Privacy Policy
Last updated: April 11, 2026
1. Introduction
Maazi ("we", "us", or "our") operates the website and platform at maazi.io. Maazi is an AI-powered hiring platform that helps companies screen, score, and manage candidates throughout the hiring process.
We process personal data from two distinct groups:
- Candidates (applicants) — individuals who apply for roles through Maazi.
- Hiring managers and team members (customers) — individuals who use Maazi to create roles, review candidates, and manage their hiring pipeline.
Under the General Data Protection Regulation (GDPR), companies that use Maazi to hire are the data controllers for candidate data. Maazi acts as the data processor, processing candidate data on behalf of and under the instructions of each hiring company. For data related to our own customers (hiring managers and team members), Maazi is the data controller.
2. Data We Collect
Candidate Data
When a candidate applies through Maazi, we collect and process the following data:
- Identity information: First name, last name, email address, and LinkedIn profile URL.
- Resume data: The uploaded resume file and parsed text extracted from it.
- Screening responses: Answers to screening questions, which may include text responses, video recordings, code submissions, file uploads, and multiple-choice selections.
- AI-generated outputs: Scores, summaries, and candidate value reports generated by our AI models based on screening responses.
- Interview scheduling data: Availability preferences and timezone information.
- Consent records: Timestamp and IP address at the time consent was given.
- Technical data: Device type, browser information, and IP address collected from access logs.
Customer and User Data
When hiring managers and team members use Maazi, we collect:
- Account information: Name and email address, provided via Clerk authentication.
- Company information: Company name, industry, and logo.
- Platform activity: Chat messages exchanged with the AI copilot during role creation and candidate management.
- Billing information: Processed securely by Paddle. We do not store payment card details, bank account numbers, or other sensitive financial information on our servers.
3. How We Use Your Data
We use the data we collect for the following purposes:
- Delivering the service: Processing candidate applications, running screening journeys, scoring responses, and ranking candidates for hiring managers to review.
- AI processing: Using AI models to score candidate responses, generate candidate summaries and value reports, draft rejection communications, and generate screening journeys for new roles.
- Communication: Sending transactional emails including application confirmations, screening invitations, rejection notifications, interview scheduling invites, and status updates via our email provider Resend.
- Billing: Processing subscription payments and managing billing through Paddle.
- Security and fraud prevention: Detecting and preventing unauthorized access, abuse, or fraudulent activity on the platform.
- Service improvement: Analyzing aggregated, anonymized usage patterns to improve platform features, AI model accuracy, and overall user experience.
4. AI and Automated Processing
Maazi uses Anthropic's Claude AI models to process candidate data as part of our core service. Specifically, AI is used to:
- Score candidate screening responses against role-specific criteria.
- Generate candidate summaries and value reports to assist hiring managers in their review.
- Draft communications such as rejection emails, which are always reviewed by a hiring manager before being sent.
- Generate screening journeys (sets of questions and stages) for new roles.
AI-generated scores are used to rank candidates within a role's pipeline. However, a human hiring manager always reviews the results and makes the final decision on whether to advance, shortlist, or reject a candidate. No candidate is automatically rejected by AI alone without human review.
Candidates are informed about the use of AI processing before they begin a screening journey. Consent is collected via a checkbox at the time of application, and candidates must actively agree before proceeding.
5. Legal Basis for Processing (GDPR Article 6)
We rely on the following legal bases under the GDPR to process personal data:
- Consent (Article 6(1)(a)): Candidates provide explicit consent at the time of application before their data is processed through the screening pipeline. Candidates may withdraw consent at any time by contacting us.
- Contract performance (Article 6(1)(b)): For customers (hiring managers and team members), processing is necessary to deliver the Maazi platform and services under our terms of service.
- Legitimate interest (Article 6(1)(f)): For both candidates and customers, we process certain data for security purposes, fraud prevention, and to protect the integrity of our platform. We balance these interests against individual rights and ensure processing is proportionate.
6. Data Sharing and Subprocessors
We share personal data with the following third-party service providers (subprocessors) to deliver our platform. Each subprocessor is bound by data processing agreements that require them to protect your data in accordance with applicable law.
| Service | Purpose | Data Accessed |
|---|---|---|
| Anthropic (Claude) | AI scoring, journey generation, chat copilot | Candidate responses, role descriptions |
| Supabase | Database and file storage | All application data |
| Clerk | Authentication | User email, name, avatar |
| Paddle | Billing and payments | Company name, admin email |
| Resend | Transactional email | Recipient email, name |
| Deepgram | Video transcription | Candidate video audio |
| Vercel | Frontend hosting | Request logs, IP addresses |
| Render | Backend hosting | All backend traffic |
| Sentry | Error monitoring | Error context (may include PII) |
| Upstash | Redis job queue | Job payloads (IDs only) |
| Jitsi Meet (self-hosted) | Video interview meetings | Meeting room metadata only; hosted on Maazi infrastructure |
We do not sell your personal data to third parties. We do not share your data with any parties beyond those listed above, except where required by law.
7. Video Interviews
When a hiring manager schedules a video interview through Maazi, we generate a unique meeting link hosted on our own video infrastructure (powered by Jitsi Meet, an open-source video conferencing platform). Both the hiring manager and the candidate receive this link in their confirmation emails.
How video meetings work
- Each interview receives a unique, cryptographically random meeting URL that cannot be guessed by third parties.
- Video meetings are hosted on Maazi-operated infrastructure — no third-party video vendors process your call data.
- Meeting rooms are ephemeral: they exist only while participants are connected and are automatically destroyed when the call ends.
- Maazi does not record video interviews unless a recording feature is explicitly enabled by the hiring manager in the future. No audio or video data is stored from meetings.
No third-party calendar access
Maazi does not connect to or access your Google Calendar, Microsoft Outlook, or any other calendar service. We do not request OAuth permissions for calendar access. Interview confirmations include a downloadable calendar file (.ics) that you can optionally add to your own calendar with a single click.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy:
- Candidate data: Retained for 6 months after the associated role is closed or filled. This allows the hiring company to revisit candidates if a hire falls through or a similar role opens. After this period, candidate data is anonymized so that it can no longer be linked to an individual.
- User and company data: Retained while the account remains active. Data is deleted upon request when an account is closed.
- Billing records: Retained as required by applicable tax and financial regulations, typically for 7 years.
9. Your Rights Under the GDPR
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:
- Right of access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request that we correct any inaccurate or incomplete personal data.
- Right to erasure: You may request that we delete your personal data, subject to any legal obligations that require us to retain it.
- Right to data portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object: You may object to processing of your personal data that is based on our legitimate interests.
- Right to restrict processing: You may request that we limit how we process your data in certain circumstances.
- Right to withdraw consent: Candidates who provided consent may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.
- Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, please contact us at hello@maazi.io. We will respond to your request within 30 days.
10. Cookies
We use cookies and similar technologies on our website:
- Essential cookies: Required for core functionality including authentication (Clerk) and billing (Paddle). These cookies cannot be disabled as the platform cannot function without them.
- Cookie consent banner: On your first visit, we display a cookie consent banner that allows you to accept or reject non-essential cookies.
- Updating your preferences: You can update your cookie preferences at any time through the cookie consent preferences available in the site footer.
11. International Data Transfers
Our servers and subprocessors are hosted in the United States and the European Union. Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.
12. Children's Privacy
Maazi is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 16, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at hello@maazi.io.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify affected users via email or through an in-app notification before the changes take effect. We encourage you to review this page periodically.
14. Contact
If you have any questions about this Privacy Policy, your personal data, or our data practices, you can reach us at:
- Email: hello@maazi.io
- Address: To be added.