Back
Aram

Privacy Policy

Last updated: February 2026

1. Information We Collect

  • Account data: Name, email, organisation, role.
  • Recruitment data: Job descriptions, resumes, candidate profiles, briefing recordings, assessment scores.
  • Usage data: Page views, feature usage, login timestamps.
  • Technical data: IP address, browser type, device info (collected via analytics).

2. How We Use Your Data

  • Provide and improve the recruitment platform.
  • AI processing: resume parsing, candidate matching, briefing analysis, JD generation.
  • Send transactional emails (invites, briefing links, password resets).
  • Enforce plan limits and billing.
  • Security monitoring and fraud prevention.

3. Data Storage & Security

  • Data is stored in Azure-hosted PostgreSQL with encryption at rest (AES-256).
  • All traffic is encrypted with TLS 1.2+.
  • Passwords are hashed with bcrypt (12 rounds).
  • File uploads (resumes, documents) are stored in encrypted object storage (MinIO / Azure Blob).
  • Access tokens expire after 15 minutes; refresh tokens after 7 days.

4. Tenant Isolation

Each organisation's data is logically isolated at the database level. No user from one tenant can access another tenant's data. Enterprise deployments support dedicated infrastructure for complete physical isolation.

5. Third-Party Services

  • Azure OpenAI: JD generation, resume matching, briefing analysis (data processed in your Azure region).
  • Razorpay: Payment processing (PCI-DSS compliant).
  • Zoho CRM: Optional CRM sync (configurable per tenant).
  • SMTP providers: Transactional email delivery.

6. Your Rights

  • Access: Request a copy of all data we hold about you.
  • Correction: Update inaccurate personal information.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Export your data in standard formats (JSON, CSV).
  • Objection: Opt out of AI processing for specific data.

7. Data Retention

Active account data is retained for the duration of your subscription. Upon account deletion, all data is permanently removed within 30 days, unless a longer retention period is required by law or contractual obligation.

8. Contact

For privacy inquiries, contact our Data Protection Officer at privacy@aram.dev.

© 2026 Aram. All rights reserved.