Request for a Call

Confidential Policy

1. Introduction

At AVYRO, we are committed to protecting the privacy, confidentiality, and trust of all users – individuals and organizations alike – who engage with our platform. This policy outlines how we collect, use, share, and secure your data, and describes your rights in accordance with global standards, including the General Data Protection Regulation (GDPR) and India’s Information Technology Act, 2000. As an ISO/IEC 27001-certified organization, we apply best-in-class practices in information security management.

2. Who This Policy Applies To

This policy applies to:

  • Clients using AVYRO’s HR platform and modules

  • Candidates processed through AVYRO

  • Internal and external recruiters

  • Subcontractors and consultants within AEC firms

  • Any user accessing AVYRO’s services

3. Scope of Confidential Data

Confidential data under AVYRO’s management includes:

  • Personally Identifiable Information (PII): Full name, email address, phone number, residential address, government-issued identification

  • Employment and HR Data: Job applications, resumes, offer letters, employment contracts, payroll, bank account details, leave and attendance records, appraisal reports

  • Organizational Information: Business policies, internal workflows, strategy decks, compliance documentation

  • System Metadata: IP addresses, session history, device identifiers, user access logs

4. Access Control and Restriction

  • Role-Based Access Control (RBAC): Permissions granted strictly on a need-to-know basis aligned with job responsibilities.

  • Multi-Factor Authentication (MFA): Enforced for system login and administrative operations.

  • User Activity Logging: All access, changes, and system interactions are time-stamped and stored in immutable logs for compliance tracking.

5. Third-Party Sharing & Controls

  • Contractual Vetting: All sub processors are evaluated for compliance, confidentiality, and security credentials

  • Controlled Data Sharing: Shared only with user consent or as legally required

  • No Commercial Use: AVYRO does not monetize user data through selling or trading with external parties

6. User Rights and Controls

In compliance with GDPR and similar frameworks, AVYRO users have:

  • Right to Access: Review the data collected and stored

  • Right to Rectification: Request corrections in inaccurate records

  • Right to Erasure: Request deletion unless prohibited by law

  • Right to Restrict Processing: Pause data handling under certain conditions

  • Right to Portability: Transfer your data to another platform on request

7. Breach Notification and Incident Response

  • Any data breach is evaluated and reported to impacted users and authorities within 72 hours of validation

  • Detailed incident analysis, remedial action plans, and prevention steps are documented and shared transparently

8. Certifications and Legal Assurance

  • ISO/IEC 27001 Certified: AVYRO maintains an enterprise-level Information Security Management System

  • GDPR Aligned: Our policies and operations enable lawful, transparent, and accountable processing of personal data

  • NDA and Privacy Controls: In-built workflows for organizations to assign NDAs and restrict access to sensitive content internally

9. Policy Modifications

AVYRO may revise this Confidentiality Policy at any time. All significant updates will be communicated to clients via registered email and in-platform alerts.

10. Contact Information

For questions or concerns regarding this policy, please contact us at info@057.b18.myftpupload.com.