Terms of Service · SourceHire

Plain-language summary. These Terms govern your use of SourceHire, an applicant tracking system and talent network operated by [ENTITY NAME]. We process candidate data only for the purposes the candidate consents to at apply time, we don't sell or share candidate data with third-party data partners, and we give candidates direct access to their own records via /apply/me. Disputes are resolved by individual arbitration with a 30-day opt out — see Section 21. Read on for the precise version.

1. The Agreement

These Terms of Service (the “Terms”) are a legal agreement between you and [ENTITY NAME], a [STATE OF FORMATION] limited liability company doing business as “SourceHire” (“SourceHire”, “we”, “us”, “our”). They govern your access to and use of the SourceHire websites, web applications, APIs, and any other product or service we offer that links to or otherwise incorporates these Terms (collectively, the “Services”).

By accessing the Services, creating an account, posting a job, submitting an application, or otherwise using any feature of the Services, you agree to these Terms, the Privacy Policy, the Acceptable Use Policy, the Cookie Policy, and the Arbitration Agreement. Enterprise customers acting as a Data Controller are additionally governed by the Data Processing Addendum. If you do not agree, do not use the Services.

If you are accepting these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind that entity, and “you” refers to that entity.

2. Definitions

Candidate means a natural person who submits an application or otherwise creates a candidate record on the Services.
Recruiter means an individual user authorized to post jobs and view applicants to the jobs they posted.
Reviewer means a SourceHire operator authorized to review extracted profiles across the network.
Admin means a SourceHire operator with full platform-administration authority.
Customer means an organization that subscribes to the Services and acts as a Data Controller in respect of Candidates who apply to its jobs.
Personal Data has the meaning given in the European Union General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and includes equivalent terms (“personal information” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020, “CCPA” ).
Structured Profile means the SourceHire schema-validated representation of a Candidate's submitted documents and declared facts.
Consent Ledger means the per-Candidate append-only cryptographic log of consent grants and revocations described in Section 7.
Audit Log means the append-only record of operator actions described in Section 8.

3. Eligibility

You must be at least 18 years old to use the Services. The Services are not directed to children under 16 and we do not knowingly collect Personal Data from children under 16. If you are between 16 and 18, you may use the Services only with the verifiable consent of a parent or legal guardian where required by your jurisdiction.

You must not use the Services if you are barred from doing so under the laws of any jurisdiction in which you are located, or if you are listed on any United States Government list of prohibited or restricted parties (including the Specially Designated Nationals List maintained by the Office of Foreign Assets Control).

4. The Services

SourceHire is an applicant tracking system (ATS) integrated with a discoverable talent network. The Services have two principal surfaces:

4.1 Public surfaces

The marketing site at the root domain, the public job board at /jobs, the per-job pages at /jobs/[slug], the apply flow at /jobs/[slug]/apply, and the candidate self-service surface at /apply/me.

4.2 Operator surfaces

The admin console at /admin and its subroutes, accessible only to authenticated operators (Recruiter, Reviewer, or Admin) according to the role-based access controls described in Section 8.

We may modify, suspend, or discontinue any feature of the Services at any time, with or without notice. Where a change materially reduces the functionality available to a paying Customer, we will provide reasonable advance notice and, where applicable, a pro-rata credit or refund.

5. Accounts

5.1 Candidate identity

Candidates do not create a password-protected account. A Candidate establishes a record by submitting an application and verifies access to that record via a magic link emailed to the address provided. Magic links expire after seven (7) days.

5.2 Operator accounts

Recruiters, Reviewers, and Admins access the Services through authenticated accounts using either email magic-link authentication or password-based authentication. Operators are responsible for maintaining the confidentiality of their credentials and for all activity that occurs under their account.

5.3 Roles and authority

The Services enforce a strict role hierarchy: viewer < recruiter < reviewer < admin. Each role inherits the abilities of the roles below it. Recruiter access to applicant records is scoped to jobs the Recruiter posted; Reviewer access extends to network-wide candidate browse with PII masking by default; Admin access extends to system configuration and customer-offboarding tooling.

5.4 Notification of compromise

You agree to notify us immediately at security@sourceunlimited.co of any suspected unauthorized access to or use of your account.

6. Candidate Apply Flow

6.1 What you submit

When you apply to a job, you submit: identity (name, email, optional phone); a resume file (required) and an optional cover letter; declared logistics (work authorization, salary expectations, relocation preference, work arrangement); products you regularly use and products you're learning; voice-of- candidate free-text answers; and the consent grants described in Section 7. You may also voluntarily complete a separated EEO self-identification survey on the post-apply page; this survey is isolated from all hiring surfaces (see Section 7.4).

6.2 What we do with it

Subject to your consents, the Services process your submitted documents and declared facts into a structured profile. Extraction may be performed by an artificial intelligence model (presently Anthropic's Claude, see Section 10) or by deterministic rules-based parsing, depending on the operator configuration and your ai_extraction consent.

6.3 Review buffer

Newly extracted profiles spend at least 24 hours in a review buffer before becoming visible in the network-wide talent search, unless the Customer has enabled an opt-in auto-approval rule that promotes profiles meeting a defined completeness threshold. Auto-approved profiles are visibly marked as such on operator views and remain reversible by a human reviewer.

7. Consents

7.1 The six consents

At apply time you are presented with six discrete consent options. Each option is independent. You may grant some, all, or none. You may revoke any consent at any time. The minimum required consent is core_processing; without it the Services cannot process your application.

core_processing (required) — store the resume and cover letter, generate a structured profile, retain for hiring review.
ai_extraction — process documents with AI (Claude). When declined, only declared fields are surfaced; extracted profile fields stay null.
discoverability — appear in the network-wide talent search. Without it, you are visible only to the Recruiter of any job you specifically applied to.
sensitive_accommodations — capture and surface any accommodation needs.
marketing — receive emails from SourceHire about new opportunities and platform updates. This consent does not authorize Recruiter outreach outside of jobs you have applied to. We engage service providers who process data on our behalf and in some cases for their own business operations.
professional_enrichment — enrich your profile with supplementary professional context inside the platform. This consent does not authorize sharing your enriched data outside the platform.

7.2 The Consent Ledger

Each consent grant or revocation is appended to a per-Candidate cryptographic ledger. Each row carries the consent option, the granted boolean, the IP address and user agent at the time of the event, the policy version then in effect, the verbatim text shown to the Candidate at the time of the grant, and a SHA-256 hash chained to the previous row's hash. Any mutation, deletion, or reordering of ledger rows is detectable by chain verification, which the Services run on demand and continuously across the network.

7.3 Revocation

You may revoke any consent at any time via your authenticated /apply/me session or by emailing privacy@sourceunlimited.co. Revocation is effective upon receipt for new processing. Revocation does not affect the lawfulness of processing carried out before the revocation. Revoking core_processing initiates erasure of your record under Section 14.

7.4 Equal Employment Opportunity (EEO) data

If you choose to complete the optional EEO self-identification survey, your responses are stored in a logically isolated table that does not join the talent-search query path or any Recruiter-visible operator surface. Aggregate EEO reporting is available only to Admins on a dedicated surface with a minimum cell-size of five (5) responses to prevent re-identification of small demographic groups. EEO responses are never included in any data export.

8. Recruiter / Operator Obligations

8.1 Authorized purposes

Operators may use the Services only for legitimate hiring activity. Operators must not use Personal Data accessible through the Services for any purpose other than evaluating Candidates for employment, contacting them about job opportunities for which they have applied, and the operational administration of the Services.

8.2 Scoping

Recruiters may access full applicant records only for jobs they posted. Reviewers see network-wide records with PII masked by default; per-Candidate unmask is a single click and writes an entry to the Audit Log capturing the reviewer's identity, IP, user agent, and the unmask action. Admins see all records in clear with a banner noting that the elevated view is audit-logged.

8.3 Exports

Operator exports are strictly scoped. Each export type and its authorization model is documented at /admin/help/exports. Every export performs a per-row consent re-check at export time and writes an audit entry capturing the actor, IP, user agent, export type, format, and row count. Operators may not attempt to circumvent these scoping or auditing mechanisms.

8.4 No discrimination

Operators must comply with all applicable employment-discrimination laws including without limitation Title VII of the Civil Rights Act of 1964, the Age Discrimination in Employment Act of 1967, the Americans with Disabilities Act of 1990, the Genetic Information Nondiscrimination Act of 2008, the Uniformed Services Employment and Reemployment Rights Act of 1994, and equivalent state, local, and non-United States laws. Operators must not use the Services to make hiring decisions based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, genetic information, or any other protected characteristic.

8.5 No re-identification

Operators must not attempt to re-identify Candidates whose data appears in aggregate-only views, attempt to defeat the cell-suppression rules in EEO reporting, or combine data from the Services with other datasets to circumvent the platform's consent and scoping controls.

8.6 No data resale

Operators must not resell, sublicense, transmit, or redistribute Personal Data obtained through the Services to any third party other than as necessary to evaluate the Candidate for the specific employment opportunity to which the Candidate applied. This obligation survives termination of an Operator's access.

9. Intellectual Property

9.1 SourceHire IP

We and our licensors own all intellectual property rights in the Services, including the software, the data model, the user interface, the documentation, the trademarks, and the trade dress. Except for the limited rights expressly granted by these Terms, no other rights are granted, by implication, estoppel, or otherwise.

9.2 Your content

You retain all ownership rights in the content you submit to the Services (your “Content”), including your resume, cover letter, narrative responses, and other uploaded materials. You grant us a worldwide, royalty-free, non-exclusive license to host, store, process, transmit, display, and modify your Content solely as necessary to provide the Services to you and to the Customers whose jobs you applied to, and as necessary for the internal operational purposes described in the Privacy Policy. We will not use your Content to train AI models for the benefit of third parties (Section 11).

9.3 Feedback

If you submit feedback, suggestions, or ideas about the Services, you grant us a perpetual, irrevocable, royalty-free, worldwide license to use the feedback for any purpose without compensation or attribution.

10. AI Processing

Where you grant ai_extraction consent, we send the text of your uploaded documents to a large language model (presently Anthropic's Claude, model series claude-sonnet-4) for the purpose of extracting hiring-relevant fields into the Structured Profile. The prompt template is versioned and recorded per extraction run; the input hash, output hash, and model identifier are stored as part of the audit record.

The extraction prompt is consent-aware: prompt sections are included or omitted based on your specific consent posture. The output is validated against a strict Zod schema before it is written to your Structured Profile.

We do not use your data to train, fine-tune, evaluate, or improve the underlying AI model for the benefit of third parties. We do not permit our AI vendor to use your data for those purposes either. See Section 11 and the Privacy Policy for details.

The Structured Profile is a synthesis of model output and your declared facts. AI output is not authoritative; a human reviewer retains discretion to approve, request edits, or reject.

11. Commitments

The following are binding commitments. They are enforceable as contractual obligations of SourceHire under these Terms, and they describe the architecture of the Services as built. We commit to maintaining them and to giving Candidates and Customers prior notice of any material change before any such change takes effect.

11.1 Absolute commitments. The following apply under all circumstances, regardless of any consent flag:

No protected-class attributes in recruiter-facing exports. We will not include gender identity, race, ethnicity, veteran status, age, disability, or other protected-class attributes in any recruiter-facing dashboard export, CSV download, or operator-initiated export from the recruiter workflow that SourceHire's own employer customers use to view a Candidate's profile. This commitment protects Candidates from prospective employers seeing protected-class data through SourceHire's own surfaces. It does NOT prevent us from sharing this data with named third-party data partners under § 11.2 if the Candidate has affirmatively consented to a specific partner.
No use of the Consent Ledger as an authorization mechanism for unrelated operations. Each consent authorizes only the operation it specifies; we will not interpret the existence of one consent as standing authorization for any other operation.

11.2 Conditional on explicit per-partner opt-in. The activities below are off by default. They are permitted only if the Candidate has affirmatively opted in to a specific third-party partner SourceHire identifies by name, for the specific purpose disclosed in the opt-in text. The current roster of named partners and the fields each receives is published at /legal/data-partners and updated within seven (7) days of any change.

Conditional: data-product inclusion. We may include Candidate Personal Data, including direct identifiers, demographic characteristics (including protected-class attributes such as gender, ethnicity, age, marital status, household composition), and digital advertising identifiers (including IAB Transparency and Consent Framework strings and Unified ID 2.0 matched flags), in a data product, data feed, licensed dataset, or partner-facing API directed to a third-party partner SourceHire identifies by name. Without the Candidate's opt-in to that specific partner, no such inclusion occurs.
Conditional: AI-training partnerships. We may provide Candidate Personal Data, including the categories above, to a named third-party partner for the training, fine-tuning, evaluation, benchmarking, or improvement of a machine-learning model. We acknowledge that such a model, if it produces matching scores subsequently used in hiring decisions, may be subject to disparate-impact scrutiny under Title VII of the Civil Rights Act of 1964, the Age Discrimination in Employment Act, the Americans with Disabilities Act, NY Local Law 144, the Colorado AI Act, and equivalent laws. We require each such partner to maintain a documented bias-audit process and to indemnify SourceHire and affected Candidates against discrimination claims traceable to such models. Anthropic Claude, which extracts resumes into structured fields, operates as a processor under SourceHire's instructions and does not use Candidate Personal Data to train its models — that processor relationship is unchanged and does not require an additional opt-in.
Conditional: outbound sync to partners. We may transmit Candidate Personal Data to authenticated external partner systems on a schedule, via webhook, or via a partner-facing API, to a partner SourceHire identifies by name. Without the Candidate's opt-in to that specific transfer, no such transmission occurs.
Conditional: cross-context behavioral advertising sharing. We may “share” Candidate Personal Data within the meaning of CCPA Cal. Civ. Code § 1798.140(ah) by transmitting profile attributes (which may include direct identifiers and demographic characteristics) to third-party advertising exchanges and talent-related ad networks. EEA / UK / Swiss residents require explicit opt-in regardless of opt-out signals and the default is off.

11.3 Right to revoke. Candidates may revoke any per-partner consent at any time. Revocation stops future transfers immediately, and SourceHire will forward the revocation to the partner for downstream deletion within seventy-two (72) hours where the partner agreement so requires.

12. Fees and Subscriptions

Use of the candidate-facing Services is free for Candidates. Customers may be subject to fees as set out in their separate Customer Order Form or online subscription terms. Fees are charged in advance, are non-refundable except as expressly provided in these Terms or required by applicable law, and are exclusive of taxes and similar charges.

Late payments accrue interest at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law. We may suspend access for accounts more than thirty (30) days past due, after providing reasonable advance notice.

13. Service Levels

We target a monthly uptime of 99.5% for the operator console and 99.9% for the public apply flow, measured against scheduled maintenance windows announced at least 48 hours in advance. We do not warrant that the Services will be uninterrupted or error-free. A formal Service Level Agreement with credits, if applicable, is set out in your Customer Order Form.

14. Your Data Rights

14.1 Self-service access

Candidates may access their record at /apply/me using a magic link sent to the email on file. The page provides a record overview, an applications list, and a one-click download of the complete Article 15 access bundle as machine-readable JSON, including the full Consent Ledger with chain hashes.

14.2 Erasure

To request erasure (the right under GDPR Article 17 and equivalent statutes), email privacy@sourceunlimited.co. Verified requests are recorded in the platform deletion queue and processed within thirty (30) days. Erasure cascades through the relational data model; the Consent Ledger retains a tombstone entry proving the erasure occurred but containing no recoverable Personal Data.

14.3 Correction, restriction, objection, portability

All other rights granted under GDPR, CCPA, and equivalent statutes — including correction, restriction of processing, objection to processing, and data portability — may be exercised via the same email address. We respond within statutory timeframes (generally one month under GDPR, forty-five days under CCPA, extendable in accordance with each statute).

14.4 No retaliation

We do not retaliate against any Candidate for exercising a statutory privacy right. Exercising a right does not affect your ability to apply to other jobs on the Services.

15. Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Data against unauthorized access, loss, alteration, and destruction, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing. Specific measures include encrypted transport (TLS 1.2+), encrypted storage, scoped role-based access controls, audit logging of operator actions, hash-chained consent ledgers, secret rotation, and regular review of subprocessor posture.

In the event of a Personal Data breach affecting your data, we will notify you and, where required, the relevant supervisory authority, within the timeframes specified by applicable law (within seventy- two (72) hours of becoming aware where GDPR Article 33 applies).

16. Third-Party Services

The Services rely on a limited set of subprocessors disclosed in the Privacy Policy. The Services may also link to or interoperate with third-party websites or services. We do not endorse and are not responsible for such third-party services, and your use of them is governed by their own terms and policies.

17. Term and Termination

17.1 Term

These Terms remain in effect while you use the Services or have an account. Customer subscription terms (start, renewal, cancellation) are governed by the Customer Order Form.

17.2 Termination by you

You may stop using the Services at any time. Candidates may request erasure under Section 14.2. Customers may terminate per their Order Form.

17.3 Termination by us

We may suspend or terminate access where you materially breach these Terms, where required by law, or where continued provision of the Services to you presents a documented risk to the integrity, security, or lawful operation of the Services. Where practicable we will provide notice and an opportunity to cure.

17.4 Effect of termination

On termination, your right to access the Services ceases. Sections 7 (Consents — for the purposes of demonstrating prior lawful processing), 9 (Intellectual Property), 11 (What We Will Not Do), 14 (Data Rights), 18 (Disclaimers), 19 (Liability), 20 (Indemnification), 21 (Disputes), 22 (Governing Law), and 24 (Miscellaneous) survive termination.

18. Disclaimers

EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, THAT ANY GIVEN AI EXTRACTION WILL BE ACCURATE OR COMPLETE, OR THAT THE SERVICES OR THE SERVERS THAT MAKE THEM AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

The Services do not constitute legal, financial, medical, or other professional advice. Hiring decisions are made by Customers and their authorized Operators, not by SourceHire. AI extraction output is informational only and may contain errors; human review is the operative decision-making step.

19. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL SOURCE UNLIMITED OR ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, REVENUE, GOODWILL, USE, OR DATA, ARISING OUT OF OR RELATED TO THE SERVICES, WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, OUR AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES, FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY, IS LIMITED TO THE GREATER OF (A) THE AMOUNTS PAID BY YOU TO SOURCE UNLIMITED IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR (B) ONE HUNDRED UNITED STATES DOLLARS ($100).

The limitations in this Section 19 do not limit liability that cannot be excluded under applicable law (including, where applicable, liability for death or personal injury caused by negligence, fraud, fraudulent misrepresentation, or willful misconduct), and do not limit either party's indemnification obligations under Section 20.

20. Indemnification

20.1 By Customer

If you are a Customer, you agree to defend, indemnify, and hold harmless SourceHire and its affiliates, officers, directors, employees, and agents from and against any claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to (a) your or your Operators' use of the Services in violation of these Terms or applicable law; (b) any hiring decision made in connection with the Services; and (c) any claim that data you provided to the Services infringes the rights of any third party.

20.2 By SourceHire

We will defend, indemnify, and hold harmless Customers from any third-party claim alleging that the Services, when used in accordance with these Terms, infringe a United States patent, copyright, or trademark of that third party, and we will pay any damages finally awarded by a court of competent jurisdiction. This obligation does not apply to claims arising from modifications to the Services made by anyone other than us, the combination of the Services with materials we did not provide, or use of the Services in violation of these Terms.

21. Dispute Resolution

Important. These Terms incorporate by reference the Arbitration Agreement, which requires most disputes to be resolved by individual binding arbitration rather than in court, and which contains a class-action waiver. You may opt out of the Arbitration Agreement within thirty (30) days of first accepting these Terms by following the instructions in Section 4 of the Arbitration Agreement. Read it carefully.

The Arbitration Agreement carves out small-claims court actions (you or we may bring an individual action in small-claims court if eligible) and equitable relief for intellectual-property violations.

22. Governing Law

These Terms are governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict-of- laws principles. Where any dispute is not subject to the Arbitration Agreement, the parties consent to the exclusive jurisdiction of the state and federal courts located in New Castle County, Delaware. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

23. Changes to These Terms

We may modify these Terms from time to time. Where the change is material, we will provide notice (by email to the address on file for Customers, or by a banner on the public site for Candidates and Visitors) at least thirty (30) days before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Terms. Versions are identified by a version number and an effective date displayed at the top of the page; previous versions are preserved and available on request to privacy@sourceunlimited.co.

24. Miscellaneous

24.1 Entire agreement

These Terms, together with the documents they incorporate by reference (Privacy Policy, Acceptable Use Policy, Cookie Policy, Arbitration Agreement, and where applicable the Data Processing Addendum and the Customer Order Form), constitute the entire agreement between you and us with respect to the Services and supersede all prior or contemporaneous agreements, proposals, and communications.

24.2 Assignment

You may not assign or transfer these Terms or any rights under them without our prior written consent. We may assign these Terms without restriction, including in connection with any merger, acquisition, or sale of assets. Any attempted assignment in violation of this Section is void.

24.3 Notices

We may give notice to you by email to the address on file or by posting on the Services. You give notice to us by emailing legal@sourceunlimited.co and concurrently sending a copy by mail to: [ENTITY NAME], Attn: Legal, [BUSINESS ADDRESS].

24.4 Severability

If any provision of these Terms is held invalid or unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable, or if not possible, severed, and the remaining provisions will remain in full force and effect.

24.5 Waiver

No waiver of any provision of these Terms is effective unless in writing and signed by the waiving party. The failure to enforce any provision is not a waiver of that or any other provision.

24.6 Force majeure

Neither party is liable for failure or delay caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, government action, network or power failures, or natural disasters.

24.7 Relationship

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, fiduciary, or employment relationship.

24.8 Headings; interpretation

Section headings are for convenience and do not affect interpretation. The words “include” and “including” are not limiting.

25. Contact

[ENTITY NAME] d/b/a SourceHire
[BUSINESS ADDRESS]
Legal: legal@sourceunlimited.co
Privacy: privacy@sourceunlimited.co
Security: security@sourceunlimited.co
Support: support@sourceunlimited.co