Privacy Policy

1. Introduction

True Tech Professionals Private Limited ("Company," "we," "us," or "our") is an AI-first technology company registered under the laws of India (CIN: U72900HR2019PTC082640), headquartered at Office No. 3, HSIDC, Plot no 09, Ground Floor, Dhi Square, Sector 22, IT Park Rd, Panchkula, Haryana 134109, India.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use any of our products and services. We are committed to protecting your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian laws.

This policy covers the following products and services:

• MyAiGuru (myaiguru.co.in) — AI-powered adaptive learning platform for students grades 9-10
• PipeAI (pipeai.truetechpro.io) — AI-powered B2B sales automation
• TrueNorth ATS (ats.truetechpro.io) — AI-powered recruitment system
• Mission Control (mission-control.truetechpro.io) — Client operations dashboard
• Ulqix BidEngine (ulqix.com) — AI bid intelligence platform
• Das Jyotish (dasjyotish.com) — AI-powered Vedic astrology platform
• truetechpro.io — Corporate website

By accessing or using any of our products, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Account Information

When you create an account on any of our platforms, we collect your full name, email address, phone number, and password (stored as cryptographic hashes — we never store plaintext passwords). Depending on the product, we may also collect your organization name, job title, or role.

2.2 Learning Data (MyAiGuru)

For students using MyAiGuru, we collect quiz scores, learning progress metrics, topic mastery rates, chapter completion data, chat conversations with the AI tutor (limited to 50 queries per day on premium plans), and adaptive learning preferences. This data is used exclusively to personalize the educational experience and track academic progress.

2.3 Recruitment Data (TrueNorth ATS)

For candidates and recruiters using TrueNorth ATS, we collect resumes, cover letters, skills assessments, employment history, education details, interview feedback, and recruiter notes. Candidate data is processed to facilitate job matching and recruitment workflows.

2.4 Usage Data

We automatically collect device information (device type, operating system, browser type and version), IP address, pages visited, time spent on pages, click patterns, referring URLs, and general interaction data across all our platforms. This data helps us improve our services and diagnose technical issues.

2.5 Payment Data

Payment processing is handled by Razorpay, our PCI-DSS compliant payment gateway. We do not store credit card numbers, debit card numbers, or bank account details on our servers. We retain only transaction references, subscription status, invoice details, and payment confirmation records necessary for our accounting and support operations.

2.6 Communication Data

We collect and store emails sent to our support addresses, contact form submissions, in-app support messages, and any other communications you send to us. This data is used to respond to your inquiries and improve our customer support.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our products and services, including account management, feature delivery, and technical support.
• Personalization: To customize your experience, including AI-driven content recommendations, adaptive learning paths (MyAiGuru), intelligent candidate matching (TrueNorth ATS), and personalized sales automation (PipeAI).
• Analytics: To analyze usage patterns, measure product performance, identify trends, and make data-driven improvements to our platforms.
• Communication: To send transactional emails (account verification, password resets, payment receipts), product updates, and service notifications. We do not send unsolicited marketing emails without your explicit consent.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests under Indian law.

4. AI & Automated Processing

Our products leverage artificial intelligence and machine learning extensively. The following AI models and services process user data as part of our service delivery:

• Groq (LLM inference): Powers real-time AI content generation, quiz generation, chat responses, and intelligent analysis across our platforms.
• OpenAI (text embeddings): Generates vector embeddings for semantic search, content retrieval, and RAG (Retrieval-Augmented Generation) pipelines that power contextual responses.
• Google Gemini (LLM inference): Powers candidate-job matching in TrueNorth ATS, email generation in PipeAI, and content analysis across platforms.

AI models process your data to generate educational content, grade quiz responses, provide personalized recommendations, match candidates to job opportunities, generate sales communications, and perform astrological computations. AI-generated content is provided for informational and educational purposes and may not always be fully accurate.

Right to Human Review: You have the right to request human review of any significant decision made solely through automated processing. To request human review, contact us at privacy@truetechpro.io with details of the decision you wish to have reviewed. We will respond within 15 business days.

5. Third-Party Service Providers

We engage the following third-party service providers to operate our platforms. Each provider processes data only as necessary for their stated purpose:

We require all third-party providers to maintain appropriate security measures and to process personal data only in accordance with our instructions and this Privacy Policy.

6. Children's Privacy

We take the privacy and safety of children seriously. Our product MyAiGuru specifically serves students aged 14-16 (grades 9-10) and is designed with the following safeguards in compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act):

• Minimal Data Collection: We collect only the data strictly necessary to provide educational services — student name, grade, learning progress, quiz scores, and chat interactions with the AI tutor. We do not collect unnecessary personal information from minors.
• Parental Consent: Registration of students under 18 years of age requires verifiable parental consent. Parents or legal guardians must register through the parent dashboard and provide consent before a student account can be activated.
• Parent Dashboard Access: Parents and legal guardians have full visibility into their child's learning data through a dedicated parent dashboard. This includes quiz performance, learning progress, mastery rates, and chat activity summaries.
• Right to Deletion: Parents can request complete deletion of their child's data at any time by contacting us at privacy@truetechpro.io or through the parent dashboard. We will process deletion requests within 30 days.
• No Targeted Advertising: We do not serve targeted or behavioral advertising to minor users on any of our platforms. MyAiGuru does not display advertisements of any kind.
• No Sale of Children's Data: We never sell, rent, lease, or trade personal data of minor users to any third party for any purpose, including marketing, advertising, or data brokering.
• Safe AI Interactions: AI chat interactions on MyAiGuru are limited to educational content only. The AI tutor is configured to refuse non-educational queries and maintains content safety filters.

7. Data Storage & Security

We implement industry-standard security measures to protect your personal data:

• Encryption at Rest: All data stored in our databases is encrypted at rest using AES-256 encryption.
• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Password Security: User passwords are hashed using SHA-256 with salting. We never store or have access to plaintext passwords.
• Access Controls: We enforce role-based access controls (RBAC) and the principle of least privilege for all internal systems access.
• Row Level Security: Supabase RLS policies ensure that users can only access their own data at the database level, providing defense-in-depth beyond application-level authorization.
• Regular Security Reviews: We conduct periodic security assessments and code reviews to identify and remediate vulnerabilities.
• Incident Response: We maintain an incident response plan to quickly detect, contain, and remediate any data security incidents. In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.

8. Data Retention

• Active Account Data: Personal data associated with your account is retained for as long as your account remains active and you continue to use our services.
• Account Deletion: When you request account deletion, we will remove your personal data from our production systems within 30 days. Residual data in backups is purged within 90 days of the deletion request.
• Backup Retention: Database backups containing personal data are retained for a maximum of 180 days for disaster recovery purposes and are then permanently deleted.
• Legal Obligations: We may retain certain data beyond the standard retention period where required by applicable law, regulation, or legal proceedings (e.g., financial transaction records as required by Indian tax law).
• Anonymized Data: We may retain anonymized, aggregated data that cannot be used to identify individuals for analytical and statistical purposes indefinitely.

9. Your Rights Under DPDP Act 2023

Under India's Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to Access: You have the right to obtain confirmation of whether we process your personal data and to access a summary of that data and the processing activities performed on it.
• Right to Correction: You have the right to request correction of inaccurate or misleading personal data and to have incomplete data completed.
• Right to Erasure: You have the right to request deletion of your personal data when it is no longer necessary for the purpose for which it was collected, or when you withdraw your consent.
• Right to Data Portability: Where technically feasible, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
• Right to Grievance Redressal: You have the right to file a complaint with our Grievance Officer or with the Data Protection Board of India if you believe your data protection rights have been violated.
• Right to Nominate: You have the right to nominate another individual to exercise your data protection rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please contact our Data Protection Officer at privacy@truetechpro.io. We will respond to your request within 30 days.

10. Cookies & Local Storage

Our platforms use the following browser storage mechanisms:

• Session Tokens: We store authentication session tokens in secure, HTTP-only cookies to maintain your logged-in state.
• Language Preferences: We store your preferred language and regional settings in local storage for a consistent user experience.
• Theme Preferences: We store display preferences (such as dark/light mode) in local storage.
• Learning State (MyAiGuru): We store temporary quiz progress and navigation state in local storage to prevent data loss during active sessions.

We do not use third-party tracking cookies for advertising purposes. Where Google Analytics is enabled, it uses first-party cookies for anonymous usage analytics. You can control cookie behavior through your browser settings.

11. International Data Transfers

Your personal data is primarily stored on servers located in India through our database provider Supabase. However, certain processing activities involve data transfer to servers outside India:

• AI Processing (Groq, OpenAI): User prompts and content are transmitted to US-based AI inference providers for processing. These providers process data in transit and do not retain user data beyond the immediate processing request per their data processing agreements.
• Frontend Hosting (Vercel): Static assets and application code are distributed via Vercel's global edge network, which may include servers outside India.
• Email Delivery (Resend): Transactional emails are processed through Resend's infrastructure, which operates globally.

Where personal data is transferred outside India, we ensure that appropriate safeguards are in place in accordance with the DPDP Act and any rules prescribed by the Central Government regarding permissible cross-border data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

• We will update the "Last updated" date at the top of this policy.
• For significant changes, we will notify you via email (sent to the email address associated with your account) or through a prominent notice within our platforms at least 30 days before the changes take effect.
• Your continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes.

13. Contact Information

14. Product-Specific Addendums

The following addendums provide additional detail on data processing specific to each product.