Legal

Privacy Policy

Effective 15 Mar 2026 · Last updated 15 Mar 2026

Your privacy matters. This policy explains in plain language how we collect, use, and protect your data when you use NexeraHR—whether you're hiring, applying, or just browsing.

Privacy Policy

Effective Date: 15 Mar 2026 · Last Updated: 15 Mar 2026

NexeraHR ("NexeraHR," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website, applications, and related services (collectively, the "Services").

This Privacy Policy applies to:

  • visitors to our website,
  • employer-side users of the NexeraHR platform,
  • candidates who interact with job postings, applications, assessments, surveys, and interviews hosted through NexeraHR,
  • other individuals whose information is processed through the Services.

If you are using NexeraHR on behalf of a company, organization, or other legal entity, that entity may be the data controller for certain personal data processed through the Services. See the section How NexeraHR Works for Employers and Candidates below.

1. Who We Are

Company Name: [Insert Legal Company Name]

Registered Address: [Insert Company Address]

Contact Email: [Insert Privacy Contact Email]

If you have questions about this Privacy Policy or our privacy practices, you can contact us at the details above.

2. How NexeraHR Works for Employers and Candidates

NexeraHR is a multi-tenant hiring and HR technology platform used by employers to manage recruiting workflows, including job postings, applications, applicant tracking, assessments, interviews, surveys, team access, analytics, and related hiring operations.

When an employer uses NexeraHR

In many cases, the employer using NexeraHR is the data controller for candidate and employee-related data submitted to or managed in the platform, and NexeraHR acts as a data processor or service provider on that employer's behalf.

When NexeraHR acts as a controller

NexeraHR may act as a data controller for data we collect and use for our own business purposes, such as:

  • account registration and authentication,
  • billing and subscription management,
  • security, fraud prevention, and abuse detection,
  • service improvement, troubleshooting, and audit logging,
  • legal compliance,
  • marketing or communications where permitted by law.

If you are a candidate and you applied to a job hosted by one of our customer companies, that company is usually the primary party responsible for decisions about your application data.

3. Information We Collect

We may collect the following categories of information.

A. Information you provide directly

Depending on how you use the Services, you may provide: name, email address, phone number, password or login credentials, company name, company slug, branding details, billing details, role and team information, job application details, resume/CV and related files, employment history, education, skills, certifications, and other candidate profile data, responses to job-specific questions, assessment responses, survey responses, interview scheduling details, interview transcripts and voice interaction content, support requests and communications.

B. Account and authentication data

When you create or access an account, we may collect: email address, hashed and/or encrypted identifiers, authentication provider information, Google sign-in data where applicable, magic link verification data, multi-factor authentication status and related security metadata, session and token data stored in secure cookies.

C. Recruitment and candidate data

When employers use NexeraHR to hire, we may process: candidate contact details, application history, current application stage and stage history, ATS/resume scoring data, assessment scores and narrative analysis, interview scores, transcripts, analysis, and invite status, custom answers submitted in applications, source or referral information, tags, notes, and workflow decisions made by authorized employer users.

D. Resume and document data

We may collect and process: uploaded resumes and CVs, extracted text from resumes, structured parsed resume data, file metadata such as content type and upload timestamps.

E. Usage and technical data

We may automatically collect: IP address, browser type, device information, operating system, pages viewed, actions taken in the platform, timestamps, error logs, connection status, referring URLs, cookie identifiers and session information.

F. Billing and subscription data

For employer customers, we may collect or receive: billing contact information, subscription plan details, Stripe customer identifiers, payment status, transaction metadata, invoices and billing events. We do not store full payment card numbers on our own systems; payment processing is handled by third-party payment providers such as Stripe.

4. Information We Collect from Other Sources

We may receive information from: authentication providers such as Google, payment processors such as Stripe, employer customers who invite team members or submit candidate-related data, candidates who upload resumes or complete assessments/interviews, service providers that help us process resumes, interviews, and AI-generated analyses, and public or user-submitted data integrated into the Services.

5. How We Use Personal Data

We use personal data to: provide, operate, maintain, and improve the Services; create and manage user accounts; authenticate users and secure access; support onboarding, tenant setup, and workspace configuration; host career pages and public job listings; receive and process job applications; store, parse, and analyze resumes; generate ATS matching scores and reports; create, send, administer, and score assessments; create, schedule, conduct, and analyze AI-assisted interviews; manage surveys and collect responses; manage team invitations, user roles, and permissions; process billing and subscriptions; send transactional communications (e.g. login links, verification emails, password reset, interview invites, assessment links); enable real-time collaboration and updates; monitor performance, troubleshoot issues, and detect abuse; maintain audit logs and security records; and comply with legal obligations and enforce our terms.

6. AI and Automated Processing

NexeraHR includes features that use AI and automated systems, including for: job description generation, resume parsing, ATS matching and scoring, assessment generation and scoring, and interview transcription and analysis. These features may generate recommendations, scores, summaries, or other outputs based on the data provided. Such outputs are intended to assist decision-making and may not always be accurate, complete, or free from bias. Employers are responsible for reviewing and validating hiring-related decisions and for using the platform in compliance with applicable employment, anti-discrimination, and AI governance laws.

8. Cookies and Similar Technologies

We use cookies and similar technologies to: keep users signed in; maintain sessions; support authentication and security; remember settings and preferences; measure usage and performance; and support core platform functionality. Some cookies are necessary for the Services to function properly. Depending on your jurisdiction, we may provide additional cookie controls or notices where required by law.

9. How We Share Personal Data

We may share personal data with:

A. Employer customers and authorized users

If you are a candidate, your personal data may be shared with the employer, recruiters, hiring managers, and authorized team members using NexeraHR for the relevant role or workflow.

B. Service providers and subprocessors

We may share data with vendors that help us operate the Services, such as providers for cloud hosting, database and storage, content delivery, authentication, payment processing, email delivery, real-time messaging, resume processing, AI analysis, interview voice technology, and monitoring, logging, and security. This may include AWS S3 and CloudFront, MongoDB-related infrastructure, Auth.js/NextAuth-related tooling, Stripe, Pusher, GROQ, ElevenLabs, and Google authentication services.

C. Affiliates and corporate transactions

We may share data with affiliates or as part of a merger, acquisition, financing, reorganization, sale of assets, or similar transaction.

D. Legal and compliance disclosures

We may disclose information where necessary to comply with law, regulation, legal process, or governmental request; enforce our agreements; protect our rights, users, or the public; or detect, investigate, or prevent fraud, abuse, or security incidents.

E. With your direction or consent

We may share information with third parties when you ask us to do so or otherwise consent.

10. International Data Transfers

Your personal data may be transferred to and processed in countries other than the country where you reside. These countries may have data protection laws that differ from those in your jurisdiction. Where required, we will take appropriate safeguards for international transfers, such as contractual protections or other lawful transfer mechanisms.

11. Data Retention

We retain personal data for as long as necessary to: provide the Services; maintain employer accounts and candidate workflows; fulfill the purposes described in this Privacy Policy; comply with legal, tax, accounting, and regulatory obligations; resolve disputes; enforce agreements; and maintain security and audit records. Retention periods may vary depending on the type of data, the customer relationship, whether an employer customer deletes or exports data, legal obligations, and security and fraud-prevention needs. Candidates should note that employers using NexeraHR may determine how long certain application data is retained in their account, subject to applicable law.

12. Security

We use commercially reasonable technical and organizational measures designed to protect personal data, including: encryption of sensitive data at rest where applicable; hashed and/or encrypted identifiers; secure authentication flows; httpOnly cookies for session handling; role-based access control; tenant isolation checks; audit logging for sensitive actions; rate limiting where configured; and security headers and related protections. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Your Privacy Rights

Depending on your location and applicable law, you may have rights such as: the right to know what personal data is collected and how it is used; the right to access personal data; the right to correct inaccurate data; the right to delete personal data; the right to restrict or object to certain processing; the right to data portability; the right to withdraw consent where processing is based on consent; and the right to lodge a complaint with a supervisory authority.

Candidates

If your data is controlled by an employer using NexeraHR, you may need to contact that employer directly to exercise certain rights related to your application or hiring data. We may assist our customers with such requests where required.

Employer users and direct account holders

You may contact us directly regarding rights related to data for which NexeraHR is the controller.

To exercise rights, contact: [Insert Privacy Contact Email]. We may need to verify your identity before fulfilling a request.

14. California and Similar U.S. State Privacy Rights

If applicable law grants you specific privacy rights (including rights to access, delete, correct, or opt out of certain data uses), you may exercise those rights by contacting us. NexeraHR does not sell personal data for money. We also do not share personal data for cross-context behavioral advertising unless explicitly disclosed and permitted by law. Because NexeraHR primarily operates as a business-to-business recruiting platform, some state privacy rights may be subject to exemptions under applicable law.

15. Children's Privacy

The Services are not intended for children, and we do not knowingly collect personal data from children under the age required by applicable law without appropriate authorization. If you believe a child has provided personal data in violation of applicable law, contact us so we can investigate and take appropriate action.

16. Third-Party Services and Links

The Services may integrate with or link to third-party services. Their privacy practices are governed by their own policies. We are not responsible for the privacy practices of third parties except as required by law.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by updating the date above, posting a notice in the Services, or using other appropriate means. Your continued use of the Services after an update becomes effective means you acknowledge the revised Privacy Policy, to the extent permitted by law.

18. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, contact:

[Insert Legal Company Name]

[Insert Company Address]

[Insert Privacy Contact Email]