Privacy Policy
Introduction
This Privacy Policy explains how Xzohra ("we", "us", or "our") collects, uses, and protects your personal information when you use our recruitment platform. We are committed to protecting your privacy and ensuring transparency in our data practices.
By using Xzohra, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Account Information
When you create an account, we collect your name, email address, password, company name (for recruiters), and profile information.
Resume and Application Data
We process resume content, work history, education, skills, and other information you provide in job applications.
Usage Data
We automatically collect information about how you interact with our platform, including pages visited, features used, search queries, and application activity.
Technical Data
We collect IP addresses, browser type, device information, and other technical data for security and analytics purposes.
LinkedIn Social Authentication
To make sign-up faster for candidates, we offer Sign In with LinkedIn in addition to Google. This section explains what LinkedIn data we access, how we protect it, and your right to revoke it at any time.
1. Information We Collect via LinkedIn
When you choose to register or log in using your LinkedIn account, we request access to specific information from your LinkedIn professional profile. Depending on the permissions granted, this data includes:
- Identity Data: Your first name, last name, and profile picture URL.
- Contact Data: The primary email address associated with your LinkedIn account.
- Authentication Tokens: Temporary OAuth access tokens and unique alphanumeric Member Tokens provided by LinkedIn to securely authenticate your session.
We do not scrape, crawl, or collect any non-official content or data regarding your personal network connections, network updates, or private messages.
2. How and Why We Use Your LinkedIn Data
In strict accordance with LinkedIn’s developer rules, your data is used exclusively to:
- Authenticate your identity and securely log you into your account.
- Create and populate your user profile to deliver a seamless personal experience.
We never sell, rent, or lease your profile data to third parties. Furthermore, your LinkedIn data will never be used for advertising, ad targeting, credit eligibility, automated background tracking, or surveillance purposes.
3. Data Storage, Segregation, and Retention
- Data Segregation: Any data cached or stored from your LinkedIn profile is strictly isolated within our databases so that it can be easily identified, updated, or selectively removed.
- No Background Refreshing: We will only refresh your profile information while you are actively interacting with our application. We do not run automated background processes to harvest your data.
- Retention Period: We only store your data for the minimum duration required to provide our services or for as long as your account remains active.
4. Data Deletion and Revocation of Consent
You maintain full control over your personal information at all times:
- Immediate Deletion: If you close your account or formally request data deletion, all data retrieved via the LinkedIn API—including your Member Tokens and OAuth Access Tokens—will be immediately and permanently purged from our active systems within 24 hours.
- Revoking Access:You can revoke our application’s access to your profile data at any moment directly through your LinkedIn App Settings. Once expired or revoked, we will explicitly ask for your affirmative consent again before accessing your profile.
5. Your Consent
Before you click the “Sign In with LinkedIn” button, you will see a brief notice stating: “By signing in, you agree to our Privacy Policy and allow us to use your profile name and email to set up your account.”
Per LinkedIn’s Data Processing Agreement, your data is handled in compliance with applicable privacy regulations including GDPR where applicable.
How We Use Information
We use your information to:
- Provide and maintain our recruitment platform services
- Process job applications and facilitate hiring workflows
- Send transactional emails and notifications about your applications
- Improve our platform through analytics and user feedback
- Prevent fraud, abuse, and security threats
- Comply with legal obligations and enforce our terms
- Communicate updates, features, and promotional content (with your consent)
AI-Assisted Processing
Some features use machine learning and AI to score resumes, match candidates with jobs, and provide recommendations. These automated outputs support, but do not replace, final human decisions made by recruiters.
We continuously monitor and improve our AI systems to ensure fairness and accuracy. You have the right to request human review of automated decisions that significantly affect you.
Data Sharing
We share your information only in the following circumstances:
- With Recruiters: When you apply to a job, we share your application data with the hiring company
- Service Providers: We use third-party services for hosting, analytics, email delivery, and payment processing
- Legal Requirements: We may disclose information to comply with legal obligations or protect our rights
- Business Transfers: In the event of a merger or acquisition, your data may be transferred to the new entity
We never sell your personal information to third parties for marketing purposes.
Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption of data in transit and at rest
- Regular security audits and penetration testing
- Access controls and authentication requirements
- Employee training on data protection practices
- Incident response procedures for data breaches
While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
Data Retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations.
- Active Accounts: Data is retained while your account is active
- Inactive Accounts: Data may be deleted after 2 years of inactivity
- Application Data: Retained for 3 years for compliance and analytics
- Legal Requirements: Some data must be retained longer for legal or regulatory purposes
Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your data (subject to legal requirements)
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain types of data processing
- Restriction: Request limitation of data processing
- Withdraw Consent: Withdraw consent for marketing communications
To exercise these rights, contact us at hello@xzohra.com. We will respond within 30 days.
GDPR Compliance (EU Users)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right to lodge a complaint with a supervisory authority
- Right to data portability in a structured, commonly used format
- Right to object to automated decision-making
- Right to be informed about data breaches affecting your data
Our legal basis for processing your data includes contract performance, legal obligations, legitimate interests, and your consent.
Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us:
- Email: hello@xzohra.com
- Address: 123 Tech Street, San Francisco, CA 94105, United States
- Data Protection Officer: privacy@xzohra.com
We will respond to your inquiry within 30 days.
