Skip to main content
← Back to Yojivo

Privacy Policy

Last updated: March 25, 2026 · Version 1.2

1. Who We Are

Yojivo ("we", "us", "our") is a B2B SaaS platform that helps consulting firms manage their workspaces, hiring, projects, and team operations. This policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR), the Australian Privacy Act 1988 (including the Australian Privacy Principles), and other applicable data protection laws.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, phone number, job title, department, bio, timezone, avatar photo
  • Company data: Company name, billing information
  • Usage data: Activity logs, IP addresses, browser user-agent strings
  • Hiring data (if applicable): Candidate names, emails, phone numbers, resumes, interview transcripts, AI-generated scores and evaluations
  • Communication data: Discussion posts, comments, notifications
  • AI interaction data: Chat session content processed by AI assistants

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service delivery: Providing and maintaining the Yojivo platform
  • Authentication: Verifying your identity and managing access
  • Communication: Sending service-related emails (verification, invitations, notifications)
  • AI processing: Resume analysis, candidate scoring, voice interview evaluation (with your organization's consent)
  • Security: Detecting fraud, preventing abuse, maintaining audit logs
  • Improvement: Analyzing aggregated, anonymized usage patterns to improve the platform

4. Legal Basis for Processing

  • Contract performance: Processing necessary to deliver our services (GDPR Art. 6(1)(b))
  • Legitimate interests: Security, fraud prevention, service improvement (GDPR Art. 6(1)(f))
  • Consent: Marketing communications, optional analytics (GDPR Art. 6(1)(a))
  • Legal obligation: Tax and financial record-keeping (GDPR Art. 6(1)(c))
  • Explicit consent: Processing of special category data (diversity demographic information) for equal opportunity monitoring (GDPR Art. 9(2)(a))

5. AI-Assisted Decision Making

Yojivo uses artificial intelligence to assist with hiring processes, including resume analysis, candidate scoring, and voice interview evaluation. These AI features:

  • Are used to assist human decision-makers, not to make fully automated decisions
  • Provide scores and summaries that are always subject to human review
  • Can be disabled per job role by workspace administrators

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing. All AI-generated evaluations in Yojivo require human review before any hiring decision is finalized.

6. Data Sharing & Third Parties

We share personal data with the following categories of third-party processors:

  • AI providers: For resume analysis, candidate evaluation, and voice interview processing
  • Voice interview providers: For conducting and recording AI-powered voice interviews
  • Payment processors: For billing and payment processing
  • Cloud infrastructure providers: For hosting, storage, and delivery of uploaded files
  • CRM integrations (optional): For syncing candidate data with your existing tools

We require Data Processing Agreements (DPAs) with our sub-processors and implement appropriate safeguards for international data transfers. For details about our sub-processors, DPA arrangements, or to request a copy of our Data Processing Agreement, please contact us at hello@yojivo.com.

Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States and Australia. Where we transfer data outside the European Economic Area, we implement Standard Contractual Clauses (SCCs) approved by the European Commission and other appropriate safeguards. Under Australian Privacy Principle 8, we take reasonable steps to ensure overseas recipients handle your data consistently with the Australian Privacy Principles.

7. Data Retention

  • Activity logs: Automatically purged after 90 days
  • Audit logs: Automatically purged after 365 days
  • AI chat sessions: Automatically purged after 90 days
  • Voice recordings: Recording URLs cleared after 90 days
  • Rejected candidate data: Anonymized after 180 days
  • Account data: Retained while your account is active; anonymized upon deletion

8. Your Rights

Under GDPR, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Correct inaccurate personal data via your profile settings
  • Erasure (Art. 17): Delete your account and personal data
  • Portability (Art. 20): Export your data in machine-readable format (JSON)
  • Objection (Art. 21): Object to processing based on legitimate interests
  • Withdraw consent (Art. 7): Withdraw marketing consent at any time

You can exercise your right to data export and account deletion directly from your account Settings page. For other requests, contact our Data Protection Contact.

Australian Privacy Principles

If you are located in Australia, you also have rights under the Australian Privacy Principles (APPs), including the right to access your personal information (APP 12) and request correction of inaccurate information (APP 13).

9. Security

We implement appropriate technical and organizational measures including:

  • TLS/SSL encryption for all data in transit
  • Argon2 password hashing
  • JWT token rotation with 15-minute access token lifetime
  • Brute-force protection (account lockout after 5 failed attempts)
  • Rate limiting on all API endpoints
  • Encrypted storage of integration credentials

10. Contact

For privacy-related inquiries or to exercise your data rights, contact our Data Protection Contact:

Email: privacy@yojivo.com

If you are not satisfied with our response, you have the right to lodge a complaint with:

  • Your local EU/EEA data protection supervisory authority
  • The Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

11. Special Category Data

Where our hiring features include voluntary demographic surveys for diversity monitoring, we collect special category data (such as gender, ethnicity, disability status, and Indigenous status) only with your explicit consent under GDPR Article 9(2)(a). This data is:

  • Entirely voluntary — declining has no effect on your application
  • Stored separately from your application, linked only by a one-way hash
  • Never visible to individual hiring managers
  • Used only in aggregate form, with groups smaller than 5 suppressed
  • Subject to a defined retention period and automatic deletion

For candidates identifying as Aboriginal or Torres Strait Islander, we acknowledge the cultural significance of this data and handle it with care, guided by the principles of the AIATSIS Code of Ethics for Aboriginal and Torres Strait Islander Research.