Legal

Privacy Policy

Last updated: 17 May 2026

Hirenix ("we", "us", "our"), operated as a sole proprietorship by Waquar Ahmed Nawaz from Gaya, Bihar, India, India, takes your privacy seriously. This policy explains what personal data we collect, how we use it, who we share it with, and the rights you have under India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

For the purposes of the DPDP Act, the Operator is the "Data Fiduciary" and you are the "Data Principal".

1. Data we collect

1.1 Information you give us

  • Account data: name, email address, password hash, preferred language.
  • Resume content: personal details, work experience, education, projects, skills, certifications, and any other information you enter into a resume or upload via PDF.
  • Payment data: processed entirely by Razorpay. We only store the transaction ID, amount, and subscription status — never your card number, CVV, or UPI PIN.
  • Support communication: emails you send to support@hirenix.in.

1.2 Information we collect automatically

  • Usage data: pages visited, features used, time spent, click events.
  • Device & network: IP address, browser type, operating system, device type. Used for security, abuse prevention, and rate-limiting the free tool.
  • Cookies: session cookies for authentication. No third-party advertising cookies. No cross-site tracking pixels.

2. Why we use your data (lawful purposes)

  • Provide the Service: parsing resumes, generating ATS scores, AI rewrites, PDF exports.
  • Account management: login, password reset, subscription billing, transactional emails.
  • Improve the Service: aggregated usage analytics to fix bugs and prioritise features. Never combined with personal identifiers.
  • Security & abuse prevention: rate-limiting, detecting fraud, enforcing our Terms.
  • Legal compliance: retaining payment records as required by Indian tax law.

Each of these purposes corresponds to a lawful basis under the DPDP Act — either your consent (granted by signing up) or our legitimate interest in operating the Service.

3. Third-party processors (Data Processors)

We use the following service providers to operate Hirenix. Each is bound by a data processing agreement that prohibits using your data for any other purpose.

  • Supabase— database & authentication. Data stored in ap-south-1 (Mumbai). Supabase privacy.
  • Google Gemini API— AI scoring, parsing, rewrites. Resume text is sent to Google's API for processing. Google does not retain or train on Gemini API inputs by default. Gemini API terms.
  • Razorpay — payment processing. Card / UPI data flows directly to Razorpay; we never see it. Razorpay privacy.
  • Resend — transactional email delivery (password reset, receipts). Resend privacy.
  • Vercel — hosting and CDN. Edge servers may process requests outside India for performance. Vercel privacy.
  • Google Analytics 4 — anonymised traffic analytics. IP addresses are truncated before storage.

4. International data transfers

Your primary data (account, resume content) is stored in India (Supabase Mumbai region). Some processing occurs outside India — Gemini API responses are returned from Google servers (which may include US-based regions), and Vercel's edge network is global. By using Hirenix, you consent to these cross-border transfers, which are necessary to provide the Service. We do not transfer data to any country restricted under the DPDP Act.

5. Data retention

  • Account & resume data: retained while your account is active. Deleted within 30 days of you deleting your account.
  • Payment records: retained for 7 years for compliance with the Indian Income Tax Act.
  • Free-tool uploads (anonymous):the parsed resume is stored only in your browser's localStorage so it can be claimed when you sign up. We do not store anonymous resume uploads in our database. PDF files are processed in memory and discarded immediately after scoring.
  • Server logs: retained for 30 days for security and debugging.

6. Your rights (DPDP Act)

You have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: update inaccurate or incomplete data — most fields are editable directly in your account settings.
  • Erasure: delete your account and associated data.
  • Withdraw consent: stop processing based on consent at any time. Withdrawal does not affect lawful processing already carried out.
  • Grievance redressal: raise a complaint with us first, then with the Data Protection Board of India if unresolved.
  • Nominate: nominate another person to exercise your rights in case of your incapacity or death.

To exercise any of these rights, email support@hirenix.in from the address registered to your account. We will respond within 30 days.

7. Security

We use industry-standard security: HTTPS/TLS for all data in transit, encrypted passwords (bcrypt), row-level security policies on our database so users can only access their own data, and principle-of-least-privilege for service-role keys. No security measure is perfect — please report suspected vulnerabilities to support@hirenix.in.

8. Children

Hirenix is not directed at users under 18. We do not knowingly collect data from minors. If we learn that we have collected data from a user under 18, we will delete it promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or an in-app banner at least 7 days before they take effect.

10. Grievance officer

For privacy concerns or to exercise your DPDP rights, contact our Grievance Officer:

  • Name: Waquar Ahmed Nawaz
  • Email: support@hirenix.in
  • Address: Gaya, Bihar, India, India
  • Response time: within 30 days of your request.