Privacy Policy.

1. Introduction

Welcome to workro. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI-powered recruitment platform.

By using workro, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: Name, email address, password, company name, company size, industry, and contact details.
• Job Postings: Job descriptions, requirements, qualifications, salary ranges, and hiring criteria.
• Candidate Data: Resumes/CVs, names, email addresses, phone numbers, work history, skills, education, interview responses, and match scores.
• Communication Data: Messages, emails, notes, and feedback you provide through our platform.
• Payment Information: Billing address and payment method details (processed securely through third-party payment processors).

2.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent, click patterns, and user interactions.
• Device Information: IP address, browser type, operating system, device identifiers, and screen resolution.
• Location Data: General location based on IP address (city/country level).
• Cookies and Tracking: We use cookies, web beacons, and similar technologies to track activity and store preferences.

2.3 Information from Third Parties

• AI Services: We use Anthropic's Claude AI for resume analysis, candidate matching, and interview assessments.
• Authentication Services: We use Firebase Authentication for secure login.
• Analytics Services: We use analytics tools to understand usage patterns and improve our services.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our recruitment services
• Process and manage job applications and candidate evaluations
• Generate AI-powered candidate match scores and recommendations
• Conduct behavioral and technical interviews
• Send automated emails (application confirmations, interview invitations, status updates)
• Communicate with you about your account, services, and updates
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations and enforce our terms
• Respond to your requests and provide customer support

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contractual Necessity: Processing is necessary to perform our services under our Terms of Service.
• Legitimate Interests: We have legitimate interests in improving our services, preventing fraud, and ensuring security.
• Consent: Where required, we obtain your explicit consent for specific processing activities.
• Legal Obligation: We may process data to comply with applicable laws and regulations.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

• Anthropic (Claude AI): For AI-powered resume analysis, matching, and interview assessments
• Google Firebase: For authentication, database, and file storage
• Email Service Providers: For sending transactional and notification emails
• Analytics Providers: For usage analytics and performance monitoring
• Payment Processors: For processing subscription payments

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict access controls and authentication requirements for our systems
• Regular Audits: Security audits and vulnerability assessments
• Secure Infrastructure: Data hosted on secure, enterprise-grade cloud infrastructure
• Employee Training: Regular security training for all team members
• Incident Response: Procedures in place to detect and respond to security incidents

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any security breaches as required by law.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for up to 1 year after account closure
• Candidate Data: Retained per your data retention settings (default: 2 years from application date)
• Interview Data: Retained for 2 years for quality assurance and improvement purposes
• Billing Records: Retained for 7 years to comply with tax and accounting regulations
• System Logs: Retained for 90 days for security and troubleshooting purposes

You can request earlier deletion of your data by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes.

8. Your Rights (GDPR & Data Protection)

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with a data protection authority

To exercise these rights, please contact us at privacy@workrohr.com. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Necessary for authentication and basic functionality
• Analytics Cookies: Help us understand how you use our services
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and India. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR and other applicable data protection laws.

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform. Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: