HirooHiroo

Privacy policy

Last updated: May 10, 2026

Hiroo is an invite-only job-search agent for students and early-career candidates. You give Hiroo resume context and job-search goals; if you choose to connect Gmail, Hiroo can send a bounded first networking outreach batch from your own Gmail account.

Plain-English Gmail summary

  • Hiroo requests gmail.send so it can send outreach emails from the Gmail account you connect.
  • Hiroo does not request permission to read, search, delete, label, or modify your Gmail inbox.
  • Hiroo does not access your personal email history, contacts, Google Drive, Calendar, or files.
  • You can revoke Hiroo's Gmail access anytime at Google Account permissions.

What we collect

  • Profile information you give us. Your name, email, school, graduation year, major, LinkedIn URL, work authorization status, and resume/context you upload or paste.
  • Your job-search inputs. Target roles, locations, companies, industries, blocked contacts, and any extra context you write during onboarding.
  • Gmail OAuth tokens. If you connect Gmail, Google gives Hiroo a refresh token for the scopes you approved: gmail.send and userinfo.email. We encrypt the refresh token before storing it.
  • Outreach records and replies. The contacts Hiroo prepares, the emails sent from your Gmail account after you grant permission, and reply/status metadata shown in your dashboard.
  • Payment metadata, if applicable. Stripe session ID, transaction status, and order ID. We do not store credit card numbers. Stripe handles the card.

What we do with it

  • Research companies and hiring managers using public sources (company sites, LinkedIn, news, GitHub) plus an AI model to summarize what we find.
  • Draft cold emails personalized to each company, role, and contact.
  • Send the bounded first outreach batch from your Gmail account after you connect Gmail and grant consent. The From: address is your Gmail address.
  • Track sent outreach records and reply status in your Hiroo dashboard.
  • Respect unsubscribe, do-not-contact, and suppression requests.

Gmail data: Google's Limited Use disclosure

Hiroo's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Concretely:

  • We only request gmail.send and userinfo.email. We cannot read your existing Gmail messages.
  • We do not use your Gmail data to train AI models.
  • We do not sell Google user data or use it for advertising.
  • We do not transfer Google user data to third parties except as needed to provide Hiroo's user-facing feature, comply with law, or protect against abuse.
  • We do not let humans read your personal Gmail inbox. Hiroo may process the outreach messages it generates and sends so the dashboard can show sent/reply status and support requests can be handled with your permission.

Where your data lives

  • PostgreSQL database for your invite workspace, onboarding data, outreach records, and reply/status metadata.
  • Google APIs for Gmail OAuth and sending emails after you grant permission.
  • Google Gemini for the language model that drafts emails. We may send resume/context, target company information, role details, and public research snippets. We do not give Gemini your Gmail refresh token.
  • Postmark, if used for reply routing and notification emails.
  • Stripe, if payment is enabled. Stripe handles payment details; Hiroo does not store credit card numbers.
  • Your refresh token is encrypted at rest with AES-256-GCM before it touches storage.

How long we keep it

Invite workspaces, outreach records, and reply/status metadata stay for 180 days after the last activity, then we delete them unless we need to keep limited records for security, abuse prevention, legal compliance, or accounting. You can request earlier deletion at any time.

How to delete your data

Email k.akbarme@gmail.com from the address you signed up with. We will delete your order record, encrypted refresh token, and reply log within 7 days and confirm by email. To revoke Gmail access on your side, visit Google account permissions and remove Hiroo.

What we do not do

  • We do not sell your data to anyone, ever.
  • We do not run ads or use ad tracking pixels.
  • We do not scrape, search, or read your Gmail inbox.
  • We do not request access to Google Drive, Calendar, Contacts, or Gmail read/modify/delete permissions.
  • We do not store your Stripe card details.

Cookies

We use a single first-party cookie to keep you logged into your order page. No third-party advertising cookies. Stripe's checkout flow sets its own cookies during payment, governed by Stripe's privacy policy.

Children

Hiroo is for college students and early-career candidates and is not directed at anyone under 13. We do not knowingly collect data from anyone under 13.

Changes

If we change this policy in a way that affects what we collect or how we use it, we will email everyone with an active order and update the date at the top.

Contact

Questions, deletion requests, or anything else: k.akbarme@gmail.com.