Privacy Policy

1. Introduction & Scope

MyRaraha Technologies Private Limited ("MyRaraha", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our resume building platform at myraraha.com.

Legal Compliance: This policy is designed to comply with:

• General Data Protection Regulation (GDPR) - for European users
• California Consumer Privacy Act (CCPA) - for US users
• International data protection and privacy regulations
• Consumer Protection laws (as applicable globally)
• International contract law principles

By using our service, you consent to the practices described in this Privacy Policy. If you do not agree with our policies, please do not use our service.

2. Information We Collect

2.1 Personal Information You Provide

2.2 Information Collected Automatically

• Device Information: Browser type, operating system, device model, screen resolution
• Usage Data: Pages visited, features used, time spent, click patterns
• Location Data: IP address, approximate geographic location (city/state level)
• Technical Data: Cookies, session IDs, local storage data
• Performance Data: Error logs, crash reports, loading times

2.3 Third-Party Sources

• LinkedIn profile import (with your explicit consent)
• Google OAuth authentication data
• Social media profile information (if connected)
• Job board integrations (with permission)

3. How We Use Your Information

3.1 Primary Service Purposes (Lawful Basis: Contract Performance)

• Provide resume building and editing tools
• Generate PDF and Word format downloads
• Store and retrieve your resume data securely
• Process subscription payments and manage billing
• Provide customer support and technical assistance
• Deliver ATS optimization and job matching services

3.2 Communication Purposes (Lawful Basis: Legitimate Interest)

• Send service updates and important notifications
• Respond to customer inquiries and support requests
• Send payment confirmations and billing information
• Notify about policy changes or security issues
• Provide onboarding assistance and tips

3.3 Service Improvement (Lawful Basis: Legitimate Interest)

• Analyze usage patterns to improve features
• Conduct A/B testing for better user experience
• Develop new templates and tools
• Monitor and improve website performance
• Enhance security and prevent fraud

3.4 Legal Compliance (Lawful Basis: Legal Obligation)

• Maintain records as required under applicable data protection laws
• Comply with tax obligations and regulatory requirements
• Respond to legal requests and court orders
• Prevent fraud and protect against security threats
• Maintain audit trails for data processing activities

3.5 Marketing (Lawful Basis: Consent)

• Send newsletters and feature announcements (opt-in only)
• Provide personalized content recommendations
• Share career tips and job market insights
• Inform about special offers and promotions

Note: You can withdraw consent for marketing communications at any time.

4. Data Storage, Security & Location

4.1 Security Measures

We implement comprehensive security measures compliant with IT Rules 2011:

4.2 Data Location & Residency

• Primary Database: PostgreSQL hosted on secure cloud infrastructure
• File Storage: Resume files stored with encryption and access controls
• Backup Location: Encrypted backups in geographically separate locations
• Data Mirroring: Real-time replication for high availability

4.3 Access Controls

• Principle of least privilege for all system access
• Mandatory two-factor authentication for administrative access
• Regular access reviews and deprovisioning procedures
• Comprehensive audit logging of all data access
• Segregation of production and development environments

5. Data Sharing and Third Parties

Our Commitment: We never sell, rent, or trade your personal information. Data sharing is limited to essential service providers under strict contractual obligations.

5.1 Service Providers (Data Processors)

5.2 Legal Disclosures

We may disclose your information when legally required:

• In response to court orders, legal process, or law enforcement requests
• To comply with applicable laws including data protection and tax regulations
• To protect our rights, property, or safety of users
• In case of merger, acquisition, or business transfer
• To prevent fraud, security threats, or illegal activities

5.3 Data Processing Agreements

All third-party service providers are bound by:

• Comprehensive data processing agreements (DPAs)
• GDPR compliance requirements for international transfers
• GDPR and international data protection compliance
• Regular security and compliance audits
• Immediate breach notification obligations

6. Your Data Rights

Under Indian law (IT Act 2000, Consumer Protection Act 2019) and international regulations (GDPR for EU users), you have comprehensive rights regarding your personal data:

6.1 How to Exercise Your Rights

6.2 Self-Service Options

Many rights can be exercised directly through your account dashboard:

• Profile Settings: Update personal information, contact details
• Privacy Controls: Manage marketing preferences, data sharing
• Data Export: Download your resume data and account information
• Account Deletion: Permanently delete your account and data

7. Data Retention & Deletion

We retain personal data only as long as necessary for the purposes outlined in this policy and as required by Indian law:

7.1 Automated Deletion

• Inactive accounts (no login for 3+ years) receive deletion notice
• Temporary data (sessions, cache) automatically purged
• Backup data follows same retention schedule as primary data
• Anonymized analytics data retained for service improvement

7.2 Secure Deletion Process

When data is deleted:

• Immediate removal from active systems and backups
• Cryptographic key destruction for encrypted data
• Multi-stage verification of complete deletion
• Audit trail maintenance for compliance verification

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Our cookie policy provides detailed information about each type used. Here's a summary:

📋 Detailed Information: Visit our Cookie Policyfor comprehensive information about all cookies used, their purposes, and management options.

9. Children's Privacy & Age Verification

9.1 Age Verification Process

• Date of birth verification during account registration
• Additional verification for users appearing under 18
• Automated account suspension for verified minors
• Parental notification process where applicable

9.2 Protection Measures

• No Collection: We do not knowingly collect information from anyone under 18
• Immediate Deletion: Any discovered minor accounts are immediately suspended and data deleted
• Reporting Mechanism: Easy reporting for parents/guardians who discover unauthorized accounts
• Educational Content: Age-appropriate privacy education for young adults (18+)

9.3 Parental Rights

If you are a parent/guardian and discover your child has created an account:

• Contact us immediately at privacy@myraraha.com
• We will verify the relationship and delete the account within 24 hours
• All associated data will be permanently removed
• We will investigate how the account was created to prevent recurrence

10. International Legal Compliance

10.1 Information Technology Act, 2000

10.2 IT Rules 2011 - Reasonable Security Practices

• Security Policy: Comprehensive information security policy implemented
• Access Controls: Role-based access with regular reviews
• Data Classification: Sensitive personal data properly classified and protected
• Incident Response: 24/7 monitoring and incident response procedures
• Regular Audits: Annual security audits by certified professionals

10.3 Consumer Protection Act, 2019

• Transparent pricing and billing practices
• Clear service descriptions and limitations
• Accessible grievance redressal mechanism
• Fair contract terms and conditions
• Protection against unfair trade practices

10.4 Personal Data Protection Bill Readiness

11. International Data Transfers

11.1 Cross-Border Data Transfers

Some of our service providers are located outside India. When data is transferred internationally, we ensure appropriate safeguards:

11.2 Transfer Safeguards

• Adequacy Decisions: Transfers only to countries with adequate data protection
• Standard Contractual Clauses: EU-approved SCCs for all international transfers
• Data Processing Agreements: Comprehensive DPAs with all international vendors
• Encryption: All data encrypted in transit and at rest during transfers
• Access Controls: Strict access limitations for international processing

11.3 Your Control Over International Transfers

• Request data localization to India-only servers (premium feature)
• Opt-out of international analytics processing
• Choose Indian payment processors only
• Receive notifications before any new international transfers

12. Data Breach Notification

12.1 Our Commitment

In the unlikely event of a data breach affecting your personal information, we will:

• Immediate Action: Contain the breach and assess the scope within 1 hour
• Authority Notification: Report to CERT-In and relevant authorities within 6 hours (India) / 72 hours (GDPR)
• User Notification: Inform affected users within 24 hours via email and platform notification
• Remediation: Take immediate steps to prevent further unauthorized access
• Support: Provide free credit monitoring and identity protection services if needed

12.2 What We'll Tell You

• Nature of the breach and data affected
• Likely consequences and potential risks
• Measures taken to address the breach
• Recommendations for protecting yourself
• Contact information for questions and support

13. Changes to This Policy

13.1 Update Process

We may update this privacy policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• Material Changes: 30-day advance notice via email and platform notification
• Minor Updates: Posted immediately with updated "Last Modified" date
• Emergency Changes: Immediate implementation with subsequent notification (legal/security)
• Version History: Previous versions available upon request

13.2 Your Options

• Review changes and decide whether to continue using the service
• Contact us with questions or concerns about updates
• Delete your account if you disagree with material changes
• Exercise your data rights under the updated policy

14. Contact Information & Support