The RChilli Data Processing Agreement (DPA) – Processor Role governs how RChilli handles personal data on behalf of its clients, typically under the role of a “processor” in compliance with global data protection regulations like GDPR. While the full Data Processing Agreement document is not directly available in the KC or FAQ files, the available materials outline the following core principles and assurances from RChilli:
🔐 Data Security & Compliance Standards
RChilli demonstrates strong commitment to data protection through multiple internationally recognized certifications:
-
ISO/IEC 27001:2022
-
SOC 2 Type 2
-
HIPAA
-
PCI DSS (valid through 2024)
-
GDPR Compliance – especially relevant when acting as a data processor for EU-based clients.
RChilli explicitly states that security is embedded at every stage of product development, including REST APIs used for data processing. This ensures secure handling of client data at rest and in transit.
🛡️ Data Processing & Indexing Clarifications
-
Resume Parsing APIs do not store data permanently. Data is processed (parsed) in real-time and the structured output is returned to the client system.
-
For Search and Match functionality, resumes and job descriptions are temporarily indexed in a secure, region-specific environment. This indexed data is strictly used for matching and can be deleted using the
DeleteAllDocuments
API.
🔁 Client Control & Rights
Clients retain full control over their data, including the ability to:
-
Configure data fields dynamically via API.
-
Enable or disable sensitive information processing (e.g., masking of PII).
-
Choose server regions during onboarding to meet local data residency requirements.
-
Remove or delete indexed data via API endpoints.
🧾 Data Processing Agreement Accessibility
If you are a customer or partner needing a formal copy of the Data Processing Agreement (DPA) in your role as a controller, or require RChilli to act as a processor under GDPR, you should:
📧 Request the DPA by emailing: support@rchilli.com
This is standard practice when legal documents are required for vendor-client engagements and aren't available publicly.
📎 Related Documentation
For further technical or compliance details, you may consult:
If you have any questions or concerns about our DPA, please don't hesitate to reach out to us at support@rchilli.com
Comments
0 comments
Please sign in to leave a comment.