Privacy Policy
Last updated: July 10, 2026
AstraStaff AI (“AstraStaff,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you and about candidates whose data you submit to the platform.
1. Information We Collect
Account Data: When you create an account, we collect your email address, name, password (stored as a bcrypt hash), and profile picture (if using Google sign-in).
Candidate Data: Resume text, parsed profile fields (name, contact, employment history, skills), AI interview transcripts, and AI-generated scores.
Payment Data: Payment methods are collected and stored by Stripe. AstraStaff stores only the Stripe customer ID and payment method reference, never raw card numbers.
Usage Data: IP addresses, browser type, pages visited, and features used, for security, analytics, and rate limiting.
2. How We Use Information
- To provide, operate, and maintain the Service.
- To process transactions and send transactional notifications.
- To generate AI interview questions and candidate assessments.
- To improve the Service and develop new features.
- To detect, prevent, and address fraud, security, and technical issues.
- To comply with legal obligations.
3. Server-Side Data Masking
AstraStaff applies server-side masking to candidate PII (last name, email, phone, past employers) before any pre-payment API response. Raw PII never leaves our servers until a placement contract is signed and the associated payment has been successfully processed. This is a core architectural guarantee, not a UI convenience.
4. Sharing With Third-Party Processors
We share limited data with the following sub-processors, each of whom is contractually obligated to protect your data:
- Stripe, Inc. — payment processing.
- OpenAI-compatible LLM providers (via Emergent) — for AI interview and content generation. Sanitized candidate data is transmitted in ephemeral prompts; we do not permit training on your data.
- MongoDB Atlas — database hosting.
- GitHub, Inc. — public API queries for developer sourcing.
5. Data Retention
We retain your account data for as long as your account is active. Candidate data is retained for the life of the associated pipeline, plus 12 months for warranty tracking. You may request deletion of your account data at any time by contacting privacy@astrastaff.ai.
6. Security
We use industry-standard security measures including bcrypt-hashed passwords, JWT session tokens with httpOnly cookies, HTTPS-only transport, server-side PII masking, and multi-tenant data isolation. No system is 100% secure; we encourage you to use a strong unique password.
7. Your Rights (GDPR/CCPA)
Depending on your jurisdiction, you may have the right to: access, correct, delete, or export your personal data; object to certain processing; and withdraw consent. To exercise these rights, contact privacy@astrastaff.ai.
8. Children’s Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.
9. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account.
10. Contact
Questions about this Policy? Email privacy@astrastaff.ai.