PRIVACY POLICY

1. Introduction

This Privacy Policy describes how Practers ("we", "us", "our"), accessible at practers.com, collects, uses, stores, shares, and protects the personal information of users ("you") when you use our Platform and Services.

This Policy is intended to comply with applicable global privacy and data protection laws, including: India's Digital Personal Data Protection Act 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable regional privacy laws.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein. If you do not agree, please discontinue use of the Platform immediately.

2. Data Controller / Data Fiduciary

The entity responsible for processing your personal data (the "Data Controller" under GDPR and "Data Fiduciary" under India's DPDP Act) is: [OWNER NAME]. For all privacy-related queries, please contact us at support@practers.com.

3. Information We Collect

3.1 Account and Identity Information

• Full name and email address, collected when you register for an account

• Password (stored in encrypted and hashed form — never in plaintext)

• Profile information such as career level, target roles, or years of experience (if voluntarily provided)

3.2 Interview and Practice Session Data

• Your typed or spoken responses during AI-driven mock interview sessions

• Full session transcripts and interaction logs

• Performance evaluations, scores, and AI-generated feedback reports generated from your sessions

• Time-on-task, session completion status, question attempts, and skips

3.3 Coding and Technical Assessment Data

• Code written and submitted during coding practice exercises

• Test case results and automated assessment outputs

• Attempt history, time taken per question, and question-level performance analytics

3.4 Resume and Document Data

• Uploaded resume documents and the textual content parsed from them

• Resume data entered or built using our in-platform resume creation tools

• ATS analysis results, AI-generated suggestions, and editing and revision history

3.5 Payment and Billing Information

Payment transactions are processed by third-party payment service providers. We receive only a transaction confirmation reference and subscription status. We do not store your full payment card number, CVV, or bank account details on our servers.

3.6 Usage and Technical Data

• IP address and approximate geographic location (at country or city level)

• Browser type and version, device type, operating system, and screen resolution

• Pages visited, features used, click patterns, session duration, and navigation flow

• Referral source (how you arrived at the Platform)

• Error logs, crash reports, and Platform performance metrics

3.7 Communications Data

• Email address for transactional communications such as account confirmation, password reset, and payment receipts

• Email address and communication history for support inquiries, feedback, or bug reports submitted to us

• Email address for newsletters and promotional communications, only where you have provided explicit opt-in consent

3.8 Cookies and Tracking Data

Please refer to Section 9 (Cookies and Tracking Technologies) for full details on what tracking data we collect and how you can manage it.

4. How We Use Your Information

We use your personal data for the following purposes:

• To create, authenticate, and manage your user account and profile

• To deliver AI-powered mock interview sessions and generate performance transcripts, evaluations, and feedback reports

• To power the coding practice environment, execute submitted code, and return assessment results

• To analyze uploaded resumes and produce ATS compatibility scores and improvement suggestions

• To provide resume building and editing functionality and enable document download

• To personalize your preparation experience, recommend content, and track your progress over time

• To process payments, manage subscriptions, and send billing communications

• To send transactional emails including account-related notifications, password resets, and payment receipts

• To send marketing communications, newsletters, and promotional content, strictly where you have provided explicit consent and subject to your right to opt out at any time

• To improve our AI models, evaluation accuracy, question quality, and Platform features using aggregated or anonymized data

• To monitor for, detect, investigate, and prevent fraudulent transactions, unauthorized access, abuse, and security incidents

• To enforce our Terms and Conditions and other applicable policies

• To comply with applicable legal obligations, respond to lawful requests from authorities, and protect our legal rights

• To communicate service-related announcements, updates, and important notices

5. Legal Basis for Processing

5.1 GDPR and UK GDPR (Users in the EEA and UK)

We rely on the following legal bases under the GDPR and UK GDPR:

• Performance of a contract: To create and manage your account and to deliver the Services you have requested

• Legitimate interests: To improve our Platform and AI systems, ensure security, detect fraud, and communicate service updates, provided such interests are not overridden by your rights and interests

• Consent: For marketing communications, non-essential cookies, and any other processing explicitly requiring consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

• Legal obligation: To comply with applicable laws, regulations, and lawful orders

5.2 India's DPDP Act 2023

We process your personal data as a Data Fiduciary under India's Digital Personal Data Protection Act 2023 based on: (a) your freely given, informed, and specific consent at the point of collection; (b) the necessity of processing to perform the Services you have requested; and (c) other legitimate uses permitted under the DPDP Act and its associated rules.

5.3 California (CCPA / CPRA)

We do not sell your personal information within the meaning of the CCPA/CPRA. California residents have additional rights detailed in Section 12 of this Policy.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their own commercial purposes. We share your personal data only in the following limited and controlled circumstances:

6.1 Service Providers and Data Processors

We engage trusted third-party service providers who process personal data on our behalf and strictly under our instructions, pursuant to data processing agreements that require them to: protect your data, use it only for the purposes we specify, and comply with applicable data protection laws. Categories of service providers include:

• Authentication and infrastructure providers

• Cloud hosting, storage, and content delivery providers

• Payment processing service providers

• Email delivery and communication service providers

• Analytics and performance monitoring providers

6.2 Legal and Regulatory Compliance

We may disclose your personal data to law enforcement agencies, courts, regulators, or other governmental or public authorities where we are legally required to do so, or where we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our legal rights or property; (c) prevent or investigate possible wrongdoing; or (d) protect the safety of our users, staff, or the public.

6.3 Business Transfers

In the event of a merger, acquisition, joint venture, sale of all or substantially all of our assets, bankruptcy, or other similar business transaction, your personal data may be transferred as part of that transaction. You will be notified via a prominent notice on the Platform or by email prior to any such transfer, and we will ensure the successor entity is bound by privacy obligations at least as protective as those in this Policy.

6.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with partners, investors, or for public reporting purposes. Such data is not considered personal data and is not subject to the restrictions in this Policy.

6.5 With Your Consent

We may share your data with third parties in other circumstances where you have given your explicit consent to do so.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our general retention principles are:

• Account and profile data: Retained while your account is active and for a reasonable period thereafter to handle post-deletion inquiries, then deleted or anonymized

• Interview session data, transcripts, and evaluation reports: Retained for up to 2 years from creation, or deleted upon your request, subject to legal retention requirements

• Coding assessment submissions and results: Retained for up to 2 years

• Resume documents and associated analysis: Retained while stored in your account; deleted upon your request or account deletion

• Payment and billing records: Retained for a minimum of 7 years as required by financial, tax, and accounting regulations

• Technical logs and usage data: Retained for up to 12 months

• Communications and support records: Retained for up to 3 years

• Aggregated or anonymized data: May be retained indefinitely as it no longer constitutes personal data

Upon expiry of the applicable retention period, we will securely delete, destroy, or irreversibly anonymize your personal data.

8. Data Security

We implement appropriate and proportionate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. Our security measures include, but are not limited to:

• Encrypted data transmission over all network communications using HTTPS/TLS

• Encrypted and hashed storage of passwords — passwords are never stored or transmitted in plaintext

• Role-based access controls that restrict internal access to personal data on a need-to-know basis

• Regular security assessments, vulnerability testing, and infrastructure monitoring

• Segregated and sandboxed code execution environments to prevent malicious code from affecting Platform systems

While we employ commercially reasonable security practices, no method of data transmission or storage is completely secure. We cannot guarantee absolute security of your data. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable legal requirements (including the 72-hour notification requirement under GDPR, and applicable timelines under the DPDP Act).

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons and local storage) to operate, secure, and improve the Platform. The categories of cookies we use are:

• Strictly necessary cookies: Essential for core Platform functionality, security, and session authentication. These cannot be disabled without significantly impairing your ability to use the Platform.

• Analytics and performance cookies: Collect anonymized or aggregated information about how users interact with the Platform, which pages are visited most, and how errors occur. This data is used solely to improve our Services.

• Preference and functionality cookies: Remember your settings, preferences, and customizations to provide a more personalized experience.

• Marketing and targeting cookies: Used only where you have given explicit consent to receive relevant marketing content. You may withdraw consent at any time.

You may manage or disable cookies at any time through your browser settings. Where required by law, we will present you with a cookie consent banner before setting non-essential cookies. Please note that disabling strictly necessary cookies may affect your ability to use the Platform.

10. Your Privacy Rights

Depending on your location and the applicable data protection law, you may have the following rights in relation to your personal data. You may exercise these rights at any time by contacting us at support@practers.com:

• Right to Access: Obtain confirmation of whether we process your personal data and receive a copy of the personal data we hold about you

• Right to Rectification / Correction: Request that we correct any inaccurate, incomplete, or outdated personal data

• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to our legal obligations to retain certain data

• Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and, where technically feasible, request that it be transferred to another controller

• Right to Restrict Processing: Request that we restrict the processing of your data in certain defined circumstances (e.g., while a rectification request is pending)

• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes, including profiling related to direct marketing

• Right to Withdraw Consent: Withdraw your consent at any time for any processing activity based on consent, without affecting the lawfulness of processing carried out prior to withdrawal

• Right Not to be Subject to Automated Decision-Making: Request human review of any automated decision that produces a legal or similarly significant effect on you

• Right to Opt-Out of Marketing: Unsubscribe from marketing communications at any time via the unsubscribe link in any email or by contacting us

We will verify your identity before processing your request and will respond within 30 days (or such other period as required by applicable law). We may extend this period by an additional 30 days where requests are complex or numerous, in which case we will inform you. We will not discriminate against you for exercising your privacy rights.

11. Rights of Indian Users (DPDP Act 2023)

In addition to the general rights in Section 10, users in India have the following rights under the Digital Personal Data Protection Act 2023:

• Right to information about personal data being processed

• Right to correction and erasure of personal data

• Right to grievance redressal: You may contact our Grievance Officer at support@practers.com and we will acknowledge your complaint within 48 hours and resolve it within 30 days

• Right to nominate: You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity

We are committed to fulfilling our obligations as a Data Fiduciary under the DPDP Act, including appointing a Consent Manager and implementing a grievance redressal mechanism as and when required by law.

12. Rights of California Users (CCPA / CPRA)

California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: The categories of personal information we have collected, the sources, purposes of collection, and categories of third parties with whom we share it

• Right to Access: Specific pieces of personal information we have collected about you

• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions

• Right to Correct: Request correction of inaccurate personal information

• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising

• Right to Limit Use of Sensitive Personal Information: Where applicable under CPRA

• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights

To submit a CCPA/CPRA request, please contact us at support@practers.com with the subject line "California Privacy Request". We will verify your identity and respond within 45 calendar days, with a possible extension of up to an additional 45 days where necessary.

13. Children's Privacy

The Platform is not directed to, and we do not knowingly collect personal data from, children under the age of 16 (or the applicable age of digital consent in your jurisdiction). If you are under 16, please do not register for an account or submit any personal data to us.

If we become aware that we have inadvertently collected personal data from a child under 16 without verified parental or guardian consent, we will take prompt steps to delete that data. If you are a parent or legal guardian and believe your child has provided personal data to us without your consent, please contact us immediately at support@practers.com.

14. International Data Transfers

Practers is a globally accessible platform. Your personal data may be stored and processed in countries other than your own, including India and countries where our service providers operate. These countries may have different data protection frameworks than your home country.

Where we transfer personal data out of the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data transfer restrictions, we rely on appropriate legal mechanisms to ensure your data remains adequately protected. These mechanisms include: (a) Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities; (b) adequacy decisions issued by relevant authorities; or (c) other legally recognized transfer mechanisms. For transfers from India, we comply with the requirements of the DPDP Act 2023 and associated rules as they come into effect.

15. Automated Decision-Making and Profiling

The Platform uses automated processing and AI to produce interview evaluations, performance scores, ATS analysis, and personalized feedback. These automated outputs are integral to the Services we provide. You acknowledge that:

• AI-generated evaluations are used to provide the Platform's core Services and are not used to make legally significant or similarly significant binding decisions about you without human involvement

• You have the right to request human review of any automated evaluation or output that you believe significantly affects you, by contacting us at support@practers.com

• You should not rely solely on automated outputs for critical decisions and should exercise your own independent judgment

16. Third-Party Links and Integrations

The Platform may contain links to, or integrations with, third-party websites, services, or applications. Clicking on such links or using such integrations may result in those third parties collecting data about you. We do not control and are not responsible for the privacy practices, content, or data processing activities of any third-party service. We encourage you to read the privacy policies of any third-party services you interact with.

17. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Our Platform does not currently alter its data collection practices in response to DNT signals. We will update this Policy if our practices in this regard change.

18. Data Breach Notification

In the event of a personal data breach, we will:

• Investigate the breach promptly and take appropriate containment and remediation measures

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by GDPR or applicable law

• Notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms, providing information about the nature of the breach, likely consequences, and measures taken or proposed

• Comply with notification requirements under India's DPDP Act 2023 and other applicable laws as and when they take effect

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will: (a) post the updated Policy on the Platform with a revised effective date; and (b) where required or appropriate, notify you by email or through a prominent notice on the Platform. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

20. Contact, Grievances, and Supervisory Authorities

For all privacy-related questions, requests, complaints, or notices, please contact us:

Support / Privacy Email: support@practers.com

Website: practers.com

EEA / UK Users: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. For example: the Information Commissioner's Office (ICO) in the UK, or your national Data Protection Authority in the EU.

Indian Users: Once operational, you may approach the Data Protection Board of India (established under the DPDP Act 2023) with complaints that are not resolved to your satisfaction through our grievance mechanism.

California Users: You may contact the California Privacy Protection Agency (CPPA) for CCPA/CPRA-related complaints.

© 2026 Practers (practers.com). All rights reserved.