HirebixBack to Login

Privacy Policy

Effective: April 1, 2025 · Last updated: April 1, 2025

1. Introduction

UIBix Technologies("Hirebix," "we," "us," or "our") operates the Hirebix platform, an AI-powered resume screening and ranking service for HR professionals. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you use our platform.

We respect your privacy and are committed to protecting the personal data of both our platform users (recruiters, hiring managers, administrators) and the candidates whose resumes are processed through Hirebix.

This policy applies globally and is drafted in compliance with the Digital Personal Data Protection Act, 2023 (India), the General Data Protection Regulation (EU), the California Consumer Privacy Act (US), and other applicable data protection laws.

2. Who We Are

Data Controller / Data Fiduciary: UIBix Technologies, a company registered in India.

Grievance Officer: For any privacy-related concerns, contact our Grievance Officer at grievance@hirebix.com.

Role Distinction: When you create an account and use Hirebix, we act as the Data Controller for your account data. When you upload candidate resumes, we act as a Data Processor on behalf of your organization.

3. Data We Collect

A. Data from Users (Recruiters & Administrators)

  • Account information: name, email address, organization name
  • Authentication data: password (hashed), OAuth tokens (Google, Microsoft)
  • Profile photo (from Google/Microsoft social sign-in)
  • Organization settings and notification preferences
  • Job postings: titles, descriptions, screening requirements
  • Decisions and notes made about candidates

B. Data About Candidates (Uploaded by Users)

  • Resume files (PDF, DOCX) stored securely
  • AI-extracted profile data: name, contact information, work history, education, skills
  • AI-generated screening scores and assessments
  • Any sensitive personal data incidentally present in resumes (disability status, religion, marital status, etc.)

C. Enrichment Data (From Public Sources)

With your organization's knowledge, we may collect publicly available information about candidates from:

  • GitHub (public profiles and repositories)
  • LinkedIn (publicly available profile information)
  • Portfolio websites and personal blogs
  • Public web search results

This enrichment data is used to verify and supplement candidate profiles. You can disable enrichment for specific candidates.

D. Technical Data (Automatic)

  • IP address, browser type, device information
  • Usage patterns and feature interactions
  • Server logs and error reports

4. How We Use Your Data

  • Provide and operate the Hirebix platform
  • Parse resumes and create candidate profiles
  • Run AI-powered screening against job requirements
  • Generate screening scores, recommendations, and match assessments
  • Enrich candidate profiles with publicly available information
  • Send transactional emails (password resets, screening notifications)
  • Authenticate and secure your account
  • Improve our AI models and platform features
  • Comply with legal obligations and prevent abuse

5. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance: To provide the services you have subscribed to
  • Consent: Where you have given explicit consent (e.g., account creation, social sign-in)
  • Legitimate interest: To improve our services, prevent fraud, and ensure platform security
  • Employment purpose: Processing of candidate data for the purpose of evaluating employment suitability (DPDPA Section 7(i))
  • Publicly available data: Enrichment from public sources where the data was made publicly available by the individual (DPDPA Section 7(e))
  • Legal compliance: When required by applicable law or regulation

6. AI-Powered Processing & Automated Decision-Making

Hirebix uses artificial intelligence to screen, score, and rank candidates against job requirements. This involves:

  • Extracting structured data from resume text
  • Scoring candidates against defined screening criteria (0-100 scale)
  • Generating AI match recommendations (Great Fit, Good Fit, Partial Fit, Low Fit)
  • Computing trust/confidence scores for candidate profile data
  • Assessing skills based on public portfolio and code repository data

Important disclosures:

  • AI outputs are recommendations only, not employment decisions. Users are solely responsible for all hiring decisions.
  • AI models are provided by third-party providers and may produce inaccurate, biased, or incomplete results.
  • You have the right to request human review of any AI-generated assessment.
  • We anonymize personally identifiable information before sending resume text to AI models for screening.

7. Data Sharing & Third Parties

We share personal data with the following categories of service providers:

  • Cloud infrastructure: Amazon Web Services (AWS) for servers, storage, email delivery, content delivery
  • AI processing: OpenAI (via Portkey AI gateway) for resume screening and analysis. Data is transmitted with PII anonymization.
  • Enrichment providers: GitHub API, BrightData (LinkedIn), Firecrawl (web scraping), Exa (web search) for candidate profile enrichment
  • Authentication: Google and Microsoft for social sign-in
  • Payment processing: Stripe for billing (when applicable)

We do not sell personal data. We do not share candidate data with other organizations. Data is strictly isolated per organization (multi-tenant).

8. Data Storage & Security

  • Data is stored on AWS servers (primary region: Asia-Pacific, Mumbai)
  • Resume files are encrypted at rest in AWS S3
  • Passwords are hashed using Argon2 (industry-leading algorithm)
  • All data transmission is encrypted via HTTPS/TLS
  • Authentication uses httpOnly cookies with refresh token rotation
  • Rate limiting and brute-force protection on all authentication endpoints
  • Organization data is strictly isolated with no cross-tenant data access

9. Data Retention

  • User account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Candidate data:Retained for the duration of the organization's subscription. Soft-deleted data is permanently purged within 90 days.
  • Resume files: Retained while the associated candidate profile exists. Deleted when the candidate is permanently removed.
  • Audit logs: Retained for 2 years for compliance purposes.
  • AI screening results:Retained for the duration of the organization's subscription.

10. Cross-Border Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including India and the United States (where our cloud infrastructure and AI providers operate). We ensure that such transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses (SCCs) for transfers from the EU/EEA
  • Data processing agreements with all sub-processors
  • Compliance with DPDPA Section 16 (cross-border transfer provisions, once notified)

11. Your Rights

Depending on your location, you may have the following rights:

All Users (Global)

  • Access your personal data and obtain a copy
  • Correct inaccurate personal data
  • Delete your account and associated data
  • Withdraw consent at any time

India (DPDPA 2023)

  • Right to access information about data processing
  • Right to correction and erasure of personal data
  • Right to grievance redressal via our Grievance Officer
  • Right to nominate another person for data rights after death/incapacity

European Union (GDPR)

  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing based on legitimate interest
  • Right not to be subject to solely automated decisions (Article 22)
  • Right to lodge a complaint with a supervisory authority

California (CCPA/CPRA)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

For Candidates

If you are a candidate whose resume has been processed through Hirebix and wish to exercise any of your rights, please contact us at privacy@hirebix.com. We will coordinate with the relevant organization to fulfill your request.

12. Cookies & Tracking

Hirebix uses the following cookies:

  • Essential cookies: Authentication tokens (httpOnly, secure), required for the platform to function
  • Preference cookies: UI settings (theme, page size, sidebar state), stored in localStorage

We do not use third-party advertising or tracking cookies. We do not participate in ad networks.

13. Children's Privacy

Hirebix is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a minor's data has been uploaded to our platform, please contact us immediately at privacy@hirebix.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app notice. Continued use of Hirebix after changes take effect constitutes acceptance of the revised policy.

15. Contact Us

For privacy-related questions or to exercise your data rights: