Privacy Policy

1. Who we are

OpusRoster ("OpusRoster," "we," "us," or "our") provides recruiting software, including AI-assisted sourcing, candidate management, outreach, and pipeline tools. This Privacy Policy explains how we handle personal information of our customers and the candidates they engage through our platform.

For questions about this policy, contact: privacy@opusroster.com

2. Scope of this policy

This policy applies to information collected through:

• Our marketing websites (including this site)
• The OpusRoster application and any associated APIs
• Communications you send us by email or other channels

This policy does not cover practices of third parties that we do not own or control, including any external sites you reach through links from our platform.

3. Information we collect

3.1 Information you provide directly

• Account information: name, email address, organization name, role, password (stored as a salted hash, never in plain text)
• Billing information: billing address and payment method (processed by our payment processor; we do not store full card numbers)
• Job and candidate data: job descriptions, candidate names, contact details, resumes, communications, notes, and pipeline activity that you create or import
• Communications: messages you send to support or feedback channels

3.2 Information we collect automatically

• Usage data: pages visited, features used, click events, session duration
• Device and browser: IP address, browser type, operating system, device identifiers
• Cookies and similar technologies: see Section 9
• Audit logs: every meaningful action within the application is logged with timestamp and actor for security and compliance purposes

3.3 Information we obtain about candidates

When you use our sourcing features, we may retrieve professional profile information about candidates from licensed third-party data providers. This information typically includes name, professional title, company, location, work history, and publicly available contact details. We process this information solely to help you evaluate and engage candidates for your roles.

4. How we use information

We use the information we collect to:

• Provide, maintain, and improve our services
• Score, rank, and match candidates to roles using our AI agents (with full audit trail and explainable outputs)
• Process payments and manage subscriptions
• Send transactional and service-related communications
• Detect, prevent, and address fraud, abuse, and security incidents
• Comply with legal obligations and enforce our terms
• Send marketing communications you have opted in to (you can unsubscribe at any time)

4.1 What we do not do with your data

• We do not sell personal information to third parties
• We do not use your candidate or pipeline data to train AI models — ours, our vendors', or anyone else's
• We do not share your data with advertisers
• We do not share customer data between customers

5. Legal bases for processing (EEA/UK)

If you are in the European Economic Area or United Kingdom, we rely on the following legal bases to process your personal information:

• Contract: to provide the services you have signed up for
• Legitimate interests: to improve our services, prevent fraud, and secure our platform
• Consent: for marketing communications and certain cookies
• Legal obligation: to comply with applicable law

6. How we share information

We share personal information only in the following circumstances:

• Service providers and processors: we engage trusted vendors to help us deliver our services (categories include: cloud infrastructure and hosting, database and storage, payment processing, email delivery, analytics, customer support, and AI inference). These providers are contractually obligated to process data only on our instructions and to maintain appropriate security.
• With your direction: when you choose to share information through our integrations or features (for example, when you export data or send candidate outreach).
• Legal and safety: when required by law, subpoena, or court order, or to protect the rights, property, or safety of OpusRoster, our customers, or the public.
• Business transfers: in the event of a merger, acquisition, or sale of assets, with notice to affected customers.

We do not sell your personal information for advertising or marketing purposes.

7. Data retention

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Active accounts: we retain account and customer data for the duration of your subscription
• After cancellation: account data is retained for 30 days to allow account restoration, then permanently deleted
• Audit logs: retained for at least 12 months for security and compliance purposes
• Legal holds: data subject to legal hold or required by law is retained for the period required

Customers can export their data at any time in standard CSV or JSON formats from within the application.

8. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct inaccurate or incomplete information
• Deletion: request that we delete your personal information (subject to legal retention requirements)
• Portability: request your data in a portable format
• Objection: object to certain processing of your information
• Withdrawal of consent: withdraw consent where we rely on it
• Complaint: file a complaint with a supervisory authority in your jurisdiction

To exercise any of these rights, contact us at privacy@opusroster.com. We will respond within the timeframes required by applicable law (generally 30 days).

8.1 Candidate rights

Candidates whose information is processed through OpusRoster by one of our customers may exercise rights directly with that customer (the data controller). We will assist customers in fulfilling these requests. Candidates can also contact us directly at privacy@opusroster.com to opt out of further outreach.

9. Cookies and tracking

We use cookies and similar technologies to operate, analyze, and improve our services. We use:

• Strictly necessary cookies: required for the platform to function (authentication, session management)
• Analytics cookies: help us understand how the service is used so we can improve it
• Preference cookies: remember your settings (such as language and display preferences)

You can control cookies through your browser settings. Disabling certain cookies may limit functionality.

10. International data transfers

OpusRoster is operated from the United States. Personal information we collect may be processed in the United States. For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses where required.

11. Security

We use industry-standard technical and organizational measures to protect personal information, including:

• Encryption in transit (TLS 1.3) and at rest
• Database-layer access controls and isolation between customers
• Hashed and salted credential storage
• Audit logging on every meaningful action
• Vetted infrastructure providers operating in compliance with industry security standards
• Vendor agreements requiring confidentiality and security commitments

No system is 100% secure. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities as required by law.

12. Children's privacy

OpusRoster is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@opusroster.com and we will delete it.

13. California residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information.

We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, contact privacy@opusroster.com.

14. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to account holders and posted on this page with an updated effective date. Continued use of the services after changes take effect constitutes acceptance of the updated policy.

15. Contact us

For privacy questions, requests, or concerns: