twynIt

Legal

Privacy Policy

Effective date: April 20, 2026

1. Who we are

Meritly ("Meritly", "we", "us", or "our") is an AI-powered hiring platform for recruitment teams and agencies. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our platform at meritlyai.com and app.meritlyai.com.

2. Information we collect

We collect information in three ways:

Information you provide directly

Account registration details (name, work email, company name), job requisition content you create, and any files you upload.

Candidate data you upload

Resumes and CVs submitted on behalf of candidates for evaluation. You are responsible for ensuring you have the appropriate legal basis to share this data with us.

Usage and technical data

Log data, browser type, IP address, pages visited, and product analytics events (via PostHog and Vercel Analytics) to understand how the platform is used and to improve it.

3. How we use your information

  • Provide, operate, and improve the TwynIt platform
  • Parse and score uploaded resumes using AI (Google Gemini) to generate candidate evaluations
  • Power AI-driven chat, semantic search, and hiring recommendations
  • Send transactional emails (account verification, password reset, billing receipts)
  • Enforce usage limits and process billing through Stripe and Razorpay
  • Detect and prevent fraud, abuse, and security threats
  • Comply with applicable legal obligations

4. AI processing of resume data

Resumes uploaded to TwynIt are processed by Google Gemini to extract structured data (name, skills, experience, education) and generate match scores. This processing occurs within your company's tenant boundary — resume data from one company is never used to inform scores for another.

We do not use candidate resume data to train or fine-tune AI models.

5. Data sharing and disclosure

We do not sell your personal data. We share data only with:

  • Service providers who process data on our behalf (AWS S3 for file storage, Google Gemini for AI parsing, Stripe/Razorpay for billing, Redis/MongoDB for data storage)
  • Your organization's other TwynIt users within the same tenant
  • Law enforcement or regulatory authorities when required by law

6. Data retention

We retain your account data for as long as your account is active. Candidate data (resumes, scores, evaluations) is retained for the duration of your subscription and deleted within 90 days after account closure. Audit logs are retained for 12 months. You may request deletion of your data at any time by contacting us.

7. Security

We implement industry-standard security controls: TLS encryption in transit, encryption at rest for sensitive fields, bcrypt password hashing, JWT-based authentication with 24-hour expiry, Redis-backed rate limiting, and CSRF protection. We do not store payment card details — all card data is handled by Stripe and Razorpay directly.

8. Your rights

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability (receive your data in a structured format)

To exercise any of these rights, email us at privacy@meritlyai.com.

9. Cookies

We use strictly necessary cookies for session management and authentication. We also use analytics cookies (PostHog) to understand product usage. You may opt out of analytics tracking by contacting us. We do not use advertising or third-party tracking cookies.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and notify active users via email for material changes. Your continued use of the platform after changes take effect constitutes your acceptance of the updated policy.

11. Contact us

Questions about this Privacy Policy or our data practices? Reach us at privacy@meritlyai.com.