1. Introduction
Hara InfoTech Pvt Ltd ("we", "our", "us") operates VendorDesk, a cloud-based staffing operations platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at vendordesk.io.
By accessing or using VendorDesk, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.
2. Data We Collect
We collect the following categories of information:
- Account Information: Name, email address, phone number, company name, and password (hashed) when you register.
- Business Data: Candidate profiles, client records, vendor details, requirements, timesheets, and work history you enter into the platform.
- Payment Information: Billing details processed via Razorpay. We do not store card numbers — all payment data is handled by our PCI-DSS compliant payment processor.
- Usage Data: Log files, IP addresses, browser type, pages visited, and actions taken within the platform for analytics and security purposes.
- Files & Attachments: Resume PDFs and other documents you upload for candidate screening or talent profiles.
3. How We Use Your Data
We use collected data to:
- Provide, maintain, and improve the VendorDesk platform
- Process subscription payments and manage billing
- Send service notifications, security alerts, and support communications
- Analyse usage patterns to improve features and performance
- Comply with legal obligations and enforce our Terms of Service
- Respond to customer support requests
We do not use your business data (candidates, clients, requirements) for any purpose other than operating the platform for your account.
4. Data Sharing
We do not sell, rent, or trade your personal information. We may share data with:
- Service Providers: Cloud hosting (servers), payment processors (Razorpay), and AI services (Anthropic Claude for resume screening) that are contractually bound to protect your data.
- Legal Compliance: When required by Indian law, court order, or government authority.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate notice.
📌 Important: Data entered by one tenant (company account) is never accessible to another tenant. Complete data isolation is enforced at the database level.
5. Data Storage & Security
Your data is stored on secured servers in India. We implement the following security measures:
- Encrypted data transmission via HTTPS/TLS
- Hashed and salted password storage
- Tenant-level data isolation
- Session-based authentication with CSRF protection
- Regular security audits and access controls
While we use industry-standard security practices, no system is completely immune. In the event of a data breach affecting your information, we will notify you within 72 hours.
6. Data Retention
We retain your data for as long as your account is active. Upon account cancellation:
- Active account data is retained for 30 days after cancellation to allow recovery
- After 30 days, data is permanently deleted from production systems
- Backups may retain data for up to 90 days before purging
You may request immediate deletion at any time by contacting support@vendordesk.io.
7. Your Rights
Under applicable data protection laws, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing of your data in certain circumstances
To exercise any of these rights, contact us at support@vendordesk.io. We will respond within 30 days.
8. Cookies
VendorDesk uses session cookies essential for authentication and platform functionality. We do not use third-party tracking or advertising cookies.
- Session Cookies: Required to keep you logged in
- Security Cookies: CSRF tokens to protect against cross-site request forgery
You can configure your browser to reject cookies, but this may prevent the platform from functioning correctly.
9. Children's Privacy
VendorDesk is a B2B business platform and is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately.
10. Policy Changes
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice within the platform at least 14 days before changes take effect. Continued use of VendorDesk after changes constitutes acceptance of the updated policy.