Privacy Policy
Contents
- About Us
- Data We Collect
- How We Use Your Data
- AI Processing Disclosure
- Who We Share Data With
- Data Localization and Cross-Border Transfers
- Security Safeguards
- Data Retention Schedule
- Children's Data
- Breach Notification
- Your Rights
- Grievance Officer
- Data Protection Board of India
- Changes to this Policy
1 About Us
HireStrike (also referred to as "HireStrike", "we", "us", or "our") is an AI-powered career development and recruitment platform operated by AuraInterview Technologies Private Limited, incorporated under the Companies Act, 2013.
| Registered Name | AuraInterview Technologies Private Limited |
| Platform | HireStrike (hirestrikecareer.com) |
| Role under DPDPA | Data Fiduciary |
| Country | India |
| Data Fiduciary Email | pt.riteshvarma@gmail.com |
As a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDPA), we are responsible for determining the purposes and means of processing your personal data and for ensuring that such processing is conducted lawfully, fairly, and in accordance with this policy.
2 Data We Collect
We collect data that you provide directly, data generated through your use of the platform, and data received from your educational institution or employer where applicable.
| Category | Personal Data | Sensitive Personal Data |
|---|---|---|
| Identity | Full name, student ID, date of birth (optional) | Government ID number (if submitted for verification) |
| Contact | Email address, phone number | — |
| Academic | University name, branch, graduation year, GPA, skills, projects | — |
| Interview | Interview session metadata, job role applied for, session timestamps | Audio recordings (voice responses), video frames (proctoring), biometric-derived signals |
| Assessments | Answers to interview questions, scores, AI-generated evaluation reports | — |
| Training | Enrolled training plan, daily progress, assessment scores, completion status | — |
| Device / Usage | IP address, browser type, session cookies, page access logs | — |
| Documents | Resume/CV (filename and storage URL) | Resume content may contain health, disability, or community information voluntarily disclosed |
You are not required to provide sensitive personal data unless you choose to do so. Where the platform requests audio or video during an interview, you will receive a separate consent prompt before recording begins.
3 How We Use Your Data
We process your personal data for the following four specified purposes, each governed by a distinct legal basis under DPDPA Section 4:
Purpose 1 — Platform Account and Services
To create and manage your account, authenticate your identity, enable interview sessions, generate AI assessment reports, store training progress, and respond to support requests. This processing is necessary to perform the contract you enter into when you register.
Legal Basis: Consent (account registration)Purpose 2 — AI Assessment and Evaluation
To process your interview responses (text and audio transcripts) using AI models to evaluate communication quality, technical depth, and domain knowledge and to generate structured reports shared with you and, where consented, with prospective employers.
Legal Basis: Separate consent (withdrawable)Purpose 3 — Employer / Company Data Sharing
To share your candidate profile, interview report, and assessment scores with companies or recruiters who have listed job opportunities on the platform, but only where you have applied to or been shortlisted for a specific role.
Legal Basis: Separate consent (withdrawable)Purpose 4 — Analytics and Platform Improvement
To analyse aggregate usage patterns, improve question quality, tune AI evaluation accuracy, and generate placement performance reports for your college (in anonymised or aggregated form where identifiable data is not required).
Legal Basis: Separate consent (withdrawable)We do not use your data for purposes beyond those listed above without obtaining fresh consent. We do not sell your personal data to any third party.
4 AI Processing Disclosure
In compliance with DPDPA Section 5 and our obligation of transparency regarding automated decision-making, this section describes the AI systems used in processing your data.
| AI System | Provider | What It Evaluates | Output |
|---|---|---|---|
| Gemini 1.5 Pro / Flash | Google LLC | Interview answer transcripts, question responses, resume text | Scores (0-10), dimensional ratings, written feedback, strengths/weaknesses summary |
| Gemini 1.5 Flash-Lite | Google LLC | Training progress, innovation hub submissions | Viability/novelty scores, improvement suggestions |
| Deepgram | Deepgram Inc. | Audio recordings of your spoken interview answers | Text transcripts only; audio is not stored by Deepgram after transcription |
No fully automated decisions with legal or similarly significant effects are taken solely by AI. AI-generated scores are always made available to you in your report. Recruiters and college placement coordinators are responsible for final hiring or shortlisting decisions.
Your interview text responses are transmitted to Google's Gemini API using data processing agreements that include India-adequate security protections. Responses are processed in-request and are not used to train Google's models under our enterprise API agreement.
You may withdraw consent for AI assessment at any time through your profile settings. Withdrawing this consent will prevent future AI evaluation of your interview responses, but will not retroactively delete previously generated reports.
6 Data Localization and Cross-Border Transfers
All personal data collected by HireStrike is stored on Google Cloud Platform in the asia-south1 (Mumbai, India) region. We do not replicate or transfer your data to servers located outside India except as described below.
Sensitive personal data — including audio recordings, video frames, biometric-derived signals, and government ID numbers — shall not be transferred outside India under any circumstances.
Limited cross-border processing: When your interview responses are evaluated by AI, the text transcript (with direct identifiers stripped by our PII gateway) is transmitted to Google's Gemini API and Deepgram's transcription API. These API calls are processed in-request and the data is not stored by the provider after response. This processing is governed by:
- Google Cloud Data Processing Addendum (DPA) with Standard Contractual Clauses
- Deepgram Data Processing Agreement with deletion-on-completion commitment
- Our internal PII stripping pipeline that removes names, emails, phone numbers, and government IDs before any data leaves India
If India's Data Protection Board notifies a list of countries to which cross-border transfers are restricted, we will verify our processing partners against that list and update this section accordingly.
7 Security Safeguards
We implement technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, or disclosure:
| Measure | Description |
|---|---|
| Encryption in transit | All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS) |
| Encryption at rest | Database storage on Google Cloud SQL uses AES-256 encryption with Google-managed keys |
| Access controls | Role-based access control (RBAC) ensures only authorized personnel access personal data; admin actions are logged with user ID, timestamp, and action description |
| Multi-tenancy isolation | Every database query is filtered by college ID and user ID to prevent cross-tenant data leakage |
| PII stripping | All data sent to external AI APIs passes through a centralized PII gateway that removes names, emails, phone numbers, protected characteristics, and government IDs |
| Session security | Candidate sessions expire after 24 hours; college/company sessions expire after 8 hours; session tokens use secure, HttpOnly cookies |
| Infrastructure | Hosted on Google Cloud Run (serverless, auto-scaling) behind Cloudflare WAF with DDoS protection |
| Vendor security | All data processors (Google Cloud, Deepgram, Cloudflare) maintain SOC 2 Type II and/or ISO 27001 certifications |
While no system can guarantee absolute security, we continuously review and improve our safeguards. If you believe your account has been compromised, contact our Grievance Officer immediately at privacy@hirestrikecareer.com.
8 Data Retention Schedule
We retain personal data only for as long as necessary for the purpose it was collected and as required by applicable Indian law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Active student account data | Duration of account + 2 years after last login | Contractual necessity |
| Interview session transcripts and audio | 18 months from session date | Report generation and employer reference |
| AI-generated interview reports | 3 years from generation date | Placement evidence and candidate access rights |
| Training progress and certificates | 5 years from completion | Professional credential verification |
| Consent records (DPDPA) | 7 years from consent date | DPDPA compliance audit requirements |
| Grievance complaints | 5 years from resolution date | Legal and regulatory obligations |
| Audit and access logs | 2 years | Security and fraud investigation |
| Deleted account data | Anonymised within 30 days of deletion request, logs retained 2 years | DPDPA Section 8(7) and legal hold obligations |
After the retention period expires, personal data is either securely deleted or anonymised such that no individual can be re-identified. We run automated retention audits and log all such operations for compliance verification.
9 Children's Data
Under DPDPA Section 9, a child is defined as any individual below 18 years of age. HireStrike is primarily designed for college students aged 18 and above. We do not knowingly collect or process personal data from individuals under 18 without verifiable parental or guardian consent.
If you are under 18:
- You may only use HireStrike if your parent or legal guardian has provided verifiable consent through your educational institution's onboarding process.
- Your college placement coordinator acts as the point of contact for parental consent verification and must confirm guardian approval before activating your account.
- We do not subject minors to behavioral tracking, targeted advertising, or profiling for commercial purposes.
- AI-generated assessment reports for minors are shared only with the student and their college — never directly with employers without explicit guardian consent.
If we discover that personal data of a child has been collected without proper parental consent, we will delete such data within 72 hours of discovery and notify the relevant educational institution. Parents or guardians may request access to or deletion of their child's data by writing to privacy@hirestrikecareer.com.
10 Breach Notification
In accordance with DPDPA Section 8(6), in the event of a personal data breach that is likely to cause harm to Data Principals, we will:
- Notify the Data Protection Board of India without unreasonable delay and in any case within 72 hours (calendar hours, measured in UTC+5:30 IST) of becoming aware of the breach, providing: the nature and scope of the breach, categories and approximate number of Data Principals affected, likely consequences, and measures taken or proposed to mitigate the breach.
- Notify affected Data Principals without unreasonable delay (same business day if possible, or within 48 hours if discovery occurs outside business hours), describing: the nature of the breach in clear language, the type of personal data involved, what steps the Data Principal can take to protect themselves, and contact details of our Grievance Officer for further enquiries.
- Document the breach in an internal register including: date of discovery, date of notification, scope, root cause analysis, and remediation steps taken. This register shall be maintained for a minimum of 5 years and made available to the Board on request.
We maintain an incident response plan that is tested annually. All personnel with access to personal data are trained on breach identification and escalation procedures.
If you suspect that your personal data on HireStrike has been compromised, please report it immediately to privacy@hirestrikecareer.com with the subject line "Data Breach Report".
11 Your Rights
Under the Digital Personal Data Protection Act, 2023 (Chapter III), you have the following rights as a Data Principal. You may exercise these rights by writing to pt.riteshvarma@gmail.com or through the settings pages within your account.
Right to Access (Section 11)
Request a summary of personal data we hold and the purposes for which it is being processed.
Right to Correction (Section 12)
Request correction of inaccurate or outdated personal data such as contact details or academic information.
Right to Erasure (Section 12)
Request deletion of your account and personal data, subject to legal hold and contractual retention obligations.
Right to Withdraw Consent (Section 6(4))
Withdraw consent for AI assessment, company data sharing, or analytics at any time without affecting prior processing.
Right to Data Portability (Section 12)
Export all your data in machine-readable format (JSON/ZIP) via the Account Settings page at any time.
Right to Nomination (Section 14)
Nominate another individual to exercise your rights on your behalf in the event of death or incapacity.
Right to Grievance Redressal (Section 13)
File a complaint with our Grievance Officer and expect acknowledgement within 48 hours and resolution within 30 days.
Right to Complain to the Board
If your grievance is not resolved satisfactorily, escalate to the Data Protection Board of India.
We will respond to access, correction, and erasure requests within 30 days. Where a request is complex or numerous, we may extend this by a further 30 days with written notice. We will not charge a fee for reasonable requests.
12 Grievance Officer
In accordance with DPDPA Section 13 and Rule 12 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address any concerns regarding your personal data.
Designation: Data Protection Officer & Grievance Officer
Email: pt.riteshvarma@gmail.com
Platform: HireStrike — hirestrikecareer.com
Response SLA: Acknowledgement within 48 hours; resolution within 30 days
Escalation: If unresolved within 30 days, you may file a complaint with the Data Protection Board of India.
When submitting a grievance, please include your registered email address, a description of your concern, and the specific right or data you are requesting action on. You may also use the in-app grievance form available in Account Settings.
13 Data Protection Board of India
If you believe that your rights under the Digital Personal Data Protection Act, 2023 have been violated and our Grievance Officer has not resolved your complaint satisfactorily, you have the right to file a complaint with the Data Protection Board of India.
Established under DPDPA 2023, Chapter V
Ministry of Electronics and Information Technology (MeitY), Government of India
Website: www.meity.gov.in
You may approach the Board only after first raising the matter with our Grievance Officer and either not receiving a response within 30 days or being unsatisfied with the response received.
14 Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in law, platform features, or our data processing practices. The current version number and last updated date are shown at the top of this page.
For material changes that affect how we process your personal data, we will notify you by email to your registered address and display a prominent notice on the platform at least 15 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the updated policy.
You may request a copy of previous versions of this policy by writing to our Grievance Officer. All previous versions are archived and available for review within 7 years.
If any change requires fresh consent under DPDPA, we will present a consent flow before you continue using the affected feature.