Privacy Policy

SmplyHyre Technologies Pvt. Ltd. ("SmplyHyre", "we", "us", "our") is an AI-powered technical interview platform incorporated under the Companies Act, 2013, with its registered office in Bengaluru, Karnataka, India.

For the purposes of data protection law, SmplyHyre acts as:

• Data Controller — for HR account holders' personal data and usage data we collect directly.
• Data Processor — for candidate data (resumes, recordings, interview logs) uploaded or processed by HR organisations (our customers) using the SmplyHyre platform.

This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with the SmplyHyre platform, website (smplyhyre.com), and related services.

2.1 HR Account Data

When an organisation creates an HR account, we collect:

• Name, work email address, and job title
• Company name, size, and industry
• Billing address and payment method (processed via Razorpay — we do not store card numbers)
• Usage logs: features accessed, sessions created, reports downloaded
• Device information and IP address for security and fraud prevention

2.2 Candidate Data (processed on behalf of HR customers)

HR customers upload candidate data to run interviews. This includes:

• Resume / CV files (PDF, DOCX) — parsed by our AI to extract skills, experience, and seniority
• Candidate name, email address, and phone number (if provided by HR)
• Interview session recordings (video and audio) — stored in encrypted AWS S3
• Live coding submissions and snapshots (saved every 60 seconds during a session)
• AI-generated evaluation scores per question and per dimension
• Anti-cheat event log: paste events, tab switch timestamps, camera verification results, typing rhythm data
• Session metadata: start/end time, duration, round count, IP address of the candidate device
• PDF scorecard containing all of the above

2.3 Website and Cookie Data

• Browser type, OS, screen resolution, language preference
• Pages visited, time on page, scroll depth, click events
• Referrer URL — how you arrived at smplyhyre.com
• Anonymous analytics via Google Analytics 4 (no cross-site tracking)

HR account data is used to:

• Provide, operate, and improve the SmplyHyre platform
• Process billing and send invoices
• Send product updates, release notes, and critical security notices
• Provide customer support
• Prevent fraud, abuse, and unauthorised access
• Comply with applicable law

Candidate data is used to:

• Generate AI interview questions from the uploaded resume
• Facilitate and record the live interview session
• Score oral answers and code submissions using our AI evaluation models
• Monitor session integrity (anti-cheat) and compute a risk score
• Generate and deliver the PDF scorecard to the HR customer
• Retain recordings per the customer's plan and storage tier

We do not use candidate data to train our AI models without explicit, informed consent. We do not sell, rent, or share candidate data with any third party for marketing purposes.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with GDPR-equivalent laws, we process personal data on the following bases:

For Indian users, we additionally comply with the Information Technology Act, 2000 and the IT (Amendment) Act, 2008, and the Digital Personal Data Protection Act, 2023 (DPDPA) as it comes into force.

We do not sell personal data. We share data only in these limited circumstances:

Sub-processors (infrastructure and services):

• Amazon Web Services (AWS) — cloud hosting, video and file storage (servers in ap-south-1 / Mumbai)
• Razorpay — payment processing (PCI-DSS Level 1 certified)
• OpenAI / Anthropic — AI question generation and answer evaluation (data processed under DPA agreements; no training use)
• Google Analytics — anonymised website analytics
• Resend / AWS SES — transactional email delivery
• Intercom — customer support chat (HR accounts only)

All sub-processors are bound by Data Processing Agreements (DPAs) with appropriate security and data protection obligations.

Other disclosures:

• With law enforcement or regulatory bodies when required by applicable law, court order, or to protect against fraud or security threats
• In connection with a merger, acquisition, or sale of assets — in which case we will notify affected users
• With your explicit consent for any other purpose

We retain data for the minimum period necessary for its purpose:

You can permanently delete your account and all associated data at any time from Settings → Account → Delete Account. Deletion is irreversible and completes within 30 days (billing records are retained as required by law).

Depending on your location, you may have the following rights under GDPR, the DPDPA, or other applicable law:

• Right of access — request a copy of your personal data
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — request deletion of your data
• Right to restriction — limit how we process your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent
• Right to lodge a complaint — with your local data protection authority

For candidates: Your data is processed by SmplyHyre on behalf of the HR organisation that invited you to the interview. To exercise your rights, you may contact the HR team directly or contact us at privacy@smplyhyre.com and we will assist.

We respond to verified requests within 30 days (extendable by 60 days in complex cases, with notice).

We use the following types of cookies on smplyhyre.com:

• Essential cookies — required for login sessions, CSRF protection, and platform security. Cannot be disabled.
• Analytics cookies — Google Analytics 4 with IP anonymisation. Used to understand how visitors use the website. Can be opted out via cookie preferences.
• Preference cookies — remember your language and display preferences.

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences via the cookie banner on first visit, or by adjusting your browser settings.

We apply technical and organisational measures to protect your data, including:

• Encryption in transit: TLS 1.3 for all connections
• Encryption at rest: AES-256 for all stored data including recordings
• Access controls: role-based access control (RBAC) with least-privilege principle
• MFA enforced for all SmplyHyre employee accounts
• AWS VPC network isolation; private subnets for databases
• Regular third-party penetration tests
• SOC 2 Type II audit in progress
• Incident response plan with 72-hour breach notification (GDPR Art. 33)

For more detail, see our Security page.

SmplyHyre primarily stores data in AWS ap-south-1 (Mumbai, India). When data is processed by sub-processors outside India (e.g., OpenAI in the USA), we ensure:

• Standard Contractual Clauses (SCCs) are in place for EEA data transfers
• Sub-processors provide at least equivalent data protection guarantees
• We document all cross-border transfers in our Records of Processing Activities (ROPA)

SmplyHyre is a B2B platform intended for professional use by organisations and adult individuals. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has submitted data via our platform, please contact us at privacy@smplyhyre.com and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send an email notice to all HR account holders
• Display a notice in the HR portal for 30 days

Continued use of SmplyHyre after the effective date constitutes acceptance of the revised policy.

For any privacy-related questions, data requests, or complaints:

If you are in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.