Is this legal advice?

No. HireStates is compliance software, not a law firm. We help you understand the rules and generate document templates - but we strongly recommend reviewing final documents with a licensed employment attorney, especially for your first hire.

How current is the compliance data?

Our compliance database covers current California and New York state law and all major city ordinances. We review and update the data as legislation changes to keep your documents accurate.

Which states and cities are covered?

California: All 25 major jurisdictions including the state baseline plus San Francisco, Los Angeles, San Jose, Oakland, San Diego, and 20+ more cities. New York: State law plus NYC and other major jurisdictions. We are actively expanding city coverage for New York.

Is our company data stored securely? We're subject to GDPR.

Yes. HireStates is hosted in the EU (Frankfurt). We are GDPR-compliant by design, do not sell data to third parties, and offer a Data Processing Agreement (DPA) on Pro and Enterprise plans. Your documents and company data never leave EU infrastructure.

Do we still need an employment lawyer?

For standard hires, many customers use HireStates documents as-is after a one-time legal review. For complex situations - executive contracts, equity compensation, or layoffs - we recommend involving counsel. HireStates reduces the hours your lawyer needs to spend, cutting legal costs significantly.

Can we customize the generated documents?

Yes. All documents are fully editable after generation. Pro and Enterprise plans let you save custom clauses, upload company policies, and create branded templates. You own every document you generate.

HireStates — AI-Powered HR Compliance for California & New York

1. Introduction

This Privacy Policy explains how KVN-International US Inc., doing business as HireStates ("HireStates", "we", "us", or "our"), collects, uses, discloses, and protects personal information when you visit our websites, including hirestates.com and app.hirestates.com (the "Sites"), or use our AI-powered US employment compliance platform and related services (collectively, the "Services").

HireStates is committed to protecting your privacy and handling your data in a transparent and secure manner. This Privacy Policy applies to users located in the United States, the European Union/European Economic Area (EU/EEA), and other regions, and is intended to comply with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") where it applies.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Privacy Policy, you should not use the Services.

2. Data Controller and Contact Information

For purposes of applicable data protection laws, the data controller of your personal information is:

KVN-International US Inc.
d/b/a HireStates
16192 Coastal Highway
Lewes, Delaware, 19958, USA
Email: hirestates@kvn-international.com

For users in the European Union (EU) and the United States (US), KVN-International US Inc. acts as the Data Controller for account-related information. When you upload employee data to generate documents, we act as a Data Processor on your behalf. To ensure GDPR compliance for our European clients, we host all platform data on secure servers located within the European Union.

3. Scope of This Policy

This Privacy Policy covers personal information that we collect about:

Visitors to our Sites
Prospective and current customers and users of our Services
Individuals whose information may be included in documents or data submitted to the Services (e.g., employees, candidates, contractors of our customers)

This Privacy Policy does not apply to:

Third-party websites, services, or applications that may be linked from our Sites or Services
Personal information processed by our customers outside of the Services (e.g., their own HR systems)

4. Information We Collect

We may collect the following categories of personal information:

4.1 Information You Provide to Us

Account and Profile Information

Name, company name, job title
Business email address, password, and authentication details
Subscription tier, billing preferences, and communication preferences

Customer and Employment-Related Data (submitted via the platform)

Company details (legal entity name, address, jurisdiction, industry)
Role descriptions, job titles, locations (e.g., city in California or New York)
Employment terms you input into the platform (e.g., salary ranges, benefits descriptions, working hours)
Information about employees or candidates that you choose to include in generated documents (e.g., employee name, position)

Billing and Payment Information

Payment method details (e.g., last four digits of card, billing address) processed via our payment processors
Transaction history and subscription records

Support and Communication Data

Content of emails or messages you send to us (e.g., support requests, feedback)
Information provided during onboarding, demos, or customer success calls

4.2 Information We Collect Automatically

When you use the Sites or Services, we may automatically collect:

Usage and Log Data

IP address, browser type and version, device identifiers
Pages visited, features used, date and time of access
Referring URLs and interactions within the application

Cookie and Tracking Data

Cookies and similar technologies for authentication, session management, analytics, and preference storage

4.3 Information from Third Parties

We may receive personal information from:

Service providers and partners: payment processors, analytics providers, hosting providers, customer support tools
Your organization: if your employer or organization signs up for HireStates and invites you as a user, we may receive your contact and role information from them

5. Legal Bases for Processing (GDPR)

If you are in the EU/EEA or another jurisdiction that requires a legal basis for processing, we rely on the following:

Performance of a Contract - To create and manage your account, provide the Services, process payments, and respond to your requests.
Legitimate Interests - To improve and secure our Services, conduct analytics, prevent fraud, and communicate with you about updates to the platform (where allowed by law).
Compliance with Legal Obligations - To comply with applicable laws, regulations, and valid legal requests.
Consent - Where required (e.g., certain marketing communications, certain cookies), we will obtain your consent. You may withdraw consent at any time as described below.

6. How We Use Your Information

We use personal information for the following purposes:

Providing and Operating the Services - Creating and managing user accounts, generating employment documents, providing AI-powered answers to California and New York labor law questions
Improving and Developing the Services - Analyzing usage patterns to enhance features, usability, and accuracy
Customer Support and Communications - Responding to support tickets, inquiries, and sending service-related announcements
Billing, Administration, and Account Management - Processing subscription payments, managing licenses, providing invoices
Security and Abuse Prevention - Detecting and preventing fraud, abuse, or misuse of the Services
Legal and Compliance Purposes - Complying with legal obligations and regulatory requirements
Marketing and Product Updates - Sending newsletters and product updates (you may opt out at any time)

7. How We Share Your Information

We may share personal information with:

Service Providers (Processors) - Cloud hosting providers (EU-based), payment processors, analytics providers, customer support tools. These providers are bound by contractual confidentiality and data protection obligations.
Affiliates and Group Companies - Where necessary for support, product development, or legal compliance.
Professional Advisors - Lawyers, auditors, or consultants as necessary.
Corporate Transactions - In connection with a merger, acquisition, or sale, subject to appropriate safeguards.
Legal and Enforcement Authorities - When required by law, regulation, or legal process.

We do not sell personal information to third parties.

8. International Data Transfers

We host data primarily in the European Union to support GDPR readiness and protect our customers' data. However, personal information may be accessed or processed from other countries, including the United States, where our company is incorporated or where certain service providers are located.

When we transfer personal information outside of the EU/EEA, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.

9. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer needed, we will either delete it, anonymize it, or securely store it and isolate it from further processing until deletion is possible.

10. Data Security

We implement appropriate technical and organizational measures, including:

Hosting in secure EU data centers with industry-standard security controls
Encryption of data in transit (HTTPS/TLS) and, where appropriate, at rest
Access controls and role-based permissions within our systems
Regular monitoring, logging, and security reviews

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Your Rights and Choices

Depending on your location and applicable law (e.g., GDPR, CCPA/CPRA), you may have some or all of the following rights:

Right of Access - To obtain confirmation of whether we process your personal information and to access that information.
Right to Rectification - To request correction of inaccurate or incomplete personal information.
Right to Erasure ("Right to be Forgotten") - To request deletion of your personal information under certain conditions.
Right to Restriction of Processing - To request that we limit the processing of your personal information in certain circumstances.
Right to Data Portability - To receive a copy of your personal information in a structured, commonly used, and machine-readable format.
Right to Object - To object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent - Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, please contact us using the contact details in Section 2. We may need to verify your identity before fulfilling certain requests. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

12. Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

Essential cookies (always active): Authentication session cookies set by Better Auth. These are required for the platform to function. They are httpOnly, secure, and expire after 7 days of inactivity.
Preference cookies: Language preference and cookie consent choice, stored in your browser's localStorage. No data is sent to our servers.
Analytics cookies (optional): We use Vercel Web Analytics to understand how our website is used. Vercel Analytics collects anonymized page view data including: page URL, referrer, browser type, operating system, and device type. It does not track individual users across sites, does not use fingerprinting, and is privacy-focused by design. You can opt out of analytics cookies via the cookie consent banner. When you choose "Essential only", analytics are disabled.

We do not use any third-party advertising cookies, tracking pixels, or retargeting technologies. No data is shared with advertising networks.

You can manage or disable cookies through your browser settings or via our cookie consent banner. Disabling essential cookies may affect the functionality of the Services.

13. Children's Privacy

Our Services are not directed to and are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under this age. If we become aware that we have collected personal information from a child, we will take reasonable steps to delete it. If you believe we may have collected data from a child, please contact us.

14. Customer Responsibilities

As our customer, you may upload or input personal information about your employees, candidates, or contractors into the Services. You are responsible for ensuring you have a lawful basis to collect and process such personal information, providing any necessary notices or disclosures to those individuals, ensuring the accuracy of the data you provide, and managing user access rights within your organization's HireStates account.

Where required by data protection law, we act as a data processor and you act as the data controller with respect to such data, in which case our relationship will be governed by a Data Processing Agreement ("DPA").

15. Third-Party Links and Services

The Sites or Services may contain links to third-party websites or integrations with third-party tools. We are not responsible for the privacy practices of those third parties, and this Privacy Policy does not apply to them. We encourage you to review their privacy policies before providing any personal information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. When we do, we will revise the "Last updated" date at the top of this page. If we make material changes, we will provide additional notice (such as by email or prominent notice in the application). Your continued use of the Services after the revised Privacy Policy has become effective indicates that you have read and understood the current version.

17. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us at:

KVN-International US Inc. d/b/a HireStates
16192 Coastal Highway
Lewes, Delaware, 19958, USA
Email: hirestates@kvn-international.com

If you are in the EU/EEA and believe that our processing of your personal information is not in line with applicable data protection law, you may lodge a complaint with your local supervisory authority.