Legal
How Tyrian handles account information, recruiting workflow records, AI-assisted processing, and your cloud-storage integrations. A Korean version will be available at /privacy-ko for Korean operations.
Last updated: April 29, 2026
Tyrian is a recruiting operations platform operated by Offer Squirrel, Inc. (United States) with regional support from Offer Squirrel Korea Ltd. for Korean customers. This policy explains how Tyrian handles personal information across our application, AI features, and cloud-storage integrations.
Tyrian does not store the original candidate documents (resumes, CVs, offer letters, etc.). We connect to your own cloud storage account (Google Drive, and later Naver Cloud, Dropbox, OneDrive) and reference the files where you keep them. We retain only structured workflow metadata — names, evaluations, role assignments, stage history — in our database. If you disconnect your cloud account, your files remain in your control; Tyrian simply loses its references to them.
Account and profile details (email, display name, organization, role); recruiting workflow records (candidate profiles, role assignments, stage history, notes, evaluations); references to documents in your cloud storage (file IDs and paths, never the file bytes); audit logs of significant actions; and technical security data needed to operate the platform.
We use personal information to authenticate users, manage recruiting workflows, parse and verify documents you point us at, surface insights you opt into, protect the platform, maintain audit logs, and comply with legal obligations. Where you have explicitly consented, we may also use de-identified aggregates (k≥5 anonymity) to build market benchmarks.
Several Tyrian features rely on Anthropic's Claude API for parsing resumes, summarizing candidate information, and verifying extracted data. When AI processing runs, the relevant document or text is transmitted to Anthropic for the duration of the request and processed under Anthropic's API terms. Anthropic does not retain customer data beyond what is necessary to deliver the response. We list Anthropic in our processor inventory; explicit consent for AI processing is collected separately as part of our consent flow.
If you sign up for the paid-plan launch waitlist (Settings → Billing), Tyrian retains your account email together with the plan tier and Korean payment method (Toss / KakaoPay / card) you indicated, plus any free-form notes you provided. We use this information solely to send you a one-time launch notification and to inform pricing for boutique recruiters; we do not share it with third parties. The waitlist row is removed when you delete your account; it is also included in any data export you request.
When you connect Google Drive, Tyrian creates a single Tyrian/ folder in your Drive and uses Google's Drive API to organize and reference your recruiting documents. Tyrian uses access tokens granted by you to perform these actions and refreshes them automatically. We comply with Google's API Services User Data Policy, including the Limited Use requirements: we use Google user data only to provide and improve user-facing recruiting features, never for ads, never for human reading except as expressly authorized for support, and we do not transfer your Drive data to third parties except (a) Anthropic for the AI processing you have consented to, and (b) where required by law.
Tyrian's production infrastructure is hosted in the United States (Vercel + Supabase). Recruiting workflow records, references, and audit logs may be transferred to, stored in, and processed in the United States by Offer Squirrel, Inc. and our service providers. AI processing requests are transmitted to Anthropic infrastructure in the United States. For Korean users, we maintain an in-country support channel through Offer Squirrel Korea Ltd. and rely on standard contractual clauses where applicable.
We retain workflow metadata only as long as reasonably necessary for service delivery, recruiting operations, security, audit, compliance, and dispute resolution. Documents in your cloud storage follow your retention rules — Tyrian does not store copies. We use encryption in transit, encrypted secrets at rest, role-based access controls, audit logging, approval workflows, and abuse protections. OAuth refresh tokens are encrypted with AES-256-GCM (PR9 will migrate to Supabase Vault).
Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or port your personal information. Korean residents have rights under the Personal Information Protection Act (PIPA), including the right to request access (Article 35), correction or deletion (Article 36), and processing suspension (Article 37). EU and UK residents have rights under GDPR/UK GDPR including access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), portability (Article 20), and objection (Article 21). California residents have rights under the CCPA. To exercise these rights, contact our DPO at the address below; PR10 will add an in-app self-service flow.
Where consent is the lawful basis for processing (such as anonymous insights aggregation, personalized matching, AI processing, marketing communications, and certain cloud-storage actions), you can grant or withdraw consent at any time in Settings. Withdrawal does not affect processing performed before withdrawal. Some platform features require consent to function; declining consent may limit functionality.
Tyrian is not directed to children. We do not knowingly collect personal information from children under 14 (Korea) or under 16 (EU/UK). If we learn we have done so, we will delete the data promptly.
We may update this policy as the product or our processors change. Material changes — such as a new processor, a new processing purpose, or a new third-party data category — will be communicated by email and an in-app banner at least 14 days before they take effect, and where required by law we will collect renewed consent.
Privacy requests and questions: privacy@offersquirrel.com. Security issues: security@offersquirrel.com. Korean DPO inquiries (개인정보보호책임자): dpo-kr@offersquirrel.com. Postal address available upon request.
The following third-party service providers process personal information on our behalf as data processors (or, where indicated, as joint controllers):
| Processor | Purpose | Region |
|---|---|---|
| Vercel, Inc. | Application hosting | United States |
| Supabase Inc. | Database and authentication | United States |
| Anthropic PBC | AI document parsing (Claude API) | United States |
| Google LLC | Drive storage integration | Global (user-controlled) |
| Inngest, Inc. | Background job orchestration | United States |