PRIVACY POLICY

NoKuJob™ — A Product of AJ Human AI® Private Limited

Last Updated: July 07, 2025

Effective Date: July 07, 2025

1. INTRODUCTION

This Privacy Policy explains how AJ Human AI® Private Limited collects, uses, processes, stores, and protects your personal information when you use NoKuJob™ services. This policy complies with:

General Data Protection Regulation (GDPR) - EU/EEA
UK GDPR and Data Protection Act 2018 - United Kingdom
Digital Personal Data Protection Act, 2023 (DPDP Act) - India
California Consumer Privacy Act (CCPA/CPRA) - California, USA
Privacy Act 1988 and Australian Privacy Principles - Australia
Irish Data Protection legislation

By subscribing to or using NoKuJob™ services, you consent to the collection, use, and processing of your personal information as described in this Privacy Policy. If you do not agree, please do not use our services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Contact Information: Full name, email address, phone number, current location/country
Professional Information: Work experience, employment history, educational background, qualifications, certifications, skills, professional achievements
CV Documents: Your uploaded CV/resume file containing personal details, work history, education, references
Job Preferences: Preferred job types, industries, locations, salary expectations, visa status, work authorization details
Course Information: For students - course name, university name, start/end dates, course type
Account Information: Username, password (encrypted), account preferences, subscription status
Referral Information: Referral codes, referral earnings

2.2 Payment Information

Payment processing is handled by third-party payment processors (Razorpay and Wise). We do NOT store your complete credit card numbers, CVV, or full banking details. We only receive and store:

Transaction confirmation details
Payment status
Last 4 digits of card (for reference)
Transaction IDs
Payment method type

    Important: Full payment card details are processed and stored securely by Razorpay and Wise according to their respective privacy policies and PCI-DSS standards. We never see or store your complete card details.

2.3 Automatically Collected Data

We automatically collect certain information when you use our service:

IP address and approximate geolocation
Browser type and version
Operating system
Device type (mobile/desktop)
Login timestamps and session duration
Pages visited within platform
Feature usage patterns
Technical logs and error reports

2.4 Data We Do NOT Collect

Email account passwords or login credentials
Social media account passwords (LinkedIn, Indeed, etc.)
Employer portal login credentials
Biometric data (fingerprints, face recognition)
Precise geolocation tracking
Data from your email inbox or social media accounts
Health or genetic information
Criminal history
Sensitive personal data beyond what you voluntarily provide in your CV

3. LEGAL BASIS FOR PROCESSING (GDPR Article 6)

3.1 Contract Performance (Art. 6(1)(b))

Processing necessary to deliver the subscribed service including CV creation, job research, staff-assisted application submission (with your per-application approval), and application tracking assistance.

3.2 Consent (Art. 6(1)(a))

Marketing communications (optional, can withdraw anytime)
Non-essential cookies (see Cookie Policy)

3.3 Legitimate Interest (Art. 6(1)(f))

Service improvement through aggregated analytics
Fraud prevention
Security monitoring

3.4 Legal Obligation (Art. 6(1)(c))

Tax record retention (7 years)
GST compliance
Regulatory compliance

4. HOW WE USE YOUR INFORMATION

4.1 Primary Purposes

Create customized, ATS-optimized CVs tailored to specific job opportunities
Create professional cover letters
Research and identify suitable job opportunities
Match your profile with job requirements
Process subscription payments via Razorpay and Wise
Provide customer support
Send service notifications about new CVs, job opportunities, and account updates
Maintain your application tracking dashboard and audit trail for staff-submitted applications

4.2 Secondary Purposes

Improve service quality through aggregated, anonymized analytics
Prevent fraud and unauthorized access
Comply with legal, tax, and GST obligations
Resolve disputes
Administer referral program

4.3 We Do NOT Use Your Data For

Selling to any third party
Targeted advertising or ad profiling
Automated decision-making that produces legal effects
Political profiling or scoring
Surveillance of any kind
Accessing your personal email or social media accounts

5. DATA STORAGE AND SECURITY

5.1 Storage Location

Primary data stored on secure cloud servers (AWS or equivalent)
Server locations: Primarily India region
Backups maintained in geographically separate locations
File storage (CVs, documents): Encrypted cloud storage

5.2 Security Measures

Technical Security:

Encryption at Rest: AES-256 encryption for all stored data
Encryption in Transit: TLS 1.2+ (HTTPS) for all data transmissions
Password Security: Argon2 hashing (industry-leading algorithm)
Access Controls: Role-based access control (RBAC) - staff can only access assigned students
Multi-Factor Authentication: Available for user accounts; required for staff access
Firewall Protection: Network firewalls and intrusion detection systems
Regular Backups: Encrypted daily backups with secure storage
HTTP-Only Cookies: Prevents XSS attacks
CSRF Protection: On all forms
Rate Limiting: Prevents brute force attacks

Organizational Security:

All staff sign comprehensive NDAs and confidentiality agreements
Regular security training for all personnel
Documented security policies and procedures
Incident response plan for security breaches
Regular security audits and vulnerability assessments
Audit logs of all data access and modifications
Background checks for staff with data access

5.3 Data Breach Procedures

In the event of a data breach affecting your personal information:

User Notification: Within 72 hours of discovery via email
Authority Notification: Relevant supervisory authorities notified within 72 hours (GDPR Art. 33)
Investigation: Full investigation initiated immediately
Remediation: Security measures enhanced to prevent recurrence
Details Provided: Nature of breach, data affected, potential consequences, steps taken

6. DATA RETENTION PERIODS

Data Type	Retention Period	Reason
Account profile data	Duration of active subscription	Service delivery
CVs and cover letters	90 days after cancellation	Allow user to download
Application records	90 days after cancellation	Reference purposes
Payment transaction records	7 years after transaction	Tax/GST compliance (legal requirement)
Login/security logs	12 months	Security monitoring
Support communications	2 years after last contact	Service quality and dispute resolution
Referral program data	Duration of account + 1 year	Program administration

After retention periods expire, data is permanently deleted or fully anonymized. You can request early deletion at any time (except legally required records like tax documents).

7. DATA SHARING AND THIRD PARTIES

7.1 Service Providers (Data Processors)

Provider	Purpose	Data Shared	Location
Razorpay	INR payment processing	Transaction data, name, email	India
Wise	International payment processing	Transaction data, name, email	EU/Global
Cloud hosting (AWS or equivalent)	Infrastructure	All platform data (encrypted)	India/Global
Email service provider	Notification emails	Email address, name, notification content	Varies

All processors are bound by Data Processing Agreements (DPA) requiring them to protect your data and use it only for specified purposes.

7.2 We Do NOT Share Data With

Advertisers or ad networks
Data brokers or marketing companies
Social media platforms (except payment processors' own compliance requirements)
Government agencies (unless legally required by valid court order)

    We Do NOT Sell Your Data: We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. Period.

7.3 Legal Disclosure

We may disclose data if required by:

Valid court order or subpoena
Law enforcement with proper legal authority
Regulatory requirements (tax, GST, data protection authorities)
Protection of our rights or prevention of fraud

We notify affected users where legally permitted.

8. INTERNATIONAL DATA TRANSFERS

8.1 Transfer to India

If you are located outside India, your personal information will be transferred to and processed in India where our servers are located. India may have different data protection laws than your country.

8.2 Legal Safeguards for EU/EEA/UK Transfers

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on:

Standard Contractual Clauses (SCCs) approved by European Commission Decision 2021/914
UK International Data Transfer Agreement (IDTA) for UK users
Transfer Impact Assessments (TIAs) conducted as required
Your explicit consent to the transfer

8.3 Your Rights Regarding Transfers

You have the right to:

Request information about transfer safeguards
Object to transfers
Obtain copies of SCCs/IDTA

Contact: official@nokujob.com (Subject: "Data Transfer Information")

9. YOUR PRIVACY RIGHTS

9.1 For EU/EEA/UK Residents (GDPR & UK GDPR)

Right	Description
Right of Access (Art. 15)	Request a copy of your personal data we hold
Right to Rectification (Art. 16)	Request correction of inaccurate data
Right to Erasure (Art. 17)	Request deletion of your data ("right to be forgotten")
Right to Restrict Processing (Art. 18)	Request limitation of how we use your data
Right to Data Portability (Art. 20)	Receive your data in machine-readable format (CSV/JSON)
Right to Object (Art. 21)	Object to processing based on legitimate interests
Right to Withdraw Consent (Art. 7(3))	Withdraw consent for data processing at any time
Right to Lodge Complaint	File complaint with your local data protection authority

9.2 For California Residents (CCPA/CPRA)

Right to Know: Request disclosure of what personal information we collect and how we use it
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of sale of personal information (we do NOT sell data)
Right to Correct: Request correction of inaccurate information
Right to Non-Discrimination: Not be discriminated against for exercising your rights

9.3 For Australian Residents (Privacy Act 1988)

Right to access your personal information
Right to correct inaccurate information
Right to complain to the Office of the Australian Information Commissioner (OAIC)

9.4 For Indian Residents (DPDP Act 2023)

Right to Access
Right to Correction and Erasure
Right to Grievance Redressal
Right to Nominate (nominate someone to exercise rights in case of death/incapacity)

9.5 How to Exercise Your Rights

Email: support@nokujob.com or official@nokujob.com

Subject Line: "Privacy Rights Request — [Specific Right]"

Include:

Your name and registered email address
The specific right you wish to exercise
Any relevant details to help us process your request
Proof of identity (for security)

Response Time:

Most requests: Within 30 days
GDPR requests: Within 1 month (may extend to 3 months for complex requests)
CCPA requests: Within 45 days

Cost: Free (first request); may charge reasonable fee for manifestly unfounded or excessive requests

10. CHILDREN'S PRIVACY

NoKuJob™ is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected data from a child under 18, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@nokujob.com.

11. AUTOMATED DECISION-MAKING

We do NOT use automated decision-making or profiling that produces legal effects or similarly significant effects on users.

Job matching is based on your profile preferences and staff review. Final decisions on which jobs to present are made by staff, and you have complete control over which applications to approve for staff submission or to submit yourself. Staff only submits applications with your explicit per-application approval.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

We update the "Last Updated" date at the top
For material changes affecting your rights: 30-day advance notice via email
For minor changes: Update posted on website
Continued use after changes = acceptance

Previous versions available upon request.

13. DATA PROTECTION OFFICER

For privacy-related inquiries:

Email: official@nokujob.com
Subject: "Attention: Data Protection Officer"
Phone: +91 80758 76201

14. SUPERVISORY AUTHORITIES

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant supervisory authority:

Jurisdiction	Authority	Website
United Kingdom	Information Commissioner's Office (ICO)	ico.org.uk
Ireland	Data Protection Commission (DPC)	dataprotection.ie
European Union	Local Data Protection Authority	edpb.europa.eu
Australia	Office of Australian Information Commissioner (OAIC)	oaic.gov.au
India	Data Protection Board (under DPDP Act)	To be established
California, USA	California Attorney General	oag.ca.gov

15. CONTACT US

AJ Human AI® Private Limited

CIN: U62099KL2025PTC095861
GSTIN: 32ABDCA3587H1ZQ
Official Email: official@nokujob.com
Support Email: support@nokujob.com
Phone: +91 80758 76201
Address: Thapasya Building, Smart Business Centre - 2, Infopark Phase 1, Kakkanad, Kochi, Kerala 682042, India
Website: https://nokujob.com

We are committed to protecting your privacy and will respond to your inquiry within 48 hours.

This Privacy Policy is effective as of July 07, 2025 and applies to all users of NoKuJob™ services.

NoKuJob™ is a trademark of AJ Human AI® Private Limited.

Legal Documents