Privacy Policy

Last updated: 1 May 2026

Grezlify (“we”, “us”) respects your privacy. This policy explains what personal data we collect, why, and how we handle it. It is written to comply with India’s Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Data we collect

You provide directly

• Account: name, email, password (hashed).
• Profile: career history, skills, education, contact information you choose to enter.
• Resumes and cover letters you create or upload (PDF/DOCX content extracted to fill the editor).
• Payment metadata (last 4 digits, method type) — full card / UPI details are stored only by Razorpay.

We collect automatically

• Usage events (which features you use, error logs) for product improvement.
• Device and browser metadata for security and debugging.

2. Why we use your data

• To provide the Service: store your resumes, generate AI drafts, run ATS checks.
• To process payments and issue tax invoices.
• To send transactional emails (welcome, payment receipts, renewal reminders).
• To improve the product (aggregate analytics).
• To prevent abuse and comply with legal obligations.

3. Sharing

We share data only with vendors that help us run the Service:

• Razorpay — payment processing.
• Anthropic — AI model provider for resume drafting and cover letter generation. Inputs are sent for inference; we do not allow them to be used for training.
• Email provider (Resend) — transactional email delivery.
• Cloud hosting — application servers and database backups.

We do not sell your personal data.

4. Your rights under the DPDP Act

You have the right to:

• Access the personal data we hold about you.
• Correct or update inaccurate data — most fields are directly editable in the app.
• Erase your account and data — delete from Settings or email us.
• Withdraw consent for non-essential processing (e.g., marketing emails).
• Grievance redressal — see Section 8.

5. Retention

We keep your account data for as long as your account is active. After deletion, we purge personal data within 30 days, except records we are legally required to retain (e.g., tax invoices, kept 8 years per Indian tax law).

6. Security

We use HTTPS in transit, encrypted database backups at rest, and bcrypt-hashed passwords. No system is perfectly secure — we will notify you within 72 hours of confirming any breach that affects your data.

7. Children

The Service is not intended for users under 16. If we learn we have collected data from a minor, we will delete it.

8. Grievance officer (DPDP Act)

For privacy concerns or to exercise your rights, contact our Grievance Officer:

• Email: [email protected]
• Response time: within 7 working days.

9. Changes

We’ll notify you of material changes via email. The current version is always accessible at this URL.