Privacy Notice

About this notice

We collect and process limited personal data to match candidates with employers across India. We do not sell your data, and we do not run advertising on this site. If a section of this notice does not apply to you (for example, you only browsed the site without filling a form), the rules in that section will not affect you.

Who is the Data Fiduciary

Nexuspoint Consultant, headquartered in Delhi NCR, India, is the Data Fiduciary for the personal data described below. Our designated officers are listed in Contact at the bottom of this notice.

Data we collect

We only collect what we need to do recruitment work. The categories are:

• Identity and contact — name, email, phone number.
• Professional — resume / CV, current company, role, experience level, expected compensation.
• Application context — the role you applied for, the job description you posted, any cover note you wrote.
• Technical — IP address, browser type, pages visited, and a session identifier, collected through our analytics and error-tracking tools.

Identity, contact, professional, and application data are collected only when you submit a form. If you only browse the site without submitting a form, we collect just the technical category. Inside Nexuspoint, your data is read by our recruiters when working on a brief that matches your profile and by our Data Protection Officer when she handles a rights request. Our analytics tag is configured not to read form fields, and our error tracker is configured to scrub free-text and contact fields before any event is recorded.

We do not collect financial information, government identifiers (Aadhaar, PAN), or sensitive categories such as health or biometric data on this website.

Why we use your data

We use the data above for these specific purposes only:

1. To respond to your inquiry, application, or job posting.
2. To match candidates with employer requirements.
3. To share shortlisted candidate profiles with the hiring employer (with your consent).
4. To keep you informed about roles that match your profile.
5. To debug errors and improve site reliability.
6. To meet record-keeping obligations under Indian law.

We process your data on two lawful grounds. Consent under Section 6 of the DPDP Act, 2023 covers everything tied to a form you fill in: applying for a role, posting a job, uploading your resume, sending a contact message, and any follow-up we do on the same brief. Section 7 ("certain legitimate uses") covers what we are required to keep on record under Indian law — for example, the eight-year retention of placed-candidate files described later in this notice — and the security and grievance investigations we run on our own audit logs. We do not use legitimate-use grounds to override an explicit objection or consent withdrawal.

Sub-processors and transfers

We use a small number of vetted vendors to operate this site. Each is bound by a data processing agreement and may store data outside India.

We may transfer personal data to vendors located outside India, including to the countries shown above. Under Section 16 of the DPDP Act, 2023, such transfers are permitted except to countries that the Central Government may notify as restricted; as of the date of this notice, no such restrictions apply to the destinations listed. Each vendor is bound by a data-processing agreement that obliges them to handle your data consistent with the duties we owe you under Indian law.

How long we keep your data

• Unsuccessful applications and general inquiries — 180 days from your last interaction, then deleted unless you ask us to keep your profile longer.
• Successful placements — 8 years, to satisfy our record-keeping obligations under Section 128(5) of the Companies Act, 2013, and to support post-placement servicing.
• Job postings from employers — kept for the duration of the engagement plus 24 months.
• Audit logs — kept for 12 months for security and grievance investigation.
• Error logs — kept for 90 days, then deleted.

Your rights

Under the DPDP Act you may:

• Ask for a summary of the personal data we hold about you and how we use it.
• Ask us to correct, complete, or update your data.
• Ask us to erase your data when it is no longer needed.
• Withdraw consent you previously gave us.
• Nominate a person to exercise these rights on your behalf in case of death or incapacity.
• Lodge a grievance with our Grievance Officer, and escalate to the Data Protection Board.

How to exercise your rights

Email our Grievance Officer at swapna.j@nexuspointconsultant.com. Tell us the right you want to exercise and include enough detail for us to verify your identity. We respond within 30 days. Erasure requests are completed within 90 days unless we are required by law to retain a record.

If you are not satisfied with our response, you can escalate to the Data Protection Board of India through its designated channels under the DPDP Act.

Children's data

This service is directed at adult candidates and employers. We do not knowingly collect or process the personal data of any individual under 18 years of age without verifiable parental or lawful-guardian consent, as required by Section 9 of the DPDP Act, 2023. We do not track, profile, or run targeted advertising directed at children, and we do not carry out processing likely to cause any detrimental effect on a child's well-being. If a parent or lawful guardian believes a minor has submitted a form, please email aayushijha27@nexuspointconsultant.com and we will erase the record within seven days of verifying the request.

How we secure your data

Access to production data is limited to Aayushi Jha (Data Protection Officer) and Swapna Joshi (Grievance Officer). They authenticate through our identity provider with multi-factor enforcement; no shared accounts, no service-account keys committed to source. When someone leaves Nexuspoint, their access is revoked the same day, and we rotate any shared credentials they could have read.

On top of access control, we apply the following measures:

• Transport encryption (TLS 1.3) for all traffic.
• At-rest encryption on every database and file store.
• Form payloads pass through rate-limit and bot checks before storage.
• Resume and JD files are stored in a private blob store with no public URLs.
• Errors and exceptions are scrubbed of email, phone, and free-text fields before logging.
• We keep a tamper-evident audit log of administrative access for grievance and security investigations.

Cookies and analytics

We use a small set of strictly necessary cookies to keep the site working. Beyond that, we use PostHog to count visits and measure which pages help. Autocapture and session recording are disabled. You can opt out of analytics on this device:

Opt out of analytics on this device

Analytics tracking is active. Click the button to opt out on this device.

Changes to this notice

We update this notice when our practices or vendors change. The "Last updated" date at the top always reflects the current version. We will email anyone who has previously contacted us if a material change increases what we collect or who we share it with.

Contact

Data Protection Officer: Aayushi Jha — aayushijha27@nexuspointconsultant.com

Grievance Officer: Swapna Joshi — swapna.j@nexuspointconsultant.com

Postal address: Nexuspoint Consultant, Delhi NCR, India.

For DPDP escalation beyond our Grievance Officer, see the Data Protection Board of India under the DPDP Act, 2023.