Privacy Policy

1. Introduction

RecruiterDesk ("we", "our", or "us") is an applicant tracking system (ATS) designed for small recruitment consultancy firms. This Privacy Policy explains how we collect, use, store, and share information when you use our platform at sohamrecruit.com.

By using RecruiterDesk, you agree to this Privacy Policy. If you do not agree, please discontinue use of the service.

2. Who We Are

RecruiterDesk is operated as a Software-as-a-Service (SaaS) product available globally. For privacy-related inquiries, contact us at: privacy@sohamrecruit.com

3. Information We Collect

3.1 Account Information

When recruiters or company admins register, we collect: name, email address, company name, role, and a hashed password.

3.2 Candidate Data

Recruiters may upload candidate profiles containing: full name, email, phone number, current and expected salary, skills, work experience, education, and resume files (PDF or DOCX). Resume text is extracted and stored to enable search and AI-assisted matching.

3.3 Gmail Data (Optional Integration)

If a recruiter connects their Gmail account, we request the following OAuth scopes:

• gmail.readonly — to scan incoming emails for resume attachments
• gmail.send — to send emails to candidates on behalf of the recruiter

Gmail access tokens are encrypted at rest using AES-256-GCM and are never shared with third parties. We do not read, store, or index email body content beyond resume attachments explicitly identified for import. Gmail data is used solely to provide the email-sending and candidate-import features within RecruiterDesk.

You can revoke Gmail access at any time from the Settings page or from your Google Account permissions.

3.4 Job Applications

Candidates who apply through public job boards provide: name, email, phone, and a resume upload. This data is submitted to the recruiting company's RecruiterDesk account.

3.5 Usage Data

We may collect standard server logs including IP addresses, browser type, pages visited, and timestamps for security and operational purposes.

4. How We Use Your Information

• To provide and operate the RecruiterDesk platform
• To enable recruiters to manage candidates, jobs, clients, and interviews
• To send transactional emails (interview invites, follow-up reminders) on behalf of recruiters
• To parse resumes using AI (Google Gemini) for field extraction and job matching suggestions
• To store resume files securely in Google Drive
• To detect and prevent fraud or abuse
• To respond to support requests

We do not sell your personal data. We do not use candidate or recruiter data for advertising purposes.

5. Data Storage and Security

Data is stored in Google Sheets and Google Drive under a dedicated service account. Sensitive values (OAuth tokens, SMTP credentials, WhatsApp access tokens) are encrypted at rest using AES-256-GCM. Resume files are stored in Google Drive with access controlled by the service account.

All data is transmitted over HTTPS. We apply role-based access controls so that each recruitment company can only access its own data (multi-tenancy).

6. Data Sharing

We share data only with the following sub-processors to operate the service:

• Google Cloud / Google Workspace — data storage (Sheets, Drive), authentication (OAuth), AI parsing (Gemini)
• Meta (WhatsApp Cloud API) — optional WhatsApp candidate intake, if configured by the company admin
• SMTP providers — email delivery (user-configured or system fallback)

We do not share data with any other third parties unless required by law or with your explicit consent.

7. Data Retention

Candidate and recruiter data is retained for as long as the company account is active. Companies may delete candidates or their entire account at any time. Deleted records are removed from active storage; backup retention follows Google's infrastructure policies.

Activity-log entries (the audit trail of changes to a candidate record) are automatically deleted 36 months after they are created. Core candidate and job records are not subject to this window — they are retained while the account is active and removed on account deletion.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Data portability
• Withdraw consent at any time (e.g. revoking Gmail access)

To exercise any of these rights, use our privacy request form or email us at privacy@sohamrecruit.com. We will respond within 30 days.

9. Cookies

SohamRecruit sets a small number of cookies, all of which are strictly necessary for the service to function. We do not use advertising, analytics, or tracking cookies.

• token (httpOnly) — your authentication session. Cleared when you sign out.
• original_token (httpOnly) — only set when a super-administrator is impersonating a tenant for support; cleared when they stop impersonating.
• Google reCAPTCHA cookies (_GRECAPTCHA and others) are set by Google on our sign-in, sign-up, and public job-application pages to prevent automated abuse. We don't read these — Google does.
• A browser localStorage entry (cookieConsent.v1) to remember you dismissed our cookie notice.

You can clear cookies at any time from your browser's settings. Clearing the auth cookie will sign you out; clearing the cookieConsent.v1 entry will re-show our cookie notice on next visit.

10. Children's Privacy

RecruiterDesk is not directed at individuals under the age of 16. We do not knowingly collect personal data from minors.

11. International Transfers

RecruiterDesk is a global service. Data may be processed on Google Cloud infrastructure located in the United States. By using the service, you consent to this transfer. We rely on Google's data processing agreements and standard contractual clauses for cross-border data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. Continued use of RecruiterDesk after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions or to exercise your rights, contact us at:

Email: privacy@sohamrecruit.com
Website: sohamrecruit.com