Privacy Policy
Version 2026-06-29 · Placeholder draft — pending legal review.
1. Who we are (Data Fiduciary)
merit is operated from India and acts as the Data Fiduciary for personal data you submit, within the meaning of India's Digital Personal Data Protection Act, 2023 (DPDP Act).
2. Data we collect
- Account details: name, work email, mobile number.
- Candidate profile: employment history, qualifications, CTC, location, CV.
- Recruiter profile: organisation, role, published job descriptions.
- Usage data: matches, application activity, feedback signals.
3. Why we use it (Purpose limitation)
We use this data to operate the matching engine, present masked candidate shortlists to recruiters, present matched roles to candidates, and to improve ranking quality. Identity is unmasked only at a clear commitment point.
4. Consent — separated
We collect two consents separately at signup, each unticked by default:
- Required: acceptance of these Terms and this Privacy Policy.
- Optional & separable: consent to receive marketing calls and messages about relevant opportunities, in line with TRAI's commercial communications regulations.
You can withdraw the optional marketing consent at any time from your account settings without affecting your ability to use merit.
5. Your rights
You have the right to access, correct, and erase your personal data, to withdraw consent, and to nominate another individual to exercise these rights in case of incapacity. Requests: privacy@indianbig4.com.
6. Retention
We retain profile data while your account is active and for a limited period afterwards to meet legal and audit obligations. CV files can be removed on request.
7. Security
Data is stored on encrypted infrastructure. Access by merit personnel is role-restricted and audited.
8. Grievance officer
Grievances: grievance@indianbig4.com. A named Grievance Officer will be designated before launch.
9. Updates
Material changes to this policy will be notified by email and reflected at the top of this page. See also our Terms of Service.