Enterprise Privacy Policy — Gyanbatua.ai

2) Scope

This Policy applies to:

• visitors to our websites,
• users who create accounts and use Platform features (free or paid),
• users who submit assessments, learning content, or interview practice materials,
• individuals who contact support, provide feedback, or participate in surveys,
• enterprise users where the Platform is deployed for organizational use (with any additional enterprise addenda, if executed).

3) Age Policy (13+)

4) Definitions (Plain-English)

• "Personal Data": information that identifies or relates to an identifiable individual (directly or indirectly).
• "Sensitive Personal Data" (where applicable): categories treated as sensitive under applicable law.
• "Processing": collection, storage, use, sharing, deletion, etc.
• "User Content": prompts, responses, files, resumes/CVs, portfolios, messages, recordings, and other content you submit.
• "De-identified/Anonymized Data": data processed so it cannot reasonably identify you; we may use it without restriction where permitted by law.

5) Data We Collect

We collect data you provide, data collected automatically, and data from permitted third-party sources.

A) Data You Provide

• Account & profile data: name, email, phone number (optional/where enabled), password (stored hashed), location (optional), education/career preferences, profile settings.
• Assessment & learning data: test answers, scores, attempts, progress, skill-gap results, learning plans, feedback interactions, goals, time spent, performance analytics.
• Career-readiness content: resumes/CVs, cover letters, portfolio links, project descriptions, role preferences, and other application-related materials you upload or input.
• Communications: support tickets, chat messages, call/email correspondence, feedback, survey responses.
• Identity/age assurance (limited): where required for minor consent or compliance, limited verification signals (e.g., guardian email/phone confirmation, consent logs). We do not require government IDs by default unless mandated for a specific compliance reason.
• User Content in AI interactions: prompts, instructions, and generated outputs associated with your account.

B) Data Collected Automatically

• Device & technical data: IP address, device IDs, browser type, OS, app version, language, network type.
• Usage & log data: pages/screens visited, session times, clicks, referring URLs, crash logs, diagnostics, performance metrics, security logs.
• Approximate location: inferred from IP (city/region-level).
• Cookies and similar technologies: see Section 12.

C) Payment & Billing Data

Payments are processed by third-party payment gateways. We typically receive: plan purchased, amount, currency, transaction ID/reference, status, timestamps, and limited billing details as required for invoicing/records.

We do not store full card details, CVV, or full banking credentials.

D) Data From Third Parties (Where Enabled)

• SSO providers (e.g., Google/LinkedIn) for login: name, email, profile image, and other permissions you authorize.
• Analytics/anti-fraud providers: device risk signals, aggregated event data.
• Institution/employer or enterprise customers (if you use Platform through them): enrollment identifiers, cohort metadata, and program details (subject to contract).

E) Do Not Provide Sensitive Data

Please do not submit sensitive personal data in prompts/uploads (e.g., passwords, financial account details, OTPs, government IDs, health data). If you choose to submit such data, you consent to our processing of it to deliver the service, maintain security, and comply with law, subject to applicable legal limitations.

6) How We Use Data (Purposes)

We use data to operate an AI tutoring and career-preparation platform, including to:

• Provide the Platform: create accounts, authenticate, deliver features, provide AI guidance, run assessments, generate learning plans, and maintain user history.
• Personalize learning: analyze performance, detect learning gaps, recommend content, and adapt difficulty and practice.
• Quality, safety & integrity: prevent fraud/abuse, detect suspicious activity, enforce Terms, troubleshoot, and maintain platform security.
• Improve the Platform: product development, bug fixing, performance optimization, feature enhancements, research and analytics (including de-identified/aggregated analysis).
• Customer support: respond to requests, resolve issues, and communicate about your account.
• Billing & administration: process payments, manage subscriptions, invoice/receipt records, and accounting.
• Legal & compliance: comply with applicable laws, respond to lawful requests, and protect rights and safety.
• Communications: Transactional: OTPs, security alerts, policy changes, service updates. Marketing (where permitted): newsletters, offers, and product updates (with opt-out options).

7) AI Processing, Automated Systems & Human Oversight

A) How AI Uses Your Data

Your inputs and Platform activity may be processed by automated systems (including AI) to produce:

• feedback, recommendations, and learning plans,
• interview practice responses and evaluation hints,
• skill-gap and readiness insights.

B) No Guaranteed Outcomes

AI outputs are probabilistic and may be inaccurate. You should independently verify outputs before relying on them for important decisions. The Platform does not guarantee job/internship/apprenticeship outcomes.

C) Model Improvement & Training Use

To keep the Platform favorable to users while remaining compliant:

• We may use de-identified and/or aggregated data to improve performance, safety, and reliability.
• Where we use identifiable User Content for quality review, safety, or improvement, we apply reasonable safeguards (access controls, minimization, logging, and confidentiality obligations).
• If the Platform offers an opt-out setting for use of your content for improvement/training, we will honor it as described in product settings. If no setting exists, we process your content primarily to provide the service and for security/quality assurance, subject to this Policy and applicable law.

D) Automated Decisions

We do not make decisions producing legal or similarly significant effects solely by automated processing (e.g., hiring decisions). Any "readiness" or "score" is an educational indicator, not a hiring verdict.

8) Legal Grounds for Processing

We process personal data in accordance with applicable law.

India (primary)

Where applicable, we rely on:

• Consent (e.g., account creation, optional data fields, marketing preferences, minor consent), and/or
• Legitimate uses/permitted grounds under applicable Indian law (e.g., providing requested services, security and fraud prevention, compliance, responding to emergencies, enforcing rights), as available.

Other jurisdictions (if applicable)

We may rely on:

• performance of a contract (to provide the Platform),
• legitimate interests (service improvement, security, fraud prevention),
• consent (where required),
• compliance with legal obligations.

9) How We Share Data

We do not sell personal data.

We may share personal data with:

• Processors / Service Providers: Vendors who help operate the Platform (hosting, cloud services, email/SMS delivery, customer support tools, analytics, crash reporting, security tooling, payment processing). They process data only on our instructions and under confidentiality and security obligations.
• Payment Gateways & Fraud Prevention Partners: To process payments, prevent fraud, manage chargebacks, and comply with financial regulations.
• Enterprise/Institution Customers (If Applicable): If you use the Platform through an employer/institution, we may share limited account and usage information with that organization (e.g., enrollment status, aggregated progress, completion metrics) as required to operate the program and as described at onboarding or under an enterprise agreement. We aim to minimize sharing of raw prompts and personal content unless necessary or agreed.
• Legal, Compliance & Protection: Where required by law, court order, or lawful government request, or to protect the rights, property, or safety of the Company, users, or the public.
• Business Transfers: In connection with a merger, acquisition, restructuring, financing, or sale of assets. We will apply appropriate protections and require the recipient to honor this Policy (or provide equivalent notice/choices as required by law).

10) Cross-Border Transfers

Your data may be stored or processed in India and/or other countries where we or our service providers operate. Where required, we implement reasonable safeguards (such as contractual protections, access controls, encryption practices, and vendor security reviews), subject to applicable Indian law and any notified cross-border restrictions.

11) Security Measures

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal data, including, where appropriate:

• access controls and role-based permissions,
• encryption in transit (and at rest where feasible),
• logging and monitoring of critical systems,
• secure development practices and vulnerability management,
• vendor risk assessment and contractual security obligations,
• backups and resilience controls.

No system can be 100% secure. You are responsible for protecting your account credentials and using strong passwords.

12) Cookies & Similar Technologies

We use cookies and similar technologies to:

• maintain sessions and authentication,
• remember preferences,
• secure the Platform and prevent fraud,
• understand usage and improve performance (analytics).

You can manage cookies via browser settings and, where available, on-platform cookie controls. Disabling certain cookies may affect functionality.

13) Retention & Deletion

We retain personal data only as long as necessary for the purposes in this Policy, including legal and operational reasons. Retention depends on data category, usage, and legal obligations.

Typical retention approach:

• Account data: retained while the account is active; deleted or anonymized after account closure/request, subject to legal retention.
• Assessment and learning records: retained to provide continuity, progress tracking, and user experience; may be deleted/anonymized after account deletion, subject to legal obligations and legitimate security needs.
• Support tickets: retained for a reasonable period for audit and resolution.
• Transaction records: retained as required by law and for accounting/tax compliance.
• Security logs: retained for a reasonable period for fraud prevention and incident investigation.
• De-identified/aggregated data: may be retained longer for analytics and improvement.

We may retain limited data where necessary to comply with legal obligations, resolve disputes, enforce agreements, prevent fraud/abuse, or comply with law enforcement requests.

14) Your Rights & Choices

Subject to applicable law, you may request:

• access to your personal data,
• correction/updates to inaccurate data,
• deletion of your data,
• withdrawal of consent (where processing is based on consent),
• restriction/objection (where applicable),
• account closure and data export where feasible,
• grievance redressal and escalation rights where applicable,
• nomination of another person to exercise rights on your behalf (where applicable under Indian law).

To make a request, email [email protected]. We may verify your identity and may decline requests that are unlawful, unreasonably repetitive, technically infeasible, or that risk others' rights/security.

15) Parental/Guardian Rights (13–17)

Parents/guardians of users aged 13–17 may contact us to:

• request access to, correction of, or deletion of the minor's data (subject to verification),
• raise safety concerns or request account deactivation.

Email: [email protected].

16) Communications & Marketing Choices

17) Third-Party Links

The Platform may contain links to third-party sites/services. Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.

18) Updates to This Policy

We may update this Policy from time to time. We will post the revised Policy on this page with an updated effective date. Your continued use after changes means you accept the revised Policy, to the extent permitted by law.

19) Grievance / Complaints

If you have concerns about privacy or data handling, contact: [email protected].

We will make reasonable efforts to address concerns in a timely manner.

20) Jurisdiction (Disputes)

This Policy is governed by the laws of India. Subject to applicable law, courts at Saket City Courts, New Delhi shall have jurisdiction for disputes arising out of this Policy.