6. Legal Bases for Processing Your Data

We process your personal data based on the following legal grounds, where applicable:

• Consent: Where you have given us explicit consent for specific processing activities (e.g., for certain marketing communications).
• Contractual Necessity: To perform our contractual obligations to you or your organization (e.g., providing access to our SaaS products).
• Legitimate Interests: For our legitimate business interests, provided these do not override your fundamental rights and freedoms (e.g., ensuring security, preventing fraud, improving services, internal analytics).
• Legal Obligation: To comply with our legal and regulatory obligations (e.g., maintaining records, responding to legal requests).

7. Use of Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain Services: To operate, deliver, and maintain our websites, SaaS products, and AI-powered tools.
• To Improve and Develop Services (including AI): To understand user needs, analyze performance, fix bugs, and enhance existing features. This includes using aggregated and anonymized data to train, evaluate, and refine our AI models and algorithms for tasks such as natural language processing, predictive analytics, candidate matching, and data categorization.
• Payment Processing: To process payments for subscriptions and services.
• Communication: To send you service-related notifications, updates, security alerts, and support messages.
• Customer Support: To provide assistance and resolve technical issues.
• Security & Fraud Prevention: To protect our services, users, and data from unauthorized access, fraud, and other security threats.
• Compliance: To comply with applicable laws, regulations, and legal processes.

8. Disclosure and Data Sharing

We are committed to protecting your data. We do not sell your personal data or use it for targeted advertising. We may share your information only in the following circumstances:

• With Your Organization: As part of providing services to your employer or the organization you represent.
• With Our Employees & Contractors: Access is strictly limited to individuals on a need-to-know basis, bound by confidentiality obligations.
• With Authorized Service Providers: We engage trusted third-party vendors and partners to perform functions on our behalf (e.g., hosting, payment processing, customer support, analytics, cloud AI services). These providers are contractually obligated to maintain confidentiality and security and use data only for the purposes instructed by us.
• For Legal Reasons: If required by law, court order, governmental regulation, or if we believe it's necessary to protect our rights, property, or safety, or the safety of our users or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, subject to the successor entity assuming the obligations of this Privacy Policy.

9. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• User and Candidate Data: Generally, data associated with user accounts or candidate profiles is retained for 3 months after the last activity or account closure, unless a longer retention period is required by our clients (as per DPA) or legal obligations. After this period, data is securely deleted or anonymized.
• Payment Information: Retained in accordance with legal and financial regulations.
• CCTV Footage: Retained for a limited period as required by security protocols and local regulations, then securely deleted.
• Anonymized Data for AI Training: Data that has been fully anonymized (so it can no longer identify an individual) may be retained indefinitely for the purpose of improving our AI models.

10. Automated Decision-Making and AI

Our AI-powered platform is designed to enhance HR productivity and insights. While our AI can provide recommendations and assist in various processes, we are committed to human oversight.

• Data Used: Our AI primarily processes anonymized or pseudonymized data for training and general model improvement. When processing personal data for specific client functions (e.g., resume parsing), it is done under the client's instructions and within the framework of our Data Processing Addendum.
• Human Review: You (or data subjects whose data you process) have the right to request human review or explanation of any automated decisions made by our AI that significantly impact an individual.
• No Solely Automated Decisions: We strive to ensure that decisions producing legal effects or similarly significant impacts on individuals are not based solely on automated processing without human intervention.
• Exercising Rights: To request human review or an explanation of an AI-assisted decision, please contact us at [email protected].

11. Your Privacy Rights

Subject to applicable data protection laws, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances.
• Right to Restriction of Processing: Request that we limit the processing of your personal data under certain conditions.
• Right to Data Portability: Request transfer of your personal data to another service provider in a structured, commonly used, machine-readable format.
• Right to Object: Object to the processing of your personal data, particularly for direct marketing purposes or when based on legitimate interests.
• Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us at[email protected]. We will respond to your request within the timeframe required by applicable law.

12. International Data Transfers

Our primary data storage servers are located in India. If we transfer personal data outside of India or to other jurisdictions, we will ensure that such transfers are conducted in accordance with lawful mechanisms, such as Standard Contractual Clauses (SCCs), or other legally approved frameworks designed to protect your data.

13. Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption: Data encryption in transit and at rest where appropriate.
• Access Controls: Strict access control policies and procedures for our systems and data.
• Regular Audits: Periodic security audits and vulnerability assessments.
• Employee Training: Regular security and privacy training for our employees and contractors.
• Secure AI Development: Incorporating security best practices throughout the AI model development lifecycle, protecting training data, and ensuring the integrity of AI systems.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any updates on our website. For substantial changes, we will provide notification at least 30 days in advance (e.g., via email to registered users or prominent website notice) before the changes become effective. Your continued use of our services after the effective date constitutes your acceptance of the revised policy.

15. Third-Party Services

Our services may contain links to websites or services operated by third parties. This Privacy Policy does not apply to those third-party services. We are not responsible for their privacy practices; we encourage you to review their privacy policies separately.