Our Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.

Last Updated on September, 24, 2025

  1. Introduction

RubiRecruit is a brand of Rippa AI Pty Ltd (ACN 688 812 151) ("RubiRecruit," "we," "us" or "our"). We are committed to the highest standard of data protection. As a leading technology‑enabled recruitment platform headquartered in Melbourne, Victoria, we recognise that respecting individual privacy and complying with applicable laws is both a legal requirement and an ethical imperative. This Privacy Policy describes how we collect, use, disclose, store, and otherwise process personal information when you interact with our website, platform or other services (collectively, the “Services”). It also explains the choices and rights available to individuals.

Note: This policy provides general information and is not legal advice. Depending on your circumstances, additional obligations may apply under international, federal, state or local privacy laws, including but not limited to the Australian Privacy Principles (APPs), the General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA/CPRA), the UK Data Protection Act, and other regimes. If you have specific questions about compliance, consult an experienced privacy professional.

  1. Legal Framework

We design our data‑handling practices to comply with, or exceed, the requirements of relevant privacy laws and regulations. Key frameworks considered in drafting this policy include:

  • Australian Privacy Act 1988 (Cth) and APPs. The APPs are the cornerstone of the Australian privacy framework and govern collection, use and disclosure of personal information; organisational accountability; data integrity; and individuals’ rights to access and correct data. APP 1 requires organisations to manage personal information in an open and transparent way and to maintain an up‑to‑date privacy policy.

  • Reforms to the Privacy Act (2024–2025). Recent amendments introduced new enforcement powers for the Office of the Australian Information Commissioner (OAIC), a statutory tort for serious invasions of privacy, expanded definitions of "personal information," transparency obligations for automated decision‑making, development of a Children’s Online Privacy Code, and strengthened breach notification expectations under the Notifiable Data Breaches (NDB) scheme (assessment as soon as practicable and within 30 days, with notification as soon as practicable once an eligible breach is confirmed). These reforms signal greater accountability for businesses and elevated penalties for non‑compliance.

  • General Data Protection Regulation (EU GDPR). The GDPR emphasises transparency, data minimisation, security and accountability. Where it applies, Article 13 requires controllers to provide data subjects with specific information -including the controller’s identity, purpose and legal basis for processing, retention periods, recipients, cross‑border transfer details, and data subject rights. The GDPR also introduces a 72‑hour notification obligation for personal data breaches and gives individuals rights such as access, rectification, erasure, restriction, data portability and objection.

Other International Frameworks. Depending on users’ location, the California Consumer Privacy Act (CPRA), the UK Data Protection Act, Canada’s PIPEDA and other laws may impose additional requirements. We endeavour to align our practices with the highest applicable standard.

  1. Scope and Application

This policy applies to personal information relating to:

  • Website visitors. Individuals who browse our website, contact us via forms or engage with marketing communications.

  • Recruiter and employer clients. Corporate customers and their authorised users who use our Services to evaluate candidates and manage recruitment workflows.

  • Applicants to roles within RubiRecruit. Individuals who apply for employment or contracting roles with us.

It does not apply to information processed by clients outside of RubiRecruit’s platform (e.g., client HR systems). Clients remain responsible for compliance with applicable laws when using data exported from our Services.

  1. Collection of Personal Information

4.1. Types of Data We Collect

We collect information directly from you, automatically when you use the Services, and from third parties. The data we collect depends on your relationship with us and may include:

  • Identifiers and contact details (e.g., name, postal address, email, phone number, date of birth, username, account number, IP address). Under recent reforms, the definition of “personal information” in Australia has been broadened to include any information or opinion that relates to an identified or reasonably identifiable individual.

  • Demographic information (e.g., language preferences, geographic location). We do not collect “sensitive information” such as racial or ethnic origin, sexual orientation, religious or philosophical beliefs or health information unless required by law or with your explicit consent and subject to higher standards under APP 3.

  • Account credentials (e.g., username, password, account security tokens). We never store raw payment card details on our servers; payments are handled by reputable third‑party processors.

  • Device and usage data (e.g., IP address, browser type, operating system, device identifiers, log files, session timestamps, clickstream data, cookies and web beacons). We use this information for analytics, security and personalisation.

4.2. Sources of Information

We may collect information:

  • Directly from you when you register for an account, complete forms, apply for a job, communicate with us, or provide feedback.

  • Automatically via cookies, pixels or similar technologies when you navigate our Services (see Section 10).

  • From third parties such as background‑check providers, references, social networking sites (where legally permissible and only with your consent), and publicly available sources like professional profiles.

4.3. Limiting Collection

In line with the APPs and GDPR principles of data minimisation, we only collect information reasonably necessary for recruitment evaluation services or statutory compliance. We will not request unnecessary data (e.g., full date of birth or phone number) unless required for identity verification or legally mandated screening.

  1. Purpose and Legal Basis for Processing

We process personal information for lawful purposes, including:

  1. Providing and improving our Services. To operate, maintain and administer the RubiRecruit platform, process applications and manage accounts.

  2. Communications. To respond to enquiries, send administrative notices, marketing communications and platform updates. We offer opt‑outs for marketing.

  3. Candidate evaluations. We process candidates CVs and cover letters and evaluate them against a rubric designed for the role being hired for. We ensure transparency by providing evidience of why a candidate has scored what they have for every element of the matrix.

  4. Research and product development. To conduct aggregated and anonymised analysis to improve our services and develop new features.

  5. Legal, compliance and risk management. To comply with applicable laws, respond to legal requests, enforce our terms, prevent fraud, manage disputes, and protect our rights and property.

5.1. Legal Grounds

Depending on your jurisdiction, we rely on different legal grounds:

  • Consent: When you voluntarily provide data or consent to receive marketing, we process information on the basis of your explicit or implied consent. You may withdraw consent at any time.

  • Contractual necessity: We process candidate data to fulfil our contract with you, e.g., by enabling you to rapidly screen and evaluate your candidates at unprecedented speed, consistency and accuracy.

  • Legitimate interests: We may process data to prevent fraud, secure our platform, develop new features or market similar services, provided these interests are not overridden by your rights. We carefully balance these interests against your privacy.

  • Legal obligations: We may process data to comply with employment, anti‑discrimination, taxation, or data‑retention laws.

5.2. How our evaluations are used

RubiRecruit provides evaluation and scoring to assist hiring teams. Our Services do not make decisions about candidates. Any hiring decisions are made by our clients’ personnel, who review RubiRecruit outputs alongside other information. Where required by law, individuals may request an explanation of the factors considered in an evaluation and can raise concerns for human review.

  1. Use and Disclosure of Personal Information

6.1. Disclosure to Employer Clients

RubiRecruit’s core business is helping employers screen and find the best candidates. We require clients to use personal information solely for recruitment and to implement appropriate security measures. We recommend clients enter into data processing agreements consistent with GDPR Article 28 obligations.

6.2. Service Providers and Third Parties

We may share personal information with third‑party service providers that support our business, such as hosting providers, IT vendors, analytics providers, customer support tools, and payment processors. These providers act on our instructions and are bound by confidentiality and security obligations. We ensure they implement appropriate technical and organisational measures to safeguard personal data.

6.3. Legal and Regulatory Authorities

We may disclose personal information when required by law (e.g., to regulators, courts or law‑enforcement), or when we believe disclosure is necessary to protect our rights, investigate fraud, respond to an emergency, or enforce our terms.

6.4. Cross‑Border Transfers

RubiRecruit operates globally. When we transfer personal information outside Australia (e.g., to cloud infrastructure located overseas or to international clients), we comply with APP 8 and comparable rules. We will:

  • Assess whether the overseas recipient is subject to privacy laws that are substantially similar to the APPs or GDPR.

  • Include binding contractual terms requiring the overseas recipient to protect personal information to Australian standards.

  • Obtain your consent if we cannot ensure adequate protections.

  • Provide clear notice in this policy about overseas disclosures and update our records of jurisdictions involved.

We may also rely on adequacy decisions or standard contractual clauses under the GDPR for EU transfers.

  1. Direct Marketing and Cookies

7.1. Direct Marketing

We will not use or disclose personal information for direct marketing unless permitted by law and the APPs. APP 7 allows direct marketing only under certain conditions and requires an easy opt‑out. We comply by:

  • Obtaining consent where required.

  • Including clear unsubscribe options in every marketing email or SMS.

7.2. Cookies and Tracking Technologies

We use cookies, pixels and similar technologies to recognise your browser, remember your preferences, analyse traffic and measure the effectiveness of marketing. We provide a cookie banner or consent mechanism where required by law and describe our cookie practices in a separate Cookie Policy. You can manage your cookie preferences via browser settings or the tools we provide.

7.3. Google user data (Google Workspace Add‑on)

If you use our Google Workspace Add‑on, we may request access to certain Google user data via OAuth scopes strictly necessary to provide the functionality you request. We use this data only to operate the Add‑on features, do not sell it, and do not share it with third parties except to provide or secure the Services. We retain Google user data only for as long as needed to deliver the requested functionality and then delete it or de‑identify it, unless a longer period is required by law. We comply with the Google API Services User Data Policy, including its Limited Use requirements. You can revoke permissions at any time in your Google Account and may request deletion of your Google user data by contacting us at support@rubirecruit.ai.

  1. Retention of Personal Information

We retain personal information only as long as necessary for the purposes described in this policy or as required by law. Factors determining retention periods include the duration of your account, statutory obligations (e.g., record‑keeping or equal opportunity requirements), limitation periods for legal claims, and our legitimate interests (e.g., to maintain records of recruitment activities). We regularly review our retention schedules and delete or de‑identify information that is no longer needed. APP 11 requires organisations to destroy or de‑identify personal information when it is no longer needed.

  1. Data Security

RubiRecruit implements robust technical and organisational measures to protect personal information from loss, misuse, unauthorised access, modification or disclosure. Our security program includes:

  • Access controls: Use role‑based access controls, and restrict access based on the principle of least privilege.

  • Network and application security: We employ firewalls, intrusion detection systems, secure coding practices and regular vulnerability testing.

  • Security monitoring and logging: We maintain audit logs and utilise automated monitoring to detect suspicious activity.

  • Vendor security assessments: We evaluate vendors’ security posture and require adherence to industry standards such as ISO 27001.

Staff training and awareness: We train employees on privacy and security best practices to build a culture of privacy.

  1. Your Rights and Choices

10.1. Rights Under Australian Law

You have the right to:

  • Access and Correct: Request access to personal information we hold about you and ask for corrections if it is inaccurate, out‑of‑date or incomplete (APP 12 and APP 13).

  • Anonymity and Pseudonymity: Where lawful and practicable, you may deal with us anonymously or using a pseudonym (APP 2).

  • Withdraw consent for direct marketing communications.

  • Lodge a complaint with the OAIC if you believe we have breached the APPs.

10.2. Rights Under the GDPR

If you are located in the EU/EEA or our processing is subject to the GDPR, you may have additional rights:

  • Right to be informed: We must provide detailed information about our data practices (Article 13/14).

  • Right of access: Obtain a copy of your personal data and information about processing (Article 15).

  • Right to rectification and erasure: Request correction of inaccurate data and deletion of personal data when no longer needed (Articles 16–17).

  • Right to restrict processing and right to object: In certain circumstances, you can ask us to limit how we process your data or object to particular uses such as direct marketing (Articles 18 & 21).

  • Right to data portability: Receive your data in a structured, commonly used format and have it transmitted to another controller (Article 20).

  • Automated decision‑making: We do not make decisions based solely on automated processing that produce legal or similarly significant effects. If our clients use our outputs in their hiring processes, a human will always review and make the final decision. You may request human review by the relevant employer and express your view or contest an outcome.

10.3. Exercising Your Rights

To exercise any of these rights, please contact us using the details below. We may require proof of identity and may refuse requests in limited circumstances (e.g., if access would unreasonably impact others’ privacy or conflict with legal obligations). We will respond within the timeframes required by applicable law.

  1. Children’s Privacy

RubiRecruit’s Services are not directed to children under 16.

  1. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices, technology or legal requirements. APP 1 requires us to maintain an up‑to‑date privacy policy, and reforms to Australia’s Privacy Act and international laws may introduce new obligations. When we make material changes, we will notify you through our Services, by email or other means and indicate the effective date. Continuing to use our Services after an updated policy becomes effective constitutes acceptance of the revised policy.

Contact Us

If you have any questions or concerns about our Privacy Policy or the handling of your personal information, please contact us at andy@rubirecruit.ai