Privacy Policy

Last updated: May 2026

1. Introduction

This Privacy Policy explains how Workflow Architects Limited (“we”, “us”, “our”) collects, uses, stores, and protects information through HuntDesk, our recruitment CRM platform. We are committed to protecting the privacy of our users, candidates, clients, and all individuals whose data may be processed through the platform.

2. What Data We Process

As a recruitment CRM, HuntDesk processes the following categories of data entered or generated by our users (recruitment professionals):

  • Candidate data: Names, contact details, employment history, current and expected compensation, skills, seniority, function, industry, availability, notice period, nationality, languages, and recruiter-entered notes.
  • Client and company data: Company names, industry, size, contacts, billing information, and engagement history.
  • Recruiter/user data: Account information (name, email, role), activity logs, and platform usage data.
  • Communications metadata: Records of calls, meetings, emails, and other recruiter activities logged in the platform.
  • Uploaded documents: CVs/resumes, NDAs, and other files uploaded by users for processing or record-keeping.
  • AI-generated content: Summaries, match assessments, outreach drafts, and suggestions generated by the platform's AI features based on user-entered data.

3. Why We Process Data

We process personal data for the following purposes:

  • Service delivery: To provide the core CRM functionality that enables recruitment firms to manage candidates, clients, mandates, and workflows.
  • Account administration: To manage user accounts, tenants, billing, and access permissions.
  • AI-assisted features: To generate candidate match assessments, outreach drafts, summaries, and next-action suggestions that help recruiters work more effectively.
  • Support and communication: To respond to enquiries, provide technical support, and communicate service updates.
  • Analytics and improvement: To understand platform usage patterns and improve the service, in anonymised or aggregated form where possible.
  • Security: To protect the platform, detect fraud, and prevent unauthorised access.
  • Legal compliance: To meet regulatory obligations including data protection laws applicable in Hong Kong.

4. Legal Basis for Processing

We process data based on: (a) performance of our contract with subscribers; (b) legitimate business interests of recruitment firms using the platform; (c) consent, where explicitly obtained; and (d) legal obligations.

5. Data Retention and Deletion

Data entered by users is retained for as long as the associated tenant account remains active. Upon account termination, users may request data export within 30 days. After the export window, we will delete or anonymise data in accordance with our retention schedule, subject to any legal obligations requiring longer retention.

The platform includes built-in data freshness tools that help recruiters identify and review stale records, supporting good data hygiene practices.

6. Infrastructure and Sub-Processors

HuntDesk is hosted on cloud infrastructure. We use third-party service providers for hosting, database management, file storage, email delivery, and AI model inference. All sub-processors are selected for their security practices and are bound by appropriate data processing agreements.

7. Security Measures

We implement appropriate technical and organisational measures to protect data, including:

  • Encryption of data in transit (TLS)
  • Secure password hashing (bcrypt)
  • Role-based access controls and multi-tenant data isolation
  • Regular security reviews of application code
  • Server-side processing for AI features (no client-side exposure of sensitive data to AI providers)
  • Audit logging of data access and AI-generated outputs

8. AI-Specific Privacy Considerations

When AI features are used, only the minimum data necessary to generate the requested output is included in AI processing requests. AI-generated content is clearly marked and stored separately from source records. We do not use customer data to train AI models. All AI processing occurs through server-side pathways.

9. Your Rights

Depending on applicable law, you may have rights regarding your personal data, including:

  • Right to access the personal data we hold about you
  • Right to request correction of inaccurate data
  • Right to request deletion of your data (subject to legal retention requirements)
  • Right to object to certain types of processing

For candidate data entered into HuntDesk by recruitment firms, the firm is the data controller. Requests from candidates regarding their data should be directed to the relevant recruitment firm, who can manage data through the platform's built-in tools.

10. Cookies and Analytics

HuntDesk uses essential cookies for authentication and session management. We may use analytics to understand usage patterns. We do not use advertising cookies or sell data to third parties.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-platform notice. The “last updated” date at the top reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Workflow Architects Limited
Room B, 16/F, Building Billion Plaza II
10 Cheung Yue Street, Lai Chi Kok
Kowloon, Hong Kong
Email: [email protected]