We raised $5.5M, and we're now Metix AI. A sharper name, and the funding to build it out. Read the announcement →
Metix AI
How it works Why Metix AI Pricing Try demo Sign in Start hiring →

Metix AI Privacy Policy

Last Updated: June 29, 2026  |  Effective Date: June 29, 2026  |  Previous Version: March 6, 2026


1. Introduction

OpenJobs AI Inc., doing business as Metix AI ("Metix AI", "we", "us", "our"), operates an AI-powered recruitment automation platform (the "Service") that helps businesses discover, evaluate, and engage potential candidates. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Service or interact with us.

This policy applies to:

  • Employers/Clients ("Users"): Businesses and individuals who subscribe to the Service
  • Candidates: Individuals whose professional information appears on the platform or who are contacted through the Service
  • Website visitors: Individuals who visit metix.ai

2. Information We Collect

2.1 Information You Provide

Account Information:

Data Type Examples Purpose
Identity Full name Account creation, communication
Contact Work email address Account verification, notifications
Authentication Password (hashed), Google OAuth token Account security
Company Company name, size, industry Service customization
User source How you heard about us (optional) Marketing analytics

Recruitment Content:

Data Type Examples Purpose
Job descriptions Role title, requirements, location, salary range AI candidate matching
Candidate notes Your evaluations, interview notes Candidate management
Communications Messages sent to/from candidates Outreach management

2.2 Information We Collect Automatically

Data Type Examples Purpose
Device information Browser type, operating system, device identifiers Service optimization, security
Usage data Pages visited, features used, session duration Product improvement, analytics
IP address IPv4/IPv6 address Security, approximate location
Log data Access times, error logs, API calls Debugging, security monitoring

2.3 Subscription and Billing Data

Data Type Examples Purpose
Subscription details Plan tier, billing cycle (monthly/annual), subscription start date Service delivery
Credit transactions Credits issued, consumed, expired; unlock history Service delivery, usage tracking
Role quota usage Roles created per period, quota resets Service delivery
Payment history Invoice amounts, payment dates, payment status Billing, financial records
Billing metadata Stripe Customer ID, Subscription ID Payment processing

Important: We do not collect or store your credit card number, CVV, or full payment card details. All payment information is processed directly by our payment processor, Stripe, Inc. (see Section 5.2).

2.4 Candidate Information

We collect professional information about candidates from the following sources:

Publicly available sources:

  • Professional networking platforms (e.g., LinkedIn public profiles)
  • Company websites and professional directories
  • GitHub, portfolio sites, and other public professional profiles
  • Published articles, conference presentations, and academic publications

Candidate-provided information (when candidates respond to outreach):

  • Contact information provided in responses
  • Professional background shared in communications
  • Expressions of interest or non-interest
Data Type Source Purpose
Professional profile Public sources AI candidate matching
Work history Public sources Qualification assessment
Skills and expertise Public sources Role matching
Contact information Public sources / candidate-provided Outreach
Response status Candidate interaction Candidate management

3. How We Use Your Information

3.1 Service Delivery

  • Creating and managing your account
  • Processing your subscription and billing
  • Issuing and tracking Credits and Role quotas
  • AI-powered candidate search and matching
  • AI-assisted resume screening and qualification assessment
  • Automated and managed outreach to potential candidates
  • Facilitating communication between you and interested candidates
  • Sending transactional emails (subscription confirmations, renewal notices, payment failure alerts, trial reminders)

3.2 AI-Powered Features

The Service uses artificial intelligence and machine learning for the following purposes:

AI Feature Data Used Output
Candidate Search Job descriptions, skill requirements Matched candidate profiles
Resume Screening Candidate professional data, job requirements Qualification assessments
Automated Outreach Job descriptions, candidate profiles Personalized outreach messages
Candidate Matching Job requirements, candidate qualifications Relevance scores

Important disclosures about AI processing:

  • AI-generated assessments and recommendations are probabilistic and may contain errors
  • No fully automated decisions with legal or significant effects are made without human involvement (per GDPR Article 22)
  • You may request information about the logic involved in AI-powered features by contacting us at contact@metix.ai
  • Candidate data may be processed by third-party AI/ML service providers (see Section 5)

3.3 Service Improvement

  • Analyzing usage patterns to improve features and user experience
  • Monitoring Service performance and diagnosing technical issues
  • Training and improving AI models (using aggregated and de-identified data where possible)

3.4 Communication

  • Responding to your inquiries and support requests
  • Sending Service-related notifications (billing, subscription changes, security alerts)
  • Sending product updates and feature announcements (with opt-out option)

3.5 Security and Compliance

  • Detecting and preventing fraud, abuse, and unauthorized access
  • Enforcing our Terms of Service and Acceptable Use Policy
  • Complying with legal obligations, law enforcement requests, and regulatory requirements

4. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

Legal Basis Applicable Processing
Contract performance (Art. 6(1)(b) GDPR) Account creation, subscription management, Credit/Role tracking, service delivery
Legitimate interest (Art. 6(1)(f) GDPR) Service improvement, security, fraud prevention, analytics
Consent (Art. 6(1)(a) GDPR) Marketing communications, optional analytics cookies
Legal obligation (Art. 6(1)(c) GDPR) Tax records, regulatory compliance, law enforcement requests

For candidate data sourced from public sources, we rely on legitimate interest (connecting candidates with relevant job opportunities). Candidates may opt out of outreach at any time (see Section 8).


5. How We Share Your Information

5.1 Service Providers

We share information with third-party service providers who process data on our behalf:

Provider Category Examples Data Shared Purpose
Payment processing Stripe, Inc. Billing metadata, payment amounts Subscription billing, invoice generation
Cloud infrastructure AWS, Google Cloud All Service data (encrypted) Data storage, computing
AI/ML processing Third-party AI providers Job descriptions, candidate data (de-identified where possible) Candidate matching, resume screening
Email delivery Transactional email provider Email addresses, notification content Service notifications
Analytics Product analytics tools Usage data (aggregated) Service improvement

Stripe, Inc. processes all payment transactions. We do not have access to your full payment card details. Stripe's privacy policy is available at: https://stripe.com/privacy

5.2 Payment Processor - Stripe

  • Stripe is our sole payment processor and is PCI DSS Level 1 certified
  • When you enter payment information during checkout, it is transmitted directly to Stripe via Stripe.js / Stripe Elements
  • We receive only: last 4 digits of your card, card brand, expiration date, billing address, and payment status
  • Stripe may use cookies and device fingerprinting for fraud prevention purposes
  • For more information, see Stripe's Privacy Policy: https://stripe.com/privacy

5.3 Employers (for Candidates)

When a candidate is matched with a Role and the employer unlocks the candidate using Credits:

  • The employer can view the candidate's professional profile, work history, skills, and contact information
  • The employer can communicate with the candidate through the platform

Data Controller and Processor Roles for Outreach:

When employers use the automated outreach feature, Metix AI acts as a data processor on behalf of the employer (the data controller). We process candidate data and deliver outreach communications based on the employer's instructions (creating Roles and initiating outreach). For details on responsibilities, see our Terms of Service, Section 8.4.

5.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the successor entity. We will notify you via email and/or a prominent notice on the Service before your information becomes subject to a different privacy policy.

5.5 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law or regulation
  • Protect the rights, property, or safety of Metix AI, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues

6. Data Retention

6.1 Retention Schedule

Data Category Retention Period Trigger Post-Retention
Active account data Duration of active subscription Account creation N/A
Roles and candidate data 90 days after subscription cancellation Cancellation effective date Archived to cold storage
Outreach records 90 days after subscription cancellation Cancellation effective date Archived to cold storage
Account settings 180 days after subscription cancellation Cancellation effective date Soft deleted
Billing and invoices Minimum 7 years (Stripe retains invoice data permanently on their systems) Invoice date Retained for tax/legal compliance (IRS requires minimum 7 years)
Credit transaction logs Minimum 7 years Transaction date Archived for financial audit
Webhook and payment logs Minimum 7 years Log date Archived for financial audit
Candidate data (no engagement) 12 months from last outreach attempt Last outreach date Deleted
Support communications 3 years Ticket closure date Deleted

6.2 Cold Storage

Data archived to cold storage is:

  • Encrypted at rest
  • Not actively processed or accessible through the Service
  • Available for restoration upon account reactivation (within 90 days of archival upon request; best-effort basis after 90 days)

6.3 Deletion

When data reaches the end of its retention period:

  • Personal data is deleted or irreversibly anonymized
  • Aggregated, anonymized data may be retained indefinitely for analytics purposes
  • Deletion requests are processed within 30 days (see Section 8)
  • Data subject to legal hold or regulatory requirements may be retained beyond standard retention periods

7. Data Security

7.1 Technical Measures

Measure Implementation
Encryption in transit TLS 1.2+ for all communications
Encryption at rest AES-256 encryption for stored data
Access control Role-based access control (RBAC) with least-privilege principle
Authentication Multi-factor authentication for internal systems
Payment security PCI DSS Level 1 compliance via Stripe (no card data stored)
Infrastructure Hosted on AWS/Google Cloud with SOC 2 compliance

7.2 Organizational Measures

We are committed to implementing and maintaining the following organizational security measures:

  • Periodic security assessments, with penetration testing conducted as appropriate based on risk
  • Employee security awareness training
  • Vendor security due diligence and execution of data processing agreements with service providers who process personal data on our behalf
  • Incident response plan with defined escalation procedures

The scope and maturity of these measures will evolve as our organization grows. We continuously evaluate and improve our security posture.

7.3 Incident Response

In the event of a personal data breach:

  • Supervisory authorities: We will notify the relevant data protection supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals (as required by GDPR Article 33)
  • Affected individuals: We will notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms (as required by GDPR Article 34)
  • Breach details: Notifications will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach
  • California residents: Will be notified as required by Cal. Civ. Code § 1798.82 (notification "in the most expedient time possible and without unreasonable delay")
  • All users: We will provide information about the nature of the breach, the data affected, and recommended protective measures

8. Your Privacy Rights

8.1 All Users

Regardless of your location, you may:

Right Description How to Exercise
Access Request a copy of your personal data Email contact@metix.ai
Correction Request correction of inaccurate data Settings > Profile, or email us
Deletion Request deletion of your personal data Email contact@metix.ai
Data export Export your data in CSV/JSON format Settings > Billing > Export Data
Opt-out of marketing Unsubscribe from promotional emails Unsubscribe link in emails
Account deletion Delete your account and associated data Email contact@metix.ai

8.2 Candidates

If you are a candidate whose information appears on the platform:

Right Description How to Exercise
Opt-out of outreach Stop receiving recruitment messages Unsubscribe link in outreach emails
Access Request what information we hold about you Email contact@metix.ai
Deletion Request removal of your profile from the platform Email contact@metix.ai
Correction Request correction of inaccurate information Email contact@metix.ai
Object to processing Object to the use of your publicly available data Email contact@metix.ai

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request the categories and specific pieces of personal information we have collected
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by the CPRA
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at contact@metix.ai. As an online-only service, email is our designated method for receiving verifiable consumer requests (per Cal. Civ. Code § 1798.130(a)(1)). We will verify your identity before processing your request and will respond within 45 days (with a possible 45-day extension if reasonably necessary).

8.4 EEA/UK/Switzerland Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following additional rights:

  • Right to Restrict Processing: Request that we restrict the processing of your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent, withdraw consent at any time
  • Right Regarding Automated Decision-Making: Not be subject to decisions based solely on automated processing (including AI) that produce legal effects or similarly significantly affect you, unless necessary for contract performance or based on your explicit consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Automated Decision-Making Disclosure (GDPR Art. 22):

Our AI-powered features assist in candidate matching and assessment, but no fully automated decisions with legal effects are made. Employers make all final hiring decisions. You may request human review of any AI-assisted assessment by contacting us.

International Data Transfers:

Your data may be transferred to and processed in the United States, where Metix AI is headquartered. For EEA/UK transfers, we use Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational safeguards.


9. Cookies and Tracking Technologies

9.1 Types of Cookies

Cookie Type Purpose Examples Optional?
Essential Service functionality, authentication, security Session cookies, CSRF tokens No (required)
Payment Fraud prevention, payment processing Stripe.js cookies and device fingerprinting No (required for payments)
Analytics Usage analysis, service improvement Microsoft Clarity (session analytics), product analytics Yes (opt-out available)
Preferences Remember your settings and preferences Language, theme, billing cycle toggle Yes

9.2 Stripe.js Cookies

Our payment processor, Stripe, uses cookies and device fingerprinting technology to detect and prevent fraud. These cookies are placed when you visit pages containing Stripe payment elements. For details, see Stripe's Cookie Policy: https://stripe.com/cookie-settings

9.3 Microsoft Clarity

We use Microsoft Clarity to understand how visitors interact with our site through aggregated usage metrics and session replay (behavioral analytics), which may use cookies and similar technologies. For details, see Microsoft's privacy statement: https://privacy.microsoft.com/privacystatement

9.4 Managing Cookies

You can manage cookie preferences through:

  • Your browser settings (blocking or deleting cookies)
  • Our cookie consent banner (where applicable)
  • Opting out of analytics via your browser's Do Not Track signal or a privacy extension

Note: Disabling essential cookies may impair Service functionality.

9.5 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) setting that sends a signal to websites you visit. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals. However, you may opt out of analytics cookies as described in Section 9.4 above. We will update this section if a uniform standard for DNT is established.


10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at contact@metix.ai.


11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.


12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will:

  • Provide at least 30 days' advance notice via email
  • Post the updated policy on our website with a revised "Last Updated" date
  • Where required by law, seek your consent to the changes

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes acceptance. If you do not agree to the changes, you may cancel your subscription before the changes take effect.


13. Contact Information

For privacy inquiries, data requests, or complaints:

  • Privacy email: contact@metix.ai
  • Support email: support@metix.ai
  • Mailing address: OpenJobs AI Inc., 8 The Green, Ste A, Dover, DE 19901, United States

Data Protection Point of Contact (for EEA/UK inquiries):
Email: contact@metix.ai

Note: Metix AI has not formally appointed a Data Protection Officer (DPO) under GDPR Article 37 at this time. If our processing activities reach the thresholds requiring a DPO (large-scale processing of special categories of data or systematic monitoring), we will appoint one and update this section accordingly. In the meantime, the above email serves as the primary contact for all data protection inquiries from EEA/UK residents.

We will respond to all privacy requests within 30 days, except where applicable law provides a different timeframe (e.g., CCPA allows up to 45 days with a possible 45-day extension).


14. Regulatory Information

14.1 EU AI Act Compliance

Metix AI uses AI systems in the recruitment domain, which is classified as "high-risk" under the EU AI Act (Regulation (EU) 2024/1689). We are committed to:

  • Maintaining transparency about our AI systems' capabilities and limitations
  • Implementing appropriate human oversight in AI-assisted processes
  • Conducting bias assessments and algorithmic audits on a periodic basis, with frequency determined by risk level and regulatory requirements
  • Providing documentation of AI system functionality upon request

Our AI systems may reflect biases present in publicly available professional data sources. We are actively working to identify and mitigate such biases, but cannot guarantee that AI-generated outputs are entirely free from bias. Employers using the Service are responsible for making independent, non-discriminatory hiring decisions (see Terms of Service, Section 2.4).

14.2 Data Processing Agreements

We require Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf, in compliance with GDPR Article 28. We are in the process of executing DPAs with all current service providers and will ensure that DPAs are in place before any new service provider processes personal data on our behalf.


By using the Service, you acknowledge that you have read and understood this Privacy Policy.

Metix AI
Metix AI is an AI-native hiring platform. Interview-ready candidates in days, not weeks.
Product
How it works Why Metix AI Pricing Research
Company
About Blog Brand Careers Contact
Legal
Terms Privacy
© 2026 OpenJobs AI Inc. All rights reserved. contact@metix.ai · Reply within 24 hours