Data Processing Agreement
Version 1.0 ยท Last updated: 7/19/2026
This Data Processing Agreement ("DPA") forms part of the agreement between HireScope (the "Processor") and the customer ("Controller") for the provision of the HireScope service. It governs the processing of personal data subject to the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") and equivalent laws.
1. Definitions
"Personal Data", "Processing", "Controller", "Processor", and "Data Subject" have the meanings given in the GDPR.
2. Subject matter and duration
HireScope processes Personal Data on behalf of the Controller for the duration of the subscription, solely to provide and improve the service.
3. Nature and purpose of processing
Processing includes storing account information, processing job posting content submitted for audit, billing administration, and providing support.
4. Categories of data subjects and data
- Data subjects: Controller's employees and authorized users of the service.
- Personal Data: name, email, organization membership, audit history metadata. HireScope does not solicit candidate Personal Data; the Controller is responsible for ensuring any pasted content complies with applicable law.
5. Processor obligations
- Process Personal Data only on documented instructions from the Controller.
- Ensure persons authorized to process Personal Data are bound by confidentiality.
- Implement appropriate technical and organizational measures, including those described on our Security page.
- Assist the Controller in responding to Data Subject requests (access, rectification, erasure, portability).
- Notify the Controller without undue delay (and in any event within 72 hours) of becoming aware of a Personal Data breach.
- Delete or return all Personal Data after the end of the provision of services, except where retention is required by law.
6. Sub-processors
The Controller authorizes HireScope to engage the sub-processors listed on our Security page. HireScope will provide at least 30 days' notice before adding or replacing a sub-processor, during which the Controller may object on reasonable data protection grounds.
7. International transfers
Where Personal Data is transferred outside the EEA, the transfer is governed by the European Commission's Standard Contractual Clauses (Module 2 โ Controller to Processor) incorporated into this DPA by reference.
8. Audits
HireScope will make available all information reasonably necessary to demonstrate compliance with this DPA, including third-party audit reports (e.g. SOC 2) once available. On-site audits by the Controller may be conducted no more than once per year on reasonable prior notice.
9. Liability
Each party's liability under this DPA is subject to the limitations of liability set out in the main service agreement.
10. Signing
Enterprise customers requiring a counter-signed DPA should contact security@hire-scope.io. By using HireScope on a paid plan and accepting our Terms of Service, the Controller is deemed to have accepted this DPA.