• We run a hiring service. Business owners are our customers; applicantsare the people who apply through those customers' pages or phone numbers.
• We collect what we need to run the service — nothing more — and we tell you exactly what that is below.
• Phone calls are recorded and transcribed by an AI. We tell callers that at the start of the call.
• We don't sell your data and don't use it to train general-purpose AI models.
• You can ask us to show you, correct, or delete your data at any time by writing to privacy@myfriendlystaff.com.

“My Friendly Staff” (“we,” “us,” “our”) operates myfriendlystaff.com and the associated hiring platform, AI phone agent, and Sign Shop. For questions about this policy, write to privacy@myfriendlystaff.com.

Our platform serves two groups, and the way we treat their data is different:

• Customers — business owners who sign up, configure questions, and receive applications. We are a data controller for customer account data: we decide what we collect and why.
• Applicants— people who apply to a customer's job via the web form, phone call, or email. We are a data processorfor applicant data: we handle it on our customer's behalf, under their instructions. The customer is the controller.

Practically: if you applied to a job and want your data deleted, the fastest path is to ask the business you applied to. You can also write to us and we'll help.

When you sign up as a business customer, we collect:

• Account info — your name, email address, password (hashed, never stored in plain text), and business details (name, location, logo, screening questions).
• Billing info — we use a third-party payment processor for card details; we only see the last four digits, expiry, and billing address.
• Usage data — pages visited in the dashboard, features used, IP address, browser, and rough location (from IP) to keep the service running and secure.
• Support communications — emails and messages you send us.

When someone applies through a customer's page or phone number, we collect:

• Contact info — name, phone number, email address.
• Application answers— responses to the customer's screening questions.
• Call audio & transcript — a recording and a text transcript of the phone call with the AI agent.
• AI-generated summary & score — a short write-up and a numeric score generated from the call or form, intended to help the customer prioritize whom to call back.
• Technical data — for web applicants, basic device and IP info needed to deliver the form and prevent abuse.

At the start of each phone call, the AI agent discloses that the call is being recorded and transcribed. Applicants who do not want to continue can hang up or apply by another means the business accepts.

Applicants can request access to or deletion of their data by contacting the business they applied to, or by writing to privacy@myfriendlystaff.com.

We use data to:

• run the Service — deliver phone, web, and email intake;
• transcribe and summarize calls, and rank applicants against the customer's questions;
• let customers review applicants in their dashboard and send SMS follow-ups;
• process payments, send receipts, and manage subscriptions;
• keep the Service secure — detect abuse, spam, fraud, and platform misuse;
• improve the Service — measure usage, fix bugs, and evaluate the quality of our AI outputs (using minimal data, sampled or aggregated, and never sold);
• comply with law and enforce our Terms.

Our legal bases (for users in the EEA/UK) are: performance of a contract, our legitimate interests (running and improving the Service, preventing abuse), consent (where required, e.g. for optional analytics), and legal obligation.

We use third-party AI models to transcribe calls, generate conversational voice responses, and write applicant summaries and scores. Specifically:

• Voice AI (Vapi and its underlying model providers) processes the audio of calls in real time.
• Language model (Anthropic's Claude) generates summaries and scoring of applicant responses.

We instruct our model providers not to use customer or applicant data to train general-purpose models. Audio recordings and transcripts are stored with the customer's other applicant data and are visible only to the customer (and to us, for support and abuse prevention).

We don't sell your personal data, and we don't share it with advertisers. We do share it with the following categories of service providers, strictly to run the Service:

• Hosting & database — Supabase and Vercel.
• Voice AI & telephony — Vapi and the telephony carrier that provisions phone numbers.
• Language models — Anthropic (Claude).
• Email — Resend, for transactional and applicant-facing email.
• Payments — our payment processor (e.g. Stripe), which handles card details on our behalf.
• Image generation / print — fal.ai (for brand imagery) and our print-and-ship partner for the Sign Shop.
• Analytics & error tracking — privacy-minded tooling used to keep the Service healthy.

We may also share data if we're legally required to (for example, to comply with a valid subpoena), or in connection with a merger, acquisition, or sale of assets — in which case we'll let you know before your data moves.

We keep customer account data for as long as your account is active, plus a reasonable period after cancellation to handle disputes and legal obligations (typically up to 2 years).

We keep applicant data for the shorter of (a) what the customer configures in their dashboard, or (b) 12 months from the application, after which we delete or anonymize it. Customers can delete individual applicant records at any time from the dashboard.

Backups may persist for up to 30 days after deletion from the live system.

We protect data using industry-standard measures: TLS encryption in transit, encryption at rest for our database and file storage, access controls, secrets management, and audit logging. Passwords are stored hashed (never in plain text).

No system is perfectly secure. If we learn of a security incident that affects your data, we'll notify you and the relevant authorities as required by law.

We use a small number of cookies and similar technologies to:

• keep you signed in (essential session cookies — cannot be disabled);
• remember your preferences (functional);
• measure overall usage in aggregate (analytics).

We don't use advertising cookies or third-party trackers for behavioral advertising. Where your jurisdiction requires it, we'll ask for consent before setting non-essential cookies.

Depending on where you live, you may have rights to:

• access a copy of the data we hold about you;
• correct data that is wrong or incomplete;
• ask us to delete your data;
• object to or restrict certain processing;
• receive a portable copy of data you gave us (data portability);
• withdraw any consent you previously gave;
• lodge a complaint with your local data protection authority.

To exercise any of these rights, write to privacy@myfriendlystaff.com. We'll verify your identity and respond within the timeframe required by law (usually within 30 days).

If you applied for a job through one of our customers and want your data removed, we'll either act on your request directly or route it to the customer, who is legally the controller of that data.

California residents:you have additional rights under the CCPA/CPRA, including the right to know the specific pieces of personal information we hold, and the right to opt out of “sales” and “sharing.” We don't sell or share personal information as those terms are defined under California law.

We operate from the United States and our service providers are located primarily in the US and EU. If you use the Service from outside these regions, your data will be transferred to, and processed in, countries that may have different data protection laws than your own. Where required, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

The Service is not intended for anyone under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, write to privacy@myfriendlystaff.com and we'll delete it.

We may update this Privacy Policy from time to time. If the change is material, we'll notify you by email or in the dashboard at least 14 days before it takes effect. The “Last updated” date at the top of this page will always reflect the current version.

Privacy questions, requests, or concerns: privacy@myfriendlystaff.com.

General support: support@myfriendlystaff.com. You can also review our Terms of Service.