Last updated: April 14, 2026
Recruitizr ("we", "our", "us") is a multi-tenant Software-as-a-Service (SaaS) recruitment platform. We are committed to protecting the personal data of our users, their employees, and the candidates whose information is processed through our platform.
This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with applicable data protection laws, including:
By using Recruitizr, you acknowledge that you have read and understood this Privacy Policy.
For the purposes of GDPR, Recruitizr acts as the Data Controller for platform-level data (account information, billing, authentication) and as a Data Processor for recruitment data managed by tenant organizations.
For the purposes of the DPDP Act 2023, Recruitizr acts as a Data Fiduciary when determining the purpose and means of processing personal data, and as a Data Processor when processing data on instructions from tenant organizations.
Contact Details:
| Category | Data Points | Purpose | |----------|------------|---------| | Account Data | Name, email address, password (hashed), role | Authentication, access control | | Organization Data | Company name, industry, plan, billing info | Tenant provisioning, billing | | Recruitment Data | Candidate names, resumes, contact details, interview records, hiring status | Core recruitment operations (processed on behalf of tenant organizations) | | Usage Data | Feature usage, AI tool usage logs (tool type, timestamp), activity logs | Service improvement, analytics, AI usage tracking | | Technical Data | IP address, browser type, device info, cookies | Security, session management, analytics |
Under GDPR: We process personal data based on: (a) Consent — for cookies and marketing communications; (b) Contractual necessity — for providing our SaaS services; (c) Legitimate interests — for security, fraud prevention, and service improvement; (d) Legal obligations — for tax, compliance, and regulatory requirements.
Under DPDP Act 2023: We process digital personal data based on: (a) Consent of the Data Principal — obtained freely, specifically, and informed; (b) Certain Legitimate Uses as defined under Section 7 of the Act — including contractual obligations, voluntary provision of data, and legal/regulatory compliance.
Recruitizr includes AI-powered tools (RecruiterIQ) that process recruitment data using third-party large language models. Specifically:
Users are responsible for ensuring that AI-assisted hiring decisions comply with applicable non-discrimination laws, including EEOC guidelines and India's equal opportunity principles.
We obtain consent through:
Under the DPDP Act 2023, consent must be free, specific, informed, unconditional, and unambiguous, given by clear affirmative action. We ensure consent requests are presented in clear, plain language (English and Hindi).
| Data Category | Retention Period | |--------------|-----------------| | Account Data | Duration of account + 30 days after deletion | | Recruitment Data | As per the tenant organization's own retention policy | | Usage & Activity Logs | 90 days | | AI Usage Logs | 90 days | | Consent Records | 3 years from the date of consent (for audit purposes) | | Billing Records | 7 years (as required by tax regulations) |
Upon expiry of the retention period or upon a valid deletion request, personal data is erased or anonymized in accordance with applicable law.
Under GDPR, data subjects in the EEA/UK have the right to: Access their personal data; Rectify inaccurate data; Erasure ("Right to be Forgotten"); Data portability; Restrict or object to processing; Withdraw consent; Lodge a complaint with a supervisory authority.
Under the DPDP Act 2023, Data Principals in India have the right to: Access information about their personal data being processed; Correction and erasure of personal data; Grievance redressal — contact our Grievance Officer at privacy@recruitizr.com; Nominate another individual to exercise rights in case of death or incapacity.
To exercise any of these rights, use the Privacy & Data Rights section in your dashboard, or email privacy@recruitizr.com.
We implement reasonable security safeguards including: passwords stored using bcrypt hashing; JWT-based authentication with expiring tokens; per-tenant database isolation; HTTPS encryption for all data in transit; role-based access control (RBAC) with 4-level hierarchy; activity logging for audit purposes.
Recruitizr may process data in servers located outside India and/or outside the EEA. For GDPR compliance, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions. Under the DPDP Act 2023, cross-border transfers are permitted to countries not restricted by the Central Government of India.
Recruitizr is a B2B recruitment platform and is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors.
In the event of a personal data breach, we will: notify the Data Protection Board of India and/or the relevant EU supervisory authority as required by law; notify affected Data Principals / data subjects without undue delay; document the breach, its effects, and remedial actions taken.
We use cloud infrastructure for hosting, AI/ML providers for RecruiterIQ features (text analysis only), and payment processors for billing. All third-party processors are bound by data processing agreements.
We may update this Privacy Policy from time to time. Material changes will be communicated via email to account administrators. The "Last updated" date reflects the most recent revision.
If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Board of India (under DPDP Act) or your local EU supervisory authority (under GDPR).