Skip to main content

Does RChilli share data with third-party providers ?

Hardik
  • Updated

RChilli's No Data Sharing Policy is a cornerstone of its commitment to ensuring the confidentiality and security of user data. Below is a comprehensive explanation of how RChilli implements this policy across its services and infrastructure:

🔐 No Data Sharing Policy – Ensuring Confidentiality and Security

1. Data Non-Retention and Privacy by Design

  • Resume Parser API: RChilli does not store any resume data processed via the Resume Parser API. All parsing is performed in real-time, and once the structured data is returned to the client, it is not retained on RChilli servers.

  • Search & Match Indexing: In cases where indexing is required (for search and match purposes), RChilli temporarily stores the indexed data in a secure environment, isolated per customer and region (e.g., US, EU, SG). This indexed data can be fully deleted at any time via the DeleteAllDocuments API.

2. Certifications and Compliance

RChilli's data security practices align with the highest international standards:

  • ISO/IEC 27001:2022: Ensures comprehensive information security management across all processes.

  • SOC 2 Type 2: Validates the operational effectiveness of RChilli’s controls around security, availability, and confidentiality.

  • HIPAA & PCI DSS: Applied where necessary for regulated data environments.

3. Secure API Authentication

  • Access to RChilli APIs requires user-specific API keys and sub-user IDs, ensuring only authorized use.

  • RChilli implements best practices for REST API security, including HTTPS encryption, user authentication, and access token validation.

4. Geographic Data Isolation

  • Users can choose their preferred data center location (e.g., USA, EU, Singapore) during sign-up or via My Account.

  • Data is processed and stored (if indexing is enabled) only in the chosen location, supporting compliance with local data residency laws and regulations.

5. Customer-Controlled Data Management

  • Customers retain full control over their data, including the ability to:

    • Delete indexed documents.

    • Control API call behavior using dynamic API settings.

    • Set configurations for data redaction, formatted address/phone output, and bias-free hiring.

6. No Data Sharing with Third Parties

  • RChilli does not share data with third-party vendors unless explicitly authorized by the customer.

  • Annual data enrichment services that leverage third-party providers (e.g., Lusha, FullContact) are opt-in only and require customer consent.

📎 Summary of Data Handling Ethics at RChilli

Principle RChilli Implementation
Data Ownership Client retains ownership
Data Sharing Never shared without consent
Data Storage Temporary (only for indexed search)
Compliance ISO 27001, SOC 2 Type 2, HIPAA, PCI
Access Control Secure, authenticated API access
Customization Fully configurable data processing & deletion

 

For further assistance or to discuss your specific security requirements, please contact support@rchilli.com or consult the RChilli Data Security documentation.

Related articles

Comments

0 comments

Please sign in to leave a comment.