# DPDP-ready HR copilot policy

## Description

Use this policy when an HR AI copilot processes employee data for payroll, leave, benefits, performance notes, employee helpdesk responses, or internal HR analytics.

## Placeholder fields

- Company name: [COMPANY_NAME]
- Data fiduciary contact: [PRIVACY_CONTACT_NAME_AND_EMAIL]
- HR owner: [HR_OWNER]
- Security owner: [SECURITY_OWNER]
- AI system name: [HR_COPILOT_NAME]
- Effective date: [EFFECTIVE_DATE]
- Review cycle: [REVIEW_FREQUENCY]

## Approved purposes

[COMPANY_NAME] may use [HR_COPILOT_NAME] only for documented HR operations, including payroll clarification, leave-policy support, benefits support, HR ticket triage, employee handbook search, and performance-cycle assistance where a human HR owner remains accountable.

Employee personal data must not be used for unrelated marketing, employee surveillance, disciplinary profiling, or model training unless a separate lawful basis, notice, and approval record exists.

## Data categories

The HR copilot may encounter employee name, work email, employee ID, phone number, payroll metadata, leave records, manager notes, appraisal history, and benefits information. Aadhaar, PAN, bank account, health, or family-member data must be redacted unless strictly necessary for the stated HR purpose and approved by [HR_OWNER].

## DPDP controls

- Show employees a clear notice describing the HR purposes before the copilot is used.
- Collect only the minimum employee data needed for the specific HR workflow.
- Do not retain raw prompts or HR documents longer than [RETENTION_PERIOD].
- Redact Aadhaar, PAN, bank details, health details, and family-member identifiers from model-visible prompts where possible.
- Restrict audit logs to authorised HR, legal, and security roles.
- Keep a retrieval path for employee access, correction, grievance, and erasure requests.

## Human review

The copilot must not make final decisions on payroll, promotion, termination, disciplinary action, or benefits eligibility without human HR review and documented approval.

## Incident response

Suspected employee-data leakage must be escalated to [SECURITY_OWNER] within [ESCALATION_SLA]. Breach notification will follow [COMPANY_NAME]'s DPDP incident response workflow.

This template was reviewed by CrewCheck and aligns with the DPDP Act 2023 obligations.