Legal
Dr.CHRO is designed for sensitive people and organisational situations. This page explains how personal data is collected, used, stored, and protected across the platform.
Version v0.2 — Effective 2026-05-25
See also: Cookie Notice · Platform Terms · Acceptable Use Policy
This Privacy Policy explains how drchro.com (Dr.CHRO, we, us or our) collects, uses, stores, shares, and otherwise handles personal data through the Dr.CHRO website, platform, onboarding flows, support operations, and related services.
Dr.CHRO is intended for sensitive people, employment, organisational, and commercial situations. We aim to handle personal data carefully, proportionately, and in a manner consistent with applicable Indian law.
This Privacy Policy applies to personal data processed in connection with: public website visits; contact enquiries and inbound communications; advisor applications and onboarding; company account creation and platform use; invite-based user activation; requirement drafting, matching, engagement, and document workflows; payment, payout, verification, and finance workflows; support, compliance, security, audit, and dispute activities; and other related platform administration.
Information you provide directly may include: name, email, phone, employer, job title, and account credentials; company and team details; advisor profile information, CVs, resumes, expertise areas, and availability; requirement details, organisational context, and supporting documents; payment, billing, bank, tax, verification, and payout onboarding information; support requests and operational correspondence.
Platform and usage information we may collect: account identifiers, role information, profile state, workflow status, and legal acceptance records; log data, device type, browser information, interaction records, and security event data; invite, authentication, and session metadata; limited analytics and event data; support, Jira/JSM request, and audit records.
We may also receive personal data about you from a company administrator or colleague who invites you, advisors or companies involved in a requirement, identity or payment providers, or lawful professional sources for due diligence purposes.
Dr.CHRO workflows may involve sensitive workplace, compensation, conduct, or dispute-related context. Users should avoid submitting irrelevant personal data or excessive sensitive information unless reasonably necessary. Where sensitive information is submitted, Dr.CHRO limits internal access to personnel and systems with a genuine operational need to know.
We may use personal data to: provide, operate, secure, maintain, and improve Dr.CHRO; create and manage user accounts and company access; review enquiries and advisor applications; facilitate matching, brief review, workflow coordination, and engagement operations; administer billing, payment processing, payout onboarding, release, holds, reversals, and finance workflows; detect, prevent, and respond to fraud, misuse, abuse, or security incidents; maintain legal acceptance, audit, and compliance records; provide support and manage complaints; comply with legal obligations; and perform internal reporting and planning.
We do not sell personal data to third parties for advertising purposes.
To the extent applicable under Indian law, we process personal data on one or more of the following grounds: your consent where that is the appropriate basis; performance of our contract or pre-contract steps; compliance with legal or regulatory obligations; legitimate operational needs including platform security, fraud prevention, service administration, and dispute handling; and other lawful grounds permitted by applicable Indian law.
Where consent is relied on, you may withdraw it subject to legal and operational limits. Withdrawal does not affect processing already undertaken lawfully before withdrawal.
Dr.CHRO uses cookies and similar technologies for website operation, security, session handling, and analytics. We currently use Google Analytics 4 on public-facing pages and bounded product interaction milestones. Dr.CHRO aims not to send passwords, authentication tokens, CV content, requirement content, shortlist details, invoice content, or payout details to third-party analytics tools.
Further details are set out in the Dr.CHRO Cookie Notice.
We may share personal data: internally with authorised personnel on a need-to-know basis; with advisors, companies, or invited users where necessary to operate a workflow; with payment, banking, verification, infrastructure, communications, analytics, and support providers that assist Dr.CHRO; with professional advisers or potential acquirers where reasonably necessary and subject to confidentiality; where required by law, court order, regulator, or law enforcement; and where necessary to establish, exercise, or defend legal claims.
For authenticated support, Dr.CHRO may send support request details and safe operational context to Atlassian Jira Service Management so the request can be created, assessed, tracked, and responded to. Dr.CHRO does not ask company-side users or advisors to set urgency, impact, severity, or criticality in the support form, and support submissions are filtered to avoid sending unnecessary sensitive context to Jira/JSM.
Public contact enquiries do not create Jira/JSM support requests. Attachments are not accepted in Dr.CHRO support request forms at launch; if supporting material is required, it may be requested through the appropriate support process after the request exists.
We do not disclose personal data to unrelated third parties for their independent direct marketing use.
Dr.CHRO, its service providers, or infrastructure providers may process or store personal data in jurisdictions outside India. Where cross-border processing occurs, Dr.CHRO will aim to use reasonable contractual, organisational, or technical safeguards appropriate to the sensitivity of the data.
We keep personal data for as long as reasonably necessary to operate the platform, maintain account, legal acceptance, security, and audit records, comply with legal and regulatory obligations, manage disputes, and protect our legitimate business and legal interests.
Retention periods may vary by record type. We may keep limited archival or backup copies after active deletion where reasonably necessary for security, continuity, or legal compliance.
Dr.CHRO uses reasonable administrative, technical, and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no internet-based service is completely secure. Dr.CHRO cannot guarantee absolute security.
Subject to applicable law, you may request: access to personal data we hold about you; correction of inaccurate or incomplete data; deletion or erasure of data no longer required or lawfully retained; withdrawal of consent where that is the basis relied on; and information about raising a privacy complaint.
Dr.CHRO may ask for reasonable verification before acting and may refuse or limit requests where permitted by law, necessary to protect others, or necessary for legal, security, or operational reasons.
For privacy questions, requests, or complaints, contact: support@drchro.com. India grievance / nodal contact (if applicable): grievance@drchro.com.
Dr.CHRO targets first-response handling within 2 business days for authenticated users and standard support during India business hours, 8:00am to 5:00pm. This is not a guarantee of full resolution within that period.
Dr.CHRO may update this Privacy Policy from time to time. Where a change is material, Dr.CHRO may publish the updated version with a new effective date and may require affected users to re-acknowledge the revised version before continuing to use relevant platform workflows.
This Privacy Policy is governed by the laws of India, subject to any mandatory privacy or data protection laws that apply.