Ashby Privacy Policy

Last updated September 11, 2023


This page describes how Ashby, Inc. ("Ashby", "we", "our", "us") collects and processes personal information in accordance with this Privacy Policy.

What information do we collect and where do we collect it from?

We automatically collect information such as your IP address and device ID in order to provide our services to you. We also collect information from you when you register on our site or fill out a form or upload information to the Service.

The information we may collect includes, without limitation:

  1. Name, email address, social media accounts, cover letter (if applicable), resume and job experience, education, email communications sent via our Service, or email communications that you chose to send to us or to give us administrative access to, availability for interviews, notes from interviewers, offer letter contents, and custom fields created by customers of our platform as well as other content a user of our platform may upload.
  2. Metadata related to your use of the Service, such as: when you login to the Service and how you use the Service

If you are using “Ashby for Recruiting”:

The sources of this collection are from job applicants or candidates directly, from customers, and from third party sources such as social media service providers.

If you are using “Ashby Analytics”:

The sources of this collection are from systems the customer has connected to Ashby.

What do we use personal information for?

If you are using “Ashby for Recruiting”:

We provide a job candidate and job applicant relationship management and tracking system. Any of the personal information we collect may be processed and/or used in the following ways:

  • To help companies post and manage jobs
  • To help companies source candidates for jobs
  • To help companies manage applicants for jobs
  • To help companies schedule interviews with candidates and interviewers
  • To personalize your experience (your information helps us to better respond to your individual needs)
  • To improve our Service (we continually strive to improve based on the information and feedback we receive from you)
  • To provide and improve customer service (your information helps us to more effectively respond to your customer service and support needs)

If you are using “Ashby Analytics”:

We provide a talent analytics solution. Any of the personal information we collect may be processed and/or used in the following ways:

  • To help analyze recruiting activities
  • To personalize your experience (your information helps us to better respond to your individual needs)
  • To improve our Service (we continually strive to improve based on the information and feedback we receive from you)

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

Where do we process data?

We locate our data centers in the United States. By utilizing our services, you expressly instruct us to process personal information within the United States and consent to its processing in accordance with this privacy policy.

How long do we retain your data?

How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.

Do we disclose any information to outside parties?

We disclose personal information to our customers to enable them to use our Service in connection with their job candidate management and recruiting analytics. The majority of the information we collect is transferred to at least one of our paying customers for their use of our Services. If we have collected your personal information, it is more likely than not that it was disclosed to one of our customers for their use of the Service within the last 12 months.

We do not sell, trade, or otherwise transfer your personal information except in accordance with this policy. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety. Additionally, in the event our business is acquired by a third party the information used in the operation of our business will necessarily be transferred in connection with that acquisition. Non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses.

We use sub-processors to provide us with some services that are necessary to provide the features of our website. Those subprocessors and the services they provide are listed below.

The following sub-processors provide services necessary for core platform features:

Amazon Web ServicesCloud data processing and warehousing
IntercomMonitor interaction, provide customer support, send product updates
FullStoryMonitor and analyze interaction
Sovren Group, incProcess resume files
Bento App, incProvide interactive tutorials during customer onboarding
RudderStack, incProduct usage analytics
Dropbox, incElectronic signatures via Dropbox Sign
Mapbox, incProvide structured location data for address text
WorkOS, inc.Magic link authentication

The following sub-processors provide services necessary for the use of optional add-ons:

NamSor SASOnly used when customer has purchased the diversity add-on. Used to infer demographic information based on candidate names.
OpenAIOnly used when customer has purchased the AI add-on. Used for LLM text generation.
WorkOS, inc.Single sign-on and active directory sync

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent. Your submission of personal information in connection with creating an applicant or candidate profile constitutes your consent to our distribution of your personal information to our customers for the purposes of using our Services.

Online Privacy Policy Only

This online privacy policy applies only to information collected through our website and not to information collected offline.

Your Consent

By using our site, you consent to our privacy policy. If you do not consent to the collection and processing of the information required to be processed, we are unable to provide you with our service, and you should not use our site.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page and update the Privacy Policy modification date above. Policy changes will apply only to information collected after the effective date of the change.

EU Residents

We process personal data only on documented instructions from the controller (our customer, the entity who is managing job candidates and applicants via our Service), including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

We ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

We take Technical and Organizational measures in accordance with Article 32 of the GDPR

We respect the conditions referred to in paragraphs 2 and 4 of Article 28.3 of the GDPR for engaging another processor;

We will use commercially reasonable efforts, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GPDR;

We assist the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the processor;

We will, at the choice of the controller, which should be exercised via the Service or by emailing the choice to, delete or return all the personal data to the controller after the end of the provision of services relating to processing, and will delete existing copies unless Union or Member State law requires storage of the personal data;

We will make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28.3 of the GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

California Consumer Privacy Act Requests

To request a copy of your personal data under the California Consumer Privacy Act, please email a request with the subject “CCPA data request” and your full name, address, and last employer to We will work with all parties who make requests to verify their identity and to enable them to exercise their applicable rights under the CCPA. We will not discriminate against individuals who legally exercise their own rights under the CCPA.

Google API Services User Data Policy

Ashby’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Contacting Us

If there are any questions regarding this privacy policy you may contact us via email:

Or via our mailing address:

Ashby, Inc.,

49 Geary Street, Suite 411,

San Francisco, CA, 94108