Privacy Policy
Privacy Policy
This page explains what personal data the Central Training and Placement Cell Portal processes, why it is processed, which third parties are involved, and which rights users have under GDPR-aligned privacy principles.
Last updated: June 18, 2026
These pages are tailored to the features currently visible in this application. If new processors, trackers, payment flows, or public data-collection journeys are added later, the legal text should be updated before release.
1. Controller and Scope
This Privacy Policy applies to the MGM University Central Training and Placement Cell Portal, including its public pages, authenticated dashboards, student and recruiter workflows, document uploads, notifications, analytics, and AI-assisted features.
For data protection purposes, MGM University and its Central Training and Placement Cell act as the controller for personal data processed through the portal unless a specific workflow states otherwise. This notice is written to align with GDPR-style transparency obligations.
2. Personal Data We Process
- Identity and account data such as name, email address, password hash, profile photo, role, college, and department.
- Student profile data such as PRN, date of birth, gender, phone, address, academic history, marks, CGPA, backlogs, certifications, projects, resumes, social links, achievements, and placement-readiness information.
- Recruiter and coordinator data such as company affiliation, phone number, LinkedIn profile, approval status, and role-specific profile details.
- Application and workflow data such as drive applications, shortlist status, interview schedules, feedback, offers, onboarding notes, and background-verification records.
- Files and document data such as resumes, marksheets, certificates, booklet uploads, drive attachments, metadata, checksums, and file-access logs.
- Usage and security data such as sessions, audit logs, IP-address information captured on file access, and user-agent information where logged.
- Communication data such as automated emails, notifications, support contact details, and feedback submissions.
- AI prompt data such as profile details, projects, skills, academic indicators, and job descriptions used in resume, recommendation, interview-prep, STAR, chat, and job-radar features.
- Limited analytics and device data collected through analytics tooling loaded on the site.
3. Why We Process Data
- To create and manage accounts, authenticate users, refresh sessions, and enforce role-based access control.
- To publish drives, activities, booklets, and opportunities and to manage placement workflows.
- To evaluate eligibility, receive and process applications, and support recruiter review and candidate tracking.
- To store, serve, secure, and audit uploaded files and related records.
- To send operational emails and in-product notifications.
- To provide AI-assisted support features for resume writing, recommendations, interview preparation, chat assistance, and job discovery.
- To generate aggregate reporting and analytics for university administration.
- To monitor service health, investigate incidents, preserve audit trails, and protect the platform and its users.
4. Lawful Bases
Depending on the workflow, MGM University generally relies on one or more of the following lawful bases: performance of a contract or pre-contractual steps, compliance with legal obligations, legitimate interests in operating a secure placement portal, and consent where consent is specifically requested.
If analytics, optional cookies, or optional AI features are offered to users in jurisdictions requiring consent, consent should be obtained before those tools are activated. A policy page alone does not replace that operational requirement.
5. Recipients and Processors
Personal data may be shared internally with authorized university administrators, college administrators, coordinators, and recruiters according to role-based permissions. Data may also be processed by service providers acting on MGM University's behalf.
- Hosting and application infrastructure providers used to run the app and database.
- SMTP email providers used for transactional emails.
- UploadThing or equivalent file-processing infrastructure used for uploaded images and PDFs.
- Vercel Analytics or similar analytics tooling loaded on the site.
- Google Gemini, OpenAI-compatible services, and OpenRouter-connected providers used by AI features in the codebase.
- Authorities or regulators where disclosure is legally required.
6. International Transfers
Because the portal uses third-party analytics, AI, email, and hosting services, personal data may be processed outside the user's country, including outside the European Economic Area. Where GDPR applies, MGM University should ensure a valid transfer mechanism is in place before enabling the relevant processor.
7. Retention
The current application stores core records until they are deleted, archived, or soft-deleted in the database. Audit logs, file logs, notifications, uploaded files, and recruitment records may persist for operational, accountability, and security reasons.
MGM University should maintain a formal retention schedule with exact timelines for applicant records, recruiter records, documents, AI outputs, background-verification records, and administrative logs. Until that schedule is approved, only the minimum data needed for placement operations, legal compliance, disputes, and security should be retained.
8. Security
- Hashed-password verification is used for authentication.
- Role-based access controls and protected API routes are used throughout the portal.
- The file subsystem includes path-boundary checks, metadata tracking, checksums, and access logging.
- Audit logs are created for many privileged actions.
- No method of storage or transmission is completely secure, so users should avoid submitting unnecessary sensitive information.
9. Cookies, Sessions, and Analytics
The portal uses session technologies necessary for authentication and secure access. The application also loads analytics tooling. Under GDPR and similar laws, non-essential cookies or similar identifiers should not be activated for covered users until valid consent has been collected where required.
10. Automated Processing and AI
The portal includes AI-assisted features that generate resume content, recommendations, interview-preparation material, chat responses, and role suggestions. These features may analyze user-submitted profile information, project details, skills, academic indicators, and job descriptions.
AI outputs are intended to support users and administrators, not replace human judgment. Users should review AI-generated content before relying on it for recruitment, academic, employment, or legal decisions.
11. Data Subject Rights
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure, subject to legal exceptions.
- The right to restriction of processing.
- The right to data portability where applicable.
- The right to object where processing relies on legitimate interests or direct marketing.
- Rights relating to automated decision-making and profiling where applicable.
- The right to lodge a complaint with a competent supervisory authority.
12. How to Exercise Rights
Users may request access, correction, deletion, restriction, portability, or objection by contacting tnp@mgmu.ac.in or using the contact details published on the Contact page. MGM University should verify identity before fulfilling a request and maintain an internal workflow for responding within applicable legal deadlines.
13. Children's Data
The portal is intended for university placement and recruitment activities and is not directed to children. If data is submitted in a way that requires parental authorization under applicable law, the related processing should be paused and handled appropriately.
14. Changes to This Policy
MGM University may update this Privacy Policy to reflect legal, technical, or operational changes. Material changes should be posted on the portal with a revised effective date and, where appropriate, communicated to users through the portal or by email.
Questions about these legal pages can be sent to tnp@mgmu.ac.in or through the Contact page.