Logo
AI Interview
by HROne

Privacy Policy

How we handle data on the platform.

Last updated: June 4, 2026

1. Scope

This Privacy Policy applies to: (a) recruiters, talent-acquisition professionals, hiring managers, and administrators who access the AI Interview platform as part of their organisation's subscription ('Organisation Users'); and (b) candidates who receive a secure interview link from a subscribing organisation and participate in an AI-led interview session ('Candidates').

The data processor for personal data processed through the platform is Uneecops Workplace Solutions Pvt. Ltd., CIN: U72900DL2016PTC303152, Registered Office: C-185, Phase-I, Naraina Industrial Area, New Delhi, India – 110028. Email: privacy@hrone.cloud.

Candidates' personal data is collected at the direction of a subscribing organisation. That organisation acts as a Data Fiduciary in respect of Candidates' data and is independently responsible for ensuring its own lawful basis for directing that data collection.

2. Categories of personal data we collect

We collect personal data in the following categories. Where data constitutes 'Sensitive Personal Data or Information' (SPDI), this is indicated:

  • Account data: name, work email address, organisation name, job title, authentication credentials.
  • Hiring workflow data: job descriptions, skills and role criteria, applicant names, contact details, round configurations, and scheduling information.
  • Interview session data (partially SPDI): audio recordings, video recordings, in-call chat messages, AI-generated interview transcripts, AI scores and evaluation summaries.
  • Proctoring and identity data (SPDI): device signals, browser/tab-focus events, and where enabled, identity verification captures (photographs, identity document scans). These constitute sensitive personal data under Rule 3 of the SPDI Rules.
  • Billing data: order references, invoice details, GST identification numbers (where provided). Card numbers and UPI handles are not stored on our servers; they are handled exclusively by Cashfree under its own PCI-DSS compliance framework.
  • Technical and usage data: IP addresses, browser type, session logs, and error logs collected automatically for security and service improvement purposes.

3. Lawful basis and purpose of processing

We process personal data for the following purposes:

  • Providing the platform to Organisation Users: necessary for performance of our contract with the subscribing organisation.
  • Running AI interview sessions for Candidates: based on (i) the candidate's informed consent obtained by the organisation prior to the interview invitation, and (ii) our legitimate interest in delivering the contracted service.
  • AI processing and scoring: to provide advisory evaluation outputs to recruiters. Candidates are informed that AI-generated outputs are not determinative hiring decisions and that a human recruiter reviews all results before any decision is taken.
  • Proctoring: to detect session integrity issues at the recruiter's request. Proctoring is a configurable feature; where enabled, candidates are notified in the interview invitation email.
  • Billing and GST compliance: necessary for compliance with our legal obligations under GST law and under the Payment and Settlement Systems Act 2007.
  • Legitimate security and fraud prevention.

4. Recordings, transcripts, and AI outputs

Sessions may be recorded (audio and video) and automatically transcribed. Recordings and transcripts are:

  • stored on our servers within India (or in the jurisdiction disclosed under Clause 6 where cross-border processing is used);
  • accessible only to authorised users within the subscribing organisation's workspace;
  • not shared with other organisations or third parties except as described in Clause 6; and
  • used by our AI systems to generate scores, summaries, and evaluation reports that are delivered to the subscribing organisation.

AI-generated scores and summaries are advisory outputs. They do not constitute automated individual decisions within the meaning of any applicable law and are reviewed by a human recruiter before any hiring decision is made. We do not use candidate session data to train general-purpose AI models without separate and explicit consent.

5. Proctoring

Where the subscribing organisation enables proctoring, the platform may log the following signals during a session: browser tab-focus and blur events, device connection/disconnection events, and identity verification checks. These signals are recorded on a timestamped event timeline made available to the authorised Organisation Users.

Proctoring signals are not used for automatic disqualification. No hiring decision is taken solely on the basis of proctoring data without human review. Candidates are informed that proctoring is active in the session invitation communication sent before the interview.

Where identity verification involves capture of a photograph or identity document, such data is SPDI and is handled in accordance with Clause 3 above.

6. Service providers and data sharing

We share personal data with the following categories of third-party service providers, each bound by data processing agreements:

  • Cloud hosting and infrastructure providers (servers, storage, CDN).
  • Email and communication service providers (for interview invitations and notifications).
  • AI model and speech-processing providers (for transcription, scoring, and question generation).
  • Payment processing: Cashfree Payments India Pvt. Ltd. processes all payment transactions on behalf of Uneecops Workplace Solutions Pvt. Ltd.. Cashfree is a licensed Payment Aggregator regulated by the Reserve Bank of India. Card and UPI details are processed exclusively by Cashfree and are not stored on our servers.

We do not sell, rent, or trade personal data to third parties for marketing or advertising purposes.

Cross-border data transfers: Where any of our service providers process data outside India, such transfers are governed by contractual safeguards and are subject to restrictions that may be imposed under applicable laws.

6a. Cookies and session technologies

We use cookies, local storage, and similar browser-based technologies for the following purposes: (a) authentication and session persistence; (b) security (CSRF protection, rate limiting); and (c) platform analytics to improve service quality. We do not use third-party advertising or tracking cookies. Details and instructions for managing or declining non-essential cookies are available in our Cookie Policy. Disabling authentication cookies will prevent sign-in and interview functionality.

7. Retention of personal data

We retain personal data in accordance with the retention framework (as may be prescribed) under applicable law, covering:

  • Account and hiring workflow data.
  • Interview session recordings and transcripts.
  • Proctoring and identity check data.
  • Billing records.
  • Security and access logs.

After expiry of the applicable retention period, data is securely deleted or anonymised. Anonymised, aggregated data (which cannot identify individuals) may be retained indefinitely for platform improvement purposes.

8. Rights of data principals

Subject to verification and applicable legal obligations, individuals whose data we process have the following rights:

  • Right of access: to receive a summary of personal data we hold about you.
  • Right of correction: to correct inaccurate or incomplete personal data.
  • Right of erasure: to request deletion of personal data, subject to retention obligations under law and the legitimate needs of the organisation that invited you to interview.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any right, contact privacy@hrone.cloud with your name, organisation (or the organisation that invited you), and a description of your request. We will respond within 30 days.

9. Security and breach notification

We implement technical and organisational security measures appropriate to the nature of the data and the risks involved, including: HTTPS/TLS encryption in transit; encryption at rest for recordings and sensitive data fields; role-based access controls; and security monitoring and logging.

In the event of a personal data breach we will notify affected Organisation Users and where required, affected Candidates, without undue delay. To report a suspected security incident, contact security@hrone.cloud.

10. Grievance Officer

In accordance with the Information Technology Act 2000 and the SPDI Rules 2011, we have designated a Grievance Officer to address complaints regarding the processing of personal data. Contact: privacy@hrone.cloud.

11. Changes to this policy

We may update this Privacy Policy from time to time with an updated effective date.