How AROS handles your information
AROS is in a validation / early-access phase. We collect the minimum information needed to evaluate the platform with you, communicate about the program, and keep our service secure. This page explains exactly what that means.
Effective date: February 1, 2026 · Last updated: February 6, 2026
1. Who we are
AROS (“AROS”, “we”, “us”, or “our”) is a hiring coordination platform operated by the AROS team. This Privacy Policy describes how we collect, use, and protect personal information you share with us through our marketing site (getaros.ai and subdomains), our application, and any direct communications with our team.
2. What we collect
From the Early Access form on our public site:
- Name
- Work email
- Company name
- Job title
- Approximate hires per year (optional)
- Your biggest hiring challenge (optional, free text)
- Your stated interest (early access / demo / Validation Program)
- Submission timestamp, IP address, and browser user-agent (for abuse prevention)
If you become a customer or program participant, we additionally process:
- Account information (email, hashed password, role, organisation)
- Application content you create (job postings, hiring criteria, decision notes)
- Candidate data that your organisation uploads or imports into AROS — see “Candidate data processed on behalf of employers” below
- Audit logs of significant actions taken within the platform
- Support ticket content sent to hello@getaros.ai or our in-app help form
- AROS Guide questions — questions you ask our in-app AI assistant, the help articles we suggested back, and whether you escalated to a human. Used for product improvement.
- Legal consent stamps — the timestamp + version of the Terms / Privacy policy you accepted at signup
From your use of our website:
- Basic analytics (page views, referrers, device/browser type) via PostHog
- Cookies strictly necessary for the site to function
Candidate data processed on behalf of employers: when employers and recruiters upload candidate profiles, resumes, or applications to AROS, we act as a data processor on their behalf. The employer is the data controller for that information. Candidates should direct subject-access or deletion requests to the relevant employer in the first instance; we will assist that employer in fulfilling them.
3. How we use your information
We use the information above only for the following purposes:
- To contact you about Early Access, demos, and the Validation Program
- To evaluate fit between your hiring workflow and our roadmap
- To operate and improve the AROS platform
- To detect and prevent abuse, fraud, and security incidents
- To comply with our legal and regulatory obligations
We do not sell your personal information. We do not share Early Access submissions with third parties for marketing.
4. Legal bases (EEA / UK)
If you are in the EEA or the UK, the legal bases on which we process your data are:
- Consent — when you submit the Early Access form, you consent to being contacted about the program. You can withdraw consent at any time.
- Contract — when you become a customer, processing is necessary to deliver the service you’ve signed up for.
- Legitimate interest — for security, abuse prevention, and to improve the platform, balanced against your rights and expectations.
- Legal obligation — where applicable.
6. How long we keep it
- Early Access form submissions — until you ask us to delete them, or 24 months after our last contact with you, whichever is sooner.
- Account data — for as long as you have an account with AROS, plus a short window for backup and audit log retention.
- Audit logs — up to 24 months, then aggregated or deleted.
- Candidate data uploaded by employers — retained per the controlling employer’s instructions and their own retention policy.
7. Your rights and choices
Depending on where you live, you have the following rights with respect to your data:
- Access — request a copy of the personal information we hold about you
- Correction — ask us to fix inaccurate information
- Deletion — ask us to delete your information, subject to legal retention obligations
- Restriction / objection — limit or object to certain processing
- Portability — receive your data in a portable format
- Withdraw consent — at any time, with no penalty
- Lodge a complaint — with your local supervisory authority
To exercise any of these rights, email privacy@getaros.ai. We respond within 30 days. For Early Access submissions specifically, telling us “delete my submission” is enough — no verification ceremony required.
8. Security
AROS uses industry-standard safeguards including TLS in transit, encryption at rest for sensitive fields, role-based access control, and audit logging. No system is perfectly secure; if we become aware of a breach that affects your data, we will notify you and the relevant authorities within the timeframes required by applicable law.
9. Children's data
AROS is not intended for and does not knowingly collect personal information from individuals under 16. If you believe a child has provided us with information, contact us and we will delete it.
10. International transfers
AROS is operated from the United States. If you are accessing the service from outside the US, your information may be transferred to, stored in, and processed in the US and other countries where we or our processors operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses).
11. Changes to this policy
We may update this policy as the product evolves. Material changes will be announced via email to active program participants and via a notice on this page. The “Last updated” date at the top reflects the most recent revision.
12. Contact and requests
Questions, requests, or complaints about your data:
- Email: privacy@getaros.ai
- General: hello@getaros.ai
This policy is plain-English by design. It is not a substitute for legal advice in your jurisdiction. Counsel-reviewed terms will replace this notice before general availability.