optichire

Privacy Policy

Effective: 11 May 2026

Optichire (“we”, “us”, “our”) provides an AI-powered applicant tracking and screening platform for recruiters. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it.

This policy is written to comply with India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and reflects practices that align with the EU GDPR and California CCPA where applicable.

1. Who we are

Optichire is operated from India. For questions about this policy or your data, contact us at privacy@optichire.com.

2. Who this policy applies to

Optichire is a business-to-business tool intended only for recruiters, hiring managers and HR professionals (“Users”). Job candidates do not interact with Optichire directly; their data is uploaded into the platform by a recruiter.

  • For Users — we are the data fiduciary (controller) of your account information.
  • For candidate data uploaded by a User — the User is the data fiduciary; we act as the data processor, handling that data on the User’s instructions. See our Data Processing Agreement.

3. Data we collect

3.1 Account data (from Users)

  • Name, work email, profile photo — from Google when you sign in
  • Company, industry, recruiter category — entered by you
  • Booking link (e.g. Calendly URL) — entered by you

3.2 Candidate data (uploaded by Users)

  • Resume / CV file contents (PDF, DOCX, TXT) parsed to text
  • Name, email, phone, location, current role and employer
  • Skills, years of experience, notice period, current/expected salary
  • Notes, tags, interview feedback and decisions recorded by the User
  • Communications drafted or logged in the platform

We do not solicit and ask Users not to upload sensitive personal data (financial account numbers, biometric data, health data, government IDs).

3.3 Usage and technical data

  • Pages viewed, actions taken (event analytics)
  • Device type, browser, operating system
  • IP address (truncated where possible) and approximate region
  • Authentication cookies set by next-auth

4. How we use your data

  • Provide the service — store your jobs and candidates, run AI screening, generate outreach drafts
  • Authenticate you and keep the account secure
  • Improve the product — aggregate usage analytics, error monitoring
  • Communicate with you — operational emails, updates about features you use
  • Comply with law — respond to lawful requests, prevent fraud or abuse

We do not train AI models on your data. Candidate text we send to AI providers is used only to return a result to your session.

5. Legal bases for processing

Under the DPDP Act we rely on the following grounds:

  • Consent — given by you when you create an account and accept this policy
  • Legitimate uses — providing the service you signed up for, securing the platform, complying with legal obligations
  • Processor instructions — for candidate data, we act on documented instructions from the User who controls it

6. Sub-processors and third parties

We share data with the following service providers strictly to operate the service:

  • Anthropic, PBC (USA) — AI inference. Resume and job description text is sent for screening, drafting and analysis. Anthropic does not retain prompts for model training.
  • Vercel Inc. (USA) — application hosting and edge delivery
  • Neon Inc. (USA / EU) — managed PostgreSQL database
  • Google LLC (USA) — OAuth sign-in
  • PostHog Inc. (USA / EU) — product analytics (only with your consent — see §9)

We do not sell personal data. We do not share data with advertisers.

7. Cross-border transfers

Several of our sub-processors operate outside India. Under section 16 of the DPDP Act, transfers are permitted unless restricted by the Central Government. We rely on the contractual safeguards of each provider (Anthropic, Vercel, Neon, Google, PostHog) and limit transfers to what is necessary to deliver the service.

8. Data retention

  • Account data — kept while your account is active. Deleted within 30 days of account deletion.
  • Candidate data — kept while the User retains it. Users may delete individual candidates at any time, or delete their account to remove all candidate data.
  • Backups — encrypted backups are retained up to 30 days after deletion.
  • Aggregated usage metrics — kept indefinitely in de-identified form.

9. Cookies and analytics

We use two categories of cookies and similar storage:

  • Strictly necessary — authentication cookies. The service cannot function without them and they are always on.
  • Analytics (PostHog) — only set after you accept the cookie banner. You can withdraw consent at any time from the banner that re-appears, or by contacting us.

We do not use advertising or cross-site tracking cookies.

10. Your rights

Under the DPDP Act and similar laws, you have the right to:

  • Access — see what personal data we hold about you
  • Correction — fix inaccurate data (edit it in the app, or write to us)
  • Erasure — delete your account (Settings → Danger zone) or write to us
  • Portability — request an export of your data in a machine-readable format
  • Grievance redressal — raise a concern with our Grievance Officer (below)
  • Nominate — under section 14 of the DPDP Act, designate a person to exercise your rights in case of death or incapacity

For candidates whose data has been uploaded by a recruiter: please contact that recruiter first as they are the data fiduciary. If they are unresponsive, write to privacy@optichire.com and we will assist.

11. Security

  • Data in transit encrypted with TLS 1.2+
  • Data at rest encrypted by our cloud providers (AES-256)
  • Authentication via Google OAuth — we never see or store your Google password
  • Role-based access for our team; production data access is logged
  • Resume files are parsed in memory and not stored as binaries — only the extracted text is retained
  • Regular dependency updates and security patches

12. Children

Optichire is not intended for use by anyone under 18. Recruiters must not upload data of candidates known to be minors.

13. Changes to this policy

We will post material changes here and notify Users by email or an in-app notice at least 7 days before the change takes effect.

14. Grievance Officer

In accordance with the DPDP Act, our designated Grievance Officer can be reached at grievance@optichire.com. We will acknowledge complaints within 48 hours and resolve them within the statutory timeline.

15. Contact

Email: privacy@optichire.com
For data subject requests, please write from the email address associated with your account so we can verify the request.