Contents
CareerARIA is an AI-powered career assistance platform operated by Nitpeak Technologies Private Limited. The platform helps job seekers analyze resumes, generate cover letters, optimize LinkedIn profiles, research companies, and prepare for interviews. Promotional and social media content for CareerARIA is produced and managed by Panda Tech Bytes (website: pandatechbytes.com), the official media partner of Nitpeak Technologies Private Limited.
For the purposes of the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), Nitpeak Technologies Private Limited is the Data Fiduciary in respect of all personal data collected through CareerARIA.
When this policy says "we", "our", or "CareerARIA", it refers to Nitpeak Technologies Private Limited. When it says "you" or "user", it refers to anyone who creates an account and uses the platform.
We collect and process your personal data on the following lawful bases under Indian law:
Under the SPDI Rules 2011, your resume text, employment history, and career-related content may constitute sensitive personal data or information (SPDI). We handle all such data with the heightened care required by those rules, including obtaining your prior consent before collection.
You have the right to withdraw your consent at any time by deleting your account. Withdrawal of consent will result in deletion of all your data and termination of your access to the service.
When you register, we collect:
The core function of CareerARIA requires you to submit career-related content. We store the following:
| Module | What you submit | What we store |
|---|---|---|
| Resume Analyzer | Resume PDF, job description | PDF file, parsed resume text (name, contact, experience, education, skills), job description, ATS score, keyword gaps, AI suggestions |
| Cover Letter Builder | Job title, company name, job description, tone preference | All inputs and the generated cover letter text |
| LinkedIn Optimizer | LinkedIn profile text (copy-pasted) | Profile text, section scores, AI rewrite suggestions |
| Company Intelligence | Company name, role title | Inputs and AI-generated company/fit analysis |
| Interview Prep | Role type, company, experience level | Inputs and AI-generated questions and answers |
| ARIA Chat | Conversation messages | Full conversation history (all turns), references to your other content used as context |
We log each time you use a module, recording which module was used, what action was taken, the number of AI tokens consumed, and the timestamp. This is used to enforce plan quotas and monitor system usage. The content of individual requests is not stored in this log.
We use the data you provide for the following purposes only. Under the DPDP Act 2023, we process your data only for the specific purposes for which consent was given (purpose limitation):
We do not use your data for advertising. We do not build profiles to sell or share with any third party. We do not use your submitted content to train any AI model. We do not process your data for any purpose beyond what is described in this policy (data minimisation and purpose limitation as required by the DPDP Act 2023).
CareerARIA uses the Google Gemini API (operated by Google LLC, USA) as its AI engine. When you use any of the six modules, the content you submit is sent to Google's Gemini API to generate results. Specifically:
This constitutes a cross-border transfer of personal data from India to servers operated by Google LLC in the United States. Google's handling of API data is governed by their Privacy Policy and API terms. Under Google's current API terms, data submitted via the Gemini API is not used to train Google's models by default.
Apart from Google Gemini, we do not share your data with any other third party. We do not sell, rent, or trade your personal information. No data is shared with advertisers, data brokers, or any other service provider not described in this policy.
When you export a cover letter or resume as a PDF, this is done entirely in your browser using a JavaScript library. No data is sent to any external server for this operation.
All user data is stored in a MySQL database on our server. Resume PDF files are stored on the server filesystem in a private directory that is not publicly accessible. File names are hashed (SHA-256) to prevent guessing. Data is currently stored on servers located in India or accessible from India.
We maintain reasonable security practices and procedures as required under Rule 8 of the SPDI Rules 2011 and Section 43A of the Information Technology Act 2000:
HttpOnly (no JavaScript access) and SameSite=Strict. In production, the Secure flag is also set (HTTPS only).Database records and uploaded files are not encrypted at rest beyond standard server-level protections. We do not apply application-level encryption to stored resume text or generated content at this time.
We retain your data for as long as your account is active. There is no automatic expiry on stored resumes, analyses, cover letters, or chat history.
Usage log entries (which record module usage for quota enforcement) may be automatically purged after a configurable number of days at the system administrator's discretion.
If you delete your account, all data associated with your account is permanently deleted. This includes your resumes, analyses, cover letters, LinkedIn data, company searches, interview sessions, chat history, and usage logs. This deletion is immediate and cannot be undone.
In the event of account suspension for violation of our Terms of Service, your data is retained for 30 days before permanent deletion, to allow for any dispute resolution.
Under the Digital Personal Data Protection Act 2023 and the SPDI Rules 2011, you have the following rights as a Data Principal:
You have the right to know what personal data we hold about you and how it is being processed. You can view all your stored content (resumes, cover letters, analyses, chat history) directly within your account. For a summary of all data associated with your account, contact us at support@nitpeak.com.
You can update your name and email address from account settings at any time. If you believe any other data we hold is inaccurate or incomplete, contact us and we will correct it.
You can delete specific content (individual resumes, cover letters, chat history) from within your account at any time. You can also permanently delete your entire account and all associated data from Settings. Upon confirmation, all your data is immediately and permanently erased from our database and file storage. This right may be exercised at any time without restriction.
You may withdraw your consent to data processing at any time by deleting your account. Withdrawal of consent means we can no longer provide the service to you, and all your data will be erased.
Under the DPDP Act 2023, you have the right to nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. To register a nomination, contact us at support@nitpeak.com.
If you believe your data rights have not been respected, you may raise a grievance with our designated Grievance Officer. See Section 15 for contact details. We will respond to all grievances within 30 days of receipt.
Cover letters can be downloaded as plain text or PDF at any time. Resumes can be downloaded in formatted templates. For a full export of all data associated with your account, contact us and we will assist within 15 business days.
CareerARIA uses a single session cookie to keep you logged in. This cookie:
careeraria_sessionHttpOnly and SameSite=Strict flagsWe do not use advertising cookies, tracking cookies, or any third-party cookies. There is no cookie consent banner because we only use one strictly necessary functional cookie. This cookie is required for the service to operate and cannot be disabled while you are logged in.
Designated administrators at Nitpeak Technologies Private Limited have access to the admin panel, which allows them to:
Administrators cannot view the content of your resumes, cover letters, chat messages, LinkedIn data, or interview sessions through the admin interface. Your password is stored only as a one-way hash and cannot be read or recovered by anyone.
All administrator actions are logged with a timestamp, the admin's ID, and what action was taken, in compliance with audit requirements under the IT Act 2000.
We send the following types of emails:
We do not send promotional or marketing emails to sell third-party products or services. All emails are sent from our own domain. A log of sent emails (recipient, subject, status) is retained for troubleshooting purposes.
CareerARIA is intended for use by adults who are actively seeking employment or advancing their careers. Under the Indian Contract Act 1872, a valid contract requires the parties to be of the age of majority, which is 18 years in India.
By creating an account, you confirm that you are at least 18 years of age. We do not knowingly collect personal data from persons under 18. If we become aware that an account has been created by a minor, we will delete the account and all associated data promptly.
If you believe a minor has created an account, please contact our Grievance Officer immediately.
In the event of a personal data breach that is likely to result in harm to you, we will:
Breach notifications will be sent to the email address registered to your account.
We may update this privacy policy as the product evolves or as Indian data protection law is updated (including when the DPDP Rules are finalised and notified). When we make material changes, we will update the effective date at the top of this page and notify you by email or through a notice in the application.
Continued use of CareerARIA after a policy update constitutes your acceptance of the revised policy. If you do not accept the revised policy, you may delete your account.
In accordance with Rule 5(9) of the Information Technology (SPDI) Rules 2011 and the Digital Personal Data Protection Act 2023, Nitpeak Technologies Private Limited has designated a Grievance Officer to address complaints and concerns regarding the processing of your personal data.
If you have a complaint about how your data has been handled, or if you wish to exercise any of your data rights listed in Section 8, you may contact the Grievance Officer. All grievances will be acknowledged within 5 business days and resolved within 30 days of receipt.
Designated Grievance Officer
If your grievance is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India once the Board is constituted under the DPDP Act 2023.
For general questions about this policy, data requests, or to request deletion of your data, contact us at:
Nitpeak Technologies Private Limited
We aim to respond to all privacy-related inquiries within 5 business days. For grievances, see Section 15.
For questions or objections regarding promotional content, social media campaigns, or marketing materials for CareerARIA, contact our official media partner: