VendorDesk
Log In Start Free Trial
🔒 Legal

Privacy Policy

Hara InfoTech Pvt Ltd · VendorDesk · Last updated: 31 May 2026
Contents
1. Introduction 2. Data We Collect 3. How We Use Data 4. Data Sharing 5. Data Storage & Security 6. Retention 7. Your Rights 8. Cookies 9. Children's Privacy 10. Policy Changes 11. Contact Us

1. Introduction

Hara InfoTech Pvt Ltd ("we", "our", "us") operates VendorDesk, a cloud-based staffing operations platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at vendordesk.io.

By accessing or using VendorDesk, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.

2. Data We Collect

We collect the following categories of information:

  • Account Information: Name, email address, phone number, company name, and password (hashed) when you register.
  • Business Data: Candidate profiles, client records, vendor details, requirements, timesheets, and work history you enter into the platform.
  • Payment Information: Billing details processed via Razorpay. We do not store card numbers — all payment data is handled by our PCI-DSS compliant payment processor.
  • Usage Data: Log files, IP addresses, browser type, pages visited, and actions taken within the platform for analytics and security purposes.
  • Files & Attachments: Resume PDFs and other documents you upload for candidate screening or talent profiles.

3. How We Use Your Data

We use collected data to:

  • Provide, maintain, and improve the VendorDesk platform
  • Process subscription payments and manage billing
  • Send service notifications, security alerts, and support communications
  • Analyse usage patterns to improve features and performance
  • Comply with legal obligations and enforce our Terms of Service
  • Respond to customer support requests

We do not use your business data (candidates, clients, requirements) for any purpose other than operating the platform for your account.

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data with:

  • Service Providers: Cloud hosting (servers), payment processors (Razorpay), and AI services (Anthropic Claude for resume screening) that are contractually bound to protect your data.
  • Legal Compliance: When required by Indian law, court order, or government authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate notice.
📌 Important: Data entered by one tenant (company account) is never accessible to another tenant. Complete data isolation is enforced at the database level.

5. Data Storage & Security

Your data is stored on secured servers in India. We implement the following security measures:

  • Encrypted data transmission via HTTPS/TLS
  • Hashed and salted password storage
  • Tenant-level data isolation
  • Session-based authentication with CSRF protection
  • Regular security audits and access controls

While we use industry-standard security practices, no system is completely immune. In the event of a data breach affecting your information, we will notify you within 72 hours.

6. Data Retention

We retain your data for as long as your account is active. Upon account cancellation:

  • Active account data is retained for 30 days after cancellation to allow recovery
  • After 30 days, data is permanently deleted from production systems
  • Backups may retain data for up to 90 days before purging

You may request immediate deletion at any time by contacting support@vendordesk.io.

7. Your Rights

Under applicable data protection laws, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at support@vendordesk.io. We will respond within 30 days.

8. Cookies

VendorDesk uses session cookies essential for authentication and platform functionality. We do not use third-party tracking or advertising cookies.

  • Session Cookies: Required to keep you logged in
  • Security Cookies: CSRF tokens to protect against cross-site request forgery

You can configure your browser to reject cookies, but this may prevent the platform from functioning correctly.

9. Children's Privacy

VendorDesk is a B2B business platform and is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately.

10. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice within the platform at least 14 days before changes take effect. Continued use of VendorDesk after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, requests, or concerns, contact us at:

  • Email: support@vendordesk.io
  • Company: Hara InfoTech Private Limited (CIN: U62099TS2024PTC191075)
  • Platform: VendorDesk (vendordesk.io)