RecruitGem AI
RecruitGem AI

Policy

Privacy Policy

Last Updated: February 25, 2026

This Privacy Policy explains how Alovalabs (operating as RecruitGem AI) collects, uses, processes, retains, and discloses your personal information in accordance with applicable privacy laws including the Information Technology Act, 2000 and related regulations in India.

By accessing and using RecruitGem AI, you consent to the data practices described in this policy. If you do not agree with our practices, please do not use our services.

1. Information We Collect

Information Provided Directly by You

  • Account Registration: Name, email address, company name, first/last name, password hash.
  • Candidate Data: Candidate names, emails, phone numbers, job titles, resumes (which may contain sensitive personal information), work history, skills, and education details.
  • Interview Data: Audio recordings, video recordings, interview transcripts, AI-generated analysis, ratings, and feedback.
  • Payment Information: Billing email, subscription tier, payment method details. Note: Complete payment card information is NOT stored by us—it is handled securely by our payment processor Paddle.
  • Communication Data: Messages, feedback, support tickets, and correspondence with our team.

Information Collected Automatically

  • Usage Analytics: Pages visited, features used, time spent, interactions, clicks, and navigation patterns (via Google Analytics).
  • Device Information: Browser type, operating system, device type, IP address, and device identifiers.
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, and similar tracking technologies to enhance user experience and security.
  • Error Logging: Performance issues, errors, and system logs (via Sentry error tracking). No personally identifiable information is intentionally included in error logs.
  • Interview Session Data: Tab switch counts, timestamps, browser activity, and integrity check metrics.

Information from Third Parties

  • Firebase Authentication: Authentication state and user verification data.
  • Google Cloud Services: Video storage metadata, processing logs, and batch job information.

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: Providing interview scheduling, AI interview conduction, report generation, and candidate screening features.
  • AI Processing: Analyzing interview responses, generating reports, assessing candidate fit, and identifying patterns in candidate performance using Generative AI models (Gemini 2.5 Flash Lite).
  • Account Management: Creating and maintaining user accounts, managing subscriptions, and processing payments.
  • Communication: Responding to inquiries, sending account updates, policy changes, and service notifications.
  • Service Improvement: Analyzing usage patterns, identifying product improvements, and enhancing user experience through analytics.
  • Security: Detecting and preventing fraud, unauthorized access, abuse, and maintaining platform integrity. This includes monitoring tab switches and device activity during interviews.
  • Legal Compliance: Complying with applicable laws, regulations, court orders, and legal requests from authorities.
  • Video Analysis: Submitting video recordings to Vertex AI for analysis of candidate response quality, body language, environment appropriateness, and integrity assessment.

3. Third-Party Services and Data Sharing

We share information with the following third-party services to operate our platform:

Required Service Providers

  • Firebase (Google Cloud): Cloud database (Firestore), authentication, and real-time data synchronization. Data is encrypted in transit and at rest.
  • Google Cloud Storage: Video file storage, backup, and secure signed URL generation for uploads and downloads.
  • Vertex AI (Google Cloud): Batch video analysis for response quality, body language, environment assessment, and integrity detection. Videos are processed on Google's infrastructure.
  • Paddle: Payment processing, subscription management, and billing. Paddle complies with PCI-DSS standards for payment security.
  • Sentry: Error tracking, performance monitoring, and crash reporting. We do NOT send personally identifiable information to Sentry. Error logs are anonymized and contain no email addresses, company names, or user IDs.
  • Google Analytics: Website usage analytics and aggregated user behavior tracking. No personally identifiable information is sent directly to GA; identifiers are anonymized.

Public Data Sharing

  • Interview Invitations: When you invite a candidate to an interview via a shareable link, certain information is visible to the candidate: your company name, job title, job description, and interview context. This information is necessary for the candidate to understand the interview purpose.

Legal Disclosure

  • We may disclose your information if required by law, court order, government request, or to protect the safety and security of our users and platform.
  • In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notification of any such change.

4. Data Retention and Deletion

  • Active Accounts: Data is retained for the duration of your subscription and account activity.
  • Interview Records: Interview transcripts, recordings, and AI reports are retained as long as your account is active.
  • Account Deletion: When you delete your account, candidate data, interview recordings, and reports are marked for deletion. Hard deletion occurs within 30 days of account deletion or upon written request.
  • Payment Records: Billing records are retained for 6 years to comply with Indian financial regulations and GST requirements.
  • Error Logs: Sentry error logs are retained for 90 days for security and debugging purposes.
  • Analytics Data: Google Analytics data is retained for 14 months by default (configurable).
  • Cookies: Session cookies are deleted upon logout; persistent cookies are retained for up to 1 year.

5. Data Security

We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit.
  • At-rest encryption for sensitive data in our databases.
  • Secure password hashing using Firebase Authentication.
  • Role-based access control (RBAC) for internal systems.
  • Regular security audits and vulnerability assessments.
  • Firestore security rules limiting access to authorized users.

However, no security system is 100% impenetrable. While we take reasonable precautions, we cannot guarantee absolute security. You acknowledge and accept this risk when using our services.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Correction: Correct inaccurate or incomplete information.
  • Right to Deletion: Request deletion of your data (subject to legal retention obligations).
  • Right to Data Portability: Request your data in a portable, machine-readable format.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time.

To exercise these rights or to request a Data Subject Access Request (DSAR), contact us at info@alovalabs.in.

7. Children's Privacy

RecruitGem AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided information, we will delete it promptly.

8. International Data Transfers

Your data may be processed and stored on servers located in the United States (Google Cloud) or other jurisdictions. By using RecruitGem AI, you consent to such transfers. We ensure that data transfers comply with applicable legal requirements.

9. Cookies and Tracking

We use cookies for the following purposes:

  • Session Management: Maintaining your login state.
  • Functionality: Remembering preferences and settings.
  • Analytics: Tracking usage patterns via Google Analytics.
  • Security: Preventing unauthorized access and fraud.

You can disable cookies in your browser settings, but this may limit functionality.

10. Third-Party Links and Services

RecruitGem AI may contain links to external websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing your information.

11. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Significant changes will be communicated to you via email or prominent notification on the platform. Continued use of RecruitGem AI after updates indicates your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or wish to exercise your data rights, please contact us at:

We will respond to requests within 30 days or as required by applicable law.