Legal

Privacy Policy

This policy governs all personal data collected through the Purehire platform, operated by Febin and Dale Ventures Private Limited, in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian law.

Effective Date: May 1, 2026·Last Updated: April 28, 2026·Governing Law: Republic of India

§1

Introduction & Identity of Data Fiduciary

Febin and Dale Ventures Private Limited(“Company”, “we”, “us”, or “our”) is the Data Fiduciary for the Purehire platform under the Digital Personal Data Protection Act, 2023 (DPDPA 2023).

Purehire's purpose is to connect job-seekers with employers through job postings and AI-powered resume scoring. This Privacy Policy governs all personal data collected through the Purehire platform, including its web interface and any future mobile interfaces.

Effective Date: May 1, 2026. By using the Purehire platform, you accept the terms of this Privacy Policy. If you do not agree with any part of this policy, you must not use the platform.

This policy was drafted in compliance with the DPDPA 2023, the Information Technology Act, 2000, and the IT (SPDI) Rules, 2011.

§2

Definitions

The following terms have the meanings set out below throughout this Privacy Policy.

Term	Definition
Data Principal	The individual whose personal data is processed — either a Candidate or a Recruiter/Employer.
Data Fiduciary	Febin and Dale Ventures Private Limited — the entity that determines the purpose and means of processing personal data.
Personal Data	Any data about an identifiable individual, directly or indirectly.
Sensitive Personal Data (SPDI)	Biometric data, financial data, health data, and passwords as defined under the IT (SPDI) Rules 2011 and DPDPA 2023.
Processing	Any operation on personal data: collection, storage, use, sharing, disclosure, deletion, or any combination thereof.
Consent	A free, specific, informed, unconditional, and unambiguous indication of agreement by a Data Principal.
Candidate	A job-seeker who submits a resume or applies for a role on Purehire.
Recruiter / Employer	A business entity or individual who posts jobs and accesses candidate information on Purehire.
AI Resume Scoring	Automated analysis of a Candidate's resume by AI models (Google Gemini and Groq AI) to produce a relevance score for a specific job posting.

§3

Categories of Personal Data Collected

3.1 Candidate Data

The following data points are collected from Candidates. This list is exhaustive.

Full name
Email address
Phone number (mobile)
Resume / CV file (PDF, DOCX, or other submitted format)
Resume contents: work experience, educational qualifications, skills, certifications, projects, and references (as provided by the Candidate)
IP address (collected automatically upon platform access)
Browser type and version (collected automatically)
Session activity logs (pages visited, timestamps, interactions)

AI Processing Notice:Resume content is transmitted to Google Gemini and Groq AI solely to generate a match score for a specific recruiter's job posting. Raw resume text is not stored by those AI services beyond the processing transaction under their respective data processing agreements. Purehire retains the score and the original resume file per the retention schedule in Section 6.

3.2 Recruiter / Employer Data

The following data points are collected from Recruiters/Employers. This list is exhaustive.

Full name of account holder
Business email address
Company / organisation name
Phone number
Company registration or GST details (for invoice and tax compliance)
Payment information — Card numbers, UPI handles, and banking credentials are processed exclusively by Razorpay and are never stored on Purehire servers.
IP address and browser metadata
Job posting content authored by the recruiter

3.3 Technical / Platform Data

Server logs (IP, timestamp, endpoint accessed)
Analytics data (page views, click events) — collected in aggregate; not used to profile individuals
Session cookies (functional only — see Section 10)

3.4 What Purehire Does NOT Collect

No biometric data
No health or medical data
No government-issued ID numbers (Aadhaar, PAN) unless voluntarily included by the Candidate in their resume — Candidates are advised to redact such identifiers before uploading
No social media credentials
No data from minors (individuals under 18 years of age)

§4

Purpose and Legal Basis for Processing

For each processing purpose below, the legal basis under DPDPA 2023 is stated alongside opt-out availability. Processing will not extend beyond the purposes listed here.

Purpose	Data Used	Legal Basis	Opt-Out Available?
Displaying job listings to candidates	None (public)	Legitimate Use	N/A — public content
Matching candidates to jobs via AI scoring	Candidate resume content	Consent (given at time of application)	Yes — do not apply; score will not be generated
Displaying candidate profile to the recruiter who posted the applied-to job	Name, email, phone, resume, AI score	Consent (given at time of application)	Yes — do not apply
Processing recruiter payments	Payment metadata via Razorpay	Contractual necessity	No — required for paid features
Sending transactional emails (confirmations, opted-in alerts)	Email address	Consent / Legitimate Use	Yes — unsubscribe link in every email
Platform analytics and improvement	Anonymised / aggregated usage data	Legitimate Use	No — data is not individually identifiable
Legal compliance and tax records	Payment records, account data	Legal Obligation (Indian tax law)	No
Responding to grievances and support	Account data, correspondence	Legitimate Use	No

Explicit Prohibition: Purehire will not use Candidate resume data to train AI models, build proprietary datasets, or improve AI systems beyond the immediate scoring task for which Consent was given.

§5

Consent

Consent is collected at the point of action. The “Apply for this Job” button triggers a clear, readable consent notice before any data is submitted.
Consent is granular: separate consent is sought for (a) sharing data with the recruiter; (b) AI scoring; and (c) marketing communications.
Consent is not bundled with acceptance of the Terms of Service. It is a separate, affirmative act and cannot be assumed from continued platform use alone.
Candidates may withdraw consent at any time by emailing support@febinanddale.com. Withdrawal stops future processing but does not erase already-lawfully-processed historical data unless a separate deletion request is submitted under Section 9.
Recruiters consent to their account data being used for platform operations at the point of account creation, via an explicit checkbox acceptance of this Privacy Policy.

§6

Data Retention Schedule

Every data category collected by Purehire has a defined maximum retention period. No category is retained indefinitely. Upon expiry of the applicable retention period, data is either permanently deleted or irreversibly anonymised such that it can no longer be attributed to any individual.

Data Category	Retention Period	Justification
Candidate resume files	2 years from last application activity, then permanently deleted or irreversibly anonymised	Reasonable period for candidate re-engagement
Candidate account data	Until deletion request + 30-day grace period	User control under DPDPA 2023
Job posting data	1 year after job expiry date	Audit and dispute resolution
Recruiter account data	Until deletion request + 30-day grace period	User control under DPDPA 2023
Payment records	7 years from transaction date	Income Tax Act 1961 / GST Act requirement
Application records (candidate–job link)	2 years from application date	Dispute resolution
AI scoring results	2 years from application date, then permanently deleted	Tied to application record retention
Server / access logs	90 days, then purged	Security monitoring only
Grievance correspondence	3 years from resolution date	Legal compliance

Payment records are retained for 7 years solely to comply with Indian tax law (Income Tax Act 1961 and the Goods and Services Tax Act). This is a legal obligation and cannot be waived on individual request. All other data is deleted or anonymised at the end of its retention period without requiring a request from the Data Principal.

§7

Third-Party Data Processors

Purehire shares personal data with the following third-party processors only. No other third party receives personal data. Purehire does not use advertising networks, data brokers, or analytics platforms with individual-level data access.

7.1 Razorpay (Payment Processing)

Data shared: Transaction amount, payer identity metadata
Data not shared: Resume content, job data, candidate personal information
Prohibited from:Storing card or UPI data on Purehire's behalf beyond the regulatory minimum required under RBI guidelines
Their policy: https://razorpay.com/privacy/

7.2 Google Gemini (AI Resume Analysis)

Data shared: Resume text content and job description text — transmitted per-request, not batched or stored
Data not shared: Candidate name, email, or phone number (Candidates are advised to redact directly identifying fields from resume body text)
Prohibited from:Retaining data beyond the API call duration; using submitted data to train or improve AI models (governed by Google's enterprise API terms)
Their policy: https://policies.google.com/privacy

7.3 Groq AI (AI Resume Analysis)

Data shared: Resume text content and job description text — transmitted per-request
Data not shared: Directly identifying fields (same caveat as Section 7.2 above)
Prohibited from: Retaining data beyond the API call; using submitted data to train AI models
Their policy: https://groq.com/privacy-policy/

No other third parties receive personal data from Purehire. Purehire does not use advertising networks, data brokers, third-party analytics platforms with individual-level access, or any other external service beyond those listed in Sections 7.1–7.3.

All three processors are bound by data processing agreements that impose confidentiality obligations, restrict use to the stated purpose, and require compliance with applicable data protection law.

§8

Data Sharing

8.1 Sharing with Recruiters

Candidate data is shared only with the Recruiter who posted the specific job for which the Candidate submitted an application.
Data shared with the Recruiter: full name, email address, phone number, resume file, and AI match score.
Recruiters are prohibited by Purehire's Terms of Service from: sharing Candidate data with third parties; using it for unsolicited outreach unrelated to the applied role; and retaining it beyond their active recruitment process for that role.
Purehire cannot technically enforce Recruiter conduct after data is downloaded. Candidates are made explicitly aware of this limitation at the point of application consent.

8.2 Disclosure to Authorities

Personal data will be disclosed to government or law enforcement authorities only upon receipt of a lawful order, court order, or statutory requirement under Indian law.
Purehire will not cooperate with informal or voluntary requests for personal data without appropriate legal authority.
Where legally permissible and not prohibited by the relevant order, Purehire will notify the affected Data Principal of such a disclosure.

8.3 What Purehire Will Never Do

Never sell personal data to any third party for any consideration.
Never rent or license personal data to marketers, data brokers, or analytics firms.
Never use Candidate resumes to build proprietary datasets or train in-house AI systems.
Never share Candidate data with a Recruiter for any role other than the specific role the Candidate applied to.

§9

Rights of Data Principals

Under DPDPA 2023 and applicable Indian law, every Data Principal has the following rights. Purehire will action all valid requests within 7 business days of receipt and verification of identity.

Right	How to Exercise	Limitations / Notes
Right to Access	Email support@febinanddale.com requesting a copy of your data	Identity verification required; one request per 30 days
Right to Correction	Email with details of the incorrect data and the correct version	Cannot correct data submitted by a third party (e.g., recruiter-added notes)
Right to Erasure / Deletion	Email with a deletion request specifying the data to be erased	Payment records exempt for 7 years (legal obligation); anonymised analytics data cannot be individually identified or deleted
Right to Withdraw Consent	Email or account settings	Withdrawal stops future processing but does not erase lawfully processed historical data
Right to Data Portability	Email requesting a machine-readable export	Provided in JSON or CSV format within 7 business days
Right to Grievance Redressal	Email support@febinanddale.com	Response within 7 business days; escalation to the Data Protection Board of India if unresolved within 30 days
Right to Nominate	Submit written nomination via email designating a person to exercise rights on your behalf	Applies in case of death or incapacity of the Data Principal

To exercise any right, email support@febinanddale.com with your registered email address and a description of your request. Identity verification is required before any data is disclosed or deleted.

§10

Cookies and Tracking Technologies

The table below is exhaustive. Purehire uses only the cookie types listed as “Yes”. Disabling session cookies will prevent login functionality. Disabling analytics cookies will not affect any platform feature.

Cookie Type	Used?	Purpose	Can Be Disabled?
Session cookies (authentication)	Yes	Keeping you logged in during a session	No — required for login functionality
Preference cookies	Yes	Remembering UI preferences	Yes — clearing cookies in browser settings
Analytics cookies (first-party, aggregated)	Yes	Understanding platform usage patterns; no individual profiling	Yes — opt-out available in account settings
Third-party advertising cookies	No — not used	N/A	N/A
Tracking pixels or beacons	No — not used	N/A	N/A
Browser fingerprinting	No — not used	N/A	N/A

§11

Data Security

Measures in Place

All data in transit is encrypted via TLS 1.2 or higher.
Data at rest is encrypted using AES-256 or equivalent.
Access to personal data is restricted to authorised personnel with role-based access controls. Access rights are reviewed quarterly.
Passwords are hashed using bcrypt or an equivalent one-way function. Purehire staff cannot view plaintext passwords at any time.
Internal security reviews are conducted on a regular scheduled basis.
Data processing agreements with all three processors (Razorpay, Google, Groq) include binding data security obligations.

Incident Response

In the event of a personal data breach that is likely to result in risk to Data Principals, Purehire will notify affected individuals within 72 hours of becoming aware of the breach, as required under DPDPA 2023.
Notification will include: nature of the breach, categories of data affected, likely consequences, and remedial steps taken or planned.

Limitation of Liability

Purehire has implemented reasonable and appropriate technical and organisational security measures. However, no digital system can guarantee immunity from all threats. Purehire is not liable for breaches caused by a Data Principal's own disclosure of credentials or by a Recruiter mishandling data after it has been lawfully downloaded from the platform.

If you suspect unauthorised access to your data or account, contact support@febinanddale.com immediately.

§12

Children's Privacy

Purehire's services are intended exclusively for individuals aged 18 years and above.
Purehire does not knowingly collect personal data from anyone under 18.
If Purehire discovers that data from a minor has been collected, it will be permanently deleted within 48 hours of discovery.
If you believe a minor's data has been submitted to the platform, contact support@febinanddale.com immediately.
Recruiters are prohibited from posting jobs targeting individuals under 18 or accepting applications from minors.

§13

India-Specific Compliance

13.1 Governing Law

This Privacy Policy and any disputes arising from it are governed by the laws of the Republic of India. The courts of Kozhikode, Kerala shall have exclusive jurisdiction.

13.2 Digital Personal Data Protection Act, 2023 (DPDPA)

Purehire operates as a Data Fiduciary under the DPDPA 2023. All processing activities described in this policy are conducted in accordance with the Act and rules notified thereunder. Purehire will update this policy within 30 days of any material new rule notification under DPDPA 2023.

13.3 IT Act 2000 and SPDI Rules 2011

Purehire complies with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, in particular with respect to collection, storage, and transfer of sensitive personal data.

13.4 Grievance Officer

As required under IT Act 2000 Section 43A and DPDPA 2023, a Grievance Officer is designated below. All privacy complaints and data rights requests must be directed to this contact.

Grievance Officer / Data Protection Contact

Febin and Dale Ventures Private Limited

Kunnamangalam, Kozhikode, Kerala — 673571, India

Email: support@febinanddale.com

Response Time: 7 business days

If your grievance is not resolved within 30 days of submission, you may escalate to the Data Protection Board of India once constituted under DPDPA 2023.

13.5 Cross-Border Data Transfers

Resume content is transmitted to Google (United States) and Groq (United States) for AI scoring. This constitutes cross-border personal data transfer under DPDPA 2023.
These transfers occur under: (a) the Candidate's explicit consent given at the point of application; and (b) data processing agreements with each processor that impose equivalent data protection obligations.
Purehire will comply with any government-notified restrictions on cross-border transfer under DPDPA 2023 rules as they are published, and will update this policy and practices accordingly.

No other cross-border data transfer takes place. Recruiter data and payment metadata remain within the scope of Razorpay's India-based processing infrastructure.

§14

Policy Changes and Versioning

Material changes — changes to: what data is collected, who it is shared with, how long it is retained, or Data Principal rights — will be communicated by email to all registered users at least 15 days before taking effect.
Non-material changes (grammar, formatting, contact details) will be effective upon publication without individual notification.
Continued use of Purehire after the effective date of a material change constitutes acceptance of the updated policy.
Previous versions of this Privacy Policy are maintained in an archive. Copies of prior versions are available upon request to support@febinanddale.com.
The current effective date is displayed at the top of this document and updated with each revision.

§15

Contact Information

For all privacy-related requests, complaints, consent withdrawals, and data rights exercises, use the contact channels below.

Channel	Detail
Email	support@febinanddale.com
Postal Address	Febin and Dale Ventures Private Limited, Kunnamangalam, Kozhikode, Kerala — 673571, India
Response SLA	7 business days from receipt and identity verification

Questions? support@febinanddale.com