1. What we collect
We collect only what we need to provide the Service:
- →Account info — email, optional username, hashed password
- →OAuth profile fields if you sign in with Google or GitHub
- →Learning activity — completed topics, XP, streaks, bookmarks
- →Payment history — Razorpay payment IDs, plan, amount, timestamps (no card numbers)
- →Job applications — personal info, resume fields, links, cover note, consents
- →Standard logs — IP address, browser type, error traces (for debugging only)
2. Resume parsing
When you upload a resume PDF via the /careers page:
- →The PDF is processed in memory to extract text — it is NOT stored on disk
- →Extracted text is sent to Google Gemini for structured field extraction
- →Only the extracted fields and a capped 10,000-character text excerpt are saved
- →You can review and edit every field before submitting the application
- →The original PDF file is discarded once parsing completes
3. How we use your data
- →Account / learning: deliver the LearnAI experience, track progress, gate paid features
- →Recruitment: evaluate your application, contact you about roles, and (if you opt in) for future opportunities
- →Analytics: aggregate usage metrics via Vercel Analytics (anonymized, no personally-identifying tracking)
- →Security: detect abuse, prevent fraud, and enforce rate limits
4. Who we share it with
We share data only with the third parties strictly needed to run the Service:
- →MongoDB Atlas — primary data store for accounts, applications, and learning progress
- →Google Gemini — AI inference for lessons, quizzes, and resume parsing (no training on your data per Google's API terms)
- →Razorpay — payment processing (subject to their privacy policy)
- →Vercel — hosting and anonymized analytics
- →Render — hosting for our backend API
We do not sell your personal information. We do not share data with advertisers.
5. Data retention
- →Account data: retained while your account is active
- →Job applications: retained for up to 24 months from submission
- →Resume text excerpts: deleted with the rest of an application record
- →Logs: retained for 30 days for debugging, then deleted
- →You can request deletion at any time — see Section 7
6. Security
Passwords are hashed with PBKDF2-SHA256. Transport is TLS everywhere. Database access requires authenticated connections to MongoDB Atlas. JWT tokens are signed with a server-only secret. We never log raw passwords or full payment-card data.
7. Your rights
You have the right to:
- →Access — request a copy of your stored data
- →Correction — fix inaccurate information in your profile
- →Deletion — request deletion of your account and associated data
- →Withdrawal — revoke recruitment-process consent at any time
- →Portability — export your learning progress as JSON
To exercise any of these, contact us via the contact page or email the address on the careers/contact pages.
8. Cookies
We use minimal cookies — only the JWT auth cookie / localStorage entry that keeps you signed in, plus first-party Vercel Analytics. We do not use third-party advertising cookies or pixel trackers.
9. Children
The Service is not directed at users under 13. If you are between 13 and 18, please ensure you have parental permission before signing up or applying for a role.
10. International transfers
Your data may be stored on servers in regions where our cloud providers operate (US, EU, and India primarily). By using the Service you consent to this transfer. We rely on standard contractual clauses for cross-border transfers.
11. Updates
We may update this policy. Significant changes will be notified by email or via the platform. Continued use after updates constitutes acceptance.