Privacy Policy

Last updated: January 6, 2025

1. Introduction

SutraWorks Hire ("we", "our", or "us"), operated by SutraWorks Lab, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-native hiring platform.

By using SutraWorks Hire, you consent to the data practices described in this policy. If you do not agree with our policies, please do not use our services.

2. Our Privacy-First Architecture (BYOK)

SutraWorks Hire is built on a Bring Your Own Key (BYOK) architecture that fundamentally differs from traditional SaaS platforms. Here's what this means for your privacy:

  • API Key Storage: Your AI provider API keys (OpenAI, Anthropic, Google) are stored exclusively in your browser's local storage, encrypted and never transmitted to our servers.
  • Direct AI Communication: When you use AI features, requests go directly from your browser to your chosen AI provider. We do not proxy, store, or have access to these communications.
  • Candidate Data in AI: Any candidate data processed by AI (resume parsing, scoring, etc.) is handled directly between your browser and your AI provider, never passing through our servers.
  • No AI Data Retention: We have no access to AI-processed data, and therefore cannot retain, analyze, or share it.

3. Information We Collect

3.1 Account Information

When you register for an account, we collect:

  • • Full name
  • • Email address
  • • Company name
  • • Password (hashed and salted, never stored in plain text)
  • • Role/position within the organization

3.2 Job Posting Data

Content you create on our platform:

  • • Job titles and descriptions
  • • Requirements and qualifications
  • • Salary ranges and benefits information
  • • Location and remote work policies

3.3 Candidate Data

Information submitted by or about job applicants:

  • • Names and contact information
  • • Resumes and cover letters
  • • Application responses
  • • Interview notes and ratings (created by your team)
  • • Pipeline status and hiring decisions

3.4 Usage Data

Automatically collected information:

  • • Browser type and version
  • • Pages visited and features used
  • • Time spent on pages
  • • Error logs and performance data
  • • IP address (for security purposes)

4. How We Use Your Information

We use collected information to:

  • • Provide and maintain our services
  • • Authenticate users and manage accounts
  • • Process and display job postings
  • • Enable candidate management and tracking
  • • Send service-related communications
  • • Improve and optimize our platform
  • • Detect and prevent fraud or abuse
  • • Comply with legal obligations

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information only in these circumstances:

  • With Your Consent: When you explicitly authorize sharing with third parties.
  • Service Providers: With vendors who assist in operating our platform (hosting, email delivery) under strict confidentiality agreements.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

6. Data Security

We implement comprehensive security measures including:

  • • TLS/SSL encryption for all data in transit
  • • AES-256 encryption for data at rest
  • • Secure password hashing (bcrypt)
  • • Role-based access controls (RBAC)
  • • Multi-tenant data isolation
  • • Regular security audits and penetration testing
  • • Automatic session timeout and secure cookie handling

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account deletion:

  • • Account data is deleted within 30 days
  • • Job postings can be archived or deleted at your discretion
  • • Candidate data is handled according to your organization's retention policies
  • • Anonymized analytics data may be retained for service improvement

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • • Access your personal data
  • • Correct inaccurate data
  • • Delete your data ("right to be forgotten")
  • • Export your data in a portable format
  • • Object to certain processing activities
  • • Withdraw consent at any time

To exercise these rights, contact us at contact@sutraworks.ai.

9. International Data Transfers

Our services may involve data transfers to countries outside your residence. We ensure appropriate safeguards are in place, including standard contractual clauses and compliance with applicable data protection frameworks.

10. Children's Privacy

SutraWorks Hire is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date. Your continued use of the service after changes constitutes acceptance of the modified policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@sutraworks.ai

Company: SutraWorks Lab