Personal Information from HR Users

HireZapp collects the following information from HR professionals and recruiters using our platform:

• Account Information: Name, email address, job title, company name, phone number, and professional credentials required for account registration and service provision.
• Company Information: Organization details including company size, sector, website, vision and mission statements, team information, and office locations used for creating careers pages and job postings.
• Payment and Billing Data: Credit card information, billing addresses, transaction history, and payment preferences processed through secure third-party payment processors for credit purchases and subscription management.
• Professional Profile Data: LinkedIn credentials and authentication tokens when users integrate their LinkedIn accounts for calendar booking features. We store authentication tokens securely and never store LinkedIn passwords in plain text.

Candidate Information

• Application Data: Names, contact information, educational background, work experience, skills, resume content, and portfolio links submitted through job application forms.
• Assessment Results: AI-generated match scores, GitHub analysis scores, skills assessments, and performance evaluations based on submitted materials and platform interactions.
• Communication Records: Messages exchanged through the platform, interview scheduling information, and notes added by HR users during the evaluation process.

Technical and Usage Information

• Device and Browser Data: IP addresses, browser types, device identifiers, operating system information, and mobile app version details.
• Usage Analytics: Platform interaction data, feature usage patterns, session duration, pages visited, and click-through rates used for service improvement and analytics.
• AI Processing Data: Resume parsing results, skill extraction data, matching algorithm inputs and outputs, and automated analysis reports generated by our artificial intelligence systems.

Third-Party Integration Data

• Google Sheets Integration: When enabled, we access and sync job application data with user-specified Google Sheets for real-time data export and management.
• LinkedIn API Data: Profile information, connection data, and posting capabilities accessed through LinkedIn's official API with explicit user consent.
• Calendar Integration: Meeting scheduling data, availability information, and booking confirmations processed through third-party calendar services.

Core Platform Services

We process personal data to provide HireZapp's essential recruitment services:

• Job Creation and Management: AI-powered job description generation, custom application form creation, and job posting management across multiple platforms.
• Candidate Evaluation: Resume analysis, skills matching, GitHub profile assessment, and automated screening to generate match scores and recommendations.
• Communication Facilitation: Enabling secure messaging between HR users and candidates, interview scheduling, and status updates throughout the hiring process.
• Career Page Development: Creating customized company career pages with organizational information, job listings, and branding elements.

AI and Machine Learning Processing

Our artificial intelligence systems process submitted data to:

• Generate Match Scores: Analyzing candidate qualifications against job requirements to produce compatibility ratings and recommendations.
• Enhance Screening Efficiency: Automating initial candidate evaluation to streamline HR workflows and reduce manual processing time.
• Provide Insights and Analytics: Generating reports on hiring patterns, candidate quality metrics, and recruitment performance indicators.

Payment and Credit Management

We process financial information to:

• Handle Transactions: Processing credit purchases, subscription payments, and billing for platform usage based on our credit system (1 application = 1 credit = ₹2 in India, with different pricing structures for international users).
• Manage Accounts: Tracking credit balances, usage patterns, and payment history to ensure accurate billing and service provision.
• Prevent Fraud: Monitoring transactions for suspicious activity and implementing security measures to protect against unauthorized usage.

Legal Compliance and Safety

Data processing may be necessary to:

• Comply with Legal Obligations: Meeting regulatory requirements, responding to lawful requests, and maintaining required records for audit purposes.
• Protect Rights and Safety: Preventing fraud, abuse, or misuse of our platform and protecting the security and integrity of our services.
• Enforce Terms of Service: Ensuring compliance with platform policies and resolving disputes between users.

Service Providers and Processors

HireZapp shares personal data with carefully selected third-party service providers who assist in delivering our services:

All service providers are contractually bound to maintain data confidentiality and security standards equivalent to our own practices.

LinkedIn Integration

When users connect their LinkedIn accounts, we share necessary data with LinkedIn to facilitate:

• Calendar Integration: Authentication tokens and scheduling data for meeting coordination between HR users and candidates.
• Profile Access: Basic profile information required for identity verification and professional networking features.
• Posting Capabilities: Content and scheduling information when users authorize posts on their behalf.

Google Sheets Integration

For users who enable Google Sheets integration, we share:

• Application Data: Candidate information, application status, and evaluation results synchronized with user-specified spreadsheets.
• Real-time Updates: Live synchronization of new applications and status changes as they occur on the platform.

Legal Disclosures

We may disclose personal information when required by law, including:

• Compliance with Legal Process: Responding to court orders, subpoenas, or regulatory investigations.
• Protection of Rights: Defending against legal claims or protecting the rights, property, and safety of HireZapp, our users, or the public.
• Business Transfers: In connection with mergers, acquisitions, or asset sales, subject to continued privacy protection.

Technical Safeguards

HireZapp implements industry-standard security measures to protect personal data:

• Encryption: All data is encrypted during transmission using TLS encryption and at rest using AES-256 encryption standards.
• Access Controls: Multi-factor authentication, role-based access permissions, and regular access reviews ensure only authorized personnel can access personal data.
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring protect against unauthorized access and cyber threats.
• Secure Infrastructure: Data centers with physical security controls, redundant systems, and 24/7 monitoring ensure continuous protection.

Organizational Measures

• Employee Training: Regular privacy and security training for all team members handling personal data.
• Data Handling Policies: Comprehensive internal policies governing data access, processing, and retention practices.
• Incident Response: Established procedures for detecting, responding to, and reporting potential data breaches within required timeframes.
• Vendor Management: Due diligence and ongoing oversight of third-party service providers to ensure adequate security standards.

AI System Security

• Model Protection: Secure deployment and monitoring of AI systems to prevent unauthorized access or manipulation.
• Data Validation: Input validation and sanitization to prevent injection attacks and ensure data integrity.
• Algorithm Auditing: Regular review and testing of AI algorithms to detect and prevent bias or discrimination in candidate evaluation.

User Account Data

• Active Accounts: Personal data for active HR users is retained for the duration of the account relationship plus any legal retention periods required by applicable law.
• Inactive Accounts: Data for accounts inactive for more than 24 months may be deleted after appropriate notice, unless legal obligations require longer retention.

Candidate Information

• Application Data: Candidate information is retained for the duration specified by the hiring organization, typically 12-24 months for compliance with equal employment opportunity regulations.
• Successful Candidates: Data for hired candidates may be transferred to the employer's systems and subject to their retention policies.
• Withdrawn Applications: Information for candidates who withdraw their applications is deleted within 30 days unless legal requirements mandate longer retention.

Financial and Transaction Data

• Payment Records: Billing and transaction data is retained for 7 years to comply with financial record-keeping requirements and tax regulations.
• Credit Usage: Credit purchase and usage history is maintained for account management and billing purposes during the active relationship.

AI and Analytics Data

• Training Data: Anonymized data used for AI model training and improvement may be retained indefinitely after removing all identifying information.
• Performance Metrics: Aggregated analytics and performance data is retained for business analysis and service improvement purposes.

Rights Under GDPR (EU Residents)

If you are located in the European Union, you have the following rights under the General Data Protection Regulation:

• Right of Access: Request confirmation of data processing and obtain copies of your personal data.
• Right to Rectification: Correct inaccurate or incomplete personal information.
• Right to Erasure: Request deletion of your personal data under certain circumstances.
• Right to Restrict Processing: Limit how we process your personal data in specific situations.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision-Making: Request human intervention in automated decision processes, including AI-driven candidate evaluations.

Rights Under CCPA (California Residents)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: Request information about the categories and specific pieces of personal information collected, used, or sold.
• Right to Delete: Request deletion of personal information collected from you.
• Right to Opt-Out: Opt out of the sale or sharing of personal information for advertising purposes.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Non-Discrimination: Protection against discriminatory treatment for exercising CCPA rights.
• Right to Limit Sensitive Personal Information: Restrict the use and disclosure of sensitive personal information.

Rights Under Indian DPDPA

For users in India, the Digital Personal Data Protection Act provides:

• Right to Access: Obtain confirmation and details of personal data processing.
• Right to Correction: Request correction of inaccurate personal data.
• Right to Erasure: Request deletion of personal data when consent is withdrawn.
• Right to Data Portability: Receive personal data in a structured format.
• Right to Grievance Redressal: File complaints with our designated grievance officer or the Data Protection Board of India.

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer at info@hirezapp.com with the following information:

• Full name and contact information
• Specific right you wish to exercise
• Detailed description of your request
• Verification of your identity

We will respond to verified requests within the timeframes required by applicable law, typically 30 days for GDPR requests and 45 days for CCPA requests.

Transfer Mechanisms

HireZapp may transfer personal data outside your country of residence to provide our global services. We ensure appropriate safeguards for international transfers through:

• Standard Contractual Clauses: Using European Commission-approved standard contractual clauses for transfers from the EU/UK to third countries.
• Adequacy Decisions: Transferring data to countries with European Commission adequacy decisions where applicable.
• Binding Corporate Rules: Implementing comprehensive internal policies for data protection across our global operations.

Data Localization

• Indian Users: Personal data of Indian users is processed within India where possible, with international transfers only when necessary for service provision and subject to appropriate safeguards as required by the DPDPA.
• Cross-Border Services: LinkedIn integration and other third-party services may involve data transfers to the United States and other countries where these providers operate.

Cookies We Use

HireZapp uses various types of cookies and similar tracking technologies:

• Essential Cookies: Strictly necessary for platform functionality, user authentication, and security.
• Analytics Cookies: Used to understand user behavior, improve our services, and measure platform performance.
• Functional Cookies: Remember user preferences and settings to enhance the user experience.
• Marketing Cookies: Track user interactions for marketing campaigns and advertising effectiveness (with user consent where required).

Cookie Management

Users can control cookie preferences through their browser settings or our cookie consent management system. Disabling certain cookies may affect platform functionality.

Third-Party Tracking

We use third-party analytics and marketing services that may place their own cookies and tracking technologies. These third parties operate under their own privacy policies.

AI Systems in Use

HireZapp employs artificial intelligence for several key functions:

• Resume Analysis: Automated extraction and analysis of candidate qualifications, skills, and experience from submitted resumes.
• Match Scoring: AI algorithms generate compatibility scores between candidates and job requirements based on multiple data points.
• Job Description Generation: AI-powered creation of job descriptions based on role requirements and industry standards.
• Candidate Insights: Automated analysis providing strengths, weaknesses, and recommendations for candidate evaluation.

Human Oversight

While AI systems provide recommendations and scores, final hiring decisions remain with human HR professionals. Users can request human review of AI-generated assessments and have the right to contest automated decisions that significantly impact them.

AI Bias Prevention

We regularly audit our AI systems for potential bias and discrimination, implementing measures to ensure fair treatment of all candidates regardless of protected characteristics.

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. As required by the CCPA, we will update this policy at least annually.

Notification Process

• Material Changes: We will provide prominent notice of significant changes through email notifications to registered users and website banners.
• Minor Updates: Non-material changes will be posted on our website with an updated "Last Modified" date.
• Continued Use: Continued use of HireZapp's services after policy updates constitutes acceptance of the revised terms.

Regulatory Complaints

You have the right to lodge complaints with relevant supervisory authorities:

• EU/UK Residents: Contact your local Data Protection Authority
• California Residents: File complaints with the California Privacy Protection Agency
• Indian Residents: Submit complaints to the Data Protection Board of India

Sensitive Information

HireZapp does not intentionally collect sensitive personal information such as racial or ethnic origin, religious beliefs, health information, or other special categories of data as defined by privacy regulations. However, such information may occasionally be included in resumes or application materials submitted by candidates.

Processing Basis

When sensitive information is inadvertently collected, we process it only for the specific purpose of recruitment and with appropriate safeguards. Users can request removal of sensitive information from their profiles at any time.

Verification Process

To protect against unauthorized access, we verify the identity of individuals making data subject requests through:

• Email verification to registered email addresses
• Additional identity verification for sensitive requests
• Secure communication channels for data transmission

Request Processing

We maintain detailed logs of all data subject requests and our responses to ensure compliance with regulatory requirements and to demonstrate our commitment to privacy rights protection.