Privacy Policy
Last Updated: December 1, 2025
Table of Contents
1. Introduction
Welcome to HireNirnay ("we," "our," or "us"). We are headquartered in Hyderabad, Telangana, India and serve recruiters across India, APAC, the Middle East, Europe, and North America. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered recruitment matching service.
All production systems are hosted in Indian data centres with AES-256-GCM encryption at rest. When required for global redundancy or customer-requested processing, we apply Standard Contractual Clauses (SCCs) for cross-border transfers and limit personal data to the minimum necessary.
By using HireNirnay, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.
2. Data We Collect
2.1 Information You Provide
- Account Information: Name, email address, password (encrypted), and optional profile information when you create an account.
- Resume Files: PDF, DOCX, or TXT files containing candidate resumes that you upload for matching.
- Job Descriptions: Text content of job descriptions you provide when creating JD buckets.
- Payment Information: Payment details processed securely through PayU payment gateway (we do not store credit card information).
- Contact Information: Information provided when contacting our support team.
2.2 Automatically Collected Information
- Usage Data: Information about how you use our service, including pages visited, features used, and time spent.
- Device Information: Browser type, operating system, IP address, and device identifiers.
- Session Data: Session cookies and tokens for authentication and security.
- Analytics Data: Aggregated statistics about platform usage, match scores, and performance metrics.
2.3 Data Residency & International Transfers
Resume files, JD content, and analytics are stored in encrypted form within India (primary region: Hyderabad). We may replicate anonymised insights to backup regions (EU or US) for disaster recovery. When we do so, we implement SCCs, least-privilege access, and logging via Pino to satisfy GDPR and other regional privacy frameworks.
3. How We Use Your Data
We use the collected data for the following purposes:
- Service Delivery: To provide, maintain, and improve our AI matching services.
- Account Management: To create and manage your account, process transactions, and provide customer support.
- AI Processing: To analyze resumes against job descriptions using OpenAI models and generate match scores.
- Communication: To send you service updates, respond to inquiries, and send transactional emails (OTP verification, invoices, etc.).
- Analytics: To understand usage patterns, improve our algorithms, and enhance user experience.
- Security: To detect, prevent, and address technical issues, fraud, and security threats.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share your data only in the following circumstances:
- Service Providers: With third-party service providers (OpenAI for AI processing, PayU for payments, email services) who assist us in operating our platform. These providers are contractually bound to protect your data.
- Legal Requirements: When required by law, court order, or government regulation.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, where user data may be transferred as part of the transaction.
- With Your Consent: When you explicitly authorize us to share your information.
Note: Resume content is sent to OpenAI's API for processing. OpenAI's use of data is governed by their privacy policy. We use OpenAI's API in a way that does not allow them to use your data for model training (if configured).
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption: Files are encrypted using AES-256-GCM encryption for storage.
- Secure Transmission: All data transmission uses HTTPS/TLS encryption.
- Access Controls: Strict access controls and authentication mechanisms to prevent unauthorized access.
- Database Security: MongoDB databases are secured with proper authentication and network isolation.
- Regular Audits: Periodic security audits and vulnerability assessments.
- Data Retention: Files are automatically deleted after the retention period (configurable, default 30 days).
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request access to your personal data we hold.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
- Portability: Request a copy of your data in a portable format.
- Opt-Out: Opt out of marketing communications (transactional emails cannot be opted out).
- Withdraw Consent: Withdraw consent for data processing where applicable.
To exercise these rights, please contact us at info@hirenirnay.com. We will respond to your request within 30 days.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
Changes to this Privacy Policy are effective when they are posted on this page.
9. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Email: info@hirenirnay.com
Website: Contact Page
Business Hours: Monday - Friday, 9:00 AM - 6:00 PM IST