Privacy Policy

Effective date: January 1, 2025

Last updated: January 1, 2025

Table of Contents

1. Who we are and how to contact us
2. Scope of this Policy
3. Personal information we collect
4. Sources of personal information
5. How we use personal information
6. Cookies and similar technologies
7. How we share personal information
8. Data retention
9. Security
10. International transfers
11. Children’s privacy
12. Your privacy rights
13. Third-party sites and services
14. Changes to this Policy
15. How to contact us
16. Additional information for EEA/UK/Swiss individuals (if applicable)
17. Data Processing Terms

This Privacy Policy describes how SquarePeg, Inc. (“SquarePeg,” “we,” “us,” or “our”) collects, uses, shares, and safeguards personal information. It also explains the choices and rights available to individuals.

Your use of SquarePeg’s services (the “Services”) is subject to this Privacy Policy and our Terms of Service. Capitalized terms used but not defined here have the meanings given in the Terms of Service.

1) Who we are and how to contact us

Controller / Processor roles. SquarePeg provides B2B software used by employer customers to evaluate and manage job applicants. For:

  • Customer/Employer Data (applicant and hiring data imported from an employer’s applicant tracking system) – we act as a processor/service provider and handle personal information on behalf of the employer (the controller/business).

  • SquarePeg Account, Website and Marketing Data (e.g., admin user accounts, billing, site analytics, support) – we act as a controller/business.

Contact details.

  • Company: SquarePeg, Inc.

  • Address: 954 S 1100 E, Salt Lake City, Utah 84105, USA

  • Website: https://www.squarepeg.ai/

  • Email: operations@squarepeg.ai

If you are located in a jurisdiction that grants privacy rights (e.g., California, Colorado, Connecticut, Utah, Virginia, the EEA/UK, etc.), see Section 12 for information about your rights and how to exercise them.

2) Scope of this Policy

This Policy applies to personal information processed by SquarePeg in the following contexts:

  • Employer customers’ use of the Services (including integrations to ingest applicant data from their applicant tracking system (“ATS”) via Kombo).

  • Our websites, applications, and communications, including https://www.squarepeg.ai/ and related pages that link to this Policy.

This Policy does not apply to our customers’ own privacy and HR practices. Employers are responsible for their notices, bases of processing, and honoring individual rights as the controller/business for applicant data. If you are an applicant to a SquarePeg customer, please contact that employer with any questions about how your information is handled.

3) Personal information we collect

A. Information we collect as a processor/service provider (from employer ATS)

When enabled by the employer customer, SquarePeg connects to the customer’s ATS via our integration partner Kombo to ingest applicant data. The employer controls which fields are synchronized. Typical categories include:

  • Resume/CV data (e.g., name, contact details, work and education history, skills, certifications, links provided on the resume).

  • Application metadata (e.g., job applied to, date/time stamps, source channel, requisition identifiers).

  • Recruiting workflow data (e.g., application history, stage names, and stage change timestamps), and system identifiers (e.g., ATS candidate IDs, job IDs) necessary to maintain the integration.

We do not ingest interview notes or ratings, background-check results, Social Security Numbers (SSN), government ID numbers, or other highly sensitive fields.

ATS coverage. SquarePeg supports ATS integrations available through Kombo. Examples of supported ATS platforms are listed by Kombo here: https://www.kombo.dev/integrations. Availability depends on the employer’s configuration and the ATS.

We do not require candidates to create accounts at SquarePeg to be processed by the Services. Our collection is primarily through the employer’s ATS connection.

B. Information we collect as a controller/business

We collect the following when you interact directly with SquarePeg (e.g., as an employer admin user, website visitor, or prospective customer):

  • Account & business contact information: name, work email, job title, company, role, authentication data, billing and subscription details.

  • Support & communications: messages, tickets, feedback, and related metadata (e.g., timestamps, channel).

  • Website and product usage data: device and browser information, IP address, general location derived from IP, pages and features used, session activity, performance and diagnostic data, and cookies or similar technologies (see Section 6).

4) Sources of personal information

  • Employer ATS integrations via Kombo as directed by the customer.

  • Direct interactions with employer admin users and site visitors (e.g., signup forms, product usage, support requests).

  • Service providers and partners that enable or support our services (e.g., hosting, analytics, email delivery, payment processing), subject to agreements.

5) How we use personal information

As a processor/service provider (for employer ATS data)

We process applicant data only on documented instructions from the employer, including to:

  • Provide, maintain, secure, and support the Services.

  • Generate scores, insights, and analytics configured by the employer to assist recruiting and hiring.

  • Create reports and dashboards for authorized customer users.

  • Monitor, detect, and prevent fraud, abuse, or security incidents.

  • Comply with law, protect rights and safety, and fulfill our contractual obligations to the customer.

As a controller/business (for website, admin, and operations data)

We use personal information to:

  • Create and administer accounts; authenticate users; provide customer support.

  • Operate, secure, and improve our Services and websites.

  • Conduct product analytics and service quality measurement.

  • Send service-related communications and (where permitted) marketing communications (you can opt out at any time).

  • Enforce our Terms of Service, comply with legal obligations, and protect rights, safety, and property.

We may use de-identified or aggregated data for research, benchmarking, product improvement, and other lawful purposes. We do not attempt to re-identify de-identified data.

6) Cookies and similar technologies

We and our service providers use cookies and similar technologies (e.g., pixels, local storage) to operate and improve the Services, understand usage, and (where permitted) tailor content. You can manage cookie preferences through your browser settings and, where available, our site-level controls.

Analytics. We use Google Analytics (GA4) on our website to help us understand website traffic and usage. Google Analytics may set cookies and collect IP address, device/browser information, and page interactions. You can learn more about Google’s practices and opt out via Google’s tools (e.g., Ads Settings and the Google Analytics Opt-out Browser Add-on).

Do Not Track / Global Privacy Control. Our Services currently do not respond to browser-based Do Not Track signals. Where legally required, we honor Global Privacy Control (GPC) signals for opt-outs that apply to us as a controller.

7) How we share personal information

We share personal information in the following circumstances:

  • With service providers / subprocessors that help us deliver the Services (e.g., cloud hosting, analytics, email, customer support tooling, integration partner Kombo). These parties are bound by contractual obligations to use the data only as instructed.

  • With the employer customer (controller) and its authorized users, consistent with the employer’s configuration and access controls.

  • For legal, compliance, and safety purposes, including to comply with law or legal process; enforce agreements; and protect the rights, safety, or property of SquarePeg, our customers, users, or the public.

  • Business transactions: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate confidentiality protections.

We do not sell personal information, and we do not share personal information for targeted/cross‑context behavioral advertising as those terms are defined by certain U.S. state privacy laws.

8) Data retention

  • Applicant data (processor role): retained for the duration of the customer agreement and then deleted or returned per the customer’s written instructions and our data processing terms, subject to legal holds and backup retention.

  • Account, support, and operations data (controller role): retained for as long as needed for the purposes described in this Policy (e.g., to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements).

9) Security

We implement administrative, technical, and physical safeguards designed to protect personal information. These include:

  • Encryption of data in transit and at rest.

  • Strong authentication and access controls for customer data.

  • Logging, monitoring, and vulnerability management.

  • Regular security testing and third-party audits.

  • Incident response procedures.

No system is perfectly secure, and we cannot guarantee absolute security. If you believe your account or data have been compromised, contact us immediately at operations@squarepeg.ai.

10) International transfers

We may process and store information in the United States and other countries. Where required, we implement appropriate safeguards for cross-border transfers (e.g., Standard Contractual Clauses for transfers from the EEA/UK/Switzerland) and will provide further details upon request.

11) Children’s privacy

Our Services are not directed to children, and we do not knowingly collect personal information from anyone under 16. If we learn that a child under 16 has provided personal information to us, we will delete it. If you believe this has occurred, please contact operations@squarepeg.ai.

12) Your privacy rights

Depending on your location, you may have rights regarding your personal information (e.g., access, correction, deletion, portability, restriction/objection, and opt-outs of certain processing). For data we process on behalf of an employer, please direct your request to that employer, as they control the data.

For data where SquarePeg is the controller (e.g., website, admin account, marketing): you can submit requests by emailing operations@squarepeg.ai. We will verify your request consistent with applicable law and will not discriminate against you for exercising your rights. You may also opt out of marketing emails at any time by using the unsubscribe link in those emails or contacting us.

Residents of certain U.S. states (e.g., CA, CO, CT, UT, VA) may also have rights to opt out of targeted advertising, sales, or profiling in furtherance of decisions that produce legal or similarly significant effects. As noted, we do not sell personal information and do not share personal information for targeted/cross‑context behavioral advertising. We also do not conduct solely automated decisions that produce legal or similarly significant effects without human involvement; there is always a human in the loop for hiring decisions.

We will respond to verified rights requests within the timeframe required by applicable law.

13) Third-party sites and services

Our Services may link to third-party sites and services that are not owned or controlled by SquarePeg. Their privacy practices are governed by their own policies.

14) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., by posting on our website or emailing account owners) and indicate the “Effective date” and “Last updated” date at the top. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

15) How to contact us

If you have questions or complaints about this Policy or our privacy practices, contact us at:

SquarePeg, Inc.

954 S 1100 E

Salt Lake City, Utah 84105, USA

Website: https://www.squarepeg.ai/

Email: operations@squarepeg.ai

If you are a California resident and your concern is not resolved, you may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs at 400 “R” Street, Sacramento, CA 95814 or 1‑916‑445‑1254.

16) Additional information for EEA/UK/Swiss individuals (if applicable)

Where SquarePeg acts as a controller for your personal data, our legal bases for processing may include: (i) performance of a contract; (ii) legitimate interests (e.g., service improvement, security); (iii) compliance with legal obligations; and (iv) consent, where required. If you are located in the EEA/UK/Switzerland and wish to exercise your rights, contact operations@squarepeg.ai. At this time, SquarePeg does not actively target or offer services to individuals in the EEA/UK/Switzerland and has not appointed an EU/UK representative.

17) Data Processing Terms

For employer customers, SquarePeg offers a Data Processing Addendum (DPA) incorporating appropriate security, confidentiality, and transfer safeguards. Customers may request a copy by contacting operations@squarepeg.ai. Our list of core subprocessors (including Kombo and hosting providers) is available on request and will be maintained with advance notice for material changes.

AI-assisted recruiting for modern technology companies.

Products
Applicant ScreeningTalent RediscoveryPassive SourcingFraud DetectionData EnrichmentOutcome Intelligence
About
ResourcesCustomersProduct Council
© SquarePeg 2025. All Rights Reserved.
Privacy Policy
Terms of Service