Héra AI

Privacy and Cookie Policy

Effective Date: July 28, 2025

Last Updated: December 26, 2025

Héra AI ("we", "us", or "our") is committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). This Privacy and Cookie Policy explains how we collect, use, disclose and protect your information when you use our website and services. We may provide our services to users outside Australia, including in the United States (including California) and Canada. Where applicable, we take reasonable steps to honor privacy rights available under relevant laws in those regions.

1. Information We Collect

We may collect the following types of personal information:

  • Personal details: name, email address, phone number, city, country, and any other information you provide during account creation or job profile setup.
  • Employment-related information: your resume, work experience, education, job preferences, working rights, and language skills.
  • Technical information: IP address, browser type, pages visited, time spent, and other analytics data.
  • Third-party data: if you connect your account with Google, GitHub or other services, we may access limited profile information as permitted by you.

2. How We Use Your Information

We use your personal information to:

  • Provide, personalise, and improve our services;
  • Automatically generate or update your job-seeking profile;
  • Recommend job opportunities relevant to your profile;
  • Support job application submissions (including to third-party employers and platforms);
  • Communicate with you about service updates, offers, and insights;
  • Analyse usage trends to improve our platform;
  • Comply with legal obligations.

We do not sell your personal data to third parties.

3. Disclosure of Information

We may share your information with:

  • Trusted third-party service providers (e.g., cloud hosting, analytics tools);
  • Employers or recruitment platforms (only with your consent or auto-apply settings enabled);
  • Legal authorities when required by law or regulation;
  • Our professional advisors, insurers, or auditors, where necessary.

All disclosures are made in accordance with Australian privacy law and other applicable privacy laws.

3.1 Third-Party Job Data Sources

We distinguish between ATS-based sources and job board platforms:

1) ATS / Employer Career Sources (e.g., Lever)

  • We may integrate with ATS providers (e.g., Lever) and/or employer career pages that publish job postings via official or openly available job feeds/endpoints.
  • For these sources, we may store job metadata (e.g., title, company, location, posting URL, timestamps, source tag) to enable search, deduplication, ranking, and recommendations.

2) Job Board Platforms (e.g., LinkedIn, SEEK, Jora, Adzuna)

  • We do not scrape, copy, or host job content from these platforms.
  • We may provide search/deep links that take users to the original platform.
  • When users click these links, their interaction is governed by the platform's own terms and privacy policy.

What we do NOT do:

  • We do not scrape or replicate full job page content from job board platforms.
  • We do not collect users' job board platform account credentials.

4. International Data Transfers

We may store and process personal information in Australia and in other countries where we or our service providers operate (which may include the United States and Canada). When we transfer personal information internationally, we take reasonable steps to ensure appropriate safeguards are in place and that recipients handle the information in a manner consistent with this Policy.

5. Security of Your Information

We implement reasonable physical, technical, and administrative safeguards to protect your information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

  • Transport encryption: All data transmission uses HTTPS/TLS encryption
  • Access control: We follow the principle of least privilege for data access
  • Secure credential management: Authentication tokens and secrets are stored securely in environment variables or secrets manager, and never hardcoded in source code or documentation
  • Log sanitization: Sensitive information (such as authorization headers) is not logged

However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and session;
  • Analyse site usage and performance;
  • Provide personalised content and recommendations.

By using our site, you consent to the use of cookies. You may choose to disable cookies in your browser settings, but this may limit certain functionalities of the site.

7. Your Rights and Choices

You have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate information;
  • Withdraw consent for certain uses;
  • Request deletion of your data (subject to legal and operational retention limits);
  • Opt out of marketing communications at any time.

How to Submit Other Privacy Requests (Access/Correction):

Send an email to shuang@heraai.net.au with the subject "Privacy Request (Access/Correction)"

How to Request Data Deletion:

  1. Send an email to shuang@heraai.net.au with the subject "Data Deletion Request"
  2. Include your registered email address and specify which data you want deleted (e.g., "all data", "resume only", "application history")
  3. To prevent unauthorized deletion, we may need to verify your control over the account (for example, by confirming the request is sent from your registered email address)
  4. We will confirm receipt within 5 business days and complete deletion within 30 days (unless legal obligations require longer retention)
  5. You will receive confirmation once deletion is complete

Note: Some data may be retained longer if required by law (e.g., financial records for 7 years) or if anonymised for analytics purposes.

8. Retention of Information

We retain your personal information only as long as needed for the purposes described in this policy or as required by law. Specific retention periods are as follows:

  • Resume content and profile data: Retained until you request deletion or your account has been inactive (no login or service usage) for 3 years, whichever comes first.
  • Job application history: Retained for 2 years from the date of application, or until you request deletion.
  • Email address and account information: Retained until you request account deletion or your account has been inactive (no login or service usage) for 3 years.
  • Search history and preferences: Retained for 1 year from last activity (last search or service usage), or until you request deletion.
  • Logs and analytics data: We aim to retain logs and analytics data for up to 90 days, then anonymise or delete them. Actual retention periods may vary based on our service providers' policies (e.g., application logs, database traces, third-party analytics tools).
  • Job metadata from ATS sources: Retained for 6 months after we determine a job posting is no longer available (based on our data synchronization status), then deleted.

We may anonymise data for longer-term analysis and product improvement. Anonymised data cannot be linked back to you and may be retained indefinitely.

9. Children's Privacy

Héra AI is not intended for children under the age of 16. We do not knowingly collect personal information from minors without parental consent.

10. Changes to This Policy

We may update this Privacy and Cookie Policy from time to time. We will notify you of significant changes via email or site banner and revise the effective date accordingly.

11. California Privacy Notice (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"). These rights may include the right to know/access, delete, correct, and to opt out of the sale or sharing of personal information, and the right to limit certain uses of sensitive personal information.

11.1 Categories of Personal Information We Collect

We collect the categories of personal information described in Section 1 of this Policy, which may include identifiers (e.g., name, email), professional/employment information (e.g., resume, work experience, education), and internet or similar network activity (e.g., IP address, usage analytics).

11.2 Purposes for Collection / Use

We collect and use personal information for the business and commercial purposes described in Section 2 (e.g., providing and improving services, generating job profiles, recommending jobs, and supporting applications).

11.3 Disclosure

We may disclose personal information to the categories of recipients described in Section 3 (e.g., service providers, employers/recruitment platforms with your consent, and legal authorities when required).

11.4 "Sale" / "Sharing"

We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising in exchange for money. If our practices change such that we "sell" or "share" personal information as defined by California law, we will provide a "Do Not Sell or Share My Personal Information" mechanism as required.

11.5 Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than providing our services and as reasonably expected by an average consumer requesting those services. Where applicable, California residents may have the right to limit certain uses and disclosures of sensitive personal information.

11.6 Exercising Your Rights (Requests & Verification)

To submit a request to access/know, delete, or correct your personal information, email us at shuang@heraai.net.au with the subject line:

"California Privacy Request (Access/Deletion/Correction)"

We will verify your request using reasonable methods (for example, by confirming the request is sent from your registered email address and/or asking additional information to confirm identity).

11.7 Authorized Agent & Non-Discrimination

Where required by law, you may use an authorized agent to submit requests on your behalf. We will not discriminate against you for exercising your privacy rights.

12. Canada (PIPEDA) Notice

If you are in Canada, you may have rights to access and request correction of personal information we hold about you, and to withdraw consent where consent is the basis for processing. You can submit a request using the process described in Section 7 (Your Rights and Choices). Personal information may be processed outside Canada (see Section 4 International Data Transfers).

Contact Us

For any privacy-related questions, complaints, or access requests, please contact:

Héra AI

📍 Melbourne, Australia

📧 shuang@heraai.net.au

We will respond within a reasonable period, typically within 30 days.