Ashby Privacy Policy

Last updated December 17, 2024

Introduction

This Privacy Policy describes how Ashby, Inc. ("Ashby", "we", "our", "us") collects and processes personal information. Ashby respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

By using our site, you consent to this Privacy Policy. If you do not consent to the collection and processing of your information in accordance with this Privacy Policy, we are unable to provide you with our services, and you should not use our site.

What personal information do we collect and how do we collect it?

Job Candidates

When you use Ashby’s services (our “Service”) by registering with Ashby, or applying to Ashby, in connection with a job opportunity, the information we collect may include:

  1. Name, email address, social media accounts, cover letter (if applicable), resume and job experience, education, email and text communications sent via our Service, email and text communications, and other information that you choose to send to us or to give us administrative access to.

  2. Metadata related to your use of the Service, such as when you log in to the Service and how you use the Service.

Customers and Potential Customers

We collect information from potential customers when they inquire about Ashby’s services, communicate with Ashby, and request a demonstration of our Service, and we collect information from customers when they register for our Service. This information may include name, company name, email address, phone number, and billing information.

Third Party Data

We may receive your personal information from third parties, including data brokers, as well as from public sources such as social media platforms. We may use this third party data to enrich personal information about you that we have obtained from you or other sources.

Automatic Data Collection

As you navigate through and interact with our site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including: (1) details of your use of our site, including traffic data, logs, and other communication data and the resources that you access and use on the site; and (2) information about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data may include IP address, MAC address, device advertising ID (e.g., IDFA or AAID), and other device identifiers.

How do we use personal information?

To provide our Service

The personal information we collect may be processed and/or used in the following ways for purposes of providing our Service:

  • To help companies post and manage jobs

  • To help companies source candidates for jobs

  • To help companies manage applicants for jobs

  • To help companies communicate with you, including scheduling interviews with candidates and interviewers

  • To help analyze recruiting activities

  • To help companies onboard new hires

  • To provide customer support

  • To personalize your experience (your information helps us to better respond to your individual needs)

  • To improve our Service (we continually strive to improve based on the information and feedback we receive from you)

  • To provide and improve customer service (your information helps us to more effectively respond to your customer service and support needs)

  • To provide demonstrations of our Service

To market our Service

We may use your personal information, including your name, email address, phone number, and other contact details, to provide you with marketing communications, promotions, and special offers. Specifically: (1) we may analyze your interactions with our Service to offer content and promotions that match your interests and preferences; (2) we may send you newsletters, product updates, event invitations, or other promotional materials; and (3) occasionally, we may invite you to participate in surveys or provide feedback to improve our products and marketing strategies.

If you do not want us to use your personal information for marketing purposes, you may opt out via our Privacy Request Manager.

In addition, we may aggregate and anonymize personal information to remove identifiable elements and use it for marketing purposes, such as analyzing trends, improving our services, developing promotional insights and preparing marketing reports. Aggregated and anonymized data does not identify any individual or company and may be shared with third parties or used internally to enhance our marketing strategies and offerings. This use complies with applicable privacy laws and ensures that your personal information remains protected.

To monitor and improve our site and our Service

The information we collect automatically helps us to improve our site and Service, including by enabling us to: (1) estimate our audience size and usage patterns; (2) store information about your preferences, allowing us to customize our Service according to your individual interests; (3) speed up your searches; and (4) recognize you when you return to our site.

To process your application if you apply for a job at Ashby

If you apply for a job at Ashby, the personal information you submit with your application is used to evaluate your qualifications and suitability for Ashby employment opportunities, manage the recruitment process, conduct interviews, communicate with you, verify your work eligibility, and comply with legal or regulatory obligations. This information may include contact details, employment history, educational qualifications, references, and any other personal details provided during the application process.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider places on your computer’s hard drive through your Web browser that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our site.

How long do we retain your personal information?

Our retention period for your personal information depends on the type of data and the purpose for which we process the data. We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.

How can we disclose or share your information?

We may share information about you as follows:

  • Service Providers. We may share your information with our agents, vendors and other service providers (collectively "Service Providers") in connection with their work on our behalf. Service Providers assist us with services such as payment processing, credit checks, data analytics, marketing and promotional services, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregated information which does not identify you or de-identified data for other purposes. You can find a list of Service Providers (Sub-processors) and the services they provide to Ashby at the Ashby Trust Centre.
  • Affiliates. We may share your information with our related entities, including our parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing and technical operations.
  • Business Partners. We may share your information with our business partners in connection with offering you co-branded services, selling or distributing our Service, or engaging in joint marketing activities.
  • Professional Advisors. We may share your information with our professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
  • Merger or Acquisition. We may share your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
  • Security and Compelled Disclosure. We may share your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of Ashby, our Service or any third party.
  • Consent. We may share your information for any other purpose disclosed to you and with your consent.

Without limiting the foregoing, in our sole discretion, we may share aggregated information that does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law.

We do not sell, trade, or otherwise transfer your personal information except in accordance with this Privacy Policy. We do not share your personal information with third parties for their direct marketing purposes.

How do we keep your personal information secure?

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Ashby’s Security Overview is available here. All information you provide to us is stored on our secure servers that are hosted within data centers that commit to industry-leading security practices.

The safety and security of your information also depends on you. Where you have chosen credentials for access to certain parts of our site or use an email /SSO account to authenticate, you are responsible for keeping the credentials or the account secure.

How can you access, correct or delete your personal information?

You may request that we provide access to, correct or delete any of your personal information by submitting a request using our Privacy Request Manager.

Our Service is designed to assist our customers in managing their applicant tracking and recruitment processes. Our customers act as the data controllers under the General Data Protection Regulation (GDPR) or as businesses under the California Consumer Privacy Act (CCPA). Ashby, in its role as data processor under the GDPR and as service provider under the CCPA, processes personal information solely on behalf of our customers and in accordance with their instructions. We do not independently determine how personal information is used, nor do we make decisions regarding the rights of individuals related to the personal information we process on behalf of our customers.

For requests to access, correct or delete your personal information that has been collected by or on behalf of an Ashby customer, we recommend that you reach out directly to the company you applied to or that contacted you for an employment opportunity. They will be able to initiate the necessary process to address your request. For information about how your personal information is used by an Ashby customer or to make a request to an Ashby customer regarding your rights, please refer to the privacy policy of the organization to which you submitted your application or otherwise provided your personal information, or that contacted you.

Subject to the foregoing, residents of certain countries and states may have additional personal information rights and choices. Please see below for your rights as (1) an EU, UK or Swiss resident or (2) a California resident.

International Data Transfers

Ashby is a U.S.-based company. If you are a non-U.S. resident and provide us with your personal information, you acknowledge and agree that your personal information may be transferred to and processed in the United States, where the laws regarding processing of personal information may be less stringent than the laws in your country. In addition, Ashby may share your personal information with service providers that are not located in the United States. By providing your information to Ashby, you consent to Ashby transferring your information to those service providers for purposes of providing our Service.

EU, UK and Swiss Residents

If you are a resident of the European Union, the United Kingdom or Switzerland, you are entitled to certain information and you have certain rights under, respectively, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “EU GDPR”), the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR”) (collectively, the “GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). Those rights include:

  • The right of access to your personal data.

  • The right to rectify your personal data if it is incorrect or incomplete.

  • The right to have your personal data erased (“right to be forgotten”) if certain grounds are met.

  • The right to withdraw your consent to our processing of your personal data at any time (if our processing is based on consent).

  • The right to object to our processing of your personal data (if processing is based on legitimate interests).

  • The right to object to our processing of your personal data for direct marketing purposes.

  • The right to receive your personal data from us in a structured, commonly used and machine-readable format, and the right to transmit your personal data to another controller without hindrance from us (data portability).

If you are located in the European Union, the United Kingdom or Switzerland and you are or have been a user of our Service, we may send you marketing communications based on our legitimate interests, subject always to your right to opt out of such communications. Further, if you are located in the European Union, the United Kingdom or Switzerland, we will never share your personal data with a third party for such third party’s marketing purposes, unless you have specifically consented to us doing so.

You may exercise any of the above rights by submitting a request using our Privacy Request Manager. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your information.

Furthermore, if you believe that our processing of your personal data is inconsistent with your data protection rights under the GDPR or FADP (as applicable) and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country.

Ashby has appointed the following representatives:

European Representative pursuant to GDPR:

Rivacy GmbH
Mexikoring 33
22297 Hamburg
info[at]rivacy.eu

UK Representative pursuant to UK GDPR:

Rivacy Ltd.
87, Warriner Gardens
Unit G1/G2,
London, SW11 4DX
info[at]rivacy.co.uk

CH Representative pursuant to FADP:

Rivacy Switzerland GmbH
epartners Rechtsanwälte AG
Hardturmstrasse 11
8005 Zurich
info[at]rivacy.ch

Participation in the Data Privacy Framework

Ashby complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Ashby has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Ashby has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Ashby commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Ashby using the contact information provided in the Contacting Us section below.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Ashby commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Centre for Dispute Resolution, operated by the American Arbitration Association, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the International Centre for Dispute Resolution are provided at no cost to you.

The Federal Trade Commission has jurisdiction over Ashby’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

EU, UK and Swiss individuals may invoke binding arbitration under the Data Privacy Framework Principles if a complaint has not been resolved by Ashby or by other recourse and enforcement mechanisms.

As required under the Data Privacy Framework, Ashby has responsibility for the processing of personal information it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. Ashby remains liable under the Data Privacy Framework Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Ashby proves that it is not responsible for the event giving rise to the damage.

California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act, as amended (CCPA). These rights include:

  • Right to Know. You have the right to request information about the categories and specific pieces of personal information we have collected about you, the purposes for which your personal information is used, the categories of sources from which the information was collected, and the categories of third parties with whom we share your information.

  • Right to Delete. You may request that we delete personal information we have collected about you, subject to certain exceptions.

  • Right to Correct. You may request that we correct inaccurate personal information we maintain about you.

To exercise your CCPA rights, please submit a request using our Privacy Request Manager. We will verify your identity before processing your request as required by law. We will not discriminate against you for exercising your CCPA rights.

Google API Services User Data Policy

Ashby’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Changes to our Privacy Policy

If we make any changes to our Privacy Policy, we will post those changes on this site and update the Privacy Policy modification date above. Privacy Policy changes will apply only to information collected after the effective date of the change.

Contacting Us

If there are any questions regarding this Privacy Policy, you may contact us via email: privacy[at]ashbyhq.com.

Or via our mailing address:

Ashby, Inc.
548 Market St PMP 397006
San Francisco, CA 94104-5401

© 2024 Ashby, Inc.

G2 Logo
SoC2

Product

Ashby All-in-one • StartupsAshby All-in-one • GrowthAshby All-in-one • EnterpriseAshby Analytics
Product UpdatesIntegrationsCustomersPricingSecurity

Resources

Migrating to AshbyAshby vs. GreenhouseAshby vs. LeverSupportBlogPodcastReportTerms and PoliciesStatus

Company

Our StoryCareersTeam

Developers

APIVulnerability Disclosure