Hirecode Privacy Policy
1. Introduction
Hiring great engineers has always been hard. In the age of AI-generated code, it has become harder in a way that most platforms have not caught up with yet. A candidate can submit working, well-structured code without writing a single line of it themselves. Existing assessment tools have no way to tell the difference. Hirecode does.
Hirecode is an AI-powered coding assessment platform that evaluates not just what a candidate submits, but how they built it. We analyze the entire process including edit patterns, behavioral signals, explanation depth, and code quality together to give hiring companies a clear and confident signal about real engineering ability.
Because our platform captures a significant amount of data about both companies and candidates, we take our responsibility around that data with complete seriousness. This Privacy Policy explains exactly what we collect, why we collect it, how we use it, who we share it with, how long we keep it, and what rights you have over it.
This policy applies to everyone who interacts with Hirecode, including company administrators, hiring team members, and candidates who take assessments through our platform. It also governs how we handle data collected through payment transactions processed via third-party payment gateways including Razorpay and other similar platforms.
If you have questions after reading this, you can reach us at hello@hirecode.me.
2. Who We Are
Hirecode is a technical hiring platform operating under the trade name HireCode. We are registered in India as a micro and small enterprise under the Udyam Registration scheme of the Ministry of Micro, Small and Medium Enterprises, Government of India. We are an early-stage venture operating under this registration and have not been incorporated as a private limited company or any other corporate entity under the Companies Act, 2013.
When this policy refers to "Hirecode," "we," "us," or "our," it means the business operating under the HireCode name and the services we provide at hirecode.me and any related subdomains.
We are based in India and serve companies and candidates both within India and internationally. Our obligations therefore span Indian data protection law including the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as well as the data protection frameworks applicable in other countries where our users are located, including the General Data Protection Regulation (GDPR) for users in the European Economic Area and the United Kingdom.
For data protection purposes, Hirecode acts as a Data Fiduciary under Indian law and as a Data Controller under GDPR for personal data belonging to company users. For candidate data that companies collect through our platform, Hirecode acts as a Data Processor on behalf of those companies.
3. Who This Policy Applies To
Company Users are individuals who create or manage a Hirecode account on behalf of a business. This includes CTOs, engineering leads, talent teams, and any team member added to a company workspace on the platform.
Candidates are individuals who receive an invitation to complete a technical assessment through Hirecode. Candidates interact with the platform directly but their assessment is always initiated and overseen by a company user.
Visitors are anyone who browses our website or marketing pages at hirecode.me without creating an account or taking an assessment.
Paying Customers are company users who have subscribed to a paid plan and whose billing and payment data is processed through our payment gateway partners.
4. What Our Platform Does
Hirecode provides companies with a structured and AI-powered way to assess the genuine engineering ability of candidates during technical hiring. Companies create assessments through our platform, invite candidates to complete them, and receive detailed evaluation reports that cover code quality, behavioral signals, process analysis, and post-submission micro-interview responses. The platform is delivered entirely as a web-based software service accessible at hirecode.me. No physical goods are sold or shipped. Access to the platform is granted digitally upon successful subscription and payment confirmation.
5. Data We Collect
5.1 Data Collected from Company Users and Paying Customers
When a company registers on Hirecode, we collect the full name and work email of the account holder, the company name and size, and communication history with our support team. We also collect product usage data including how frequently assessments are created, which features are accessed, and how reports are reviewed.
For paying customers, we collect billing-related information including the name on the account, billing email address, and invoicing details. Payment card information and bank details are never collected or stored directly by Hirecode. All payment data is collected and processed exclusively by our payment gateway partners including Razorpay, which maintain their own security and compliance standards. We receive only a transaction confirmation and a masked payment reference from the gateway after a successful payment.
5.2 Data Collected from Candidates
Candidate data is collected at the point of assessment. This includes the candidate's full name and email address provided during identity verification, one-time password verification records used to confirm identity before the test begins, and explicit consent records capturing when and how the candidate agreed to data collection before starting their session.
We collect all code written during the session including every keystroke, edit, deletion, and revision in the exact sequence they occurred. We collect paste events including the content and timing of anything pasted into the code editor, tab switch events, idle periods, and overall session timing. If the candidate uses the planning scratchpad provided within the test environment, that content is also collected. We record time spent on each section of the assessment and the free-text responses a candidate submits during the post-submission micro-interview. Standard technical identifiers including IP address, browser type, operating system, and device metadata are collected during the session for security and compatibility purposes.
5.3 Behavioral and Analytical Data
Hirecode's core capability is evaluating how a candidate wrote their code, not just what they submitted. To do this, we generate derived analytical data from each session. This includes edit timeline reconstructions showing the pace and sequence of code development, paste pattern classifications identifying the nature and frequency of pasted content, idle period correlations mapped against code complexity at each stage, refactoring depth scores reflecting how substantially a candidate revised their own work, authorship confidence scores between 0 and 100 representing our AI model's assessment of genuine code ownership, behavioral highlights flagged as significant by our analysis engine, and skill dimension scores across areas relevant to the role being assessed.
5.4 Payment and Transaction Data
When a company subscribes to Hirecode, the payment transaction is processed through our payment gateway partner. We collect and retain transaction identifiers, payment status, subscription start and renewal dates, invoicing details, and records of failed or disputed payments. This data is retained for the period required under Indian tax and financial regulations including the Goods and Services Tax framework. We do not store credit card numbers, CVV codes, UPI credentials, net banking passwords, or any other sensitive payment authentication data on our servers at any point.
5.5 Automatically Collected Data
When anyone uses our platform or visits our website, we automatically collect standard technical data including IP addresses, browser type and version, operating system, pages visited, time spent on pages, and referring URLs. This data helps us keep the platform running reliably and understand how it is being used.
6. How We Collect Data
We collect data directly when users and candidates enter it into the platform. We collect behavioral data automatically through our live test environment, which uses WebSocket connections and background processes that capture session activity without interrupting the candidate's experience. Payment data is collected and handled entirely by our third-party payment gateway. We may receive limited data from email providers when assessment invitations are sent and opened.
We do not purchase data from third-party data brokers. We do not collect data from candidates' social media profiles or public code repositories unless a user explicitly connects such accounts.
7. Why We Collect Data and How We Use It
7.1 To Deliver the Core Service
We use collected data to generate unique assessment problems for each candidate, run the live coding environment, capture behavioral signals during the session, produce micro-interview questions after submission, generate the evaluation report, and deliver that report to the hiring company. Every piece of data we collect serves one of these functions.
7.2 To Process Payments and Manage Subscriptions
We use billing and transaction data to process subscription payments, issue invoices, manage renewals, handle failed payment retries, respond to billing disputes, and maintain accurate financial records as required under Indian law. Payment processing is carried out by our gateway partner and is governed by their terms and privacy policy in addition to this one.
7.3 To Improve Our AI Models
Hirecode's evaluation engine becomes more accurate over time as more sessions are processed. We use anonymized and aggregated session data to refine our authorship confidence model, improve our behavioral fingerprinting algorithms, and improve the relevance and quality of AI-generated problems and interview questions. We do not use individually identifiable candidate data to train our models without separate, explicit consent.
7.4 To Operate Our Business
We use company user data to manage accounts, process billing, provide customer support, send product and service notifications, and analyze usage trends to improve the product experience.
7.5 To Ensure Platform Integrity
We use session metadata and behavioral signals to detect misuse, prevent unauthorized access, enforce our Terms and Conditions, and maintain the reliability and fairness of the assessment environment.
7.6 To Communicate with You
We send candidates transactional emails related to their assessment such as invitation confirmations and session reminders. We send company users billing notifications, payment receipts, product updates, and support communications. We do not send candidates marketing emails. Company users may receive information about new features or offers from us and can opt out at any time by writing to us at hello@hirecode.me.
8. Legal Basis for Processing
8.1 Under Indian Law
Under the Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we process personal data on the basis of free and informed consent provided by the data principal before processing begins, and on the basis of legitimate uses including the performance of a contract, compliance with legal obligations, and purposes reasonably expected by the individual in the context of a hiring assessment.
8.2 Under GDPR for EEA and UK Users
For users located in the European Economic Area or the United Kingdom, we process personal data on the basis of contract performance for data necessary to deliver the service, legitimate interests for analytics, security, and service improvement where these interests are not overridden by individual rights, consent for any processing beyond what is necessary to deliver the service, and legal obligation where retention or disclosure is required by law.
9. Candidate Consent
Before any candidate begins an assessment on Hirecode, they are shown a clear and plain-language explanation of what data will be collected during their session. This includes the fact that keystrokes, paste events, idle periods, tab switches, and post-submission responses will be recorded and analyzed by our platform. Candidates must provide explicit consent before the assessment begins. A record of this consent including the timestamp and the version of the disclosure shown is stored and attached to the candidate's session record permanently.
Candidates who do not consent cannot be required to complete the assessment and Hirecode will not process their data without a valid consent record on file.
10. Payment Gateway and Third-Party Processing
Hirecode uses Razorpay and may use other RBI-compliant payment gateway providers to process subscription payments. When you make a payment through our platform, you will be interacting with the payment gateway's interface, which is governed by their own terms of service and privacy policy. We strongly encourage you to review those policies before completing a transaction.
Hirecode does not have access to your full card number, CVV, UPI PIN, net banking credentials, or any other sensitive payment authentication information. The payment gateway transmits only a payment success or failure status and a transaction reference number to our system. This reference is used solely to confirm and record your subscription activation or renewal.
In the event of a payment dispute or chargeback, we may share relevant transaction records and account activity with the payment gateway or with our banking partners to resolve the matter. This sharing is limited strictly to what is necessary to resolve the dispute.
11. Data Sharing
11.1 With Hiring Companies
Candidate assessment data including code submissions, behavioral analysis, authorship scores, micro-interview transcripts, and evaluation reports is shared with the company that initiated the assessment. Companies can share reports internally using team share links and PDF exports. Hirecode is not responsible for how a company uses or further shares a candidate report after it has been delivered through our platform.
11.2 With Service Providers
We share data with third-party service providers who help us operate the platform. These include our cloud infrastructure provider, payment gateway partner, email delivery provider, and AI model API provider. All service providers are bound by data processing agreements that restrict how they can use any data we share with them.
11.3 With AI Model Providers
Our micro-interview engine and problem generation system use large language model APIs. Candidate code and interview responses may be transmitted to these APIs for processing. We use API agreements that contractually prohibit model providers from using submitted content to train their own models.
11.4 For Legal and Regulatory Reasons
We may disclose personal data if required to do so by law, court order, government authority, or statutory body in India or in any other applicable jurisdiction. This includes disclosures required by the Reserve Bank of India, tax authorities, or law enforcement agencies acting under valid legal process. We may also disclose data if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Hirecode, our users, candidates, or the public.
11.5 Business Transfers
If the HireCode business is involved in a merger, acquisition, or transfer of assets in the future, personal data may form part of that transaction. We will notify affected users and candidates before any such transfer occurs and before data becomes subject to a materially different privacy policy.
We do not sell personal data. We do not share candidate data with advertising networks under any circumstances.
12. Data Retention
Company account data is retained for as long as the account remains active and for a reasonable period after closure to support billing disputes, legal obligations, or reactivation.
Candidate session data including keystrokes, behavioral signals, and micro-interview transcripts is retained for a default period of 12 months from the date of the assessment. Companies may request extended retention for active hiring pipelines. After the retention period, session data is deleted or irreversibly anonymized.
Payment and transaction records are retained for a minimum of 8 years as required under Indian tax law including the Income Tax Act, 1961 and the Goods and Services Tax framework. This retention is mandatory regardless of account status.
Anonymized and aggregated data derived from candidate sessions and used for model improvement may be retained indefinitely as it cannot be traced back to any individual.
If a candidate submits a valid erasure request, we will delete their personally identifiable data from active systems within 30 days, subject to any legal obligations requiring us to retain specific records.
13. Data Security
We implement technical and organizational measures to protect the data we hold. These include encryption of all data in transit using TLS, encryption of data at rest, role-based access controls limiting internal access to sensitive data, audit logging of access to candidate records, and regular security reviews of our infrastructure.
Our live test environment uses secured, session-isolated WebSocket connections. Candidate session recordings and behavioral data are stored in access-controlled cloud storage and are not publicly accessible at any point.
Payment data is never stored on Hirecode servers. All payment processing takes place within the PCI-DSS compliant environment of our payment gateway partner.
No security system is entirely without risk and we cannot guarantee absolute security. If we become aware of a data breach affecting personal data, we will notify affected users and, where required, relevant authorities including the Data Protection Board of India and the Indian Computer Emergency Response Team, within the timeframes required by applicable law.
14. International Data Transfers
Hirecode is based in India. Our cloud infrastructure and certain third-party service providers may process data outside India. Where personal data is transferred outside India, we take steps to ensure that appropriate safeguards are in place consistent with the requirements of the Digital Personal Data Protection Act, 2023 and any rules or notifications issued thereunder.
For users located in the European Economic Area or the United Kingdom, international transfers are governed by standard contractual clauses or other approved transfer mechanisms as required under GDPR.
15. Your Rights as a Data Principal or Data Subject
Depending on where you are located, you have rights over your personal data. These rights are described below.
Under Indian law (DPDPA 2023), individuals have the right to access a summary of personal data being processed, the right to correction and erasure, the right to grievance redressal, and the right to nominate another individual to exercise these rights in the event of death or incapacity.
Under GDPR for EEA and UK users, individuals have the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing based on legitimate interests. Where processing is based on consent, that consent can be withdrawn at any time without affecting the lawfulness of prior processing.
Candidates wishing to exercise any of these rights should first contact the company that administered their assessment, as that company is the data fiduciary or data controller for the assessment. Candidates may also contact us directly at hello@hirecode.me and we will assist in coordinating the request.
Company users can exercise their rights by writing to us at hello@hirecode.me. We will respond to all valid requests within 30 days or within the timeframe required by applicable law, whichever is shorter.
16. Grievance Officer
In accordance with the Information Technology Act, 2000 and the rules made thereunder, and in anticipation of obligations under the Digital Personal Data Protection Act, 2023, Hirecode has designated a point of contact to address all privacy-related concerns and grievances.
Grievance Contact: HireCode Team
Email: hello@hirecode.me
Response Time: We aim to acknowledge all grievances within 48 hours and resolve them within 30 days.
If your grievance relates to a payment or billing matter, please include your transaction reference number and registered email address in your message so we can resolve it as quickly as possible.
17. Cookies and Tracking
We use cookies and similar technologies on the Hirecode platform and at hirecode.me. Strictly necessary cookies are required for the platform to function correctly. Analytics cookies help us understand how the product is used. Preference cookies remember settings chosen by users. We do not use advertising cookies or cross-site tracking technologies.
Visitors to our website can manage cookie preferences through the consent notice presented on their first visit. Disabling analytics cookies does not affect the ability to use the product.
18. Children and Minors
Hirecode is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted data through our platform, we will delete it promptly and notify the relevant company user.
19. Third-Party Links
Our platform and reports may contain links to third-party websites or services. This Privacy Policy does not cover those external services and we are not responsible for their privacy practices. We encourage you to read the privacy policy of any third-party service you visit through a link from our platform. This includes the privacy policies of our payment gateway partners, which govern how your payment data is handled during a transaction.
20. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our product, our data practices, or applicable law. When we make material changes, we will notify company users by email and display a clear notice within the platform. The updated policy will carry a revised effective date at the top. Continued use of the platform after the effective date of a revised policy constitutes acceptance of that policy.
21. Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, have a concern about how we have handled your data, need to raise a grievance, or have a billing or payment related query, please reach out to us at:
Email: hello@hirecode.me
Website: hirecode.me
Registered Under: Udyam Registration, Ministry of MSME, Government of India
If you are located in the European Economic Area or the United Kingdom and believe we have not resolved your concern adequately, you have the right to lodge a complaint with your local data protection supervisory authority. If you are located in India, you may approach the Data Protection Board of India once it is constituted and operational under the DPDPA 2023.