Data Processing Agreement

Last Updated: October 1, 2025

Organization Details

Company
Outhire Pty Ltd
ABN
27 664 806 679
Security Contact
security@outhire.ai

Representative Appointments

  • EU Representative: Prighter Ltd (Article 27 GDPR compliance)
  • UK Representative: Prighter Ltd (UK GDPR Article 27 compliance)

Contact our representative at: https://app.prighter.com/portal/outhire

Service Overview

Outhire provides an AI platform that automates phone and video interviews for recruitment screening. The platform processes candidate data continuously to enable faster hiring decisions for our customers.

Data Categories Processed

We process the following categories of personal data on behalf of our customers:

  • Names and contact details (email, phone, address)
  • Professional information (resumes, CVs)
  • Device and activity data (IP addresses, user behavior)
  • Location information

No special category data (as defined under GDPR Article 9) is processed.

Security Standards

Data at Rest

  • AES-256 encryption for all stored data
  • Encrypted database instances
  • Secure key management with regular rotation

Data in Transit

  • TLS 1.2+ encryption for all data transmissions
  • Secure API authentication
  • Rate limiting protections

Additional Protections

  • Automated encrypted backups with geographic redundancy
  • Continuous AI bias audits
  • Third-party penetration testing
  • Role-based access controls with least-privilege principles

AI-Specific Safeguards

We implement the following safeguards to ensure fair and unbiased AI processing:

  • Automatic removal of identifying information before AI processing
  • Evaluation based solely on interview transcripts
  • No processing of voice characteristics, accents, or video characteristics
  • Exclusion of demographic indicators from candidate assessment
  • Full interview transcripts provided alongside AI analysis

Human Oversight: All automated analysis is provided to customers for their consideration. Final hiring decisions are always made by human recruiters and hiring managers.

GDPR/UK GDPR Compliance

This agreement incorporates Standard Contractual Clauses (EEA SCCs Module Two/Three) and UK Addendum provisions for international data transfers.

  • Transfers to non-adequate countries require these safeguards
  • Disputes resolve in English courts
  • England's laws govern this agreement

CCPA Compliance

Under the California Consumer Privacy Act (CCPA), Outhire functions as a service provider with:

  • Restricted, specified business purposes only
  • No data selling or sharing
  • No unauthorized retention of personal information

Data Subject Rights

Customers can exercise the following rights regarding personal data processed on their behalf:

  • Deletion: Delete personal data consistent with service functionality
  • Termination: Upon contract termination, data will be returned or deleted unless legally required retention applies

For data subject requests, contact us at privacy@outhire.ai

Security Incident Response

In the event of a security incident affecting personal data:

Notification Timeline: We will notify customers without undue delay, and no later than 72 hours after becoming aware of a breach.

Our incident response includes providing timely information about the nature of the breach and taking immediate containment steps to protect affected data.

Questions?

If you have any questions about this Data Processing Agreement, please contact us: