hirezhirez
Sign InGet Started

Privacy Policy

Effective Date: 27 April 2026 Website: https://hirezai.com Service Name: hirez

hirez ("we", "us", or "our") is operated from Bengaluru, India. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our website and services (the "Service"). It is issued in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), as applicable.

By accessing or using the Service, you consent to the practices described in this Policy.

1. Information We Collect

a. Account Information

  • Full name — provided directly or imported from your Google account.
  • Email address — used as your login identifier and for service communication.
  • Profile picture (avatar) — when you sign in with Google, we receive and store your Google profile photo URL (avatar_url) so we can display it in your account. You can replace it any time by uploading a different image, or remove it from your account settings.
  • Phone number (optional) — collected only if you choose to verify your phone via OTP.

b. User Content

  • Resume data you create or upload (stored as structured JSON).
  • Resume files uploaded by you (PDF, DOC, DOCX).
  • Job descriptions, URLs, or job titles you submit for resume tailoring.

c. Usage and Technical Data

  • Interaction logs (e.g., features used, drafts created, exports performed).
  • Device and browser information (user-agent, screen size, locale).
  • IP address and approximate location, captured for security and rate-limiting.
  • Cookies and similar technologies (see Section 8).

We do not knowingly collect data from children under the age of 18. If you believe a minor has provided us personal data, please contact us so we can delete it.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service (account creation, authentication, resume building, AI optimization, exports).
  • Personalize your experience (e.g., displaying your name and Google profile picture).
  • Process AI-generated suggestions and tailoring against job descriptions.
  • Communicate with you about service updates, security alerts, and support requests.
  • Detect, prevent, and address fraud, abuse, and security incidents.
  • Comply with applicable Indian laws, including the IT Act, 2000 and the DPDP Act, 2023.

We process your personal data only on lawful grounds — primarily your consent (given when you sign up or use a feature), the performance of our contract with you, and our legitimate interests in operating and improving the Service.

3. AI Processing (Important)

  • Your resume content and the job descriptions you submit may be processed by third-party AI models (currently routed through OpenRouter) to generate suggestions, rewrites, and tailored output.
  • This processing is necessary to provide the core Service. By using AI features, you consent to your content being transmitted to these AI providers.
  • We do not sell your data and do not authorize AI providers to train their public models on your content. AI providers act as our processors under contractual confidentiality.

4. Data Storage and Cross-Border Transfers

  • Personal data and resume content are stored in our managed PostgreSQL database and object storage.
  • Our infrastructure may be hosted in data centres located inside or outside India (including the European Union and the United States) operated by reputable cloud providers. Where data is transferred outside India, we rely on the cloud provider's contractual safeguards and security certifications, in line with the DPDP Act and the SPDI Rules.
  • AI processing through OpenRouter and the underlying model providers may also occur outside India.

5. Data Retention

  • We retain your account data and resume content for as long as your account is active.
  • You can delete individual resumes, drafts, or your entire account at any time from the in-app account settings, or by writing to us at the address in Section 12.
  • On account deletion, we delete your personal data within a reasonable period unless retention is required to comply with a legal obligation, resolve disputes, or enforce our agreements.

6. Data Sharing and Disclosure

We do not sell your personal data.

We share data only with:

  • Google — for OAuth authentication, including receipt of your name, email, and profile picture.
  • AI providers via OpenRouter — for resume content processing and tailoring.
  • Cloud, hosting, and storage providers — for running the Service infrastructure.
  • Email and communication providers — for transactional emails and OTP delivery.
  • Law enforcement or government authorities — when we are required to do so by Indian law, valid legal process, or to protect the rights, property, or safety of our users or the public.

All vendors operate as our data processors and are bound by confidentiality and data-protection commitments.

7. Your Rights (Data Principal Rights)

Subject to applicable Indian law and the DPDP Act, you have the right to:

  • Access the personal data we hold about you.
  • Correction and updating of inaccurate or incomplete data.
  • Erasure of your personal data (account and resume deletion).
  • Withdraw consent at any time, by deleting your account or contacting us. Withdrawal does not affect processing already performed lawfully.
  • Grievance redressal — raise a complaint with our Grievance Officer (see Section 12).
  • Nominate another individual to exercise your rights in case of incapacity or death, where required by law.

To exercise these rights, write to support@hirezai.com. We will respond within the timelines required by applicable law.

8. Cookies and Local Storage

We use cookies and browser local storage to:

  • Keep you signed in (authentication tokens).
  • Remember your preferences and draft state.
  • Measure feature usage and improve the Service.

You can clear cookies and local storage from your browser at any time. See our Cookies Policy for more details.

9. Security

We implement reasonable security practices and procedures consistent with the SPDI Rules and the DPDP Act, including encrypted transport (HTTPS), hashed credentials, access controls, and audit logging. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach affecting your information, we will notify the Data Protection Board of India and you, where and as required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. The updated version will be posted on this page with a new effective date. Material changes will be communicated to you by email or in-app notice. Your continued use of the Service after such changes constitutes acceptance of the updated Policy.

11. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts at Bengaluru, Karnataka.

12. Contact and Grievance Officer

For any questions, requests, or grievances relating to your personal data, please contact:

  • Email: support@hirezai.com
  • Service: hirez (https://hirezai.com)
  • Location: Bengaluru, India

In accordance with the IT Act, 2000 and the DPDP Act, 2023, the above email address also serves as the contact for our Grievance Officer. We endeavour to acknowledge grievances within 48 hours and resolve them within 30 days of receipt.