1. Introduction
Welcome to the Privacy Policy for Ros ("Ros", the "Service"), developed and operated by Stability Engine, Inc. ("Stability Engine", "we", "us", "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and related services.
2. Information We Collect
We may collect information about you in a variety of ways. The information we may collect via the Service includes:
- Personal Data: Personally identifiable information, such as your name and email address, that you voluntarily give to us when you register for the Service.
- Content Data: Resumes, job descriptions, and other text you submit to our Service for analysis. This data is processed by our proprietary scoring engine to provide you with the stability analysis report.
- Employee Data (Retention OS): For Enterprise users who opt-in to Retention OS, we collect employee names, job titles, and company information that you voluntarily provide when enrolling employees for post-hire retention monitoring. This data is collected ONLY after you have made hiring decisions and is used solely to schedule check-in reminders and track retention outcomes.
- Usage Data: Information our servers automatically collect when you access the Service, such as your IP address, browser type, operating system, access times, and the pages you have viewed directly before and after accessing the Service.
3. How We Use Your Information
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:
- Create and manage your account.
- Process transactions and deliver the services you request.
- Generate and deliver the stability analysis reports, powered by our proprietary engine.
- Monitor and analyze usage and trends to improve your experience with the Service.
- Notify you of updates to the Service.
- Perform other business activities as needed.
3.1. Use of Anonymized Retention Outcome Data (Enterprise Plan Only)
For Enterprise users who enroll candidates in our Retention OS monitoring system, we may collect anonymized retention outcome data, including:
- Tenure Duration: How long enrolled employees remain at your company
- Departure Timing: When employees leave (e.g., 6 months, 12 months, 24 months)
- Voluntary/Involuntary Classification: Whether departures were employee-initiated or employer-initiated
- General Departure Reasons: Aggregated categories (e.g., career growth, compensation, relocation)
This outcome data is fully anonymized (stripped of all personally identifiable information) and used exclusively to:
- Fine-tune our predictive retention algorithms using machine learning
- Improve the accuracy of our Cox Proportional Hazards survival models
- Generate industry-wide retention benchmarks and trend reports
- Enhance the Service's analytical capabilities for all users
Opt-Out: Enterprise users can opt out of contributing anonymized outcome data at any time through their account settings. Opting out does not affect your access to Retention OS features, but may reduce the personalization of benchmark insights.
4. Google Calendar Integration and Google API Services
If you choose to connect your Google Calendar, the Service requests access to the Google Calendar API using the https://www.googleapis.com/auth/calendar.events scope. This integration is optional, and the Service functions without it.
- What we access: The ability to create, view, and manage calendar events on the Google Calendar you authorize. We do not request access to your contacts, email, files, or any other Google data.
- How we use it: We use this access solely to schedule, update, and manage retention check-in meetings on your behalf, including attaching meeting agendas and reminders. We do not use Google Calendar data for advertising, profiling, or any purpose unrelated to the retention check-in features you request.
- How we store it: The OAuth access and refresh tokens issued by Google are stored securely and used only to perform the calendar actions described above. You can revoke this access at any time from your Google Account permissions page (myaccount.google.com/permissions) or by disconnecting your calendar within the Service.
- How we share it: We do not transfer Google user data to third parties except as necessary to provide the Service (for example, our cloud hosting provider), to comply with applicable law, or as part of a merger or acquisition. We do not sell Google user data.
Ros's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. Disclosure of Your Information
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. We may share information we have collected about you in certain situations:
- With Third-Party Service Providers: We utilize trusted third-party providers to operate the Service and generate your analysis, including cloud hosting and infrastructure providers, database and authentication providers, third-party AI/ML model providers, and application monitoring and error-tracking providers. The content you provide (e.g., resumes or employee metrics) is sent to these providers solely for generating your analysis or maintaining application uptime. All sensitive narrative data is encrypted before being stored. These third parties have access to your information only to perform these tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose.
- By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
6. Data Security
We use administrative, technical, and physical security measures to help protect your personal information. Specifically, we implement the following:
- Encryption at Rest: All sensitive narrative data generated from your content (such as resume summaries, opinions on fit, and interview guidance) is encrypted on our server using the industry-standard AES-256 algorithm before it is stored in our database. This means that in the event of a direct database breach, the stored data is protected and unreadable.
- Secure Transmission: We use Transport Layer Security (TLS) to encrypt data transmitted between your browser and our servers.
While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.
7. Data Retention and Deletion Policy
We retain personal data, content data, and employee data only for as long as is necessary to fulfill the purposes set out in this Privacy Policy, or as required by applicable laws and regulations. Specifically:
- Account Information & Employee Data: Retained for as long as your account is active and registered with Stability Engine.
- Content Data (Resumes/Scans): Retained inside your dashboard until you delete the scan or request account deletion.
- Anonymized Retention Outcomes: Aggregated, fully anonymized retention benchmark and model parameters may be retained indefinitely to train and optimize our predictive models.
If you request data deletion, we will purge or fully anonymize your data within 30 days, except where we must retain certain records to comply with legal, regulatory, or safety obligations.
8. Account Deletion and User Rights
If you have registered an account, you have the right to delete your account and all associated personal and client data at any time. You can request deletion in two ways:
- In-App Deletion:Open the Billing & Subscription page in your Ros dashboard and select "Delete Account".
- Email Deletion Request: Send an email to privacy@stabilityengine.ai with the subject line "Account Deletion Request".
Upon receiving an account deletion request, we will permanently delete your account, associated personal data, uploaded resumes, and connected Google Calendar access from our active servers within 30 days. For individual accounts, this also includes the candidate and retention records you created. For company (Enterprise) accounts, employee and candidate records are owned and controlled by your organization: deleting your individual account removes your personal data and access, while those company-owned records are retained under your organization's control and governed by its data processing terms.
Depending on your location (such as the European Union under GDPR or California under CCPA), you may also have the right to access, correct, port, or restrict processing of your personal data. You can exercise these rights by contacting us.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.