Privacy Policy

Privacy Policy

Effective Date: 28 April 2026  |  Last Updated: 28 April 2026

This Privacy Policy describes how AIPrepX, operated by BendFlex Research and Development Private Limited, Bangalore, India (“BendFlex”, “we”, “us”, “our”), collects, uses, stores, shares, and protects your personal data when you use aiprepx.com (the “Service”). This policy should be read together with our Terms of Service. We process personal data in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) of India.

1. Data We Collect

1.1 Information you provide:

  • Email address — for account identification and OTP login.
  • Resume / CV — uploaded by you (PDF, DOCX, or text) for analysis.
  • Job Descriptions (JDs) — pasted or typed by you.
  • Free-text inputs you submit to features (e.g. anecdotes for STAR stories, answers in mock interviews).
  • Optional Telegram user ID — only if you choose to link the AIPrePx Telegram bot to your account.

1.2 Information collected automatically:

  • Usage data — which features you used, when, and the AI-generated outputs cached for your account.
  • Technical data — IP address (used for trial-abuse prevention and rate limiting) and browser user-agent (for compatibility and debugging).
  • Payment metadata — Razorpay order ID, payment status, plan purchased, amount, and timestamp. We do NOT receive or store your card number, CVV, or bank credentials.

1.3 What we do NOT collect:

  • Card or banking details (Razorpay handles these directly).
  • Audio recordings of your voice. In voice mock interviews, your speech is transcribed in your browser by the Web Speech API; only the resulting text reaches our servers.
  • Browsing behaviour outside aiprepx.com.

2. Why We Collect It (Purpose)

We process your data only for purposes you can reasonably expect from an interview-preparation tool:

  • To authenticate you and keep your session secure.
  • To generate personalised interview content from your CV and JD.
  • To remember your past generations so you don’t have to re-create them every visit.
  • To process payments and apply coupons.
  • To enforce trial limits, prevent abuse, and meet legal obligations.
  • To respond to your support requests.

We do NOT use your data for advertising, profiling, training third-party AI models, or for any purpose unrelated to providing the Service.

3. Legal Basis (DPDP Act, 2023)

We process your personal data on the basis of:

  • Your consent — given when you create an account and agree to these Terms and this Policy.
  • Performance of the contract — to deliver the Service you signed up for.
  • Legitimate uses recognised under the DPDP Act, including compliance with law and prevention of fraud.

4. How We Store Data

  • Account data is stored as server-side JSON files, keyed by a SHA-256 hash of your email address, on the infrastructure that runs aiprepx.com (currently a VPS managed via Coolify).
  • Uploaded CV files are stored in a server-side uploads directory scoped to your account.
  • Coupon usage and payment records are kept in CSV/JSON files on the same infrastructure.
  • We do not replicate your data to external databases or analytics platforms.

5. Sharing With Service Providers (Sub-Processors)

To provide the Service, we share strictly the minimum data needed with the following processors. Each is bound by its own privacy commitments:

Provider What it processes Where
Anthropic (Claude) Your CV + JD + prompt content, to generate interview content USA
Google (Gemini) Same as above, used as a fallback when Claude is unavailable USA
Microsoft (Edge TTS) The interviewer’s question text, to synthesise voice audio USA / EU
Razorpay Order amount, your email, and plan details, to process payment (international card payments processed in USD when applicable) India
AWS Simple Email Service Your email address + the OTP code, to deliver the OTP login email India (Mumbai)
Telegram (optional) Your Telegram user ID, only if you link the @AIPrePx_bot Global
Coolify / VPS host All hosted data (encrypted at rest on the VPS disk) Disclosed on request
Google Analytics 4 Anonymised page-view metrics (page URL, anonymised IP, device class, referrer, time on page) — see clause 7 for what is and isn’t collected USA / EU
Google Ads Conversion-attribution signals (which ad campaign brought you to the site, whether you signed up or activated a paid plan) — does not receive your CV, JD, OTP, or any form input USA / EU

We do NOT sell your data, share it for advertising, or transfer it to data brokers.

6. Cross-Border Transfers

Some of our sub-processors (Anthropic, Google, Microsoft Edge TTS, Telegram) operate servers outside India. By using the Service you consent to your data being transferred to and processed in those jurisdictions for the purposes described in clause 5. Where required under the DPDP Act, we will only transfer data to jurisdictions permitted by the Government of India.

7. Cookies & Tracking

Essential cookies. The Service uses one server-side session cookie to keep you logged in while you use the app, plus a small theme-preference cookie (aprx-theme) so the site remembers light/dark mode, and a currency-preference cookie (aprx-currency, 1-year lifetime) so the pricing page renders in your chosen currency (INR or USD). These are required for the Service to function as expected.

Abandoned-purchase reminders. If you start a paid plan checkout but don’t complete it, we may send you one reminder via email and (if you’ve linked the Telegram bot) Telegram, after 24 hours. Single shot per abandoned checkout — we don’t hassle. Stop these by completing or cancelling the purchase, or by emailing contact@aiprepx.com to opt out of transactional reminders.

Analytics — Google Analytics 4 (GA4). We use GA4 (measurement ID G-QZNN0PRD2E) to understand how the Service is used in aggregate — which pages people visit, how long they stay, where they land first, and which features they try. The script runs with anonymize_ip enabled so your IP address is truncated by Google before being recorded.

What GA collects: the URL of each page you visit, an anonymised IP address, your device class (desktop/mobile/tablet), the page that referred you to ours, and how long you stayed. Standard GA4 cookies (_ga, _ga_*) are set on your browser to support session continuity.

What GA does not collect: the contents of forms (your CV, your JD, your OTP, your search queries inside the app), your generated interview content, payment details, or anything you type into the app. Our sub-processors handle those (see clause 5); GA receives only navigation metadata.

Retention & opt-out. GA4 retains aggregate event data for 14 months by default. You can opt out by enabling your browser’s “Do Not Track” signal, using an ad-blocker, installing the Google Analytics Opt-out Browser Add-on, or clearing the _ga cookies in your browser settings. Opting out does not affect any other Service functionality.

Advertising — Google Ads conversion tracking (AW-18138846125). We run online ads through Google Ads, and we use Google’s conversion-tracking tag to measure whether someone who clicked one of our ads later signed up or activated a paid plan. The tag sets the _gcl_au and related _gcl_* cookies on your browser. These cookies last up to 90 days and are used solely to attribute the conversion to the ad campaign that brought you here.

What Google Ads receives: the fact that a conversion happened (sign-up or paid activation), the campaign / click that preceded it, your anonymised IP, and basic device class. It does not receive your email, name, CV, JD, OTP, generated content, payment details, or anything you typed into the app.

Opt-out. You can opt out of Google’s personalised advertising at adssettings.google.com, install the same Google opt-out add-on linked above (which also covers Ads), use an ad-blocker, or clear the _gcl_* cookies in your browser settings. Opting out does not affect any other Service functionality.

We do not share data with data brokers, sell user data to advertisers, or embed any advertising pixel beyond the Google Ads conversion tag described above.

8. Data Retention

  • Active accounts. We retain your account data — including your CV, JDs, generated content, and payment metadata — for as long as your account exists. We do not automatically delete inactive accounts; your preparation history remains available to you whenever you return.
  • Deletion on request. You may ask us to delete your account at any time (see clause 9). Verified deletion requests are completed within 30 days, except for records we are required by law to retain (e.g. tax and payment records, kept for the statutory minimum period).
  • Backups. Encrypted backups may retain deleted data for up to 90 days before being overwritten in the normal backup rotation.

9. Your Rights

Under the DPDP Act, 2023 and these terms, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that inaccurate data be corrected; you can also update your CV and JDs directly within the app at any time.
  • Erasure — request deletion of your account and associated data by emailing contact@aiprepx.com from your registered address.
  • Withdraw consent — at any time, with effect for future processing (this will typically end your access to the Service).
  • Grievance redressal — see clause 11.

We will respond to verified rights requests within 30 days.

10. Security

We protect your data with reasonable, industry-aware safeguards, including:

  • TLS encryption for all traffic to and from aiprepx.com.
  • OTP-based login and per-IP/per-email rate limiting.
  • Server-side session management; no client-side storage of personal data beyond an essential session cookie.
  • Limited operator access to production data on a need-to-know basis, with audit logging of administrative actions.

No system is perfectly secure. If we become aware of a personal data breach that affects you, we will notify you and the Data Protection Board of India as required by law.

11. Grievance Officer

If you believe your rights under the DPDP Act have been violated, you may contact our grievance officer:

Name: Dr. Shree Sumanas Badrinath
Title: Grievance Officer, BendFlex Research and Development Private Limited
Email: contact@aiprepx.com

If your concern is not resolved, you may also file a complaint with the Data Protection Board of India.

12. Children’s Data

The Service is intended for users 18 and older (with limited use by minors aged 13–18 with verifiable parental consent). We do not knowingly collect data from children under 13. If you believe a child has provided us data, please contact us at contact@aiprepx.com and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected with a new “Last Updated” date and, where reasonable, an in-app notice. Your continued use of the Service after changes constitutes acceptance of the revised Policy.

14. Contact

Operator: BendFlex Research and Development Private Limited
Address: Bangalore, Karnataka, India
Email: contact@aiprepx.com
Website: aiprepx.com