Privacy Policy

1. Introduction

Quaintscience Technologies Pvt. Ltd. ("we," "our," or "us") operates [Platform Name], an AI-powered recruitment platform that processes resumes and conducts virtual interviews. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services in compliance with Indian data protection laws, including the Digital Personal Data Protection Act, 2023.

By using our platform, you consent to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Personal Information You Provide

Account Information: Name, email address, mobile number, company details, designation
Resume Data: Educational qualifications, work experience, skills, contact information, date of birth, gender, and other details contained in uploaded resumes
Interview Data: Video recordings, audio recordings, responses to interview questions, behavioral analysis data
Payment Information: Billing address, payment method details, PAN details if applicable (processed securely through Razorpay)
Identity Verification: Aadhaar number, PAN card details, or other government-issued ID numbers when required for verification
Communications: Messages, feedback, and support requests in Hindi, English, or other regional languages

2.2 Automatically Collected Information

Technical Data: IP address, browser type, device information, operating system
Usage Data: Pages visited, features used, time spent on platform, click patterns
Performance Data: Application logs, error reports, system performance metrics
AI Analysis Data: Scoring algorithms results, interview assessment metrics, candidate rankings
Analytics Data: Website usage statistics, user behavior patterns, and performance metrics collected through Google Analytics

2.3 Third-Party Information

Information from AI service providers and other integrated platforms
Data validation services for identity verification
Analytics and performance monitoring tools

3. How We Use Your Information

3.1 Core Platform Services

Resume Processing: Parsing, analyzing, and scoring uploaded resumes using AI algorithms
Interview Conduct: Facilitating virtual interviews, recording sessions, and generating AI-powered assessments
Candidate Evaluation: Providing scoring, rankings, and recommendations to employers
Account Management: Creating and maintaining user accounts, authentication, and access control

3.2 Business Operations

Payment Processing: Processing subscription fees and transaction charges through Razorpay
Customer Support: Responding to inquiries, troubleshooting, and providing assistance
Platform Improvement: Analyzing usage patterns to enhance features and user experience
Compliance: Meeting legal obligations and maintaining security standards

3.3 Communications

Service Notifications: Updates about your account, interviews, and platform changes
Marketing Communications: Product updates, feature announcements (with opt-out option)
Security Alerts: Important security-related communications

4. Information Sharing and Disclosure

4.1 Authorized Sharing

Employers to Candidates: Interview results, scores, and assessments as part of the recruitment process (only within India unless explicit consent obtained)
Within Organizations: Sharing candidate data among authorized users within the same organization
Service Providers: Third-party vendors who assist in platform operations and have signed data processing agreements
Government Authorities: When required by Indian law enforcement, tax authorities, or regulatory bodies

4.2 Cross-Border Data Transfer

Data may be transferred outside India only in the following circumstances:

With your explicit consent for each transfer
To countries with adequate data protection as notified by the Indian government
Under approved transfer mechanisms and safeguards
For processing payments through Razorpay's international payment gateways (with encryption)

4.3 Legal Requirements

We may disclose information when required by Indian law, including:

Compliance with orders from Indian courts, tribunals, or government authorities
Requests from law enforcement agencies, income tax department, or other statutory bodies
Protection of our rights, property, or safety under Indian law
Investigation of potential violations of our terms of service or Indian cyber laws
Prevention of fraud, financial crimes, or security threats as per Indian regulations

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to:

Prior notice to users as per DPDP Act requirements
Equivalent privacy protections
Approval from relevant Indian authorities if required

5. Third-Party Services

5.1 AI Service Providers

We use third-party AI models and services for:

Resume parsing and analysis
Interview question generation
Candidate assessment and scoring
Natural language processing

5.2 Payment Processing

We use RBI-licensed payment aggregators for secure payment processing within India. Your payment information is handled according to:

Payment processor privacy policies and RBI guidelines
PCI DSS compliance standards
Indian payment and settlement systems regulations
UPI, net banking, and card payment security protocols

5.3 Other Service Providers

Cloud Infrastructure: Secure database and hosting services with encryption
Analytics: Web analytics for usage monitoring and performance optimization
CDN and Security: Content delivery networks for DDoS protection and web security
Communication: Email services and notification systems
Security: Identity verification and fraud prevention services

All third-party providers are contractually required to maintain appropriate data protection standards.

6. Data Security

6.1 Security Measures

Encryption: Data encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption (AES-256)
Database Security: Cloud database infrastructure with built-in encryption at rest and in transit
Access Controls: Multi-factor authentication and role-based access permissions
Network Security: Advanced protection against DDoS attacks, bot traffic, and malicious requests
Regular Audits: Security assessments and vulnerability testing
Incident Response: Procedures for detecting and responding to security breaches
Data Backup: Encrypted backup systems with secure recovery procedures

6.2 Data Retention

In compliance with Indian data protection laws:

Resume Data: Retained for the duration of active recruitment processes plus 3 years for employment verification purposes
Interview Recordings: Stored for 1 year after interview completion or as required for legal compliance
Account Information: Maintained while account is active plus 7 years for tax and audit compliance under Indian laws
Payment Data: Retained for 7 years as per Indian accounting standards and RBI guidelines
Sensitive Personal Data: Deleted within 6 months after purpose completion unless consent extended

7. Your Rights Under Indian Law

7.1 Digital Personal Data Protection Act, 2023 Rights

Right to Access: Request copies of your personal information we hold
Right to Correction: Update or correct inaccurate information
Right to Erasure: Request deletion of your data (subject to legal obligations under Indian law)
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Grievance Redressal: File complaints through our grievance mechanism

7.2 Consent Management

Withdraw Consent: You can withdraw consent at any time, which will stop further processing
Consent Records: We maintain records of all consents given and withdrawn
Free Consent: All consent is given freely without coercion

7.3 Communication Preferences

Opt-Out: Unsubscribe from marketing communications via SMS, email, or WhatsApp
DND Compliance: We respect Do Not Disturb (DND) preferences registered with TRAI
Language Preferences: Receive communications in Hindi, English, or your preferred regional language
Notification Settings: Customize service-related notifications

7.4 Account Management

Account Deletion: Delete your account and associated data (some data may be retained for legal compliance)
Data Download: Export your data before account closure
Access Restrictions: Limit how your data is used or shared within Indian boundaries

8. Data Localization and Cross-Border Transfers

8.1 Data Storage Location

Database Storage: Data is stored using cloud-based database infrastructure which operates globally
Geographic Location: Database servers may be located outside India based on our cloud infrastructure providers
Content Delivery: Global content delivery networks serve content from servers worldwide for performance optimization
Processing Location: Core data processing may occur on international servers depending on service requirements

8.2 Cross-Border Data Transfers

Due to our cloud infrastructure, personal data may be transferred and processed outside India. Such transfers occur for:

Database Operations: Cloud database infrastructure and data management
AI Processing: Third-party AI services for resume analysis and interview processing
Analytics: Web analytics and performance monitoring services
CDN Services: Global content delivery networks for security and performance
Performance Optimization: Ensuring fast and reliable service delivery

8.3 Legal Basis for Cross-Border Transfers

We transfer data internationally based on:

Explicit Consent: You consent to cross-border transfers by using our services
Service Necessity: Required for platform functionality and AI processing services
Legitimate Interest: Performance optimization and security enhancement
Adequate Safeguards: All service providers maintain appropriate data protection standards

All international transfers include appropriate safeguards such as:

Standard contractual clauses with service providers
Encryption during transit and storage (AES-256)
Regular security audits of service providers
IP anonymization for analytics data

9. Children's Privacy

Our platform is not intended for individuals under 18 years of age as per Indian legal requirements. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will:

Delete it immediately upon discovery
Notify the parents or guardians if identifiable
Implement additional safeguards to prevent future collection

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Functions: Enable core platform features and security
Performance: Monitor and improve platform performance through Google Analytics
Analytics: Understand usage patterns and user preferences (with IP anonymization for privacy)
Security: Cloudflare security cookies for DDoS protection and bot detection
Preferences: Remember your settings and preferences

10.1 Third-Party Cookies

Analytics Services: We use web analytics services with IP anonymization enabled. You can opt-out using browser settings or analytics opt-out tools
Security Services: Security and performance cookies that are essential for platform operation and DDoS protection

10.2 Cookie Control

You can control cookie preferences through:

Your browser settings to block or delete cookies
Analytics service opt-out tools
Our cookie preference center (where available)

Note: Disabling certain cookies may affect platform functionality.

11. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will:

Notify Users: Send email notifications for material changes
Post Updates: Display the updated policy on our platform
Maintain History: Keep previous versions available upon request

Continued use of our platform after updates constitutes acceptance of the revised policy.

12. Compliance and Jurisdiction

12.1 Indian Law Compliance

This Privacy Policy complies with applicable Indian data protection laws, including:

Digital Personal Data Protection Act, 2023
Information Technology Act, 2000 and IT Rules 2011
Reserve Bank of India (RBI) guidelines for payment systems
Telecom Regulatory Authority of India (TRAI) regulations
Companies Act, 2013 (for corporate compliance)

12.2 Jurisdiction and Governing Law

Governing Law: This Privacy Policy is governed by Indian law
Jurisdiction: All disputes will be subject to the jurisdiction of Indian courts
Language: In case of conflicts between language versions, the English version prevails
Regulatory Authority: Subject to the jurisdiction of the Data Protection Board of India

14. Effective Date and Acknowledgment

This Privacy Policy is effective as of 20 Jun 2025 and supersedes all previous versions. By using our platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.