Privacy Policy

Edjobster AI Tools (“Edjobster”, “we”) is a product of Edjobster Private Limited (CIN U72900DL2022PTC396155), registered at 5170 2nd Floor, Phatak Hakim Mehmood Khan, Ballimaran, Chandni Chawk, Delhi 110006, India. We provide AI hiring agents that work alongside the recruiting tools you already use — screening and ranking applicants inside your ATS and inbox.

For anything in this policy, reach us at [email protected] or +91 93199 76569.

• For customer account data — your workspace, users, billing, and trial requests — Edjobster is the data controller: we decide how it’s used, and this policy is the primary notice.
• For candidate data — the people your team screens — your employer or recruiting company is the controller and Edjobster is the processor: we handle that data only on the customer’s instructions.

Account & billing(we’re the controller): names and work emails of workspace users, password hashes (never plain passwords), roles and login activity, billing country and address, GSTIN, subscription and credit history, refund and support requests, and trial-request form submissions (name, work email, optional company, phone, country, team size, and use-case note).

Candidate data(we’re the processor): what your connected ATS or mailbox already holds — name, email, phone, CV file and its extracted text, application stage, and source. We collect it because the customer connected that source; we add nothing of our own.

Usage events: an audit trail of actions in the product (who ran a screening, who viewed a score). Used for security, support, and engagement metrics — never for advertising.

Before any candidate text is sent to an AI model, we strip it of direct identifiers: names become initials; email addresses, phone numbers, links, street addresses, and postal codes become anonymous placeholders; school names and any government ID numbers are removed entirely and never restored. The AI scores the redacted text; the original details are re-attached only on our own systems, and the mapping is discarded immediately. Prompts and AI responses are never written to our logs.

AI scores are advisory only — a human recruiter always makes the decision. Edjobster does not train AI models on your data.

Demographic data (race, religion, gender identity, disability, marital status), photographs, national identifiers, salary history, background checks, health data, and biometric data. If a CV happens to contain such details, they are suppressed before AI processing — they are never used to score anyone. The product is built for adult hiring; we do not serve candidate populations under 18.

We rely on a small set of vetted third-party providers to run the service. Below are the categories of provider, what each one handles, and the region it processes in:

A current, named list of these subprocessors is available to customers and prospective customers on request, and forms part of our data-processing agreement. We give customers at least 30 days’ notice before adding a subprocessor that touches their data, where contractually committed.

• Candidates with no active application: removed after 1 year of inactivity (customers can extend to a maximum of 3 years).
• CV files: deleted with the candidate record.
• Closed jobs: 2 years.
• Deactivated user accounts: anonymised after 90 days.
• Audit and security events: retained for as long as required for security and legal compliance.
• Backups age out on a fixed schedule after deletion completes.

If a company screened you with Edjobster, you can — directly from the disclosure email you received, or via the company that holds your application:

• See and export everything we hold about you — self-serve, delivered in minutes as a download.
• Have it erased — self-serve and immediate: identifying fields are destroyed and AI commentary about you is deleted.
• Correct data at the source ATS — it syncs across.
• Restrict or object to AI screening — your profile is skipped and recruiters see a notice instead of a score.
• Not be subject to an automated decision — structurally guaranteed: scores are advisory and a human always decides.

Self-serve requests complete in minutes; mediated requests within 30 days. India’s DPDP Act 2023 governs our operations; for EU/UK candidates, GDPR Articles 13–22 apply as described.

Workspace admins can export their full workspace data and request complete deletion. Deletion runs a 30-day soft-delete window (restorable on request), then a hard purge of every record, file, and connector token — including revocation at connected providers. Backups age out on their fixed schedule afterwards, and we provide a written deletion attestation covering our subprocessors.

Encryption in transit (TLS) and at rest; connector tokens encrypted again at the application layer; passwords hashed with Argon2id; strict per-workspace data isolation enforced at the database layer and tested in CI; and a complete audit trail of privacy-relevant actions. Report a security issue: [email protected].

We use only essential cookies and browser storage to keep you signed in. No advertising trackers and no third-party analytics on this site.

Redacted screening text, error monitoring, and email delivery involve US-based providers (see Subprocessors). For EU/UK customers we rely on Standard Contractual Clauses with those providers. Under India’s DPDP Act, transfers are permitted to countries not on the government’s restricted list — none has been notified as of the date above.

We’ll update this page as the product evolves and notify workspace admins of material changes. Questions or requests: [email protected]. See also our Refund Policy and Terms of Service.