HyreSure Privacy Policy
Effective date: September 17, 2025
Last updated: June 26, 2026
Entity: Bodhitva AI Inc. (doing business as HyreSure) (“HyreSure”, “we”, “us”, “our”)
This Privacy Policy explains how we collect, use, disclose, and protect Personal Information when you visit our websites, use our products-RecruitFlow, SkillBoard, and InterviewHub-or interact with us in sales, support, or events (collectively, the “Services”).
If you have questions or want to exercise your privacy rights, contact legal@hyresure.ai.
Quick Summary (Plain English)
- What we collect: Account and contact details, role/job info, usage data, device/browser info, payment details (via our payment processor), resumes/CVs you upload, and-if you use RecruitFlow’s “Kundli”-public, professional digital-footprint data we reasonably link to a candidate.
- Why we use it: To provide and secure the Services, enable AI-assisted hiring, assess candidates (when directed by our customers), improve features, support you, and meet legal requirements.
- AI use: We use reputable AI providers to power JD generation, screening/matching, interviews, assessments, and analytics. Your prompts/inputs/outputs may be processed by third-party AI vendors acting as our processors.
- B2B model: For candidate and hiring data, we typically act as a processor to our customer (the employer). For our marketing website and account billing, we act as a controller.
- Your rights: Depending on your location, you can request access, correction, deletion, portability, or objection/opt-out of certain processing (e.g., targeted ads). You can request human review for impactful automated decisions.
- Security: We use industry-standard safeguards, encryption in transit/at rest, access controls, and audit logging.
- International transfers: We use approved transfer mechanisms (e.g., EU SCCs/UK IDTA; DPDP-compliant measures in India; US State law requirements).
- Choices: Cookie preferences, marketing opt-outs, opt-outs of targeted advertising, and controls over AI/“Kundli” participation (as applicable).
- Proctored interviews: The optional HyreSure Proctor browser extension is required for proctored interviews. It is active only on HyreSure interview pages, does not monitor other browsing, and can be removed after the interview. We collect integrity signals and event-based screen captures (not continuous recording) solely to verify interview integrity. Data is not sold or used for marketing.
1) Who We Are and How to Contact Us
Controller (marketing/billing/support): Bodhitva AI Inc., 1903, Nimblewill Dr, Celina, TX 75009
Email: legal@hyresure.ai
Processor (hiring workflows): For data we process on behalf of our business customers (employers/organizations using HyreSure), they are the controller and we are their processor under applicable law.
EU/UK Representative (GDPR/UK GDPR): Not currently appointed.
India Grievance Officer (DPDP): Kripa Mohapatra kripa@bodhitva.ai
India office: Bijay Niwas, Munda Mohana High School Lane, Kunheipada, Trisulia, Cuttack – 754005, India
2) Scope of this Policy
This Policy applies to:
- Websites: e.g.,
hyresure.ai,hyresure.com,hyresure.in, and pages that link here. - Products: RecruitFlow (JD/ATS/orchestration + digital-footprint analytics “Kundli”), SkillBoard (assessments), InterviewHub (AI interviews), and the HyreSure Proctor browser extension (proctored interviews only).
- Business interactions: Sales, events, customer support, and communications.
It does not apply to third-party sites/services you integrate (e.g., job boards, identity providers, ATS/HRIS). Those are subject to their own policies.
3) Key Definitions
- Personal Information / Personal Data: Any information that identifies or relates to an identifiable individual.
- Controller / Processor: As defined by GDPR/UK GDPR.
- Sensitive Personal Information: Includes special categories (e.g., health, biometric, precise location) and any sensitive fields defined by applicable law.
- Kundli / Digital-Footprint Analytics: RecruitFlow’s optional module that compiles publicly available professional signals (e.g., LinkedIn/GitHub URLs, publications) to generate employability insights.
4) What We Collect
A. Information you provide
- Contact details (name, business email, phone), company, job title/role.
- Account credentials (hashed passwords), workspace/team info.
- Resumes/CVs, JD content, hiring notes, assessment answers, interview recordings/transcripts (when features are enabled).
- Billing and subscription data (billing name, address). Payment card data is handled by our payment provider (e.g., Zoho Payments); we do not store full card numbers. See their policy for details.
- Support requests, feedback, and survey responses.
B. Automatically collected
- Device/browser data (IP, user agent, OS), session and usage analytics, product telemetry, crash logs.
- Cookies, local storage, SDK pixels (see Cookies & Tracking).
C. From third parties / public sources
- With your direction or our customer’s: job boards, ATS/HRIS, identity providers, SSO, calendar, or video platforms.
- Public, professional sources for Kundli (e.g., public profiles or repositories) where permitted and consistent with law and platform terms.
D. Proctoring data (HyreSure Proctor extension)
When you take a proctored interview using the HyreSure Proctor browser extension, we collect the following categories of data. This data is processed only to verify the integrity of the interview session. It is not sold, shared for advertising, or used for marketing or profiling unrelated to hiring.
- Integrity/proctoring signals: switching to another tab, window, or application; opening new tabs or windows; number of connected monitors; screen-lock events; and counts of blocked keyboard shortcuts and right-click attempts.
- Screen data: During a proctored interview your entire screen is shared with the interview application. Still images of your screen (which may include other open applications and windows) are captured and stored only when a potential policy breach is detected, not continuously recorded.
- Technical metadata: browser type, extension version, timestamps, and interview/candidate identifiers used to attach evidence to the correct session.
This aligns with our Chrome Web Store data disclosures: we process website content (HyreSure interview pages) and user activity (integrity signals during the session) for the single stated purpose of interview integrity verification. We do not sell or transfer this data to third parties except to subprocessors listed below who process it on our behalf under contract.
We do not intentionally collect: government IDs, precise geolocation, or special-category data unless a customer explicitly provides it for a clear hiring purpose and lawful basis-and even then, we recommend not collecting sensitive data.
5) How We Use Personal Information (Purposes & Legal Bases)
A. As Controller (marketing, billing, website)
- Provide and improve the site and account experience.
- Communicate about features, security, and updates; send marketing with opt-out.
- Security, fraud prevention, debugging, and compliance.
Legal bases (GDPR/UK): performance of contract, legitimate interests, consent (where required), and legal obligation.
B. As Processor (hiring operations for customers)
- Execute employer-directed workflows: JD creation, publishing, resume parsing, matching/scoring, assessments, interviews, and analytics.
- Generate reports (e.g., candidate scorecards, interview transcripts).
- Provide RecruitFlow Kundli where enabled by the customer.
Legal bases: Determined by the customer (controller). We process under the customer’s instructions and our Data Processing Addendum (DPA).
C. AI-enabled features
We use AI to assist with JD drafting, resume matching, interview Q&A, scoring/analytics, and assessment content. See Section 8 for details.
D. Proctoring (HyreSure Proctor extension)
Proctoring data described in Section 4(D) is used solely to verify the integrity of a proctored interview session: detecting and recording potential policy breaches, enabling human review, and providing evidence to the hiring company. We do not use proctoring data for marketing, advertising, or profiling unrelated to the hiring assessment.
Legal bases: The candidate's consent (captured in-app before the interview begins) and the hiring company's legitimate interest in conducting a fair, integrity-protected assessment. Where local law requires consent as the sole basis, we rely on the in-app consent flow.
6) When We Share Information
- Service providers (processors): hosting, storage, analytics, security, logging/observability, communications, payments, AI inference, video/voice (e.g., LiveKit), transcription (e.g., STT), TTS, and email.
- Customer’s direction: with job boards, ATS/HRIS, or other integrations they configure.
- Affiliates: for internal operations consistent with this Policy.
- Business transfers: M&A, financing, or reorganization.
- Legal: compliance with law, valid requests, defending rights, preventing harm.
- Advertising/analytics on websites only: limited data for measurement and to manage ads (no sale of candidate data processed on behalf of customers).
We do not sell candidate data processed as a processor. For website analytics/ads, see US State Notices and Cookies & Tracking.
7) Cookies & Tracking
We use cookies/SDKs for:
- Strictly necessary (security, auth, load-balancing)
- Functionality (preferences)
- Analytics (usage/feature performance)
- Advertising/retargeting on public web pages (not inside product UIs unless disclosed)
You can manage preferences via our Cookie Settings (or your browser). Where required, we obtain consent (e.g., EEA/UK).
8) AI, Automated Processing & Human Oversight
- Providers: We may use third-party AI providers (e.g., OpenAI, Anthropic, Groq, Deepgram for STT, Cartesia/other TTS, and similar) as processors under contract. Inputs (prompts, resumes, JD text), outputs, and limited technical metadata may be processed to deliver features.
- Model training: We do not permit AI vendors to use your inputs/outputs to train their models unless (a) you bring your own vendor/key and accept their terms that allow it, or (b) you explicitly consent through in-product controls or a separate agreement.
- Automated scoring/matching: Our outputs (e.g., resume match scores, interview analytics, assessment scores, Kundli insights) are decision-support tools. Customers should not rely solely on automated outputs for hiring decisions.
Your choices:
- Customers can disable specific AI features.
- Individuals can request human review of impactful automated assessments where applicable law provides this right.
- Individuals can opt out of Kundli processing where we are controller (website trials, demos). Where we are processor, contact the employer (controller) directly; we assist them in fulfilling your request.
9) HyreSure Proctor Browser Extension
The HyreSure Proctor browser extension is a required component of a proctored HyreSure interview. Without it, a proctored interview cannot proceed.
- Scope: The extension is active only on HyreSure interview pages during an active proctored session. It does not monitor, track, or collect data from any other websites or browsing activity.
- Removal: You may uninstall or disable the extension at any time after your interview ends. Doing so during an active proctored session may terminate the interview.
- Site restrictions: To protect interview integrity, access to certain non-interview websites (for example, AI assistants and other tools that could compromise assessment fairness) may be temporarily blocked while the interview is in progress. Normal browsing access is restored when the interview ends or you uninstall the extension.
- Roles: For proctoring data, the hiring company (employer using HyreSure) is the data controller. HyreSure (Bodhitva AI Inc.) acts as their data processor, processing proctoring data only on the employer's instructions and as described in this Policy and our DPA.
- Subprocessors & storage: Proctoring records and event-based screen captures are stored using:
- Amazon Web Services (AWS), including Amazon S3, for encrypted storage of screen-capture images and related evidence files.
- MongoDB Atlas for proctoring event logs, breach counts, and session metadata.
- No sale or unrelated transfer: Proctoring data is not sold and is not transferred to third parties except subprocessors who process it on our behalf under contractual data-protection obligations.
Sensitive-content caveat: Because your entire screen is shared during a proctored interview and event-based captures may include other open applications or windows, we advise you to close personal or sensitive applications (for example, messaging apps, personal email, health or financial portals) before starting screen sharing. Captures are triggered only on potential policy breaches, but incidental on-screen content may be included.
Candidate rights: If you wish to access, correct, delete, or withdraw consent for proctoring data, or request human review of automated proctoring decisions, please contact the hiring company (controller) directly. We will assist them in fulfilling your request. For questions about how HyreSure processes proctoring data as a processor, contact legal@hyresure.ai or our India Grievance Officer (see Section 1).
This Policy is publicly available at https://hyresure.ai/privacy, the URL referenced in our in-app consent flow and Chrome Web Store listing.
10) RecruitFlow “Kundli” (Digital-Footprint) Disclosures
- Sources: We compile publicly available professional signals reasonably linked to a candidate (e.g., public profiles, publications, repositories). We do not deliberately collect non-public or sensitive data, nor circumvent access controls.
- Purpose: To provide decision-support analytics to hiring teams: identity corroboration signals, skills evidence (e.g., public repos), activity recency, endorsements, and topical affinity.
- Fairness & accuracy: Signals can be incomplete or context-dependent. Customers should use them as one input among many and offer candidates a chance to provide corrections or context.
- Contest/Correction: Individuals may request correction or suppression of specific URLs/signals; we will validate and action where appropriate and technically feasible.
- Respect for platforms & law: We honor robots.txt and platform terms and avoid rate/abuse patterns. We comply with applicable IP, ToS, and privacy laws.
11) Retention
- Customer (processor) data: As directed by the customer’s agreement and retention settings; typically deleted or anonymized within 90 days after contract end unless law requires longer.
- Proctoring data (screen captures & integrity records): Retained for the duration of the hiring process and customer contract, then deleted or anonymized within 90 days after the customer contract ends (or sooner if directed by the controller), unless a longer period is required by law or an active dispute. Screen captures and proctoring event logs are encrypted in transit (TLS) and at rest while stored in AWS S3 and MongoDB Atlas in the customer's configured region (US, EU, or India).
- Website/account (controller) data: Kept as long as needed for the purposes described, then deleted or anonymized (typical horizons: billing records 7 years; support logs 24 months; telemetry 12–24 months).
- Backups: Data in backups is securely stored and rotated on a set schedule; if immediate deletion is impracticable, we isolate from further processing until overwritten.
12) Security
We implement administrative, technical, and physical safeguards, including:
- Encryption in transit and at rest (including proctoring screen captures and integrity logs);
- Role-based access controls and SSO/MFA options;
- Least-privilege and segregation of duties;
- Audit logging and anomaly detection;
- Secure SDLC, vulnerability management, and third-party risk reviews;
- Incident response and breach notification procedures consistent with applicable law.
No system is 100% secure; we continuously improve our defenses.
13) Children
Our Services are for professional hiring and are not directed to children. We do not knowingly collect data from individuals under 18. If you believe a minor provided data, contact legal@hyresure.ai and we will delete it.
14) Your Privacy Rights
Depending on your location, you may have rights to:
- Access, correct, or delete your Personal Information;
- Receive a portable copy;
- Object to or restrict certain processing;
- Opt out of targeted advertising, certain profiling, or “sale”/“sharing” (as defined by law);
- Withdraw consent where processing is based on consent (including proctoring consent captured in-app);
- Request human review of impactful automated decisions (including automated proctoring breach determinations that affect your interview), where applicable.
How to exercise:
- If you are a candidate whose data is processed for an employer (including proctoring data), please contact that employer (controller) first. We will support them in fulfilling your request.
- For website/account data or demos where we are controller, email legal@hyresure.ai or use the in-product request form (if available). We will verify your identity and respond as required by law.
- You may use an authorized agent where permitted (e.g., California); we will require proof of authorization and may verify directly.
15) Do-Not-Track & Global Privacy Control
Industry standards for DNT are not finalized, but we honor applicable Global Privacy Control (GPC)/universal opt-out signals where required (e.g., in California/Colorado) for website tracking categories that constitute “sale”/“sharing” or targeted advertising.
16) US State-Specific Notices (e.g., CA/VA/CO/CT, etc.)
- We provide the rights and controls described above.
- On public web pages, certain analytics/ads may be considered “selling” or “sharing” under California law. You can opt out via Cookie Settings or our Do Not Sell/Share My Personal Information page, and via applicable GPC signals.
- We do not sell candidate data we process as a processor for employers.
Notice at Collection (California): We collect identifiers, commercial information (limited to subscription/billing metadata; card data handled by the payment processor), internet/network information, professional and education information, and inferences. For proctored interviews, we also collect integrity/proctoring signals and event-based screen captures as described in Sections 4(D) and 9. We use them for the purposes described above. Retention follows Section 11.
17) GDPR/UK GDPR Disclosures (EEA/UK)
- Controllers: For website/account/billing, Bodhitva AI Inc. is controller.
- Processors: For hiring data, the customer (employer) is controller; we are processor.
- Legal bases: Contract, legitimate interests (e.g., product telemetry, security), consent (e.g., cookies/marketing in EEA/UK), legal obligation.
- Transfers: We use approved mechanisms (e.g., EU Standard Contractual Clauses (SCCs), UK Addendum/IDTA).
- Rights: Access, rectification, erasure, portability, restriction, objection, and consent withdrawal; complain to your supervisory authority.
EU/UK Representative: Not currently appointed.
18) India (DPDP Act) Disclosures
- Role: We may act as a Data Fiduciary (controller) for website/account data and as a processor for employer-directed hiring data.
- Grounds: Consent or “deemed consent” where applicable (e.g., employment/hiring context), plus legitimate uses allowed by DPDP and other sectoral rules.
- Rights: Access, correction, updating, and erasure; grievance redressal.
- Cross-border: Transfers conducted per DPDP rules and any notified restrictions.
- Grievance Officer: Kripa Mohapatra kripa@bodhitva.ai
19) International Data Transfers
We operate globally. When transferring Personal Information internationally (including proctoring data stored in AWS and MongoDB Atlas), we rely on:
- Contractual safeguards (e.g., SCCs/UK IDTA),
- Applicable statutory allowances (DPDP), and
- Additional technical/organizational measures (encryption, access controls).
Proctoring data may be transferred across regions when a candidate and hiring company are in different jurisdictions. Transfers use the safeguards above. To contact the controller for proctoring-related requests, reach the hiring company that invited you to interview. For processor inquiries or to reach our Grievance Officer (India DPDP), see Section 1.
20) Subprocessors
We engage carefully vetted subprocessors for hosting, storage, analytics, logging, communications, video/voice, transcription, TTS, and AI inference. For proctoring, key subprocessors include Amazon Web Services (AWS/S3) for screen-capture storage and MongoDB Atlas for proctoring event logs.
We maintain an up-to-date Subprocessor List.
We require contractual data protection commitments and assess security posture.
21) Your Choices
- Marketing: Opt out via unsubscribe links or by emailing legal@hyresure.ai.
- Cookies: Manage via Cookie Settings and browser controls; withdraw EEA/UK consent anytime.
- AI Features: Customers can disable modules. Individuals can request human review for impactful decisions and may object to Kundli in controller contexts.
22) Data Processing Addendum (DPA)
For B2B customers, our DPA (including SCCs/UK IDTA as applicable) governs processor activities, security, assistance with data subject requests, breach notification, and deletion/return of data.
View our Data Processing Addendum (DPA). For questions, email legal@hyresure.ai or contact your account team.
23) Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes (including changes to proctoring scope). We'll revise the Last updated date and, where required, provide prominent notice. If proctoring scope changes materially, we will update our in-app consent version so candidates are re-prompted where required.
24) Contact
Bodhitva AI Inc. (HyreSure)United States: 1903, Nimblewill Dr, Celina, TX 75009
India: Bijay Niwas, Munda Mohana High School Lane, Kunheipada, Trisulia, Cuttack – 754005, India
Email: hello@hyresure.ai
For candidate data controlled by an employer using HyreSure, please contact that employer first. We will support them in fulfilling your request.
