Privacy Policy
ViH HRMS · operated by ViH Research Labs · Effective date: 13 July 2026 · Last updated: 14 July 2026
This Privacy Policy explains how ViH Research Labs ("ViH", "we", "us", "our")
collects, uses, stores, shares and protects personal information when you use
ViH HRMS, our Human Resource Management System available at
https://hrms.vihresearchlabs.ai (the "Service").
The Service is an internal workplace tool used by employees, interns, co-founders, funders and
other authorised personnel ("you", "users") of ViH Research Labs for attendance, leave,
payroll, onboarding and related HR functions.
By signing in to and using the Service you acknowledge the practices described in this policy.
If you do not agree with it, please contact your HR administrator before using the Service.
1. Information we collect
1.1 Information you provide
- Account and identity details — full name, employee code, work designation,
department, date of birth, gender, blood group, residential address and emergency contact.
- Contact details — email address and phone number, both of which are
confirmed through one-time verification codes.
- Onboarding documents — copies of documents requested during onboarding,
which may include government-issued identifiers (such as Aadhaar and PAN), educational
certificates, photographs, bank proof, signed offer letters and agreements.
- Banking details — account holder name, account number, IFSC, bank name and
branch, used solely for salary/stipend disbursement.
- Workplace records — leave requests, attendance records, payroll and salary
structure data, chat messages sent through the built-in messenger, and profile photos.
1.2 Information collected automatically
- Session data — a session cookie that keeps you signed in (see section 8).
- Audit logs — security-relevant actions (sign-ins, changes to bank details,
document verification decisions, HR actions) are recorded in an append-only audit log together
with the acting account and IP address.
- Technical logs — standard web-server logs (IP address, request path,
timestamp, user agent) kept for security and troubleshooting.
1.3 Information from third parties
- Google sign-in (optional account linking) — if you link your Google
account, we receive your Google account identifier and email address from Google. See
section 5 for details on how Google user data is handled.
- Phone verification — when phone verification is performed through Firebase
Authentication (a Google service), Google processes your phone number to deliver the
verification SMS and confirms to us that the number was verified.
2. How we use your information
- To operate core HR functions: attendance tracking, leave management, payroll and payslip
generation, holiday calendars, announcements and internal chat.
- To complete onboarding and offboarding, including verification of the documents you submit.
- To verify that your contact details (phone and email) belong to you.
- To meet legal, tax and employment-law obligations (for example payroll records and
statutory filings).
- To secure the Service: authentication, role-based access control, fraud prevention and
audit logging.
- To provide AI-assisted features (see section 6).
We do not sell personal information, use it for advertising, or share it with
third parties for their own marketing purposes.
3. Legal basis
We process personal data as necessary for the performance of the employment or engagement
relationship, for compliance with legal obligations (including under Indian labour, tax and
corporate law), for our legitimate interest in running secure and efficient internal HR
operations, and — where required, such as for certain document processing — with your consent,
in accordance with applicable law including the Digital Personal Data Protection Act, 2023
(India).
4. Who can see your data inside ViH
- You can view and update your own profile, documents and records.
- HR administrators can access employee records needed to run HR operations,
including submitted documents, attendance, leave and payroll data.
- Your manager may see records relevant to managing you (such as leave
requests and attendance).
- Chat messages are visible only to the participants of the conversation.
- Access is enforced by role-based permissions, and sensitive actions are audit-logged.
5. Google user data (Google Sign-In and Firebase)
The Service offers optional sign-in/account linking with Google and phone verification through
Firebase Authentication. When you use these features:
- We access only your basic Google account information: your Google account
identifier (subject ID) and email address. We do not request access to your Gmail content,
Google Drive, contacts, calendar or any other Google data.
- This information is used solely to authenticate you and to link your Google
account to your existing employee record so you can sign in with it.
- Your phone number, when verified via Firebase, is processed by Google to deliver the
verification code; we store only the verified number in your employee profile.
- We do not transfer, sell or use Google user data for advertising, credit-worthiness
determinations, or any purpose other than providing the sign-in and verification features.
- ViH's use and transfer of information received from Google APIs adheres to the
Google
API Services User Data Policy, including its Limited Use requirements.
- You can unlink your Google account at any time from your Profile page in the Service, or
revoke ViH's access from your
Google Account
permissions page.
6. AI-assisted features
The Service includes AI features powered by Anthropic's Claude models:
- Document checks — documents you upload during onboarding may be analysed
automatically to confirm they appear to be the requested document type. AI results are
suggestions; final verification decisions are made by HR staff.
- HR assistant chat — messages you send to the ViH AI assistant are processed
to generate a reply, and may result in actions you request (such as drafting a leave request
for HR review).
Content processed by these features is transmitted to Anthropic's API for processing. We do
not permit our AI providers to use this content to train their models. AI outputs can be
inaccurate; they are always subject to human review for decisions that affect you.
7. Third-party service providers
We share personal data only with the processors needed to run the Service:
| Provider | Purpose | Data involved |
| Amazon Web Services (AWS) | Cloud hosting of the Service and its database |
All Service data (encrypted in transit) |
| Google (Sign-In, Firebase Authentication) | Optional Google sign-in; phone number verification |
Google account ID, email, phone number |
| Anthropic | AI document checks and HR assistant |
Uploaded documents and assistant messages |
| Let's Encrypt | TLS certificates (HTTPS) | No personal data |
| Email/SMS delivery providers (e.g. Gmail SMTP, Twilio), where configured |
Delivery of verification codes and notifications |
Email address / phone number and the code sent |
We may also disclose information where required by law, regulation, legal process or
enforceable governmental request, or to protect the rights, property or safety of ViH, its
personnel or others.
8. Cookies
The Service uses a single essential session cookie to keep you signed in. It
contains a signed session identifier, is not used for tracking or advertising, and is deleted
when you sign out. No third-party analytics or advertising cookies are set.
9. Data retention
- Employee records, payroll data and statutory documents are retained for the duration of
your engagement and thereafter for the periods required by applicable law (for example tax
and employment-record retention requirements).
- Audit logs are append-only and retained for security and compliance purposes.
- Verification codes expire within minutes of issue and are cleared once used.
- When retention is no longer required, records are deleted or anonymised.
10. Security
- All traffic to the Service is encrypted in transit with TLS (HTTPS).
- Passwords are stored only as salted cryptographic hashes — never in plain text.
- Uploaded identity documents are stored outside the publicly-served web directory and are
accessible only through authenticated, role-checked endpoints.
- Role-based access control restricts HR functions to HR accounts; sensitive changes (such as
bank details) are audit-logged with masked values.
- Verification codes are rate-limited, expire quickly, and lock after repeated wrong attempts.
No system can be guaranteed 100% secure, but we review and improve our safeguards on an
ongoing basis. If we become aware of a personal data breach that affects you, we will notify you
and the relevant authorities as required by law.
11. Your rights
Subject to applicable law (including the Digital Personal Data Protection Act, 2023), you have
the right to:
- Access the personal data we hold about you — much of it is visible directly
on your Profile page.
- Correct inaccurate or outdated details, either through your Profile page or
by contacting HR.
- Request erasure of data that we are not legally required to retain.
- Withdraw consent where processing is based on consent (for example, by
unlinking your Google account).
- Grievance redressal — raise a complaint about how your data is handled.
To exercise any of these rights, contact your HR administrator or write to us at the address
in section 14. We will respond within the timelines required by law.
12. Children
The Service is a workplace system intended for adults aged 18 and over. We do not knowingly
collect personal data from children.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced
through the Service (for example via an announcement on the dashboard), and the "Last updated"
date at the top of this page will always reflect the current version. Continued use of the
Service after an update constitutes acceptance of the revised policy.
14. Contact us
For any questions, requests or complaints about this Privacy Policy or your personal data,
contact:
ViH Research Labs — HR / Data Protection
Email: contact@vihresearchlabs.ai
Website: https://hrms.vihresearchlabs.ai