HireTree

LGPD

Brazilian General Data Protection Law

Last updated: March 5, 2026

HireTree is committed to protecting your personal data in compliance with Brazil's General Data Protection Law (Law 13.709/2018). This page explains how we apply LGPD to our platform.

What is LGPD?

The General Data Protection Law (LGPD) is Brazilian legislation that regulates the processing of personal data. It establishes rules on collection, storage, processing, and sharing of personal data, ensuring greater protection and transparency for Brazilian citizens.

  • Enacted in August 2018
  • In effect since September 2020
  • Overseen by ANPD (National Data Protection Authority)
  • Applies to any data processing operation carried out in Brazil

LGPD Principles We Follow

Our platform strictly follows the 10 principles established by LGPD:

Purpose: We process data only for legitimate and informed purposes.

Adequacy: Processing is compatible with the stated purposes.

Necessity: We collect only essential data for the service.

Free Access: You can consult your data for free.

Quality: We keep your data accurate and up-to-date.

Transparency: We clearly inform how we use your data.

Security: We protect your data against unauthorized access.

Prevention: We adopt measures to prevent harm to data subjects.

Non-Discrimination: We don't use data for discriminatory purposes.

Accountability: We demonstrate compliance with regulations.

Your Rights as a Data Subject

LGPD guarantees various rights to personal data subjects. At HireTree, you can exercise all of them:

  • Confirmation: Know if we process your personal data.
  • Access: Obtain a copy of your personal data.
  • Correction: Correct incomplete, inaccurate, or outdated data.
  • Anonymization: Request anonymization or blocking of excessive data.
  • Deletion: Request deletion of data processed based on consent.
  • Portability: Receive your data in a structured format.
  • Information: Know with whom we share your data.
  • Consent: Be informed about the possibility of not providing consent.
  • Revocation: Revoke consent at any time.

How to Exercise Your Rights

We provide easy channels for you to exercise your rights:

Candidate Portal: Access "My Applications" > "Privacy & Data" to export or request deletion.

Email: Send requests to privacy@hiretree.co

DPO: Contact our Data Protection Officer at dpo@hiretree.co

Deadline: We respond to requests within 15 business days.

Legal Bases for Processing

LGPD defines legal hypotheses that authorize data processing. We use the following bases:

  • Consent: When you apply for a job or create your profile.
  • Contract Execution: To facilitate the recruitment process.
  • Legitimate Interest: To improve our services and ensure security.
  • Legal Obligation: When required by law or regulation.

Types of Data We Process

We collect and process the following types of personal data:

Personal Data

Name, email, phone, address.

Professional Data

Resume, experiences, education, skills.

Usage Data

Platform interactions, applications, preferences.

Technical Data

IP, browser, device (for security).

We DO NOT collect sensitive data (race, religion, health, sexual orientation) unless strictly necessary and with your explicit consent.

Data Sharing

Your data is shared only when necessary:

  • Companies: Only for jobs you applied to.
  • Network: With the franchisor, when applicable to the recruitment process.
  • Providers: Processors that help us (hosting, email, AI).
  • Authorities: When required by law or court order.

We ensure all sharing is done with legal basis and with contracts that protect your data.

Retention and Deletion

Your data is kept for the time necessary for the stated purposes:

  • Active applications: During the recruitment process.
  • Inactive profile: Up to 2 years after last activity.
  • Legal obligations: For the period required by law.
  • After the period: Data is anonymized or deleted.

Security Measures

We implement technical and administrative measures to protect your data:

  • Encryption of data in transit and at rest.
  • Role-based access control.
  • Continuous security monitoring.
  • Employee training on LGPD.
  • Periodic security audits.

Security Incidents

In case of a security incident that may cause risk or relevant harm to data subjects:

  • We will notify ANPD and affected subjects as per legal deadline.
  • We will take immediate measures to mitigate damages.
  • We will conduct a complete investigation of the incident.
  • We will implement improvements to prevent recurrences.

International Transfer

When your data is transferred outside Brazil (e.g., cloud servers), we ensure protection equivalent to LGPD through:

  • Approved standard contractual clauses.
  • Transfer to countries with adequate protection level.
  • Specific consent, when applicable.

Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to:

  • Receive complaints and requests from data subjects.
  • Guide employees on data protection practices.
  • Act as communication channel with ANPD.
  • Ensure LGPD compliance in our organization.

Contact: dpo@hiretree.co

Contact Us

For questions, requests, or complaints related to LGPD:

Privacy: privacy@hiretree.co

DPO: dpo@hiretree.co

Response time: up to 15 business days

ANPD: If unsatisfied, you may file a complaint with the National Data Protection Authority

Frequently Asked Questions

Should I worry about my data at HireTree?

No. We implement all measures required by LGPD and go beyond to ensure your data security.

How can I delete my data?

Access the Candidate Portal > Privacy & Data > Request Deletion. Or email privacy@hiretree.co

Is my data sold to third parties?

Never. Your data is only shared with companies you applied to.

How long is my data stored?

While your account is active or up to 2 years after last activity. You can request deletion at any time.