Privacy Policy

This Privacy Policy explains how HAMRA (a service operated by Ehtisham Rasool) (“HAMRA”, “we”, “us”) collects, uses, shares, and protects your personal data, and the rights you have over it.

It applies to hamraofficial.com, the HAMRA web application, and the HAMRA Companion browser extension (together, the “Service”).

This is a single, global policy. The core sections apply to everyone. Additional, legally-mandated rights for residents of the European Economic Area and United Kingdom, the State of California, and India are set out in the Regional Addenda in Section 14. Where an addendum grants you more, the addendum prevails for you.

For most processing described here, HAMRA is the data controller (GDPR) and Data Fiduciary (India's DPDP Act, 2023) — meaning we decide why and how your personal data is processed. When you direct the HAMRA Companion to enter your data into a third-party job site, you do so on your own behalf.

We collect only what the Service genuinely needs:

• Account & identity. Your name, email address, a securely hashed password, and — if you sign in with Google — your Google account identifier.
• Career & resume data. Resumes you upload or create, work history, education, skills, career goals, and target roles.
• Profile photo (optional). If you upload a headshot, we score it only on observable image-quality signals — composition, lighting, background, attire, posture, eye contact, and expression. We do not infer personality, character, attractiveness, perceived age, race, ethnicity, gender, religion, or disability from your photo. Your photo is not stored — it is deleted immediately after analysis and only the resulting quality score is retained.
• Conversation transcripts. Transcripts of profiling sessions and AI mock interviews, used to give feedback and track your progress.
• Generated insights. Your Career Readiness Score, DISC personality profile (computed from your written questionnaire, never from a photo), skill-gap analysis, and job matches.
• Payment data. We do not receive or store your full card number or CVV — those go directly to our payment processors. We retain your plan, subscription status, billing region, payment/refund identifiers, and invoices.
• Usage & device data. Pages and features you use, actions you take, device and browser type, and an approximate region derived from your IP address. Behavioural analytics are collected only if you opt in to analytics cookies.
• Communications. Emails and support messages you send us.

We do not knowingly collect special-category data (e.g. health, religion). Please do not include such information in your resume or messages.

We use your data for the purposes below. For each, we identify the legal basis we rely on under the GDPR and the corresponding ground under India's DPDP Act, 2023.

Where we rely on consent, you may withdraw it at any time without affecting processing done before withdrawal. Where we rely on legitimate interests, you may object — see Section 13.

HAMRA uses Google Vertex AI (Gemini) as a processor to analyse resumes, evaluate interview answers, generate career guidance, and critique photo image-quality.

• We do not train models on your data. We do not use your personal data to train any HAMRA model, and Google does not use Vertex AI customer data to train its foundation models.
• AI transparency. Features such as the AI mock interview involve an automated AI system. Outputs are AI-generated, probabilistic, and may be inaccurate.
• No binding automated decisions. Your Career Readiness Score, DISC profile, and job matches are decision-support. They do not produce a legal or similarly significant effect on you — every career decision is made by you, a human. We do not engage in solely-automated decision-making within the meaning of GDPR Article 22.
• Human review. You may request a human review of, or an explanation for, any insight by emailing privacy@hamraofficial.com.

The HAMRA Companion is an optional browser extension that runs in your own browser when you choose to install it. It acts as your personal agent during sessions you initiate on supported job sites, and it is click-initiated — it never runs on its own.

The Companion has its own, more detailed privacy notice covering exactly what it reads, stores, and never does: hamraofficial.com/extension/privacy.

We never sell your personal data, and we never share it for cross-context behavioural advertising. We share it only with the service providers (“sub-processors”) below, each engaged under a data-processing agreement that limits them to acting on our instructions:

We may also disclose personal data:

• to comply with a law, regulation, or valid legal request;
• to protect the rights, safety, and security of HAMRA, our users, or the public;
• in connection with a merger, acquisition, or sale of assets — in which case we will notify you and any new owner will remain bound by this policy;
• with your direction or consent.

HAMRA operates from India, and the sub-processors above operate globally. Your data may therefore be processed in countries other than your own.

• For transfers of personal data out of the EEA or UK, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum), or on an adequacy decision where one applies.
• For personal data governed by India's DPDP Act, 2023, transfers are permitted except to any country restricted by notification of the Central Government.

You may request a copy of the relevant transfer safeguards by emailing privacy@hamraofficial.com.

When you delete your account, your career scores, personality profiles, resume analyses, transcripts, and queue are permanently removed within 30 days. We retain only what the law requires us to keep, such as tax records.

• Encryption in transit (TLS) and at rest.
• Database-level row security so each account's data is isolated from every other account.
• Passwords stored only as salted, hashed values — never in plain text.
• Strict, least-privilege access controls for the small team that operates HAMRA.

No method of transmission or storage is perfectly secure. While we work hard to protect your data, we cannot guarantee absolute security — see also our breach commitment below.

If a personal-data breach occurs that is likely to affect you, we will act promptly:

• we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it (GDPR Articles 33–34);
• we will notify the Data Protection Board of India and affected Data Principals as required by the DPDP Act, 2023;
• we will tell affected users what happened, what data was involved, and what steps to take, where the breach is likely to result in a high risk to them.

We use a minimal set of cookies and similar technologies:

• Necessary — authentication and session. Always on; the Service cannot function without them.
• Analytics — anonymised product usage via PostHog. Off by default; set only if you opt in.
• Marketing — campaign measurement. Off by default; set only if you opt in.

We do not use third-party advertising cookies, and we honour browser Do Not Track and Global Privacy Control signals for analytics. You can review or change your choices at any time through the cookie banner or your browser settings.

HAMRA is not directed to children. You must be at least 18 years old to use the Service on your own. Users aged 16–17 may use it only with the verifiable consent of a parent or legal guardian.

We do not knowingly collect data from anyone under 16. Consistent with the DPDP Act, 2023, we do not carry out behavioural monitoring of, or direct targeted advertising at, anyone we know to be a child. If you believe a minor has created an account, contact grievance@hamraofficial.com and we will delete it.

Wherever you live, you can ask us to:

The fastest way to export or delete your data is in-app at Settings → Account. You can also email privacy@hamraofficial.com. We respond within 30 days, free of charge, and we will never penalise you for exercising a right.

The following rights apply in addition to everything above, based on where you live.

We may update this Privacy Policy as the Service and the law evolve. When we do, we will revise the version number and effective date at the top of this page. For material changes, we will give you advance notice by email or an in-app notice before the change takes effect.