Legal

Privacy Policy

Effective dateJune 1, 2026
ProductCareerARIA
Operated byNitpeak Technologies Private Limited
JurisdictionIndia
Plain summary: CareerARIA collects your name, email, resume, and job-related content you submit. That content is sent to Google Gemini to generate AI results. We do not sell your data, do not show it to other users, and do not use it to train any AI model. You can access, correct, or delete your data at any time. This policy is governed by Indian law including the Information Technology Act 2000, the IT (Amendment) Act 2008, the SPDI Rules 2011, and the Digital Personal Data Protection Act 2023.

Contents

  1. Who We Are
  2. Legal Basis for Processing
  3. Data We Collect
  4. How We Use Your Data
  5. AI Processing and Third Parties
  6. Data Storage and Security
  7. Data Retention
  8. Your Rights and Controls
  9. Cookies and Sessions
  10. Admin Access
  11. Emails We Send
  12. Minors
  13. Data Breach Notification
  14. Changes to This Policy
  15. Grievance Officer
  16. Contact Us

1Who We Are

CareerARIA is an AI-powered career assistance platform operated by Nitpeak Technologies Private Limited. The platform helps job seekers analyze resumes, generate cover letters, optimize LinkedIn profiles, research companies, and prepare for interviews. Promotional and social media content for CareerARIA is produced and managed by Panda Tech Bytes (website: pandatechbytes.com), the official media partner of Nitpeak Technologies Private Limited.

For the purposes of the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), Nitpeak Technologies Private Limited is the Data Fiduciary in respect of all personal data collected through CareerARIA.

When this policy says "we", "our", or "CareerARIA", it refers to Nitpeak Technologies Private Limited. When it says "you" or "user", it refers to anyone who creates an account and uses the platform.

3Data We Collect

3.1 Account Data

When you register, we collect:

  • Your full name
  • Your email address
  • Your password (stored as a bcrypt hash; we never store or see your actual password)
  • The date and time your account was created
  • Your current plan tier (Free, Starter, Pro, or Unlimited)

3.2 Content You Submit

The core function of CareerARIA requires you to submit career-related content. We store the following:

Module What you submit What we store
Resume Analyzer Resume PDF, job description PDF file, parsed resume text (name, contact, experience, education, skills), job description, ATS score, keyword gaps, AI suggestions
Cover Letter Builder Job title, company name, job description, tone preference All inputs and the generated cover letter text
LinkedIn Optimizer LinkedIn profile text (copy-pasted) Profile text, section scores, AI rewrite suggestions
Company Intelligence Company name, role title Inputs and AI-generated company/fit analysis
Interview Prep Role type, company, experience level Inputs and AI-generated questions and answers
ARIA Chat Conversation messages Full conversation history (all turns), references to your other content used as context

3.3 Usage Data

We log each time you use a module, recording which module was used, what action was taken, the number of AI tokens consumed, and the timestamp. This is used to enforce plan quotas and monitor system usage. The content of individual requests is not stored in this log.

3.4 Data We Do Not Collect

  • We do not collect IP addresses
  • We do not use third-party analytics (no Google Analytics, no Mixpanel)
  • We do not collect device or browser fingerprints
  • We do not run any advertising or tracking pixels
  • We do not currently process payments. There is no payment data stored.

4How We Use Your Data

We use the data you provide for the following purposes only. Under the DPDP Act 2023, we process your data only for the specific purposes for which consent was given (purpose limitation):

  • To deliver the service. Your resume, job descriptions, and other content are sent to our AI engine to produce the results you request.
  • To manage your account. Your email and name are used for login, account identification, and transactional emails (email verification, password reset).
  • To enforce plan limits. Usage logs track how many times you have used each module in the current billing period.
  • To save your history. Analyses, cover letters, and chat sessions are saved so you can review them later within your account.
  • To send administrative emails. We may send product updates or important service announcements. These are not marketing emails from advertisers.

We do not use your data for advertising. We do not build profiles to sell or share with any third party. We do not use your submitted content to train any AI model. We do not process your data for any purpose beyond what is described in this policy (data minimisation and purpose limitation as required by the DPDP Act 2023).

5AI Processing and Third Parties

5.1 Google Gemini API

CareerARIA uses the Google Gemini API (operated by Google LLC, USA) as its AI engine. When you use any of the six modules, the content you submit is sent to Google's Gemini API to generate results. Specifically:

  • Resume Analyzer: Your resume PDF (as a file) and the job description you paste are sent to Gemini.
  • Cover Letter Builder: Job title, company name, job description, tone, and a summary of your resume (name, skills, recent experience; not the full PDF) are sent.
  • LinkedIn Optimizer: The LinkedIn profile text you paste is sent.
  • Company Intelligence: Company name, role title, and optionally a resume summary are sent.
  • Interview Prep: Role type, company, experience level, and optionally a resume summary are sent.
  • ARIA Chat: Your messages and conversation history are sent. Relevant context from your saved content may be included.
Important: Your email address, password, account ID, and authentication details are never sent to Google Gemini or any external API. Only the career content you explicitly submit is transmitted. By using CareerARIA and consenting to this policy, you also consent to your career content being processed by Google Gemini for the purpose of generating AI results.

This constitutes a cross-border transfer of personal data from India to servers operated by Google LLC in the United States. Google's handling of API data is governed by their Privacy Policy and API terms. Under Google's current API terms, data submitted via the Gemini API is not used to train Google's models by default.

5.2 No Other Third-Party Data Sharing

Apart from Google Gemini, we do not share your data with any other third party. We do not sell, rent, or trade your personal information. No data is shared with advertisers, data brokers, or any other service provider not described in this policy.

5.3 PDF Generation (Client-Side)

When you export a cover letter or resume as a PDF, this is done entirely in your browser using a JavaScript library. No data is sent to any external server for this operation.

6Data Storage and Security IT Act 2000 SPDI Rules 2011

6.1 Where Data Is Stored

All user data is stored in a MySQL database on our server. Resume PDF files are stored on the server filesystem in a private directory that is not publicly accessible. File names are hashed (SHA-256) to prevent guessing. Data is currently stored on servers located in India or accessible from India.

6.2 Security Measures

We maintain reasonable security practices and procedures as required under Rule 8 of the SPDI Rules 2011 and Section 43A of the Information Technology Act 2000:

  • Passwords: Stored as bcrypt hashes. We cannot recover or read your password.
  • SQL injection: All database queries use PDO prepared statements. User input is never interpolated directly into queries.
  • XSS protection: All user-supplied content displayed in the interface is HTML-escaped.
  • CSRF protection: All state-changing form submissions use cryptographically generated tokens verified server-side.
  • Session cookies: Set with HttpOnly (no JavaScript access) and SameSite=Strict. In production, the Secure flag is also set (HTTPS only).
  • Email verification: New accounts require email verification before login. Tokens are single-use and expire after 24 hours.
  • Private file storage: Uploaded resume files are stored outside the public web root and are not accessible via direct URL.

6.3 Data at Rest

Database records and uploaded files are not encrypted at rest beyond standard server-level protections. We do not apply application-level encryption to stored resume text or generated content at this time.

7Data Retention

We retain your data for as long as your account is active. There is no automatic expiry on stored resumes, analyses, cover letters, or chat history.

Usage log entries (which record module usage for quota enforcement) may be automatically purged after a configurable number of days at the system administrator's discretion.

If you delete your account, all data associated with your account is permanently deleted. This includes your resumes, analyses, cover letters, LinkedIn data, company searches, interview sessions, chat history, and usage logs. This deletion is immediate and cannot be undone.

In the event of account suspension for violation of our Terms of Service, your data is retained for 30 days before permanent deletion, to allow for any dispute resolution.

8Your Rights and Controls DPDP Act 2023

Under the Digital Personal Data Protection Act 2023 and the SPDI Rules 2011, you have the following rights as a Data Principal:

Right of Access

You have the right to know what personal data we hold about you and how it is being processed. You can view all your stored content (resumes, cover letters, analyses, chat history) directly within your account. For a summary of all data associated with your account, contact us at support@nitpeak.com.

Right to Correction

You can update your name and email address from account settings at any time. If you believe any other data we hold is inaccurate or incomplete, contact us and we will correct it.

Right to Erasure

You can delete specific content (individual resumes, cover letters, chat history) from within your account at any time. You can also permanently delete your entire account and all associated data from Settings. Upon confirmation, all your data is immediately and permanently erased from our database and file storage. This right may be exercised at any time without restriction.

Right to Withdraw Consent

You may withdraw your consent to data processing at any time by deleting your account. Withdrawal of consent means we can no longer provide the service to you, and all your data will be erased.

Right to Nominate

Under the DPDP Act 2023, you have the right to nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. To register a nomination, contact us at support@nitpeak.com.

Right to Grievance Redressal

If you believe your data rights have not been respected, you may raise a grievance with our designated Grievance Officer. See Section 15 for contact details. We will respond to all grievances within 30 days of receipt.

Export Your Content

Cover letters can be downloaded as plain text or PDF at any time. Resumes can be downloaded in formatted templates. For a full export of all data associated with your account, contact us and we will assist within 15 business days.

9Cookies and Sessions

CareerARIA uses a single session cookie to keep you logged in. This cookie:

  • Is named careeraria_session
  • Lasts for up to 8 hours of inactivity by default
  • Is destroyed when you log out
  • Is set with HttpOnly and SameSite=Strict flags
  • Contains only a session identifier. No personal data is stored in the cookie itself.

We do not use advertising cookies, tracking cookies, or any third-party cookies. There is no cookie consent banner because we only use one strictly necessary functional cookie. This cookie is required for the service to operate and cannot be disabled while you are logged in.

10Admin Access

Designated administrators at Nitpeak Technologies Private Limited have access to the admin panel, which allows them to:

  • View a list of all user accounts (name, email, plan, account status, creation date)
  • Suspend or unsuspend accounts for violation of terms
  • Change a user's plan tier
  • Send system emails to users
  • View aggregate usage statistics (module usage counts, totals)

Administrators cannot view the content of your resumes, cover letters, chat messages, LinkedIn data, or interview sessions through the admin interface. Your password is stored only as a one-way hash and cannot be read or recovered by anyone.

All administrator actions are logged with a timestamp, the admin's ID, and what action was taken, in compliance with audit requirements under the IT Act 2000.

11Emails We Send

We send the following types of emails:

  • Email verification: Sent when you register. Contains a one-time link valid for 24 hours to activate your account.
  • Password reset: Sent when you request a password reset from the login page.
  • Email change confirmation: Sent when you update your email address in settings.
  • Service announcements: Occasional emails about important product changes, downtime notices, or policy updates.

We do not send promotional or marketing emails to sell third-party products or services. All emails are sent from our own domain. A log of sent emails (recipient, subject, status) is retained for troubleshooting purposes.

12Minors Indian Contract Act

CareerARIA is intended for use by adults who are actively seeking employment or advancing their careers. Under the Indian Contract Act 1872, a valid contract requires the parties to be of the age of majority, which is 18 years in India.

By creating an account, you confirm that you are at least 18 years of age. We do not knowingly collect personal data from persons under 18. If we become aware that an account has been created by a minor, we will delete the account and all associated data promptly.

If you believe a minor has created an account, please contact our Grievance Officer immediately.

13Data Breach Notification IT Act 2000 DPDP Act 2023

In the event of a personal data breach that is likely to result in harm to you, we will:

  • Take immediate steps to contain and investigate the breach
  • Notify the affected users as soon as reasonably practicable, and in any case within 72 hours of becoming aware of the breach, as required under the DPDP Act 2023 and CERT-In guidelines
  • Report the breach to the Data Protection Board of India and CERT-In as required by applicable law
  • Provide affected users with information about the nature of the breach, the data involved, and the steps we are taking

Breach notifications will be sent to the email address registered to your account.

14Changes to This Policy

We may update this privacy policy as the product evolves or as Indian data protection law is updated (including when the DPDP Rules are finalised and notified). When we make material changes, we will update the effective date at the top of this page and notify you by email or through a notice in the application.

Continued use of CareerARIA after a policy update constitutes your acceptance of the revised policy. If you do not accept the revised policy, you may delete your account.

15Grievance Officer SPDI Rules 2011 DPDP Act 2023

In accordance with Rule 5(9) of the Information Technology (SPDI) Rules 2011 and the Digital Personal Data Protection Act 2023, Nitpeak Technologies Private Limited has designated a Grievance Officer to address complaints and concerns regarding the processing of your personal data.

If you have a complaint about how your data has been handled, or if you wish to exercise any of your data rights listed in Section 8, you may contact the Grievance Officer. All grievances will be acknowledged within 5 business days and resolved within 30 days of receipt.

Designated Grievance Officer

Organisation: Nitpeak Technologies Private Limited
Website: nitpeak.com

If your grievance is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India once the Board is constituted under the DPDP Act 2023.

16Contact Us

For general questions about this policy, data requests, or to request deletion of your data, contact us at:

Nitpeak Technologies Private Limited

Product: CareerARIA
Website: nitpeak.com

We aim to respond to all privacy-related inquiries within 5 business days. For grievances, see Section 15.

Media & Content Inquiries

For questions or objections regarding promotional content, social media campaigns, or marketing materials for CareerARIA, contact our official media partner:

Panda Tech Bytes