Privacy Policy

This Privacy Policy explains how Hirezimo Tech Private Limited ("Hirezimo", "we", "us") collects, uses, stores, and shares information when you use the Hirezimo platform at www.hirezimo.com.

We are the data fiduciary (under India's Digital Personal Data Protection Act 2023) and data controller (under UK/EU GDPR for users in those jurisdictions) for the personal data we hold.

Hirezimo Tech Private Limited is registered in India. CIN: U72900HR2022PTC105909. Registered address: C 944, Sushant Lok, Phase-1, Vypar Kendra Market, Gurgaon, Haryana, 122001.

Three categories of users interact with Hirezimo:

• Recruiters — businesses or individuals who post job openings and pay rewards on confirmed hires.
• Referrers — individuals who share referral links and submit candidate referrals.
• Candidates — people whose details are submitted through a referral link.

Different sections of this policy apply differently to each. Where relevant, we call out which group is affected.

From recruiters:

• Name, email address, role at company (collected at sign-up via Clerk)
• Company information you provide when posting a job
• Job content (titles, descriptions, reward amounts) you publish on the platform

From referrers:

• Name, email address (collected at sign-up via Clerk)
• Bank account details (collected only at the point of first payout, for transferring rewards)
• Records of which jobs you generated referral links for

From candidates submitted via referral links:

• Full name, email address, phone number (mandatory)
• LinkedIn URL (optional but recommended)
• CV / resume file (required, stored in Cloudflare R2 — key stored in DB, never the raw file)
• The referral link / referrer the candidate came through

From all users automatically:

• Authentication session data (managed by Clerk Inc., our auth provider)
• Standard server logs: IP address, timestamps, user-agent, request paths (kept 30 days)

We process personal data on the following lawful bases:

• Performance of contract: to operate the platform you signed up to use — including the duplicate-check, the pipeline, and reward payouts.
• Legitimate interests: to send transactional emails, prevent fraud and abuse, and improve the service.
• Consent (candidate data): when a candidate submits via a referral link, they explicitly consent to their details being shared with the recruiter who posted the role.
• Legal obligation: tax, accounting, and any regulatory obligations under Indian law (including TDS on referrer payouts).

We share data with a limited number of service providers (sub-processors) needed to run the platform. None of them sell your data.

• Clerk Inc. (USA) — authentication and user management
• Neon Inc. (USA, EU regions available) — managed PostgreSQL database
• Cloudflare Inc. (USA) — R2 object storage for CV files
• Upstash Inc. (USA) — Redis cache for duplicate detection
• Resend Inc. (USA) — transactional email delivery
• Vercel Inc. (USA) — application hosting

Candidate details (name, email, phone, LinkedIn, CV) are also shared with the specific recruiter who posted the role the candidate applied for. They are not shared with any other recruiter.

We do not sell personal data. We do not share data for advertising or marketing purposes by third parties.

Some of our service providers process data in the United States or other jurisdictions outside India. We rely on standard contractual clauses or equivalent safeguards offered by these providers. By using Hirezimo, you consent to your data being processed in those jurisdictions.

• Account data: for as long as your account is active, plus 2 years after closure (for tax and dispute purposes).
• Candidate submissions: 2 years from submission date, then anonymised in our records.
• Bank/payment data: 7 years (Indian tax law requirement for financial transactions).
• CV files: deleted from R2 within 30 days of the related submission being marked REJECTED, or within 2 years of HIRED status.
• Server logs: 30 days.

Under DPDP Act 2023 (India) and UK/EU GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (subject to legal retention obligations)
• Withdraw consent for future processing where consent is the lawful basis
• Lodge a complaint with the Data Protection Board of India (or your local supervisory authority for EU/UK users)

To exercise any of these rights, email hello@hirezimo.com. We respond within 30 days.

Candidates: if you were referred to a role and want your details removed from the recruiter's pipeline, contact us. We will also notify the recruiter, but their copy of the data is governed by their own privacy policy.

We use industry-standard practices: encryption in transit (TLS), encryption at rest (Postgres + R2), authentication via Clerk, role-based access control, signed URLs for CV downloads, atomic duplicate-detection via Redis to prevent race conditions.

No system is perfectly secure. If we detect a personal data breach, we will notify affected users and the Data Protection Board within 72 hours of discovery, in line with DPDP Act requirements.

We use only essential cookies needed for authentication (set by Clerk) and basic session state. We do not use cookies for advertising, analytics, or tracking. There is no consent banner because no consent-required cookies are set.

Hirezimo is not intended for users under 18. We do not knowingly collect data from children. If you believe a candidate under 18 has been referred, contact us and we will remove the submission.

We may update this policy. Material changes will be notified by email to active account holders at least 14 days before they take effect. The "Last updated" date at the top always reflects the current version.

Hirezimo Tech Private Limited
C 944, Sushant Lok, Phase-1, Vypar Kendra Market, Gurgaon, Haryana, 122001
CIN: U72900HR2022PTC105909

Email: hello@hirezimo.com