and processes Personal Data in the United States. Where Personal Data originating in the EEA, UK, or Switzerland is transferred to the United States or another country without an adequacy decision, Hiremint relies on the EU Standard Contractual Clauses (Module Two: Controller to Processor, or as applicable) and the UK International Data Transfer Addendum, supplemented by the technical measures described in Section 5. Executed SCCs are included in the signed DPA available on request.

9. Data subject rights

If Hiremint receives a request from a data subject exercising rights under Applicable Data Protection Law (access, rectification, erasure, portability, restriction, or objection), Hiremint will promptly forward the request to Customer and reasonably assist Customer in responding, taking into account the nature of the processing and the information available to Hiremint. Customer is responsible for responding to data subject requests.

10. Personal data breach notification

Hiremint will notify Customer without undue delay, and in any event within 72 hours of becoming aware, of a personal data breach affecting Customer’s Personal Data. The notification will include, to the extent then known, a description of the breach, the categories and approximate volume of data affected, likely consequences, and the measures taken or proposed to address the breach.

11. Data protection impact assessments

Where required by Applicable Data Protection Law, Hiremint will provide Customer with reasonable assistance in conducting a data protection impact assessment relating to the processing under this DPA.

12. Return or deletion of Personal Data

Upon termination or expiry of the Terms of Service, or upon Customer’s written request, Hiremint will — at Customer’s election — return or securely delete all Personal Data it holds on Customer’s behalf, within 90 days, except where retention is required by applicable law. Hiremint will certify deletion in writing upon request.

13. Audit rights

Customer may, upon reasonable written notice and no more than once per calendar year, request documentation demonstrating Hiremint’s compliance with this DPA. Hiremint will provide relevant certifications, audit reports (ISO 27001, SOC 2, or equivalent, when available), or written responses to reasonable compliance questionnaires. On-site audits require Hiremint’s prior written consent and are subject to a confidentiality agreement.

14. Order of precedence

In the event of any conflict between this DPA and the Terms of Service, this DPA takes precedence solely with respect to the processing of Personal Data. In the event of a conflict between this DPA and the Standard Contractual Clauses, the SCCs take precedence.

15. Contact

For DPA-related questions or to request a signed copy, email legal@hiremint.com.