Legal

Privacy Policy

How we collect, use, disclose, and safeguard your information when you use our Services.

Effective Date: February 18, 2026  |  Last Updated: February 18, 2026

NexeraHR ("we," "us," or "our") is committed to protecting the privacy and security of the personal information and protected health information (PHI) we process. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered recruitment platform, website, and services (collectively, the "Services").

Our Services are designed to comply with global data protection standards, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the Health Insurance Portability and Accountability Act (HIPAA) for our healthcare-related clients in the United States.

1. Information We Collect

We collect information that identifies, relates to, describes, or is reasonably capable of being associated with you ("Personal Data").

A. Information Provided by You

  • Account Information: Name, email address, phone number, and password when you register.
  • Professional Information: Resumes, CVs, work history, education, skills, and certifications.
  • AI Interview Data: Audio and video recordings of interviews, transcripts, and AI-generated assessments.
  • Communication Data: Information provided when you contact sales or support.

B. Information Collected Automatically

  • Usage Data: IP address, browser type, operating system, and interaction with our Services.
  • Cookies and Tracking: We use cookies to enhance user experience and analyze traffic.

C. Protected Health Information (PHI) - HIPAA

For clients in the healthcare sector, NexeraHR may act as a Business Associate. In this capacity, we may process PHI (e.g., health-related certifications or background checks containing health data) on behalf of a Covered Entity. Such data is handled strictly in accordance with the signed Business Associate Agreement (BAA).

2. Legal Basis for Processing (GDPR)

If you are located in the EEA, we process your Personal Data under the following legal bases:

  • Consent: For recording AI interviews and using non-essential cookies.
  • Contractual Necessity: To provide the Services you requested (e.g., processing job applications).
  • Legal Obligation: To comply with applicable laws and regulations.
  • Legitimate Interests: To improve our AI algorithms and ensure platform security.

3. How We Use Your Information

  • Recruitment Services: To match candidates with job opportunities using AI.
  • AI Analysis: To analyze interview performance and provide insights to employers.
  • Communication: To send updates, notifications, and support messages.
  • Compliance: To meet legal, regulatory, and contractual obligations (including HIPAA and GDPR).

4. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following circumstances:

  • With Employers: Candidates' data and AI assessments are shared with the respective hiring companies.
  • Service Providers: Third-party vendors who assist in hosting, analytics, and security (subject to DPAs and BAAs).
  • Legal Requirements: When required by law, subpoena, or government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets.

5. Data Security

We implement enterprise-grade security measures, including:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Access Controls: Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
  • Audit Logs: Comprehensive logging of all access to sensitive data and PHI.
  • Regular Audits: Periodic security assessments and vulnerability scans.

6. Your Rights

GDPR Rights (EEA Users)

  • Access & Portability: Request a copy of your data in a structured format.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data.
  • Withdraw Consent: Withdraw consent for AI recording at any time.

HIPAA Rights (US Healthcare)

Patients/Candidates whose PHI is processed by NexeraHR should contact their respective healthcare provider (the Covered Entity) to exercise their rights under HIPAA, such as requesting an accounting of disclosures.

7. International Data Transfers

NexeraHR is based in the United States. For users in the EEA, we ensure that transfers of personal data are protected by Standard Contractual Clauses (SCCs) or other valid transfer mechanisms approved by the European Commission.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law (e.g., 4-year recordkeeping for AI hiring tools in certain jurisdictions).

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact our Data Protection Officer (DPO) at:

NexeraHR Privacy Office

Email: privacy@nexerahr.com

Phone: +1 (720) 604-9371

Address: [Insert Physical Address]

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Effective Date."