Hirovo ("we", "the platform") values your privacy. This Privacy Policy explains what data we collect when you use the hirovo.com website or the Hirovo mobile app, why we collect it, how we protect it, and what rights you have. We comply with Turkey's KVKK and the EU GDPR.
1. Data we collect
We collect only what we need to operate the platform. Data categories are limited to:
Profile: city, district, description, skills, account type (individual/company), company info.
Location: device location for the "nearby jobs" feature while the app is open (only with your permission; we do not collect background location).
Media: profile photos or job images you upload.
Messages: content of conversations between employers and candidates.
Device identifiers: Expo / Firebase push token, device OS (iOS/Android).
Usage logs: sign-in times, IP address (security), error logs.
2. Why we process data
Creating your account and managing your session.
Matching job postings with candidates; surfacing nearby jobs or candidates.
Delivering messages, notifications, and application status updates.
Improving the service, fixing bugs, preventing fraud.
Complying with legal obligations (tax, record-keeping).
3. Third-party services
Hirovo uses the following third-party services. Each is governed by its own privacy policy:
Google Identity (Sign in with Google) — receives email + name.
Sign in with Apple — receives email + name; supports email relay.
Firebase Cloud Messaging (Google) and Expo Push — device token for push notifications.
Brevo (Sendinblue) — password reset and verification emails.
4. Who we share data with
We do not sell your data or share it with third parties for advertising. Data may be shared in these cases:
Within the platform: when you apply to a job, your profile is shown to the employer; when you post a job, your profile is shown to applicants.
Legal obligation: when required by a competent authority.
Service providers: the third parties listed above receive only the minimum data needed to provide their service.
5. How long we retain data
Your data is retained while your account is active. After an account deletion request, personal data is removed within 30 days; records that must be retained for legal reasons (tax/recordkeeping) may be retained in anonymized form.
6. How we protect data
All traffic is encrypted over HTTPS/TLS.
Passwords are irreversibly hashed using bcrypt.
Database servers run on a private network; access is limited to the minimum number of people.
Regular backups are taken and stored encrypted.
7. Your rights under KVKK and GDPR
The right to know which of your data is being processed.
The right to have data corrected, updated, or deleted.
The right to object to processing.
The right to data portability — to have your data transferred to another service.
The right to lodge a complaint with the Turkish Data Protection Authority (KVKK).
8. Children's privacy
Hirovo is not designed for users under 16. Accounts we learn belong to a user under 16 are closed immediately.
9. Changes to this policy
When we make a material change to this policy, we notify you in-app or by email. The "Effective date" reflects the most recent update.