CCR Hireby Capital City Roofing
Log inStart Hiring

Legal

Privacy Policy

Effective May 22, 2026. We'll email subscribers 30 days before any material change.

1. What we collect

Marketing site: we collect anonymous page-view events (path, referrer, UTM parameters) and any email you submit to our Built-To-Win newsletter form. No third-party trackers - no Google Analytics, no Meta Pixel, no Hotjar, no Intercom.

Application surface:if you apply to a role on our platform, the hiring employer collects your name, email, phone, resume, answers to their knockout questions, your synthesis video, and your taste-reply text. CCR Hire processes that data on the employer's behalf - they are the data controller; we are the processor.

Subscriber surface: if you create an employer account, we collect billing information (handled by Stripe; we never see your card number) and product-usage telemetry to operate the service.

2. Cookies

We use one essential cookie (ccrhire_consent) to remember your cookie-banner choice. Logged-in employers get a session cookie from Supabase Auth (sb-*). We do not use advertising cookies. We do not sell your data.

3. Data handling

All candidate data is stored in our Supabase project hosted in the US-East region. Row-level security gates every read and write so one employer cannot see another's candidates. Service-role access is restricted to our own backend processes (newsletter sync, grading jobs, etc.) and is audit-logged.

The marketing event table (hire.marketing_event) is service-role-only by RLS. It records anonymous funnel events for conversion analysis; it does not store IP addresses or device fingerprints.

4. Retention

Newsletter subscribers: until you unsubscribe (every email contains a one-click unsubscribe). Marketing events: 18 months rolling. Candidate data: per the employer's retention setting (default: duration of subscription + 90 days). Account billing data: 7 years per US tax law.

5. Your rights

You can request a copy of, or deletion of, any data we hold about you by emailing privacy@ccrhire.com. We respond within 30 days. If you live in a jurisdiction with additional rights (GDPR, CCPA, etc.), those rights apply in addition to the rights described here.

6. Subprocessors

  • Supabase - database, storage, authentication
  • Stripe - billing
  • Anthropic - AI grading (no training on customer data)
  • Deepgram - video transcription
  • Resend - transactional email + newsletter
  • Vercel - hosting

7. Contact