Privacy Policy for Yohita AiHRMS

Last updated: January 27, 2026

Yohita AiHRMS ("we", "us", "our") is an AI-powered Human Resource Management System (HRMS), Customer Relationship Management (CRM), and business productivity platform developed by [Yohita], located at [ Pune, Maharashtra, India].

We are committed to protecting your privacy and handling personal data responsibly in accordance with applicable laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act), and other relevant regulations. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights.

1. Scope and Applicability

This Policy applies to:

  • All users of the Yohita AiHRMS mobile app (Android/iOS) and web platform.
  • Employees, HR admins, managers, and end-users whose data is processed through the service.
  • Any personal data processed by us as a Data Fiduciary (under DPDP Act) or data controller.

It does not apply to data processed solely by our customers (your organization/employer) — they act as the primary Data Fiduciary/Controller for employee data entered into the system.

2. Information We Collect

We collect the following types of personal data:

Data you provide directly:

  • Account & profile: Name, email, phone number, job title, employee ID, profile photo (optional).
  • HR-related: Date of birth, address, emergency contacts, bank details (for payroll), Aadhaar/PAN (if required for compliance), leave requests, performance notes.
  • CRM-related: Customer/lead names, contact details, company info (entered by users).
  • Payment & billing: If you subscribe directly (card details processed securely via third-party gateway — we do not store full card info).

Automatically collected:

  • Device & usage: IP address, device type, OS version, app version, browser type.
  • Usage logs: Login times, features used, attendance check-ins (GPS if enabled), clicks & navigation.
  • Analytics: App performance, crash reports (anonymized where possible).

Sensitive personal data (where applicable and with explicit consent):

  • Health/medical info (e.g., for leave), biometric data (if fingerprint/face attendance is used), caste/religion (for statutory compliance in India).

We practice data minimization — we collect only what is necessary for the service.

3. How We Use Your Information

We use personal data to:

  • Provide, maintain, and improve Yohita AiHRMS (e.g., attendance tracking, payroll processing, recruitment AI insights, CRM follow-ups).
  • Authenticate accounts and provide support.
  • Send service emails/notifications (essential, not marketing).
  • Generate reports & analytics for your organization (admin users).
  • Comply with legal obligations (e.g., Indian labour laws, tax reporting).
  • Detect/prevent fraud, abuse, or security issues.
  • Improve AI features (aggregated/anonymized data only).

We do not use your data for unrelated marketing or sell personal data.

4. Legal Basis for Processing

  • Consent — For non-essential features (e.g., optional location for attendance, marketing emails).
  • Contract — To deliver the HRMS/CRM service you/your employer subscribed to.
  • Legal obligation — Compliance with Indian laws (PF, ESI, income tax, etc.).
  • Legitimate interests — Security, service improvement (balanced against your rights).

5. Sharing & Disclosure

We share data only as necessary:

  • With your organization (your employer/admin users) — they control access.
  • Service providers: Cloud hosting (e.g., AWS/GCP), email (SendGrid), analytics (Firebase — anonymized), payment gateway.
  • Legal authorities — if required by law, court order, or to protect rights/safety.
  • Business transfers — in case of merger/acquisition.

All third parties are bound by contracts to protect data and comply with DPDP Act standards.

We do not share data with third parties for their own marketing.

6. Data Storage & Security

  • Data is stored in secure servers primarily in [India / region you use].
  • We use encryption (in transit & at rest), access controls, regular security audits.
  • Retention: We keep data only as long as necessary for the purpose (or as required by law). Employee data is typically retained during employment + statutory periods (e.g., 5–7 years for payroll/tax).
  • After termination: Data may be anonymized or deleted per your employer's instructions.

7. Your Rights (Under DPDP Act & Applicable Laws)

You have the right to:

  • Access, correct, or update your personal data.
  • Withdraw consent (where consent is the basis — may limit service features).
  • Request erasure/deletion (subject to legal retention requirements).
  • Nominate a representative (in case of death/incapacity).
  • Grievance redressal — contact us first; if unsatisfied, approach the Data Protection Board of India.

To exercise rights: Email [[email protected]] or use in-app settings.

8. International Transfers

If data is transferred outside India, we ensure appropriate safeguards (e.g., contracts incorporating DPDP standards).

9. Children's Data

Our service is not directed at children under 18. We do not knowingly collect data from children. If we become aware of such data, we will delete it.

10. Changes to This Policy

We may update this Policy. Changes will be posted here with a new "Last updated" date. Significant changes will be notified via email or in-app notice.

11. Contact Us

For questions, complaints, or rights requests: Email: [[email protected]] or [[email protected]] Address: [ Pune, Maharashtra, India]

Thank you for trusting Yohita AiHRMS with your data.