New: AI now shows you why each candidate was ranked.Try it free

Data Protection Document

Effective Date: May 27, 2026 · Last Updated: May 27, 2026

1. Overview

This Data Protection Document explains, in operational detail, how HeadHonta safeguards the personal data we process on behalf of our customers and the candidates they manage on our platform. It complements our Privacy Policy and GDPR statement and is intended for procurement, security, legal, and DPO teams evaluating HeadHonta.

HeadHonta is committed to processing personal data lawfully, fairly, and transparently, in line with the EU General Data Protection Regulation (GDPR), the UK GDPR, the Nigeria Data Protection Act (NDPA), the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

2. Data Controller & Contact

For personal data submitted by customers (including candidate data uploaded into the platform), HeadHonta typically acts as a data processor on behalf of the customer, who is the controller. For account-level data of our customers (name, email, billing, telemetry), HeadHonta acts as the controller.

3. Scope of This Document

This document applies to:

  • The HeadHonta web application and APIs.
  • The HeadHonta browser extension used for live interview assistance.
  • The candidate portal used by applicants.
  • Marketing and sales touchpoints operated by HeadHonta (website, forms, email outreach).

4. Categories of Personal Data

4.1 Customer & user data

  • Account: name, work email, hashed password, role.
  • Organisation: company name, country, office address.
  • Billing: plan, invoice records, tax identifiers.
  • Telemetry: feature usage, IP address, browser, device, session identifiers.

4.2 Candidate data (processed on behalf of customers)

  • Identity: name, contact details, location.
  • Professional: CV / resume, work history, education, certifications, skills, references.
  • Application data: stage, recruiter notes, interview transcripts and recordings (where used), scoring rationales.
  • Communications: emails and messages exchanged through the platform.

4.3 Special category data

HeadHonta does not require, request, or use special category data (race, ethnicity, religion, health, sexual orientation, etc.) for AI scoring. If such data is incidentally included in a CV uploaded by a candidate or customer, it is treated as ordinary text content and is not used as a scoring or filtering signal.

5. Purposes of Processing

  • Provide, secure, and maintain the HeadHonta service.
  • Run AI-assisted features (CV parsing, role-fit scoring, interview assistance, sourcing suggestions).
  • Send transactional and service emails (verification, alerts, billing).
  • Provide customer support, troubleshoot incidents, and improve product quality.
  • Detect, prevent, and investigate fraud and abuse.
  • Comply with legal, tax, and regulatory obligations.
  • For customer organisations: facilitate hiring decisions made by humans on the customer's side.
  • Performance of a contract — delivering the service to customers and providing accounts to their users.
  • Legitimate interests — securing the platform, preventing abuse, and improving the product, where these interests are not overridden by the rights of data subjects.
  • Consent — for optional analytics, marketing communications, and candidate portal interactions that require explicit opt-in.
  • Legal obligation — record-keeping, tax, and responses to lawful requests from authorities.

7. Sub-processors

HeadHonta engages a limited set of sub-processors under written data processing agreements. A current list is available on request from privacy@headhonta.com. Typical categories include:

  • Railway — application hosting and infrastructure (processes all platform data).
  • Cloudflare R2 — file and CV storage.
  • OpenRouter — AI/LLM and embedding inference. OpenRouter is a gateway that routes prompts (including full CV text and profile data) to underlying model providers, used only for the features described in our AI Terms.
  • Resend — transactional email delivery (candidate email address and message content).
  • Paystack — billing and payment processing (recruiter payment data).
  • Slack — internal recruiter signup notifications.
  • Mixpanel and Nodge — product and onboarding analytics.
  • Optional job board integrations chosen by the customer (e.g., LinkedIn, Indeed, Glassdoor).

Interview transcription is performed by our own self-hosted speech-to-text service (faster-whisper) within our infrastructure; it is not a third-party AI vendor and audio is not sent to an external provider.

We provide customers with reasonable prior notice of new sub-processors and a mechanism to object where required by applicable law or a signed data processing addendum.

8. International Data Transfers

HeadHonta hosts and processes data in regions selected to balance latency, availability, and compliance. Where personal data is transferred outside the EEA, UK, or other regulated regions, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • UK International Data Transfer Addendum where applicable.
  • Adequacy decisions and equivalent mechanisms recognised by the relevant data protection authority.
  • Data processing agreements required with our sub-processors.

9. Retention Schedule

We retain personal data only as long as needed for the purposes above, or as required by law. By default, data is kept for as long as the account and recruiter relationship require it and until erasure is requested; we do not enforce a fixed maximum retention period unless the customer enables our optional, configurable retention controls (off by default). Indicative practices:

  • Active customer account data: retained for the life of the account.
  • Candidate data: retained until the customer deletes it, requests erasure, or until purged by the customer's optional retention policy if enabled.
  • Uploaded documents (CVs): where the customer enables it, the original uploaded file is deleted after a configurable period while the information extracted from it (e.g., parsed CV text and analysis) is retained with the candidate record.
  • Audit logs: retained for security and compliance purposes.
  • Billing records: retained for the period required by applicable tax law.
  • Backups: deleted records are overwritten as routine backups age out of rotation.

10. Technical & Organisational Security Measures

HeadHonta maintains a documented security programme. Key controls include:

  • Encryption in transit (TLS 1.2+) and at rest at the infrastructure level for stored data and backups.
  • Strong password hashing (bcrypt) and support for multi-factor authentication on admin and high-privilege accounts.
  • Role-based access controls, least-privilege provisioning, and periodic access reviews.
  • Application secrets stored in managed secret stores; no secrets in source control.
  • Network segmentation between the API, background workers, and the STT service; private networking between Railway services.
  • Continuous monitoring of dependencies and base images for vulnerabilities.
  • Logging of administrative actions and security-relevant events.
  • Vendor due diligence and data processing agreements with sub-processors.
  • Documented incident response and on-call rotation for critical services.
  • Employee security training and confidentiality agreements.

For more detail see our Security page.

11. Data Subject Rights

Data subjects can exercise the following rights, subject to applicable law:

  • Access to their personal data.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten").
  • Restriction or objection to processing.
  • Data portability in a structured, machine-readable format.
  • Withdrawal of consent at any time.
  • Not to be subject to a solely automated decision with legal or similarly significant effects — all hiring decisions on HeadHonta are made by humans.

Some rights can be exercised directly through the product: candidates can export their data and request erasure from the candidate portal, rectify profile details through the relevant portal, and opt out of non-essential emails via the unsubscribe link in any such email; account holders can delete their account from account settings. Candidates whose data has been uploaded by a customer should otherwise first contact that customer (the controller); HeadHonta will assist controllers in responding to such requests. For any other request, contact privacy@headhonta.com; we respond within 30 days.

12. Breach Notification & Incident Response

HeadHonta operates a documented incident response process. In the event of a personal data breach affecting customer data, we will:

  • Notify affected customers without undue delay and, where feasible, within 72 hours of becoming aware.
  • Provide details of the nature and scope of the incident, affected data categories, likely consequences, and the measures taken or proposed.
  • Cooperate with customers to support their own notification obligations to supervisory authorities and data subjects.

13. Data Protection Impact Assessments

HeadHonta supports customers conducting Data Protection Impact Assessments (DPIAs) for high-risk processing. On request, we will provide reasonable information about the platform's architecture, data flows, sub-processors, and controls.

14. Data Protection Officer

Privacy enquiries, DPA execution, and data protection matters are handled by HeadHonta's privacy team. Reach them at privacy@headhonta.com.

15. Complaints & Supervisory Authorities

Data subjects have the right to lodge a complaint with their local supervisory authority. We encourage you to contact us first so we can try to resolve the matter directly.

16. Changes to This Document

We may update this Data Protection Document to reflect changes to our services, sub-processors, or applicable law. Material changes will be communicated to active customers by email or in-product notice. The "Last Updated" date above always reflects the latest version.