Privacy Policy

Last updated: 22 May 2026 · DivIHN Integration Inc.

1. Who we are

FlexForceNow is operated by DivIHN Integration Inc., registered in Aberdeen, UK. We provide a B2B SaaS workforce management platform that connects hiring organisations (Partners) with recruitment agencies and contingent workers. Our registered email: dpo@hirenowwithflex.us

2. Data we collect

We process the following categories of personal data:

Platform Users (HMs, Recruiters, Agency staff) — Name, work email, login timestamps, activity logs, IP address
Candidates — Name, email, phone, CV/resume, location, skills, employment history, IR35 status, rate expectations
Billing contacts — Name, email, company name, Stripe payment tokens (we never store raw card numbers)

3. Legal basis for processing

Contract performance (Art. 6(1)(b))Providing the platform service to paying customers

Legitimate interests (Art. 6(1)(f))Security monitoring, fraud prevention, product improvement

Legal obligation (Art. 6(1)(c))Audit log retention (7 years), financial records, HMRC IR35 SDS

4. How we use your data

Providing and improving the FlexForceNow platform
Facilitating candidate submission, RTR e-signature, and placement workflows
AI-assisted job description parsing and candidate scoring (skill descriptions only — no PII sent to AI APIs)
Sending transactional emails (interview confirmations, offer notifications, invoice alerts)
Processing subscription payments via Stripe
Maintaining a tamper-evident audit trail for compliance purposes

5. Who we share data with

We share data only with sub-processors required to deliver the platform. All sub-processors are GDPR-compliant and operate under Data Processing Agreements:

Supabase Inc.

Database, Auth, Storage (EU West — London)

Vercel Inc.

Frontend hosting (EU Frankfurt)

Render Inc.

Background worker hosting (EU)

Resend Inc.

Transactional email

Anthropic Inc.

AI API (JD parsing, scoring — no PII)

OpenAI Inc.

Embeddings API (skill text only)

Stripe Inc.

Subscription billing and payments

DocuSign Inc.

Electronic signature (RTR documents)

6. Data retention

Candidate PII: Duration of engagement + 12 months

User accounts: Duration of subscription + 90 days

Audit logs: 7 years (legal obligation — HMRC, Companies Act)

IR35 SDS records: 7 years (HMRC requirement)

Financial records: 7 years (legal obligation)

IP addresses in logs: 90 days, then nullified

7. Your rights under UK/EU GDPR

Right of Access (Art. 15): Request a copy of your personal data. Response within 30 days.

Right to Erasure (Art. 17): Request deletion of your personal data. Processed within 72 hours. Note: audit logs and financial records are retained per Art. 17(3) legal obligation.

Right to Rectification (Art. 16): Correct inaccurate data via your account settings or by contacting us.

Right to Portability (Art. 20): Receive your data in machine-readable format.

Right to Object (Art. 21): Object to processing based on legitimate interests.

To exercise any right: dpo@hirenowwithflex.us

8. Security

All data is encrypted at rest (AES-256 via Supabase) and in transit (TLS 1.2+). Row-Level Security (RLS) enforces strict tenant isolation at the database layer — no cross-tenant data access is possible. We undergo regular security assessments including OWASP ASVS L2 self-assessment and automated RLS testing. Our systems are hosted in EU-region data centres.

9. Cookies

We use only essential, functional cookies required for authentication (Supabase session cookies). We do not use advertising or third-party tracking cookies. No cookie consent banner is required as we only place strictly necessary cookies.

10. Changes to this policy

We will notify active users of material changes via email at least 30 days before they take effect. Minor updates will be reflected in the "Last updated" date above.

11. Contact and complaints

Data Protection contact: dpo@hirenowwithflex.us
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):ico.org.uk