Privacy Policy

Introduction

shortlistii.com Private Limited operates the Shortlistii platform and the Litio interview workflow environment. Shortlistii supports candidate pipeline management, AI-assisted ranking, structured hiring workflows, recruiter analytics, and related operational tools. Litio is part of that platform ecosystem and supports AI-powered interview sessions, voice verification signals, candidate identity checks, suspicious interview behavior indicators, transcripts, recordings, summaries, and recruiter-facing interview intelligence.

We recognize that hiring workflows often involve sensitive professional information and high-trust communications. We therefore seek to process personal data in a measured, lawful, and commercially responsible manner, including with reference to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and related Indian legal expectations applicable to technology platforms and recruitment workflows.

Who We Are

shortlistii.com Private Limited is an Indian company with its registered office at Flat No. 1404, Famed Tower, Sikka Karnam Greens, Sector 143, Noida, Uttar Pradesh – 201304, India. In this Privacy Policy, “Shortlistii,” “Litio,” “Company,” “we,” “us,” and “our” refer to shortlistii.com Private Limited and the products and services we operate.

Depending on the context, we may process information for our own business operations, or on behalf of customer organizations that use Shortlistii for recruiting, candidate assessment, interview execution, and hiring administration. Where an organization uses our platform as part of its hiring process, that organization remains responsible for its own recruiting decisions, notices, and compliance obligations toward candidates and applicants.

Scope

This Privacy Policy applies to:

• Organizations, recruiters, hiring managers, interviewers, and administrators using Shortlistii.
• Candidates and applicants whose information is submitted to, accessed through, or processed within the platform.
• Participants in Litio interview sessions, including recorded or analyzed sessions where enabled by the customer.
• Visitors who interact with our public website, careers pages, or legal pages.
• Operational communications, support interactions, security workflows, and analytics related to the service.

This Privacy Policy does not govern third-party websites, third-party recruiting systems, or external services that may link to or from our platform and that operate under their own policies and terms.

Categories of Information We Collect

We may collect or process the following categories of information, depending on how the platform is used:

• Account and identity information, such as name, work email, phone number, role, organization, and login credentials.
• Organization information, such as company profile details, recruiter assignments, team structure, and job or vacancy data.
• Candidate information, such as resumes, CVs, applications, work history, education, skills, portfolio links, profile documents, and hiring stage information.
• Evaluation and workflow data, such as shortlists, rankings, interviewer notes, feedback, scoring inputs, recruiter actions, and hiring process status.
• Interview data, including session metadata, recordings, transcripts, summaries, minutes, interview intelligence, and Litio-generated workflow signals.
• Identity and verification-related signals, including voice enrollment inputs, voice verification indicators, candidate identity confirmation signals, and session integrity markers where enabled.
• Technical and usage information, such as device information, browser type, IP address, timestamps, log data, session diagnostics, and service interaction data.
• Support and communication records, including helpdesk interactions, issue reports, onboarding communications, and service notices.

Information We Receive from Recruiters, Candidates, and Users

We receive information directly from recruiters, administrators, and hiring teams when they create accounts, configure hiring workflows, upload roles, invite users, shortlist candidates, or review analytics.

We receive candidate information when candidates apply to roles, upload resumes or supporting materials, join interviews, respond to workflow requests, or otherwise interact with the platform. We may also receive candidate information from customer organizations, their recruiters, interviewers, or integrated workflows they use to manage recruitment operations.

In many cases, customer organizations determine which candidate information is submitted to the platform and how it is used within their hiring process. Where we process data on behalf of such organizations, we do so under customer instructions, applicable contract terms, and operational requirements of the service.

Interview Data, Recordings, Transcripts, and Litio Signals

Litio may process interview-related data where interview functionality is enabled by the customer organization. This may include live session data, conferencing and signaling metadata, participant actions, recordings, transcripts, AI-generated interview summaries, meeting minutes, recruiter-facing session analysis, and workflow intelligence derived from the session.

Litio may also process voice enrollment inputs, voice verification signals, candidate identity verification indicators, and suspicious interview behavior or integrity signals derived from session behavior, timing, voice, participant interactions, and related interview metadata. These features are intended to support safer and more reliable interview execution, help recruiters identify issues requiring review, and strengthen operational confidence in interview workflows.

Such signals are designed to support review and decision-making by authorized recruiters or administrators. They are not intended to serve as conclusive proof of misconduct on their own and should be evaluated in context.

How We Use Information

We use information for the following purposes:

• To provide, maintain, support, secure, and improve the Shortlistii and Litio services.
• To create and manage accounts, authenticate users, assign roles, and administer access controls.
• To enable recruiting workflows, candidate ranking, shortlist management, evaluations, analytics, and reporting.
• To facilitate interview scheduling, Litio interview execution, transcripts, summaries, and recruiter review workflows.
• To verify candidate identity and support interview integrity, fraud-awareness, and security monitoring.
• To communicate with users about accounts, security issues, service updates, support matters, and operational notices.
• To monitor service performance, troubleshoot issues, maintain logs, and detect misuse, abuse, or platform threats.
• To comply with applicable law, legal process, audit expectations, and contractual obligations.

AI Processing and Automated Analysis

Shortlistii and Litio include AI-assisted features that may analyze resumes, candidate profiles, interview transcripts, workflow activity, and related data to produce rankings, summaries, alerts, recommendations, or recruiter-facing insights. These capabilities are intended to support hiring teams with better organization, improved visibility, and more consistent review workflows.

AI-generated outputs are decision-support tools. They do not replace final hiring decisions, employment judgments, or independent review by customer organizations, recruiters, or authorized interviewers. Customers remain responsible for how they use platform outputs in recruiting and employment-related processes, including compliance with applicable employment, anti-discrimination, privacy, and workplace laws.

Identity Verification and Interview Integrity

Where enabled, Litio may support candidate identity confirmation and interview integrity features such as voice enrollment, voice verification, participant matching, and suspicious signal detection. These tools are designed to help customer organizations reduce impersonation risk, identify anomalies for review, and preserve confidence in interview workflows.

We limit access to such data and signals to authorized users, administrators, and service providers who need that access for service delivery, platform security, support, or lawful compliance purposes. We expect customers using these features to provide appropriate notices and maintain lawful grounds for their use in the hiring context.

Legal Basis / Grounds for Processing under Applicable Law

Depending on the nature of the interaction and applicable law, we may process personal data based on one or more of the following grounds:

• Consent or notice-based permissions, where required or appropriate.
• Performance of a contract, including provision of our SaaS platform to customers and users.
• Compliance with legal obligations, lawful requests, dispute handling, audit expectations, and regulatory requirements.
• Reasonable and lawful business purposes connected to platform administration, information security, fraud prevention, and service improvement.
• Legitimate uses or permitted processing recognized under applicable Indian law, including in operational and employment-related contexts where relevant.

Where a customer organization uses the platform to process candidate or recruiter information, that organization may also have its own separate legal grounds and responsibilities with respect to such processing.

Data Sharing and Service Providers

We may share information in the following circumstances:

• With customer organizations and their authorized users, where such users are operating the relevant hiring workflow.
• With service providers who support hosting, infrastructure, communications, analytics, support, security, transcription, identity or voice verification workflows, and related platform operations.
• With professional advisers, auditors, insurers, or transaction counterparties where reasonably necessary for legitimate business purposes.
• With regulators, law enforcement authorities, courts, or government bodies where required by law or legal process.
• As part of a merger, financing, corporate restructuring, acquisition, or sale of business assets, subject to appropriate confidentiality and lawful handling requirements.

We do not sell personal data. We do not disclose personal data to unrelated third parties for their independent marketing use. Access to data is limited to authorized personnel, customer users, and service providers where necessary for legitimate platform operations.

Data Retention

We retain personal data for as long as reasonably necessary to provide the service, maintain customer accounts, support recruiting workflows, comply with legal obligations, resolve disputes, enforce agreements, and preserve platform security and integrity. Specific retention periods may vary based on the customer’s use of the service, the nature of the data, applicable law, contractual commitments, and legitimate operational needs.

Candidate profiles, recruiting workflow records, Litio session outputs, transcripts, recordings, summaries, verification signals, and analytics may be retained for the duration of the relevant workflow and for a commercially reasonable period thereafter, unless deletion, anonymization, or earlier removal is required or requested under applicable law, contract, or customer configuration.

Where data is no longer required, we may delete it, de-identify it, or retain only the minimum information necessary for compliance, audit, security, or dispute-management purposes.

Security Safeguards

We maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, misuse, accidental loss, alteration, disclosure, or destruction. These safeguards may include role-based access controls, authentication controls, logging, secure development practices, encryption in transit, restricted administrative access, vendor diligence, backup processes, and incident response measures appropriate to the nature of the platform.

No online platform can guarantee absolute security. Users and customers are also expected to maintain appropriate account hygiene, device security, credential protection, and internal access discipline when using the service.

Cookies and Usage Data

We may use cookies, local storage, session identifiers, and similar technologies to operate the website and platform, maintain sessions, remember preferences, improve usability, monitor performance, detect abuse, and understand how visitors and users interact with the service.

We may also process standard usage and diagnostic data such as page visits, browser information, device type, IP address, timestamps, and interaction patterns for analytics, stability, and security purposes. Users may be able to manage some cookie preferences through browser or device settings, although disabling certain technologies may affect the availability or reliability of parts of the service.

User Rights / Data Principal Rights

Subject to applicable law and the nature of the relationship, individuals may have rights relating to access, correction, updating, deletion, withdrawal of consent where processing depends on consent, grievance redressal, and other rights recognized under Indian law. Where technically and operationally appropriate, we will review and respond to valid requests in a commercially reasonable manner.

If your information is processed on behalf of a customer organization as part of that organization’s hiring or interview workflow, we may direct you to that organization first because it may be the primary decision-maker with respect to that data. We may also require verification of identity before acting on a request, particularly where identity, interview integrity, or account security is relevant.

Where applicable under law, an individual may also nominate another person to exercise certain rights in the event of death or incapacity, subject to reasonable verification and legal requirements.

Children’s Data

Shortlistii and Litio are designed for professional recruiting, hiring, and interview workflows and are not directed to children. We do not knowingly collect or solicit personal data from children in a manner inconsistent with applicable law. If we become aware that personal data has been collected inappropriately, we may take steps to delete or restrict such information as appropriate.

International Data Transfers

We may use infrastructure, support tools, communications providers, analytics systems, or other service providers that process or store data outside India. As a result, personal data may be transferred to, stored in, or accessed from jurisdictions other than the one in which it was originally collected.

When we arrange such processing, we seek to do so in a controlled manner consistent with applicable law, customer commitments, and reasonable contractual or organizational safeguards. We remain attentive to access limitation, confidentiality, and security requirements when using cross-border service providers.

Grievance / Contact Information

For privacy-related questions, access or correction requests, grievance matters, or concerns regarding the handling of personal data on the platform, you may write to:

You may also raise privacy or grievance matters through the support, administrator, or account channels made available within the platform. Where a request relates to data processed for a customer organization, we may coordinate with that organization to address the matter appropriately.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, product features, legal requirements, platform practices, or operational safeguards. When we make material updates, we may revise the “Last Updated” date above and, where appropriate, provide additional notice through the website, the platform, or customer account channels.