MeetHarry

Politique de confidentialité

Découvrez comment nous collectons, utilisons et protégeons vos informations personnelles.

Last updated: December 2025

1. Legal Information

Data Controller:

  • Company: MeetHarry SAS
  • Share capital: €10,000
  • Company registration: 994 421 873 R.C.S. Boulogne-sur-Mer (France)
  • VAT number: FR76994421873
  • Registered office: Soleil Couchant, 107 rue de Saint-Quentin, 62780 Cucq, France
  • Contact: contact@meetharry.com

Data Protection Officer (DPO):

Applicable regulations:

  • EU/EEA: General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679
  • UK: UK GDPR and Data Protection Act 2018
  • California (USA): California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Other jurisdictions: applicable local data privacy laws

2. Purpose

This Privacy Policy describes how MeetHarry collects, uses, stores, and protects the personal data of users of its AI-powered automated screening interview platform, accessible at https://meetharry.com/.

This policy applies to:

  • Clients (businesses using the platform)
  • Client account users (recruiters, HR professionals)
  • Candidates taking interviews via the platform

3. Data Collected

3.1 Client and user data (via Google OAuth 2.0)

When you create an account via Google OAuth 2.0, we collect:

  • Email address
  • First and last name
  • Profile photo
  • Organization (if available in your Google profile)

3.2 Client data (platform usage)

  • Account information (identifiers, hashed password)
  • Credit usage history
  • Created job descriptions
  • Interview configuration settings
  • Connection and activity logs

3.3 Candidate data

When taking an interview, we collect:

  • Identity information: first name, last name, email address
  • CV/Resume: uploaded document in PDF or other format
  • Interview recordings:
    • Video recordings of responses
    • Audio recordings
    • Automatically generated text transcriptions
  • Analysis data:
    • Evaluation scores generated by AI
    • Response analyses
    • Selection recommendations
    • Past interview history

3.4 Technical data

  • IP address
  • Browser type and operating system
  • Browsing data (via Google Analytics)
  • Technical and analytical cookies
  • Server logs

3.5 Data Collected via LinkedIn Integration

In addition to data collected directly, MeetHarry integrates with LinkedIn Talent Solutions (including Recruiter System Connect). When a Client (Recruiter) connects their LinkedIn account, we collect:

  • Candidate Profile Data: Full work history, skills, education, and professional experience.
  • Contact Information: Email addresses and phone numbers as provided by the LinkedIn API or the candidate.
  • Interaction History: Messaging and chat history between the recruiter/AI and the candidate.
  • Job Postings: Details of job offers posted by the Client on LinkedIn to sync with the MeetHarry platform.

4. Legal Basis and Processing Purposes

4.1 For clients and users

Legal basis: Contract performance (Article 6(1)(b) GDPR) / Legitimate business interest

Purposes:

  • User account creation and management
  • Platform service provision
  • Billing and credit management
  • Technical support and assistance
  • Service improvement

4.2 For candidates

Legal basis: Explicit consent (Article 6(1)(a) GDPR / equivalent under applicable law)

Candidates give their consent by checking a box before starting the interview, after being informed they will take an interview with artificial intelligence.

Purposes:

  • Conducting the screening interview
  • Automated response analysis
  • Generating scores and recommendations
  • Transmitting results to the recruiting client

Automated decision-making: Candidates are informed that their interview evaluation involves automated AI processing that may impact recruitment decisions. Candidates retain the right to request human intervention and to contest the decision with the recruiter.

4.3 Analytics data

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) / Consent (where required by local law)

Purposes:

  • Platform usage analysis
  • User experience improvement
  • Technical performance optimization

4.4 Specific Purposes for LinkedIn Data

We process LinkedIn data for the following specific purposes:

  • Recruitment Synchronization: Automatically syncing LinkedIn job postings and candidate applications into the MeetHarry platform.
  • Automated Candidate Outreach: Initiating contact with candidates via LinkedIn messaging or contact info to conduct initial screening.
  • AI-Powered Experience Analysis: Using AI models (Gemini, OpenAI, Anthropic, etc.) to analyze work history and skills to determine candidate suitability.
  • Interview Scheduling: Sending interview links to qualified candidates identified via LinkedIn.

5. Data Recipients

5.1 Within MeetHarry AI

Your data is accessible only to MeetHarry employees and collaborators who need access to it as part of their duties (development, support, administration).

5.2 Technical subprocessors

We use the following subprocessors, bound by contractual obligations of confidentiality and security:

Hosting:

  • OVH (France) - Server hosting and data storage

Artificial intelligence services:

  • OpenAI (United States) - AI processing via API
  • Anthropic (United States) - AI processing via API
  • Google AI (United States) - AI processing via API
  • xAI (United States) - AI processing via API
  • OpenRouter - AI API routing
  • Vapi - Voice AI services

Analytics:

  • Google Analytics (Google Ireland Limited) - Audience analysis

5.3 Sharing with clients

Candidate data (CV, interviews, analyses, scores) is shared with the recruiting client who initiated the recruitment process. The client becomes data controller for subsequent use of this data.

5.4 Legal obligations

We may disclose your data if required by law, court decision, or competent administrative authority.

5.5 Sharing with AI Models (LinkedIn Data)

Candidate data sourced from LinkedIn (experience, skills, and chat history) may be shared with our AI subprocessors for analysis:

  • Models: OpenAI, Anthropic, Google (Gemini), and open-source models (e.g., Mistral, DeepSeek).
  • Purpose: These models process text to generate scores, summaries, and recommendations for recruiters. Note: We ensure these subprocessors do not use this data to train their global models where possible.

6. International Data Transfers

Some of our subprocessors are located in the United States, involving data transfer outside the European Union.

6.1 Safeguards implemented

These transfers are governed by:

  • Standard Contractual Clauses (SCCs) from the European Commission integrated into contracts with our suppliers
  • EU-US Data Privacy Framework certification for eligible suppliers (OpenAI, Google, Anthropic)
  • Additional security measures (encryption, pseudonymization)

For UK clients: Transfers comply with UK GDPR requirements, using UK International Data Transfer Agreement (IDTA) or approved mechanisms.

For other jurisdictions: Appropriate safeguards are implemented in accordance with applicable local law.

6.2 Affected services

The following data may be transferred to the United States:

  • Interview transcriptions (to AI services)
  • CV/Resume text content (to AI services for analysis)
  • AI processing prompts and requests

Important: Raw video and audio recordings remain hosted in France (OVH) and are not transferred to US AI services. Only text transcriptions are sent for analysis.

6.3 Data subject rights for international transfers

EU/EEA and UK residents have the right to:

  • Obtain information about safeguards for international transfers
  • Object to transfers in certain circumstances
  • Lodge a complaint with supervisory authority

California residents: Have rights under CCPA regarding data sold or shared, including to third parties outside California.

Canadian residents: International transfers are disclosed and subject to PIPEDA accountability requirements.

6.4 Data Deletion (LinkedIn Specific)

In compliance with LinkedIn’s developer terms:

  • User Revocation: If a recruiter disconnects the LinkedIn integration, we stop fetching new data immediately.
  • Member Deletion Requests: We honor LinkedIn's "Closed Candidates" and deletion signals. If a candidate deletes their LinkedIn profile, we will purge their data from MeetHarry within 30 days.

7. Data Retention

7.1 Client and user data

  • Active account: throughout contract duration
  • After termination: 2 years for legal accounting and tax obligations
  • Connection logs: 1 year maximum

7.2 Candidate data

  • During recruitment process: until process completion
  • After the process: 2 years maximum from recruitment closure
  • Automatic deletion: beyond this period, unless explicit retention request from candidate or legal obligation

Jurisdictional variations:

  • EU/EEA: 2 years standard retention
  • California: Deletion upon request unless exception applies (CCPA/CPRA)
  • Canada: Reasonable retention period, deletion upon request
  • UK: Up to 6 months for unsuccessful candidates (ICO guidance) - adjustable based on legitimate interest

7.3 Billing data

In accordance with French legal obligations: 10 years from fiscal year closure.

International clients: Retention may vary based on local tax law requirements in your jurisdiction.

8. Data Security

MeetHarry implements appropriate technical and organizational measures to protect your data:

8.1 Technical measures

  • Encryption: HTTPS/TLS for all communications
  • Encryption at rest: for sensitive data in databases
  • Authentication: OAuth 2.0, hashed passwords (bcrypt/argon2)
  • Backups: daily, retained for 7 days
  • Firewall: network protection and anti-DDoS
  • Monitoring: 24/7 access and anomaly monitoring

8.2 Organizational measures

  • Limited data access based on least privilege principle
  • Staff training on GDPR/privacy best practices
  • Security incident response procedures
  • Regular security audits
  • GDPR-compliant subprocessing agreements

8.3 Breach notification

In the event of a personal data breach presenting a risk to your rights and freedoms:

  • EU/EEA residents: We will notify you within 72 hours of discovery (GDPR Article 34)
  • UK residents: Notification within 72 hours (UK GDPR)
  • California residents: Notification without unreasonable delay (CCPA/California Civil Code § 1798.82)
  • Canadian residents: Notification as required by PIPEDA breach requirements
  • Other jurisdictions: Notification in accordance with applicable local law

9. Your Rights

9.1 Rights under GDPR (EU/EEA and UK residents)

Right of access (Article 15)

You can request a copy of all personal data we hold about you.

For candidates: Upon request to the DPO, you will receive all your data including:

  • Your CV/Resume
  • Video and audio recordings of your interviews
  • Transcriptions
  • Generated analyses and scores
  • All associated metadata

Provision timeframe: 1 month maximum

Right to rectification (Article 16)

You can request correction of inaccurate or incomplete data.

Right to erasure / "right to be forgotten" (Article 17)

You can request deletion of your data in the following cases:

  • Data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent
  • You object to processing
  • Data has been unlawfully processed
  • Legal obligation requires deletion

Exceptions: Retention necessary to comply with legal obligation or to establish, exercise, or defend legal claims.

Right to restriction of processing (Article 18)

You can request temporary freezing of data processing in case of:

  • Contesting data accuracy
  • Unlawful processing but opposition to erasure
  • Need for data to establish, exercise, or defend legal claims

Right to data portability (Article 20)

You can receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.

Provided format:

  • Structured data: CSV format
  • Documents: Original formats (PDF for CVs)
  • Audio/video recordings: Upon explicit request to DPO

Applies to: Data provided with your consent or in the context of a contract, processed in an automated manner.

Note: Automated exports via client interface (for recruiters) contain analyses in CSV format. Audio and video recordings are not included in these automated exports but remain accessible upon request.

Right to object (Article 21)

You can object at any time to processing of your data for reasons relating to your particular situation, notably:

  • Processing based on legitimate interest
  • Direct marketing (absolute objection)

Right to withdraw consent

When processing is based on your consent, you can withdraw it at any time. Withdrawal does not affect lawfulness of processing prior to withdrawal.

Right not to be subject to automated decision-making (Article 22)

For candidates: You have the right to request human intervention in the evaluation process and to contest decisions made solely based on automated processing.

9.2 Rights under CCPA/CPRA (California residents)

Right to know

You have the right to request:

  • Categories of personal information collected
  • Categories of sources
  • Business purpose for collection
  • Categories of third parties with whom we share data
  • Specific pieces of personal information collected

Right to delete

You can request deletion of personal information, subject to certain exceptions.

Right to correct

You can request correction of inaccurate personal information.

Right to opt-out of sale/sharing

We do not sell personal information. If this changes, you will have the right to opt-out.

Right to limit use of sensitive personal information

You can limit our use of sensitive personal information to specific purposes.

Right to non-discrimination

You will not receive discriminatory treatment for exercising your CCPA rights.

Authorized agent: You may designate an authorized agent to make requests on your behalf.

9.3 Rights under PIPEDA (Canadian residents)

  • Right to access personal information held
  • Right to correction of inaccurate information
  • Right to withdraw consent (subject to legal or contractual restrictions)
  • Right to file complaint with Privacy Commissioner of Canada

Quebec residents (Law 25): Additional rights including:

  • Right to data portability
  • Right to deletion (right to de-indexing)

9.4 Rights under UK GDPR (UK residents)

UK residents have equivalent rights to GDPR (sections 9.1), with UK Information Commissioner's Office (ICO) as supervisory authority.

9.5 Rights under Australian Privacy Act

Australian residents have rights under Australian Privacy Principles (APPs):

  • Access to personal information
  • Correction of inaccurate information
  • Complaint to Office of the Australian Information Commissioner (OAIC)

9.6 Exercising your rights

To exercise your rights, contact us:

  • Email: tp@meetharry.com
  • Mail: MeetHarry - DPO, Soleil Couchant, 107 rue de Saint-Quentin, 62780 Cucq, France

Response timeframe:

  • EU/EEA/UK: 1 month maximum (extendable by 2 months if necessary)
  • California: 45 days (extendable by 45 days)
  • Canada: 30 days
  • Other jurisdictions: As required by applicable law

Identity verification: To prevent identity theft, we may request a copy of identification document.

9.7 Right to lodge a complaint

EU/EEA residents: French Data Protection Authority (CNIL)

  • Website: www.cnil.fr
  • Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
  • Phone: +33 1 53 73 22 22

UK residents: Information Commissioner's Office (ICO)

California residents: California Attorney General

Canadian residents: Privacy Commissioner of Canada

Other jurisdictions: Contact your local data protection authority.

10. Cookies and Similar Technologies

10.1 Types of cookies used

Strictly necessary cookies (exempt from consent):

  • Session and authentication cookies
  • Security cookies
  • Preference cookies (language, settings)

Analytics cookies (requiring consent):

  • Google Analytics: audience analysis and traffic statistics

10.2 Cookie management

You can at any time:

  • Accept or refuse cookies via our consent banner
  • Configure your browser to refuse cookies:
    • Chrome: Settings > Privacy and security > Cookies
    • Firefox: Preferences > Privacy & Security
    • Safari: Preferences > Privacy
    • Edge: Settings > Privacy, search and services

Warning: Refusing strictly necessary cookies may prevent use of certain platform features.

10.3 Google Analytics

We use Google Analytics with IP address anonymization. Collected data is retained for 26 months maximum.

Opt-out options:

California residents: Under CCPA, analytics cookies may be considered "sharing" for advertising purposes. You can opt-out using the methods above.

11. Children's Data

MeetHarry does not accept candidates under 18 years of age. If we discover that a minor has provided personal data, we will delete it immediately.

Parental rights: If you are a parent or legal guardian and discover that a minor has used our services, contact us immediately at: tp@meetharry.com

COPPA compliance (USA): We do not knowingly collect personal information from children under 13.

Age verification: We do not implement age verification but rely on user declarations. Clients are responsible for ensuring candidates meet age requirements.

12. Policy Changes

We reserve the right to modify this privacy policy at any time to reflect:

  • Regulatory changes
  • Changes to our practices
  • Addition of new features

Change notification:

  • Last update date displayed at top of document
  • Email notification for substantial changes
  • Publication on website

We encourage you to regularly review this policy.

Material changes: For material changes affecting your rights:

  • EU/EEA/UK: 30 days' notice before implementation
  • California: Notice of material changes as required by CCPA
  • Canada: Meaningful consent required for material changes
  • Other jurisdictions: Notice as required by applicable law

13. Contact

For any questions regarding this privacy policy or protection of your personal data:

Email: tp@meetharry.com
Mail: MeetHarry - DPO, Soleil Couchant, 107 rue de Saint-Quentin, 62780 Cucq, France

California residents - Do Not Sell request: tp@meetharry.com (though we do not sell personal information)

Acceptance: Use of the MeetHarry platform implies acceptance of this privacy policy.

Version: 1.0
Company creation date: November 26, 2024
Effective date: December 2025

Appendix A - Jurisdiction-Specific Information

For California Residents (CCPA/CPRA)

Categories of personal information collected in the last 12 months:

CategoryExamplesCollectedBusiness Purpose
IdentifiersName, email, IP addressYESAccount management, service provision
Commercial informationCredit usage, purchase historyYESBilling, service delivery
Internet activityBrowsing history, interactionsYESService improvement, analytics
Audio/video informationInterview recordingsYESInterview evaluation
Professional informationJob applications, work historyYESRecruitment facilitation
InferencesEvaluation scores, recommendationsYESInterview analysis

Sources of personal information:

  • Directly from you (registration, platform use)
  • From your devices (automatic collection)
  • From Google (OAuth authentication)
  • From Candidates (interview process)

Business purposes for collection:

  • Providing platform services
  • Processing interviews
  • Billing and account management
  • Service improvement
  • Security and fraud prevention
  • Legal compliance

Categories of third parties with whom we share personal information:

  • Service providers (hosting, AI processing)
  • Professional advisors (legal, accounting)
  • Law enforcement (when legally required)

Sale of personal information: We do NOT sell personal information and have not sold personal information in the preceding 12 months.

Sharing for cross-context behavioral advertising: We do NOT share personal information for cross-context behavioral advertising.

Sensitive personal information:

  • We collect audio/video recordings (sensitive under CPRA)
  • Used only for interview evaluation purposes
  • You have the right to limit use to this necessary purpose

Data retention: See Article 7 for detailed retention periods.

Contact for CCPA requests: tp@meetharry.com

For Canadian Residents (PIPEDA / Law 25)

Accountability: MeetHarry is accountable for personal information under its control, including data transferred to third parties for processing.

International transfers: Personal information may be processed in the United States. While outside Canada, data is subject to US laws including lawful access by US government authorities.

Challenging compliance: You may challenge our compliance with PIPEDA by contacting our DPO. If not satisfied, you may file a complaint with the Privacy Commissioner of Canada.

Quebec residents (Law 25):

  • Enhanced consent requirements for sensitive information
  • Right to data portability
  • Mandatory privacy impact assessments for certain processing
  • Stricter international transfer requirements

Contact: tp@meetharry.com

For UK Residents (UK GDPR)

Legal basis: Processing complies with UK GDPR and Data Protection Act 2018.

International transfers: Transfers to EU are recognized as adequate. Transfers to US use appropriate safeguards (UK IDTA or approved SCCs).

Supervisory authority: Information Commissioner's Office (ICO)

Data subject rights: Equivalent to GDPR (see section 9.1)

Contact: tp@meetharry.com

For Australian Residents (Privacy Act 1988)

Australian Privacy Principles (APPs): Our processing complies with APPs.

Overseas disclosure: Personal information may be disclosed to service providers in France and United States. We take reasonable steps to ensure overseas recipients comply with APPs.

Notifiable Data Breaches: In case of eligible data breach, we will notify affected individuals and Office of the Australian Information Commissioner (OAIC) as required.

Contact for privacy concerns: tp@meetharry.com

OAIC complaints:

For Other Jurisdictions

Brazil (LGPD): If processing data of Brazilian residents, we comply with Lei Geral de Proteção de Dados (LGPD).

Switzerland: Processing complies with revised Swiss Federal Act on Data Protection (FADP/nFADP).

Singapore: Processing complies with Personal Data Protection Act (PDPA) for Singapore residents.

For jurisdiction-specific questions, contact: tp@meetharry.com

Appendix B - Google OAuth 2.0 Disclosure

Information accessed via Google OAuth 2.0:

When you sign in with Google, we request access to:

  • Your email address (to create and identify your account)
  • Your basic profile information (name, profile picture)
  • Your organization/domain (if available)

How we use Google data:

  • Account creation and authentication
  • Communication regarding your account
  • Display of your name and photo in the platform

We do NOT:

  • Access your Gmail messages
  • Access your Google Drive files
  • Access your Google Calendar
  • Post on your behalf to any Google services
  • Share your Google data with third parties (except as disclosed in section 5)

Google's Privacy Policy: https://policies.google.com/privacy

Revoking access: You can revoke MeetHarry's access to your Google account at any time via your Google Account settings: https://myaccount.google.com/permissions

APPENDIX C - LINKEDIN TALENT & RSC DISCLOSURE

1. Information Accessed via LinkedIn API: MeetHarry integrates with LinkedIn Talent Solutions to streamline the recruitment process. When authorized by a Client, we access:

  • Member Profiles: Detailed professional experience and qualifications.
  • Messages: We read and write messages to candidates via LinkedIn to facilitate automated screening.
  • Job Postings: We sync job offers from LinkedIn to the MeetHarry platform.

2. How we use LinkedIn data:

  • Automated Screening: Our AI (including Gemini, OpenAI, Anthropic, and open-source models) analyzes candidate experience to assess suitability for specific roles.
  • Candidate Outreach: We automate the initial "chat" and the delivery of interview links to candidates.
  • Data Synchronization: We allow recruiters to export and manage LinkedIn candidate data within the MeetHarry dashboard.

3. Data Processing & Sub-processors: Candidate data sourced from LinkedIn is processed by our AI sub-processors to generate insights. We do not permit these sub-processors to use LinkedIn-sourced data to train their general models.

4. Data Retention and Deletion:

  • Recruiter Disconnection: If a Client disconnects the LinkedIn integration, we immediately cease fetching data.
  • Compliance with LinkedIn Terms: We honor LinkedIn’s data deletion signals. If a candidate deletes their LinkedIn profile or requests data removal, we will purge that data from our systems within 30 days.

MeetHarry respects your privacy and is committed to protecting your personal data in accordance with applicable laws worldwide.