Legal

Privacy Policy

Last updated: March 2025

1. Introduction

Thita.ai ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our AI-powered interview preparation platform (the "Service").

This Policy is compliant with the Information Technology Act, 2000 (India), the IT (Amendment) Act, 2008, and is aligned with the Digital Personal Data Protection Act, 2023 (DPDP Act). If you are located in the European Economic Area, certain GDPR rights may also apply to you.

If you have questions, contact us at team@thita.ai before using the Service.

2. Information We Collect

Information you provide directly:

  • Name, email address, and account credentials when you register
  • Payment information (processed securely via our payment provider โ€” we do not store raw card details)
  • Resume and career-related content you upload
  • Code submissions and written responses during practice sessions
  • Audio recordings captured during AI mock interview sessions
  • Support enquiries and communications with us

Information collected automatically:

  • Device information (browser type, operating system, device identifiers)
  • Usage data (pages visited, features used, session duration, click patterns)
  • IP address and approximate location (country/region level)
  • Cookies and similar tracking technologies (see Section 9)

3. How We Use Your Information

We use your information to:

  • Create and manage your account and deliver the Service
  • Process payments and manage subscriptions
  • Generate AI-powered feedback on your interview performance, code, and resume
  • Personalise your learning path and track your progress
  • Communicate with you regarding your account, updates, and support
  • Send marketing communications where you have consented (you may opt out at any time)
  • Improve our AI models and platform features using aggregated and anonymised data
  • Detect, prevent, and investigate fraud or misuse of the Service
  • Comply with applicable legal obligations

We do not sell your personal data to third parties.

4. AI Processing and Audio Data

Our Service uses AI and machine learning to provide personalised feedback. When you use AI mock interview features:

  • Audio recordings are processed in real-time to generate spoken and written feedback
  • Audio data is not retained for longer than 30 days after your session, unless you explicitly save a session recording
  • Code submissions and written responses may be used in aggregated, anonymised form to improve model quality
  • We do not use your personal audio recordings to train our models without your explicit opt-in consent

AI-generated feedback is assistive and probabilistic โ€” it is not a professional assessment and should not be relied upon as a definitive evaluation of your skills.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: Processing necessary to provide the Service you have subscribed to
  • Consent: Where you have given explicit consent (e.g. marketing emails, optional AI model training)
  • Legitimate interests: Improving the platform, preventing fraud, and ensuring security โ€” provided these are not overridden by your rights
  • Legal obligation: Where required by applicable law or regulatory authority

6. Third-Party Service Providers

We share your data only with trusted providers who assist in operating the Service, under strict data processing agreements. These include:

  • Supabase โ€” database and authentication infrastructure
  • Google (Gemini API) โ€” AI model inference for interview feedback
  • Payment processors โ€” for secure billing and subscription management
  • Email service providers โ€” for transactional and marketing communications
  • Analytics providers โ€” for aggregated usage insights (no personal data sold)

These providers access your data only to the extent necessary to perform their specific function and are contractually prohibited from using it for any other purpose.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

If we become aware of a data breach that is likely to result in a risk to your rights, we will notify you and relevant authorities as required by applicable law.

8. Data Retention

We retain your personal data only as long as necessary for the purposes described in this Policy:

  • Account data: Retained for the duration of your account, plus up to 2 years after deletion for legal and audit purposes
  • Session audio recordings: Deleted within 30 days unless you save them
  • Payment records: Retained for 7 years as required by financial regulations
  • Usage and analytics data: Retained in anonymised form indefinitely for product improvement

You may request deletion of your account and associated data at any time (see Section 9).

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention obligations)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Withdraw consent: Withdraw any consent you have given at any time, without affecting the lawfulness of prior processing
  • Restrict processing: Request that we limit how we use your data in certain circumstances

To exercise any of these rights, contact us at team@thita.ai. We will respond within 30 days. We may ask you to verify your identity before processing your request.

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in and maintain your session
  • Remember your preferences
  • Understand how you use the Service (analytics)
  • Serve relevant communications (where consented)

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use third-party advertising cookies without your explicit consent.

11. Children's Privacy

The Service is not directed at or intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately at team@thita.ai and we will take steps to delete such data promptly.

12. International Data Transfers

Your data may be stored and processed in countries outside your country of residence, including India and the United States, where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including contractual protections consistent with applicable data protection law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. For material changes, we will notify you via email or a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after that date constitutes acceptance of the revised Policy.

14. Contact and Grievance Redressal

For privacy-related questions, requests, or concerns โ€” including under the DPDP Act or GDPR โ€” please contact:

Email: team@thita.ai
Response time: Within 2 business days for general enquiries; within 30 days for formal data rights requests

If you are not satisfied with our response, you have the right to lodge a complaint with your applicable data protection authority.