Skip to main content
PrepGym
Get started

Privacy Policy

Last updated: 1 May 2026

This Privacy Policy describes how RudraSphere Technologies Pvt. Ltd. ("PrepGym", "we", "us") collects, uses, stores, discloses, and protects information about you when you use our website, mobile experience, or AI interview platform (collectively, the "Service"). We comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian privacy laws.

1. Data we collect

  • Account data: name, email, role, university or organisation.
  • Profile data: resume content, parsed skills, target roles, study preferences.
  • Session data: interview transcripts, voice recordings, code submissions, MCQ answers, scoring outputs.
  • Proctoring data: webcam frames, microphone audio, browser focus events, screen activity — only during proctored sessions you start.
  • Device & log data: IP address, browser, device, OS, timestamps, error traces.
  • Payment data: processed by our PCI-DSS compliant payment partner. We never store full card numbers.

2. How we use it

  • To run AI interviews, score answers, generate reports, and personalise your study plan.
  • To detect fraud, integrity violations, and protect the Service.
  • To improve our AI models — only on aggregated and anonymised data unless you explicitly opt in.
  • To send transactional emails and (with consent) marketing updates.
  • To comply with legal, accounting, and regulatory obligations.

3. Lawful basis (DPDP Act, 2023)

We process Personal Data based on the consent you provide at sign-up and at the start of every proctored session. You may withdraw consent at any time. Some processing is performed for "legitimate use" as defined under Section 7 of the DPDP Act (e.g., security, fraud prevention, accounting compliance).

4. Data localisation & hosting

All Personal Data is hosted in AWS Asia Pacific (Mumbai), region ap-south-1. Backups are encrypted with AWS KMS and remain in India. We do not transfer Personal Data to any country listed under a Section 16 restriction notification of the DPDP Act.

5. Security

  • Encryption at rest (AES-256) and in transit (TLS 1.2+).
  • Tenant isolation enforced at every API and database boundary.
  • Role-based access control, least privilege, and audit logging.
  • Regular vulnerability scans, dependency updates, and pen-tests.

6. Sharing

We share data with sub-processors strictly needed to run the Service: AWS (hosting), Anthropic via AWS Bedrock (LLM inference, in-region), Deepgram (STT), ElevenLabs and AWS Polly (TTS), Razorpay/Stripe (payments). We never sell your Personal Data. If your university or employer is the Data Fiduciary that bought you a seat, we share your session results with them per their agreement with you.

7. Retention

We retain Personal Data only as long as required to provide the Service and meet our legal obligations. Voice recordings and proctoring frames are retained for 30 days by default and then permanently deleted, unless an integrity review is open.

8. Your rights as a Data Principal

  • Right to access, correct, and erase your data.
  • Right to data portability.
  • Right to nominate (DPDP Act § 14).
  • Right to withdraw consent at any time.
  • Right to grievance redressal — write to dpo@prepgym.ai.

9. Children

The Service is not designed for users under 18. If you are below 18, you may use the Service only with verifiable consent from a parent or lawful guardian, as required under § 9 of the DPDP Act.

10. Cookies

We use a small number of strictly-necessary cookies (auth, CSRF) and optional analytics cookies. You can opt out via your browser settings or our cookie preference center.

11. Grievance Officer

Per the DPDP Act and the Information Technology (Reasonable Security Practices) Rules, our Grievance Officer is reachable at grievance@prepgym.ai. We respond within 30 days.

12. Changes

We may update this policy. Material changes will be notified via email and a banner on the Service. Your continued use after the effective date constitutes acceptance.