Legal
Privacy Policy
How CoreHRx collects, uses, stores, and protects personal and HR data when you visit our website or use our platform.
1. Introduction
This Privacy Policy explains how THINKNEXT INNOVATIONS PRIVATE LIMITED ("THINKNEXT", "we", "us", or "our") collects, uses, discloses, and safeguards personal information when you:
- visit corehrx.com or related marketing pages;
- request a demo, contact us, or subscribe to communications;
- register for or use the CoreHRx HRMS platform, mobile apps, or APIs (the "Services").
By using our website or Services, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use our website or Services.
2. Who we are
CoreHRx is an HRMS product operated by THINKNEXT INNOVATIONS PRIVATE LIMITED.
Data controller / service provider
THINKNEXT INNOVATIONS PRIVATE LIMITED
C-4, Sector 63, Noida, Uttar Pradesh 201301, India
Email: support@corehrx.com
Website: https://www.corehrx.com/
When an organisation subscribes to CoreHRx, that organisation is typically the controller of employee and HR data processed in the platform. THINKNEXT acts as a processor or service provider for such data, as described in our customer agreements.
3. Information we collect
3.1 Information you provide
- Account & profile data: name, work email, phone number, job title, company name, password or authentication credentials.
- Demo & sales enquiries: contact details, company size, product interest, and messages you submit through forms.
- Support communications: content of emails, tickets, chat messages, and attachments you send us.
- Billing information: billing address, GST or tax details, and payment references processed through authorised payment partners (we do not store full card numbers on our servers).
3.2 HR & workforce data uploaded by customers
Customers may upload or generate employee and HR records in CoreHRx, which may include:
- employee identity, contact, and employment details;
- attendance, leave, shift, and location data (including GPS where enabled);
- payroll, compensation, tax, and statutory compliance information;
- performance, tasks, documents, policies, recruitment, and expense records;
- device identifiers and app usage logs related to workforce operations.
3.3 Information collected automatically
- Device & log data: IP address, browser type, operating system, pages viewed, referral URLs, timestamps, and error logs.
- Mobile app data: device model, app version, push notification tokens, and crash diagnostics.
- Cookies & similar technologies: see Section 10 below.
4. How we use information
We use personal information to:
- provide, operate, maintain, and improve the Services;
- authenticate users and enforce account security;
- process subscriptions, invoices, and customer support requests;
- send service notices, product updates, and administrative messages;
- respond to demo requests and sales enquiries;
- monitor usage, troubleshoot issues, and prevent fraud or abuse;
- comply with legal obligations and enforce our Terms & Conditions;
- send marketing communications where permitted, with opt-out options.
We do not sell personal information. We do not use customer HR data to train public AI models without explicit agreement.
5. Legal basis
Depending on context, we process personal information based on:
- Contract: to deliver the Services you or your organisation requested.
- Legitimate interests: to secure our platform, improve products, and communicate with business contacts, balanced against your rights.
- Consent: where required for marketing, optional cookies, or specific features.
- Legal obligation: to meet applicable laws, tax, accounting, or regulatory requirements.
For users in India, we aim to align with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules as they come into force.
7. Data retention
We retain personal information only as long as necessary for the purposes described in this policy, unless a longer period is required by law.
- Marketing and website enquiry data is retained while relevant and deleted or anonymised when no longer needed.
- Customer account and HR data is retained for the subscription term and for a reasonable period thereafter to allow export, dispute resolution, and legal compliance.
- Backups may persist for a limited period before automatic deletion.
Customers may request deletion of organisation data subject to contractual terms and statutory retention requirements.
8. Security
We implement administrative, technical, and organisational measures designed to protect personal information, including access controls, encryption in transit, monitoring, and staff training.
No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately at support@corehrx.com.
9. Your rights
Depending on applicable law, you may have the right to:
- access and obtain a copy of your personal information;
- correct inaccurate or incomplete data;
- request deletion, subject to legal and contractual limits;
- withdraw consent where processing is consent-based;
- object to or restrict certain processing;
- nominate another person to exercise rights on your behalf where permitted under the DPDP Act.
Employees whose data is managed by an employer should first contact their organisation's HR or CoreHRx administrator. We will assist our customers in responding to valid requests as required.
To exercise rights relating to our website or direct relationship with THINKNEXT, email support@corehrx.com. We may verify your identity before responding.
11. HR & employee data
CoreHRx is designed to process workforce data on behalf of subscribing organisations. Customers are responsible for:
- providing appropriate privacy notices to employees;
- obtaining lawful bases and consents where required;
- configuring roles, permissions, and retention settings appropriately;
- ensuring data uploaded to the platform is accurate and used for legitimate HR purposes.
THINKNEXT processes such data only to deliver the Services, provide support, maintain security, and meet legal obligations under applicable agreements.
12. International transfers
Our primary infrastructure and operations are in India. If data is transferred outside India, we implement safeguards consistent with applicable law, such as contractual protections with recipients.
13. Children
CoreHRx is a business platform not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have collected such data, contact us so we can delete it.
14. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the latest version. Material changes will be communicated through the website or by email where appropriate. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.
15. Contact us
For privacy questions, requests, or complaints, contact:
Privacy — CoreHRx
THINKNEXT INNOVATIONS PRIVATE LIMITED
C-4, Sector 63, Noida, Uttar Pradesh 201301, India
Email: support@corehrx.com
See also our Terms & Conditions.