Privacy Policy

Last updated: April 25, 2026

1. Overview

ShortlistFast ("we", "our", or "us") provides a recruiting platform and a companion Chrome extension ("ShortlistFast L1") to help organisations conduct and evaluate candidate interviews. This policy explains what data we collect, why we collect it, and how it is used and protected.

2. Data We Collect

2a. Web Application

  • Name, email address, and password (hashed) when you create an account.
  • Organisation details you enter during onboarding.
  • Candidate application information (name, resume, job role) that you upload.
  • Interview notes, feedback, and hiring decisions recorded by your team.

2b. Chrome Extension (ShortlistFast L1)

  • Meeting transcripts — live captions captured during Google Meet, Zoom, or Microsoft Teams calls while an L1 interview is active. Captions are only captured when you explicitly start an interview session inside the extension.
  • Speaker labels — participant names as shown by the meeting platform's caption system.
  • Session token — a short-lived authentication token stored locally in Chrome extension storage to authenticate API requests to ShortlistFast servers.
  • Application ID — the candidate application identifier you enter to link the transcript to the correct record.

3. How We Use Your Data

  • To provide the interview transcript capture and AI-generated summary features.
  • To store interview records and feedback against candidate applications.
  • To generate AI-assisted hiring recommendations using OpenAI's API.
  • To send transactional emails (invites, password resets) via Resend.
  • We do not sell your data to third parties.
  • We do not use your data to train AI models.

4. Data Storage & Security

  • All data is transmitted over HTTPS.
  • Data is stored on PostgreSQL hosted on Supabase with access controls enforced.
  • The Chrome extension stores session tokens and temporary transcript backups locally in Chrome's extension storage, which is sandboxed to the extension only.
  • Temporary local transcript backups are cleared once the interview is ended and data is synced to the server.

5. Third-Party Services

  • OpenAI — interview transcripts are sent to OpenAI to generate summaries and recommendations.
  • Resend — used to send transactional emails.
  • Supabase — PostgreSQL database hosting.
  • Render — backend API hosting.
  • Vercel — frontend hosting.

Each of these providers has their own privacy policy and data processing terms.

6. Chrome Extension Permissions

The ShortlistFast L1 extension requests the following permissions:

  • storage — to save session tokens and temporary transcript data locally.
  • activeTab / tabs — to communicate with the active meeting tab to retrieve captions.
  • meet.google.com, zoom.us, teams.microsoft.com, teams.live.com — to inject caption capture scripts on supported meeting platforms.

The extension does not read your browsing history, access other tabs, or capture any data outside of an active ShortlistFast interview session.

7. Data Retention

Interview transcripts and summaries are retained as long as your organisation account is active. You may delete candidate records at any time from the ShortlistFast dashboard. To request full account deletion, contact us at the email below.

8. Your Rights

Depending on your jurisdiction you may have rights to access, correct, or delete your personal data. To exercise any of these rights, please contact us at hello@shortlistfast.com.

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of ShortlistFast after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions, contact us at hello@shortlistfast.com.