Privacy Policy

1. Information We Collect

We collect and process several categories of personal and non-personal information when you access or use our platform. The categories of data we collect depend on how you interact with the Service:

2. Legal Basis for Processing

We process your personal data on the following legal grounds under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000:

• Consent: Where you have provided explicit consent for the processing of your personal data for specified purposes, such as participating in AI interviews, creating an account, or submitting your resume. Consent is obtained at the time of account creation, job application, and interview initiation.
• Contractual Necessity: Where processing is necessary for the performance of a contract with you, including providing recruitment services, processing job applications, conducting AI screening interviews, and delivering evaluated candidate profiles to employers.
• Legitimate Interest: Where processing is necessary for Vruent's legitimate business interests, including platform security, fraud prevention, service improvement, analytics, AI model training and enhancement (using anonymized data), and enforcing our Terms of Service.
• Legal Obligation: Where processing is necessary to comply with applicable Indian laws, regulations, court orders, or government directives, including tax regulations, record-keeping requirements, and law enforcement requests.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Recruitment Services: Processing job applications, conducting AI-powered screening interviews, generating evaluations (composite scores, skill breakdowns, transcripts, recommendations), and delivering pre-evaluated candidate profiles to employers.
• Platform Operation: Creating and managing user accounts, authenticating users, providing access to candidate and employer portals, and maintaining platform functionality.
• Employer Sharing: Sharing evaluated candidate profiles — including composite scores, skill breakdowns, interview recordings, transcripts, career snapshots, highlights, and AI-generated hire/pass recommendations — with prospective employers for hiring evaluation purposes.
• Communication: Contacting you about job opportunities, application status updates, interview scheduling, platform announcements, service updates, and responding to your inquiries and support requests.
• AI Model Training and Improvement: Using anonymized and aggregated data derived from interviews, evaluations, and platform interactions to train, test, validate, and improve our AI models, scoring algorithms, question generation systems, and overall service quality.
• Analytics and Research: Analyzing platform usage patterns, hiring trends, and recruitment outcomes to generate internal analytics, improve the Service, and produce aggregated industry insights.
• Safety and Security: Detecting, preventing, and investigating fraud, cheating during AI interviews, unauthorized access, security incidents, and other harmful or illegal activities.
• Legal Compliance: Complying with applicable laws, regulations, legal processes, and government requests, and establishing, exercising, or defending legal claims.
• Marketing and Outreach: With your consent, sending you information about Vruent services, job opportunities, and recruitment industry updates. You may opt out of marketing communications at any time.

4. AI Processing and Automated Decision-Making

Vruent uses artificial intelligence extensively in its recruitment process. You should be aware of the following:

• AI Interview Processing: Your interview audio/video is processed by speech-to-text services (Deepgram) to generate transcripts. Transcripts and profile data are then processed by large language models (OpenAI GPT) to generate composite scores, skill evaluations, career snapshots, highlights, and hire/pass recommendations.
• Resume Analysis: Your resume is parsed and analyzed by AI systems to extract structured professional information, identify skills, and match your profile against job requirements.
• Embedding and Matching: Your profile and interview data may be converted into vector embeddings for semantic similarity matching against job requirements and for candidate-job matching purposes.
• Scoring Methodology: Composite scores (0–100 scale) are generated algorithmically based on multiple factors including skill match, experience relevance, interview performance, and communication quality. Scores of 80+ are categorized as green (strong match), 50–79 as yellow (moderate match), and below 50 as red (weak match).
• Human Oversight: While AI generates initial evaluations and recommendations, all shortlists shared with employers are reviewed by Vruent's human team. AI evaluations are decision-support tools and do not constitute final hiring decisions.
• No Solely Automated Decisions: No employment-related decisions are made solely on the basis of automated processing. AI-generated recommendations are always subject to human review before being acted upon. Employers make their own independent hiring decisions.
• Right to Contest: If you believe an AI-generated evaluation is inaccurate or unfair, you may contact us at support@vruent.com to request a review. Vruent will conduct a human review of the contested evaluation within 30 days.

Vruent continually works to improve the accuracy and fairness of its AI systems. However, AI models are probabilistic in nature and may produce varying results. Vruent does not warrant the accuracy of any AI-generated output.

5. Sharing Your Information

We share your information with the following categories of recipients:

• Employers: If you are a candidate, your evaluated profile — including composite scores, skill breakdowns, interview recordings, transcripts, career snapshots, highlights, and AI recommendations — is shared with employers through the controlled employer portal for roles you have applied to or been matched with. Employers access candidate data subject to confidentiality obligations in our Terms of Service.
• AI Service Providers: Your interview audio/video and text data are processed by third-party AI providers, specifically OpenAI (for language model processing, scoring, and embedding) and Deepgram (for speech-to-text transcription). These providers process data on our behalf under strict contractual obligations regarding data security and confidentiality.
• Cloud Infrastructure Providers: Your data is stored and processed on Google Cloud Platform (GCP) infrastructure (region: asia-south1, Mumbai) and Cloudflare R2 (for file storage). These providers maintain robust security certifications and data protection measures.
• Authentication Provider: Firebase (Google) processes authentication data including phone numbers and Google account information for the purpose of verifying user identity.
• Analytics and Observability: We use HyperDX (with OpenTelemetry) for application monitoring, error tracking, and performance analytics. Data shared with these services is primarily technical in nature.
• Legal and Regulatory: We may disclose your information if required by law, court order, subpoena, or government regulation, or if we believe in good faith that disclosure is necessary to: (a) comply with legal obligations; (b) protect the rights, property, or safety of Vruent, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity as part of the transaction, subject to applicable data protection requirements.

We do not sell your personal data to third parties. We do not share your personal data with third parties for their independent marketing purposes. All third-party data processing is governed by contractual obligations that require processors to maintain appropriate security measures and process data only in accordance with our instructions.

6. Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside India in the following circumstances:

• AI Processing: Interview data may be processed by AI service providers (OpenAI, Deepgram) whose processing infrastructure may be located in the United States or other jurisdictions outside India.
• Cloud Services: While our primary infrastructure is in Google Cloud Platform's asia-south1 (Mumbai) region, certain services, backups, and redundancy systems may involve data transfer to other GCP regions.
• Service Providers: Some of our third-party service providers may process data in jurisdictions outside India.

Where personal data is transferred outside India, we ensure that appropriate safeguards are in place in compliance with the Digital Personal Data Protection Act, 2023, including contractual obligations with data processors requiring them to implement adequate technical and organizational security measures. By using the Service and providing your consent, you acknowledge and agree to the transfer of your data outside India for the purposes described in this policy.

7. Data Retention

We retain your personal data for the periods necessary to fulfill the purposes described in this policy, subject to our legal and business obligations:

• Interview Recordings (audio and video): Retained for a minimum of 5 years from the date of recording, or longer as required for legal compliance, dispute resolution, or enforcement of our Terms.
• Interview Transcripts and AI Evaluations: Retained for a minimum of 5 years from the date of generation.
• Resumes and Professional Documents: Retained for a minimum of 5 years from the date of upload or last update, or until you request deletion (subject to retention obligations).
• Candidate Profile Data: Retained for a minimum of 5 years from the date of last account activity.
• Employer Account and Transaction Data: Retained for a minimum of 8 years from the date of last transaction, in compliance with Indian tax and commercial record-keeping requirements.
• Account and Usage Data: Retained for the duration of your account and for a minimum of 3 years thereafter for audit, compliance, and dispute resolution purposes.
• Communication Records: Retained for a minimum of 3 years from the date of communication.
• Anonymized and Aggregated Data: Anonymized data that can no longer be associated with an identified individual may be retained indefinitely for analytics, research, AI model training, and service improvement purposes.

After the applicable retention period, personal data is securely deleted or irreversibly anonymized in accordance with our data management procedures. You may request earlier deletion of your personal data by contacting privacy@vruent.com, subject to our legal retention obligations, ongoing contractual requirements, and the rights of other parties (e.g., data already shared with employers). Deletion requests will be processed within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, destruction, or accidental loss. These measures include:

• Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption for stored data.
• Access Controls: Role-based access controls ensure that personal data is accessible only to authorized personnel who require access for legitimate business purposes.
• Infrastructure Security: Our platform is hosted on Google Cloud Platform with enterprise-grade security, including network firewalls, intrusion detection, DDoS protection, and regular security patching.
• Authentication: Multi-factor authentication, Firebase-managed identity verification, and session management with secure, HTTP-only cookies.
• Monitoring: Continuous monitoring and logging of system access and activities using OpenTelemetry observability instrumentation.
• Incident Response: Documented incident response procedures for detecting, containing, and responding to security breaches.

While we implement industry-standard security measures, no method of data transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your account credentials and for all activities that occur under your account. If you become aware of any security breach affecting your account, please immediately contact us at support@vruent.com.

9. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable Indian laws, you have the following rights regarding your personal data:

• Right to Access: You have the right to obtain confirmation of whether we are processing your personal data and to request a summary of the personal data being processed, along with the processing activities undertaken.
• Right to Correction: You have the right to request correction of inaccurate or misleading personal data and completion of incomplete personal data.
• Right to Erasure: You have the right to request erasure of your personal data where the specified purpose for processing has been fulfilled, you have withdrawn your consent, or the data is no longer necessary. This right is subject to our legitimate retention requirements, legal obligations, and the rights of third parties.
• Right to Grievance Redressal: You have the right to lodge a complaint with our Grievance Officer (see Section 13) or with the Data Protection Board of India if you believe your data rights have been violated.
• Right to Nominate: In the event of your death or incapacity, you have the right to nominate any other individual who may exercise your rights on your behalf.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time by contacting privacy@vruent.com. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal. Withdrawal of consent may result in termination of your account and inability to use certain features of the Service.

To exercise any of these rights, please submit a written request to privacy@vruent.com or to our Grievance Officer using the details in Section 13. We will verify your identity before processing any request. Requests will be processed within 30 days of receipt of a verified request. We reserve the right to charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests, as permitted by applicable law.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

You may manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for specific websites. Please note that disabling essential cookies may significantly affect the functionality of the platform. For detailed information about managing cookies in your browser, please refer to your browser's help documentation.

11. Children's Privacy

The Vruent platform is not intended for use by individuals under the age of 18. We do not knowingly collect, process, or store personal data from children under 18 years of age. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such data from our systems.

If you are a parent or guardian and believe that your child has provided personal data to Vruent, please contact us immediately at privacy@vruent.com so that we can take appropriate action.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights, we will:

• Notify the Data Protection Board of India in accordance with the requirements of the Digital Personal Data Protection Act, 2023 and any rules notified thereunder.
• Notify affected users without unreasonable delay, providing details of the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach.
• Take immediate steps to contain the breach, assess its impact, and implement remedial measures to prevent recurrence.
• Maintain a record of all data breaches, including the facts relating to the breach, its effects, and the remedial action taken.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your concerns regarding data processing:

• Name: Grievance Officer, Vruent
• Email: privacy@vruent.com
• Address: Plot No 922, House No 204, C2 Block, Palam Vihar, Gurgaon, Haryana 122017, India
• Response Time: The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days of receipt.

If you are not satisfied with the resolution provided by our Grievance Officer, you have the right to escalate your complaint to the Data Protection Board of India as established under the Digital Personal Data Protection Act, 2023.

14. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications that are not operated or controlled by Vruent. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices, content, or security of any third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your personal data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will: (a) post the updated policy on this page; (b) update the "Last updated" date at the top of this page; and (c) where required by law, seek your consent to the updated policy or notify you via email or in-platform notification.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data practices, please contact us at: