1.1 Overview
Scrini provides an AI-driven recruitment platform and white-label job board that helps organizations (“Clients”) source, screen, interview, and manage candidates. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit scrini.ai, our sub-domains (including white-label job boards), mobile or web apps, APIs, or integrations (collectively, the “Service”).
By using the Service, you agree to this Policy and our Terms of Service.
Roles. For Client account data, Scrini is a data controller. For Candidate data processed on behalf of a Client, Scrini is a data processor and the Client is the data controller.
1.2 Personal Data We Process
A. Client & Admin Data (Controllers)
Identity & contact: name, business email, phone, job title, company.
Account & billing: company profile, billing address, plan, invoices, payment-method tokens (stored with our PCI-compliant processor).
Security & access: login identifiers, SSO/SAML/SCIM attributes, roles, audit logs, API keys, IP/device metadata.
Communications: support requests, product feedback, survey responses, marketing preferences.
B. Candidate Data (Processed on behalf of Clients)
Application data: résumé/CV, cover letter, work history, education, skills, portfolio links.
Assessment & interview: test results, structured Q&A, AI phone/video interview recordings & transcripts, interviewer notes, scoring, recommendations.
Workflow data: job applied, stage history, scheduling details, calendar invites, status updates.
Portal data: profile fields, preferences, documents uploaded by candidates.
C. Website & Product Analytics
Essential cookies for authentication and security.
Optional analytics (e.g., GA4): device/browser, timestamps, language, referrer, crash reports.
Sensitive data. We do not require special-category data. If Clients collect it, they must have a lawful basis; Scrini processes strictly on Client instructions.
Children. The Service is not intended for individuals under 16.
1.3 Purposes & Legal Bases
Service delivery & security (Contract / Legitimate Interests): authenticate users, authorize roles, operate features (sourcing, analysis, scheduling, AI interviews, white-label job boards), provide support, prevent fraud/abuse, maintain audit trails.
AI features (Contract / Legitimate Interests): generate job descriptions, question banks, rankings, summaries, and insights from Client inputs; transcribe calls/interviews and produce analyses.
Improvement & research (Legitimate Interests / Consent where required): analyze de-identified usage to improve quality, safety, and performance. Unless a Client opts in to “Model Learning,” we do not use Candidate PII to train shared models.
Marketing (Consent / Legitimate Interests): send product updates to business contacts; you may opt out at any time.
Legal compliance (Legal Obligation): respond to lawful requests, enforce agreements, prevent harm.
1.4 Sharing & International Transfers
We share personal data:
Within a Client tenant with authorized users and service accounts.
With sub-processors (cloud hosting, communications, analytics, transcription, support tools) bound by DPAs, confidentiality, and security obligations.
For legal reasons (e.g., court order) or corporate transactions with safeguards.
Transfers. Data may be processed in India, the EU, the UK, and the US. We use Standard Contractual Clauses (SCCs)/UK Addendum or adequacy mechanisms. Data-residency preferences may be honored for enterprise clients.
1.5 Retention
Client account data: retained for the subscription term + 90 days, then minimized or deleted unless law requires otherwise.
Candidate data: governed by Client settings. We delete or irreversibly anonymize Candidate PII within 30 days after Client deletion or contract termination.
Backups: roll off automatically per lifecycle policies (typically 35 days).
1.6 Cookies & Similar Technologies
Strictly necessary cookies are required for login/security and cannot be disabled.
Analytics/functional cookies are optional and can be controlled via our cookie banner or your browser settings. Do-Not-Track is honored where technically feasible.
1.7 Your Rights
Depending on your jurisdiction (e.g., GDPR/UK-GDPR, CCPA/CPRA), you may request access, correction, deletion, restriction, portability, or objection/opt-out (including “Do Not Sell or Share” under CPRA where applicable).
Candidates should contact the hiring organization (controller). We assist Clients to fulfill requests within legal timelines.
Clients & visitors may contact support@scrini.ai.
We will not discriminate against you for exercising your rights.
1.8 Security Summary
We apply layered security (see Data Security Policy): TLS 1.3 in transit, AES-256/KMS at rest, RBAC/SSO/MFA, network segregation, least-privilege access, change control, vulnerability management, and incident response. Our program aligns with SOC 2 Type II and ISO/IEC 27001; independent penetration tests run at least annually.
1.9 Third-Party Services
The Service integrates with third-party ATS/HRIS, calendars, communications vendors, and job boards. Your use of those services is governed by their terms and privacy notices.
1.10 Changes & Contact
We may update this Privacy Policy. We will post the revision date and, for material changes, notify Client admins by email at least 14 days before the effective date.
Contact (Privacy/DPO):
support@scrini.ai | +91-9457234349
Scrini AI Tech LLP, Gali No. 12/3, Burari, City Delhi, North Delhi, Delhi 110084, India