PlaceGrad Logo
laceGrad

Privacy Policy

Last updated: March 2025  |  Effective Date: March 2025

PlaceGrad ("we", "us", or "the Company") is a One Person Company incorporated under the Companies Act, 2013, operating the PlaceGrad cloud-based campus placement management platform at www.placegrad.online. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with our platform and services, and your rights with respect to that data.

This policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable rules thereunder. By accessing or using the PlaceGrad platform, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are and Our Role Under DPDPA

Under the DPDPA, 2023, the educational institution (College) that deploys PlaceGrad for its students is the Data Fiduciary — the entity that determines the purpose and means of processing personal data. PlaceGrad acts as the Data Processor — processing personal data only on the documented instructions of the College and solely to provide the contracted services.

If you are a student using PlaceGrad through your college, your primary data relationship is with your institution. PlaceGrad processes your data on behalf of, and under instruction from, your college.

2. Information We Collect

We collect the following categories of personal data depending on your role on the platform:

Students

  • Identity & contact: Full name, email address, phone number, personal email address
  • Academic data: College name, batch, CGPA, student ID card number, interested domain
  • Career profile: Resume (PDF), LinkedIn URL, GitHub URL, portfolio URL, professional headline, location, academic history, work experience
  • AI-processed data: Resume score (0–100), extracted skills, AI-generated summary and feedback (from resume analysis)
  • Placement data: Application status, offer letter (PDF), placed company, role, package, joining date, job location
  • Assessment data: Test answers, scores, section scores, tab-switch count (anti-cheating)
  • Certifications: Certification name, issuer, date, uploaded certificate PDFs or URLs
  • Alternate pathways: Higher education admission letters, entrepreneurship proof documents

Placement Officers

  • Name, email address, designation, college affiliation

Recruiters

  • No account is required. Recruiters access the platform via a time-limited token URL shared by the College. Access logs (IP address, timestamp, actions taken) are maintained for audit purposes as part of our RecruiterAccessLog.

Automatically Collected Data

  • Log data: IP address, browser type, pages visited, timestamps
  • Session tokens (JWT, 8-hour expiry)
  • Failed login attempts (for account security)

3. How We Use Your Information

We use the information collected strictly for the following purposes:

  • Providing and operating the PlaceGrad placement management platform
  • Student verification, profile management, and activation by the Placement Officer
  • Matching students to recruitment drives (lexical job matching)
  • AI-powered resume scoring and skill gap analysis (where enabled by the College)
  • Facilitating recruiter access to allocated student profiles for specific drives
  • Conducting and evaluating online assessments and tests
  • Generating accreditation and compliance reports (NAAC, NIRF, NBA, AICTE)
  • Sending system notifications and support communications
  • Platform security, fraud prevention, and anti-cheating enforcement
  • Improving platform features and user experience

4. AI Processing of Resumes

PlaceGrad uses AI services to analyze student resumes and extract skills, generate a score, and provide improvement feedback. This analysis is performed under enterprise-grade privacy agreements. Student resumes are processed in an isolated environment and are never used to train public AI models.

AI resume scanning is limited to 5 scans per student per month. Students may delete their resume at any time, which removes it from active storage.

5. Consent

The College, as Data Fiduciary, is responsible for obtaining free, specific, informed, and verifiable consent from each student (or their lawful guardian, where applicable) in accordance with the DPDPA before uploading or enabling the processing of student data on the PlaceGrad platform. Students onboarded to PlaceGrad are informed of the platform's purpose during the registration and onboarding process.

If you wish to withdraw consent, please contact your institution's Placement Officer. The College will notify us, and we will act on such withdrawal in accordance with applicable law.

6. Data Sharing and Disclosure

PlaceGrad does not sell personally identifiable student data. We share data only in the following limited circumstances:

  • Recruiters (via token links): The College, through its Placement Officer, may generate secure token-based recruiter access links for specific drives. When such links are shared, recruiters can view the profiles of students allocated to that drive. The decision to share recruiter links, and the choice of which recruiters to share them with, is made entirely by the College. PlaceGrad bears no responsibility for how recruiters access, use, or store data once the College shares a recruiter link.
  • Cloud infrastructure providers: We use Cloudflare R2 for encrypted document storage and industry-standard cloud hosting for the database. These providers operate under strict data processing agreements and do not access your data independently.
  • Aggregated, anonymised data: We may collect, process, and share anonymised and aggregated data (such as sector-wise placement trends, salary ranges, batch-level placement rates, and skill demand patterns) for research, benchmarking, product improvement, and sharing with industry bodies, research institutions, and investors. Such data does not identify any individual student.
  • Legal obligations: We may disclose data if required by law, court order, or government authority, subject to providing prompt written notice to the College where permissible.

7. Data Storage and Security

All personal data is stored on encrypted, isolated PostgreSQL databases hosted on SOC-2 compliant cloud infrastructure. Documents (resumes, offer letters, certifications) are stored in Cloudflare R2 and accessed only via signed, time-expiring URLs — never through public links.

Passwords are never stored in plain text. They are irreversibly hashed using bcrypt before storage. Sessions use cryptographic JWT tokens that expire after 8 hours and are invalidated immediately upon password change.

Additional security measures include:

  • Account lockout after repeated failed login attempts
  • Rate limiting on sensitive API endpoints
  • Breach detection via HaveIBeenPwned at registration
  • Role-Based Access Control (RBAC) — students cannot access other students' data
  • Recruiter access logs for full audit trail
  • Tab-switch detection during assessments (anti-cheating)

8. Data Retention and Deletion

We retain student data for the duration of the College's active subscription with PlaceGrad. Upon expiration or termination of the service agreement, individually identifiable student data remains available for export for 30 days, after which PlaceGrad will securely delete all such data from its systems.

Anonymised and aggregated data derived from your institution's data may be retained by PlaceGrad indefinitely, as it contains no personally identifiable information.

Students may request deletion of specific data (such as their resume) directly through the platform. For full account deletion, please visit our Data Deletion Request page or reach us at support@placegrad.com.

9. Your Rights Under DPDPA 2023

As a data principal (student) under the DPDPA, 2023, you have the following rights:

  • Right to access: Know what personal data is held about you
  • Right to correction: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to grievance redressal: Lodge a complaint with us or the Data Protection Board of India
  • Right to withdraw consent: Withdraw consent for processing, through your institution
  • Right to nominate: Nominate another individual to exercise rights on your behalf in the event of your death or incapacity

To exercise any of these rights, contact your college's Placement Officer or email us directly at support@placegrad.com. We will respond within the timeframes prescribed under applicable law.

10. Children's Privacy

The PlaceGrad platform is intended for use by students aged 18 and above enrolled in higher educational institutions. We do not knowingly collect personal data from individuals under the age of 18 without appropriate guardian consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify colleges of material changes via email or in-platform notification with at least 15 days' advance notice. Continued use of the platform after the effective date of any changes constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions, concerns, or requests:

  • Email: support@placegrad.com
  • Address: PlaceGrad, Kochi, Kerala, India
  • Response time: Within 48 business hours