Lucres Data Privacy Policy

Your Privacy Matters

This Privacy Policy is an electronic record under the Information Technology Act, 2000 (IT Act) and its rules, including the Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules). It is a legally binding contract between you and Lucres Private Limited, effective upon your acceptance (via "I Accept," website use, or other means).

By using lucres.com or hosted career pages (e.g., careers.yourcompany.com), you consent to the collection, storage, processing, and transfer of your personal and non-personal information as outlined below. If you disagree, please do not use our website. We comply with India's IT Act, SPDI Rules, GDPR, CCPA, and other applicable global data laws.

1. Who We Are

Lucres Private Limited (Neeligin Road, India 580029; privacy@lucres.com) is the GDPR Data Controller for user accounts and applications, and Data Processor for employer-shared data (employer as Controller).

2. Data We Collect

• Account/Profile: Name, email, password (hashed), sex, age, PIN code, phone, optional resume, experience, education, interests.
• Applications: Cover letters, resumes, employer questions.
• Usage: IP, browser, device, via cookies/analytics.
• Consent: Sharing/marketing approvals.
• Payment (if applicable): Credit/debit card details for services (not stored post-transaction).

Note: Information in the public domain or under the Right to Information Act, 2005 is not deemed sensitive.

3. How We Use Your Data

To provide services (e.g., SSO, job applications), share with employers (with consent), recommend jobs, improve platform via analytics, deliver ads, develop new services, and meet legal obligations.

Legal Basis:

• India (SPDI Rules): Consent for sensitive personal data (e.g., resume, contact); contractual necessity for services.
• GDPR: Consent (sharing/marketing), Contract (services), Legitimate Interests (analytics), Legal Obligation.

4. Data Sharing

(a) Employers: Application data (e.g., resume, contact) shared with explicit consent per job application.

(b) Group Companies: For processing, with confidentiality agreements.

(c) Service Providers: Third parties (e.g., hosting, analytics) under DPAs.

(d) Legal: Disclosures for identity verification, cyber incident investigation, or legal compliance (e.g., court orders, IT Act).

(e) No Sales: No sale of data (CCPA/SPDI-compliant).

5. Data Security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data.

Encryption (TLS/AES-256), access controls, bcrypt-hashed passwords, JWT for SSO, firewall-protected servers, regular audits/penetration tests. No system is impenetrable, but we strive to protect data. Public posts (e.g., discussion areas) are visible to all. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

6. Your Rights

• Access, rectify, erase (subject to 6-month application retention), restrict, port, object, withdraw consent.
• CCPA: Request disclosure/opt-out (no sales).
• SPDI: Review sensitive data sharing; grievance redressal (below).

Use support@lucres.com or Privacy Settings dashboard.

7. Consent for Data Sharing

Per application, you'll review/approve data shared with employers. Withdraw via privacy@lucres.com (employers may retain per their policies). SPDI-compliant consent for sensitive data.

8. Cookies and Tracking

Cookies for authentication (essential), analytics (e.g., Google), personalization, and ads. Manage via Cookie Settings pop-up (essential cookies non-disableable). Anonymous User IDs track interests without identifying you unless registered. IP addresses deliver pages, tailor content, and measure traffic/ad locations.

Our web servers automatically collect limited information about your computer's connection to the Internet, including your IP address, when you visit our site. (Your IP address is a number that lets computers attached to the Internet know where to send you data -- such as the web pages you view.) Your IP address does not identify you personally. We use this information to deliver our web pages to you upon request, to tailor our site to the interests of our users, to measure traffic within our site and let advertisers know the geographic locations from where our visitors come.

9. International Transfers

Data may transfer to US/other servers via Standard Contractual Clauses (SCCs), adequacy agreements (e.g., EU-US Framework, if applicable), or consent. Complies with GDPR, CCPA, and SPDI Rules for cross-border flows.

10. Data Retention

• Accounts: Active until deleted (request via privacy@lucres.com).
• Applications: 6 months post-submission (employer compliance).
• Usage: Anonymized after 12 months. SPDI-compliant retention for sensitive data.

11. Children's Privacy

Not for under-16s. Contact privacy@lucres.com for deletion of such data. COPPA-compliant for US users.

12. Links to Other Sites

The link to external sites (e.g., employer pages) are beyond our control. We're not responsible for their privacy practices. Our policy discloses the privacy practices for our own web site only. Our site provides links to other websites also that are beyond our control. We shall in no way be responsible in any way for your use of such sites.

13. Changes

Notified via email/site notice 30+ days before significant changes, per IT Act/SPDI Rules. Use remains under the policy at collection time. However the internet is an ever evolving medium. We may change our Privacy Policy from time to time to incorporate necessary future changes. Of course, our use of any information we gather will always be consistent with the policy under which the information was collected, regardless of what the new policy may be.

14. Contact and Grievance Redressal

Redressal Mechanism: Any complaints, abuse or concerns with regards to content and or comment or breach of these terms shall be immediately informed to the designated Grievance Officer as mentioned below via in writing or through email to Grievance Officer.

Email: privacy@lucres.com (General); support@lucres.com (Grievances).
Phone: +91 8660029734.
Address: Karnataka, India 580029.
DPO: Divyesh Dhokia.

SPDI Grievance Officer: Contact support@lucres.com for content/comments/breach issues.

15. Refund and Cancellation Policy

Our focus is complete customer satisfaction. In the event, if you are displeased with the services provided, we will refund back the money, provided the reasons are genuine and proved after investigation. Please read the fine prints of each deal before buying it, it provides all the details about the services or the product you purchase. In case of dissatisfaction from our services, clients have the liberty to cancel their projects and request a refund from us. Our Policy for the cancellation and refund will be as follows:

Cancellation Policy:

• For Cancellations please contact the us via contact us link.
• Requests received later then 2 business days after making the payment will NOT be entertained.

Refund Policy:

• If any refund is initiated by Lucres Private Limited, the refunds will be issued to the original bank account or credit/debit card provided at the time of purchase.
• Once the refunds are processed, it will be credited to your original source of payment mode within 5-7 working days.

16. Additional Notes

India: Complies with IT Act, SPDI Rules for sensitive data (e.g., financial, personal).

Global: GDPR EU rep via privacy@lucres.com; CCPA no-sales/opt-outs; PIPEDA, Australia Privacy Act compliance.