RippleHire-logo-3

Privacy Notice

This document was last updated on June 29th, 2026

1. Introduction and Scope

Trampoline Tech Private Limited, operating under the brand name RippleHire ("we," "us," or "our"), is committed to the highest standards of data privacy and security. As a high-performance, AI-driven Applicant Tracking System (ATS) provider trusted by enterprise customers, we prioritize the protection of Personal Data across all jurisdictions we operate in.

This Privacy Policy explains how we collect, use, process, and protect Personal Data in compliance with global frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA / CPRA), the India Digital Personal Data Protection (DPDP) Act 2023, and other applicable international data protection laws.

2. Our Role: Data Controller vs. Data Processor

To ensure multi-country compliance, RippleHire clearly distinguishes its roles:

Data Processor: When Enterprise Customers use our ATS, Candidate Management tools, or AI Agents to source, process, and manage candidate data, the Enterprise Customer acts as the Data Controller. RippleHire acts solely as a Data Processor, processing this information strictly under the Controller's instructions and contractual agreements (Data Processing Addendums).

Data Controller: When you visit the RippleHire website, register as a business user ("Member") of our Service, or interact with our marketing, RippleHire acts as the Data Controller for your specific user data.

2A. Lawful Basis for Processing

We process personal data only where we have a valid legal basis to do so. Where we process special category data (e.g., disability accommodations, criminal conviction data for background checks) on behalf of Customers, the Customer is responsible for identifying and documenting the applicable Article 9(2) basis and ensuring appropriate candidate notices. RippleHire processes such data solely as a Data Processor under documented instruction.

3. Information We Collect

We only process data necessary for providing our enterprise services:

Candidate Data (Processed on behalf of Customers): Resumes/CVs, contact details, educational/professional background, interview feedback, video/audio recordings from AI interviews, assessment scores, and background verification data.

Member/User Data: Name, business email, phone number, job title, and authentication tokens (e.g., SSO via Google Workspace, MS Office 365, or enterprise SAML).

System & Usage Data: IP addresses, browser types, audit logs, and analytics required for security monitoring, fraud prevention, and performance optimization.

3A. Cookie Notice

Cookies are small text files placed on your device when you visit our website. They allow the site to remember your preferences and activity across pages and visits and are widely used to make websites work correctly and efficiently.

We use cookies and similar technologies to: (i) remember your information so you do not need to re-enter it during a visit or on return visits; (ii) deliver relevant content and advertisements; (iii) measure the effectiveness of our services and marketing activities; and (iv) analyzes aggregate usage patterns to improve our website and services.

Cookies may be session-based (deleted automatically when you close your browser) or persistent (retained on your device for a set period to recognize you on return visits). You can control or disable cookies through your browser settings at any time, though doing so may affect the functionality of some parts of our website.

4. Enterprise-Grade Security and Data Residency

Given our extensive work with BFSI and Global IT enterprises, we implement zero-trust architecture and stringent security controls:

Certifications: RippleHire maintains ISO 27001 and SOC 2 Type II compliance.

Encryption: All Personal Data is encrypted in transit (TLS 1.2) and at rest (AES-256).

Data Residency & Localization: We support localized data hosting in designated geographic regions (e.g., India, EU, US) to strictly comply with cross-border transfer laws and BFSI regulatory mandates.

Access Controls: Strict Role-Based Access Control (RBAC), multi-factor authentication (MFA), and comprehensive audit trails for fraud prevention and anomaly detection.  

5. Artificial Intelligence (AI) and Automated Processing

RippleHire uses AI-assisted and automated features to support and enhance recruitment workflows. These features are assistive in nature and do not replace human decision-making.

AI-powered features may include:

Job Description Copilot

Candidate Recommendations

Fraud Detection (impersonation prevention and anomaly detection)

Interview Copilot

Amy - AI Video Interview

Voice Interview

Offer Videos (AI-based video personalization, where enabled)

Key principles governing AI use:

RippleHire does not train AI models on customer personal data

AI outputs are advisory and subject to human review

Final hiring, shortlisting, and employment decisions are always made by recruiters or hiring managers

Where AI-driven processing may have a material impact on individuals, RippleHire (or the Customer, as applicable) provides:

Advance notice of such use
  •  
Human-in-the-loop review mechanisms
  •  
The right to request a high-level explanation and human review of automated outputs, subject to applicable law

 

Third-party AI vendors operate strictly under contract and are bound by RippleHire’s Data Processing Addendum (DPA) and confidentiality obligations.

6. Sub-processors and Third-Party Integrations

We seamlessly integrate with major HRMS platforms (SAP, Workday, Oracle, and many others). When utilizing sub-processors (e.g., GCP, AWS, Azure for hosting), we bind them to the same strict data protection and confidentiality standards via Standard Contractual Clauses (SCCs). A full, transparent list of sub-processors is available to Customers upon request.

7. Data Subject Rights

Depending on your jurisdiction and the capacity in which RippleHire processes your data, you may have the following rights. We have split these by processing context for clarity.

7.1 Rights Exercisable Against RippleHire Directly

Where RippleHire acts as Data Controller / Data Fiduciary (i.e., for website visitors, marketing contacts, Members/Users, and RippleHire's own internal hiring), you may exercise the rights below by contacting privacy@ripplehire.com.

EEA and UK Residents (GDPR / UK GDPR):

Right of Access (Art. 15): Obtain confirmation of whether we process your data and receive a copy of it.


Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.


Right to Erasure (Art. 17): Request deletion of your personal data where it is no longer necessary, consent is withdrawn, or processing is unlawful.


Right to Restriction (Art. 18): Request that we restrict processing of your data in certain circumstances (e.g., while you contest its accuracy).


Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract.


Right to Object (Art. 21): Object at any time to processing based on our legitimate interests, including direct marketing. Where you object to direct marketing, we will cease processing immediately.


Right to Withdraw Consent (Art. 7(3)): Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing. To withdraw, contact privacy@ripplehire.com or use the unsubscribe mechanism in any marketing email.


California Residents (CPRA):

Right to Know, Correct, Delete, and Portability as described above.


Right to Opt-Out of Sale or Sharing: RippleHire does not sell or share personal information for cross-context behavioral advertising. No opt-out is therefore required, but you may confirm this by contacting privacy@ripplehire.com.


Indian Residents (DPDP Act):

Your Rights as a Data Principal (Section 11–14, DPDP Act)

Where RippleHire acts as Data Fiduciary, you have the following rights:

Right to Access (S.11): Obtain a summary of your personal data being processed and the processing activities.


Right to Correction and Erasure (S.12): Request correction of inaccurate or incomplete data, or erasure of data no longer necessary for the purpose for which consent was given.


Right to Grievance Redressal (S.13): Lodge a grievance with our Grievance Officer (details below). We will respond within 30 days.


Note to Candidates: If your data was submitted via a RippleHire Customer (the Employer), please direct your data rights requests directly to the Employer. RippleHire will legally assist the Customer in fulfilling these requests within statutory timelines.

8. Data Retention

We retain Personal Data only as long as necessary to fulfil the purposes defined in our customer contracts or as required by applicable laws. Upon contract termination, data is securely deleted or anonymized within the stipulated SLA timeframe.

9. India - Digital Personal Data Protection Act 2023

Trampoline Tech Private Limited is an Indian company directly subject to the Digital Personal Data Protection Act, 2023 ('DPDP Act'). This section sets out our specific obligations and your rights under Indian law.

Our Role Under the DPDP Act

When processing personal data on behalf of our enterprise Customers, RippleHire acts as a Data Processor (referred to as 'Data Processor' under the DPDP Act) under the instructions of the Customer, who is the Data Fiduciary. When processing personal data for our own website, marketing, and internal operations, RippleHire acts as the Data Fiduciary.

Consent

Where RippleHire processes personal data as a Data Fiduciary (website, marketing, internal hiring), we obtain free, specific, informed, and unambiguous consent from Data Principals before processing. Consent is sought through:

Website and marketing activities: an explicit opt-in consent mechanism (cookie banner and form-level consent)

Internal hiring using our platform: candidate consent obtained at the point of application

You may withdraw your consent at any time by contacting us at privacy@ripplehire.com. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal. Where withdrawal makes it impossible to continue providing a service, we will inform you accordingly.

Cross-Border Transfers of Indian Personal Data

Transfers of personal data of Indian residents outside India are made only to countries notified by the Government of India as permissible under Section 16 of the DPDP Act, or where required by contract with enterprise Customers who have obtained appropriate consent from Data Principals. We will update this section as the Government of India notifies permitted countries and transfer conditions under the DPDP Rules.

How to Contact Us

Trampoline Tech Private Limited only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. For privacy-related inquiries, grievances, or DPDP/GDPR-related requests, please contact our global Data Protection Officer at: privacy@ripplehire.com or via postal mail Trampoline Tech Private Limited’s registered office is at D-504, Kailas Esplanade, LBS Marg, Ghatkopar (W), Mumbai – 400086

This document was last updated on June 29th, 2026