Data Protection and Security
Privacy and Policy
Privacy Policy
This Privacy Policy (“Policy”) describes how Manavritti Solutions Pvt. Ltd., operating the product Intervuebox.ai (collectively referred to as “Intervuebox”, “we”, “our”, or “us”), collects, uses, discloses, stores, and protects personal data when you access or use our website, applications, APIs, AI agents, voice systems, WhatsApp integrations, dashboards, APIs, and related services (collectively, the “Services”).
We are committed to protecting your privacy and processing personal data in accordance with applicable data protection laws, including but not limited to:
- General Data Protection Regulation (EU) 2016/679 (“GDPR”)
- UK GDPR and Data Protection Act 2018
- UAE Personal Data Protection Law (PDPL)
- Information Technology Act, 2000 and associated SPDI Rules, 2011 (India)
1. Scope of This Policy
This Policy applies to:- Visitors to our website
- Trial users and prospects
- Customers and authorized users
- Enterprise customers, resellers, and white-label partners
- API consumers
2. Information We Collect
We collect personal data through multiple sources depending on how you interact with Intervuebox. This includes (i) data collected directly from you when you register, communicate with us, or use our Services; (ii) data collected indirectly from our customers when they upload or process information relating to candidates, employees, or leads while using our Services; and (iii) data received via third-party integrations or service providers that you or our customers choose to connect with Intervuebox, in each case subject to applicable law and contractual safeguards.2.1 Personal Data You Provide
We may collect the following categories of personal data:- Identity Information: Name, designation, company name
- Contact Information: Email address, phone number
- Account Information: Login credentials, organization details
- Billing Information: Billing contact details, payment-related metadata (payment processing is handled by third-party payment processors)
- Support Communications: Emails, chats, call recordings, and support tickets
2.2 Data Collected Automatically
When you access our Services, we may automatically collect:- IP address
- Device and browser information
- Log files and usage data
- Session data and interaction metadata
2.3 Customer-Provided Data (Controller–Processor Relationship)
When you use Intervuebox as a customer, you may upload or process data relating to candidates, employees, or leads (“Customer Data”). In such cases:- You act as the Data Controller
- Intervuebox acts as the Data Processor
2A. Summary of Data Collection by User Type
The table below provides a high-level summary of the types of data we may collect and how we use such data, depending on your relationship with Intervuebox. This table is provided for transparency and ease of understanding and should be read together with the detailed sections of this Policy.| Type of User | What Data We May Collect | How and Why We Use It |
| Visitor | • Approximate location (city, country) • Website usage data (pages visited, time spent, navigation patterns) • Device and browser information (model, OS, browser type) • Cookies and web beacon data | • To operate and secure the website • To understand user behavior and improve website performance and content • To personalize user experience and measure effectiveness of campaigns • To send newsletters or marketing communications where consent is provided |
| Customer (Organization / Account Owner) | • Name and business email of authorized representative • Company and account details • Billing and payment-related metadata (processed via third-party payment processors) • Service usage and configuration data | • To register and manage customer accounts • To provide, operate, and support the Services • To process payments and prevent fraud • To communicate service-related notices, updates, and administrative messages |
| User (Authorized User, Candidate, or End User) | • Name and email address (where applicable) • Product usage data and interaction logs , Candidate resumes etc • Device and application information • Cookies and web beacon data | • To enable access to and use of product features • To improve product functionality and user experience • To communicate service updates and support messages • To analyze usage trends and ensure platform security. |
3. Special Categories of Personal Data
We do not collect any Special Categories of Personal Data. Further, if you are a Customer or User, you hereby agree and acknowledge that you shall not, under any circumstances, whether directly or indirectly, use our Services to collect or process Special Categories of Personal Data or transfer to us any such data. The term “Special Categories of Personal Data” shall have the meaning ascribed to it under the GDPR and shall include, without limitation, data pertaining to a data subject’s:- Race or ethnic origin
- Genetics
- Political affiliations or opinions
- Biometric data
- Health data
- Sexual orientation or sex life
4. Cookies and Tracking Technologies
We use cookies and similar technologies to:- Track user preferences
- Analyze usage trends
- Improve website performance and user experience
5. Purpose of Processing
We process personal data for the following purposes:- Providing and operating the Services
- Account creation and authentication
- Customer support and communication
- Product improvement and analytics
- Security monitoring and fraud prevention
- Sales, marketing, and business development (where permitted by law)
- Compliance with legal obligations
6. Legal Basis for Processing (GDPR)
Where GDPR applies, we process personal data based on one or more of the following legal grounds:- Consent
- Performance of a contract
- Compliance with legal obligations
- Legitimate interests (such as improving our Services and ensuring security)
7. Your Rights & Preferences as a Data Subject
Subject to applicable law, you have the following rights:- Right to Be Informed – about how your personal data is collected and used
- Right of Access – to request access to your personal data
- Right to Rectification – to correct inaccurate or incomplete data
- Right to Erasure – to request deletion of your personal data
- Right to Restrict Processing – to limit processing under certain circumstances
- Right to Object – to object to processing, including an absolute right to object to direct marketing
- Right to Data Portability – to receive your data in a structured, machine-readable format
- Right Not to Be Subject to Automated Decision-Making – including profiling, where legally applicable
8. Compelled Disclosure
In addition to the purposes set out in this Policy, we may disclose any data we collect or process from you if such disclosure is required:- Under applicable law or to respond to a legal process, such as a search warrant, court order, or subpoena;
- To protect our safety, your safety, or the safety of others, or in the legitimate interest of any party in the context of national security, law enforcement, litigation, criminal investigation, or to prevent death or imminent bodily harm;
- If required in connection with legal proceedings brought against Intervuebox.ai, Manavritti Solutions Pvt. Ltd., or any of its officers, employees, affiliates, customers, or vendors; or
- To establish, exercise, protect, defend, or enforce our legal rights.
9. Security of Your Personal Information
We implement industry-standard technical and organizational measures by using a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, loss, destruction, or disclosure. Where particularly sensitive data is collected, it is encrypted using industry-standard cryptographic techniques including, but not limited to, SSL, TLS, RSA, and AES. We adhere to the ISO/IEC 27001:2022 standard, an internationally recognized framework for Information Security Management Systems (ISMS). Our commitment to ISO 27001 ensures that we follow rigorous security practices and maintain high standards for information security. In compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India), we adhere to the following reasonable security practices and procedures:| Measure | Description |
| Access Control | Access to personal data is granted only to authorized personnel on a strict need-to-know basis, and such access is logged and monitored. |
| Data Encryption | Sensitive personal data is encrypted both in transit and at rest using strong encryption methods such as AES-256. |
| Network Security | Secure network architecture is employed, including firewalls and intrusion detection/prevention systems. |
| Regular Audits | Regular security audits and assessments are conducted to identify vulnerabilities and ensure compliance with security policies. |
| Incident Management | Established protocols exist for managing and responding to security incidents, including data breaches, to mitigate potential impact. |
| Employee Training | Employees undergo regular security and data protection training to ensure compliance with internal policies. |
| Third-Party Compliance | Third-party service providers handling personal data are required to adhere to equivalent security standards and practices. |
| Physical & Environmental Security | Robust physical security controls are implemented to protect data centers and facilities from unauthorized access or damage. |
| Business Continuity Management | Business continuity and disaster recovery plans are developed, tested, and maintained to ensure service availability. |
| Risk Assessment & Treatment | Regular risk assessments are conducted and appropriate mitigation measures are implemented. |
| Audit & Compliance | Periodic internal and external audits are conducted to ensure ISO 27001 compliance and continuous improvement of the ISMS. |