Privacy Policy

This Privacy Policy describes how Evolving Mind AI Technologies Private Limited, a company incorporated under the Companies Act, 2013 (India), with its registered office in Telangana, India (“Company,” “we,” “us,” or “our”), collects, uses, processes, stores, transfers, protects, and discloses Personal Data (defined below) in connection with the Platform, including AI-driven software components installed on a User’s local system. The terms that are not expressly defined herein shall have the meaning prescribed to them in the Terms of Service.

This Privacy Policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Digital Personal Data Protection Act, 2023 of India (“DPDP Act”), and other applicable data protection laws in jurisdictions where the Platform operates.

The Company acts as the Data Fiduciary under the DPDP Act and as the Data Controller under the GDPR. Where third-party service providers process Personal Data on our behalf, they act as Data Processors pursuant to binding Data Processing Agreements.

This Privacy Policy shall be read together with the Terms of Service, AUP, applicable Data Processing Agreement, and the EULA, all of which are incorporated herein by reference. In the event of any conflict between this Privacy Policy and the Terms of Service with respect to privacy and data protection disclosures, this Privacy Policy shall prevail. For all other matters, the Terms of Service shall prevail.

“Data Controller” or “Data Fiduciary” means the Company solely to the extent that it determines the purposes and means of Processing Personal Data in connection with the Platform.

“Data Processing” or “Processing” or “Processed” means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, restriction, erasure, or destruction.

“Personal Data” means any information relating to an identified or identifiable natural person that is Processed by the Company and/or on behalf of the Company in connection with the Platform, including, but not limited to, names, email addresses, resumes, voice recordings (audio), transcripts, job descriptions, interview data, screen captures, and related identifiers submitted by Users.

“Processor” or “Data Processor” means the third party solely to the extent it Processes Personal Data on behalf of and strictly in accordance with the documented instructions of the Company.

This Privacy Policy applies to all individuals who access, install, register for, or use Rolelanded, whether as individual users or through enterprise arrangements. The Platform operates globally, including in the European Union, United States, Canada, Australia, Germany, and other jurisdictions. The governing contractual law of the Platform remains the laws of India.

The Company determines the purposes and means of Processing Personal Data collected through the Platform. Accordingly, the Company acts as a Data Controller under the GDPR and a Data Fiduciary under the DPDP Act. Under the U.S. law, including CCPA/CPRA, the Company acts as a Business with respect to Personal Data collected.

Where Personal Data is Processed by third-party infrastructure providers, authentication providers, or payment processors, such entities act solely as Data Processors or Service Providers. Their obligations are governed by separate Data Processing Agreements that impose confidentiality, security, and lawful Processing obligations consistent with GDPR and equivalent legal standards.

This Policy forms part of the legally binding contractual framework governing use of Rolelanded. By accessing or using the Platform, Users acknowledge and consent to the practices described herein, subject to rights provided under applicable data protection laws.

The Company acts as the Data Fiduciary under the DPDP Act and as the Data Controller under the GDPR and other applicable laws solely to the extent that it determines the purposes and means of Processing Personal Data in connection with the Platform. Third-party service providers engaged by the Company act as Data Processors or Service Providers only to the extent they process Personal Data strictly on behalf of the Company and in accordance with its documented instructions pursuant to an applicable Data Processing Agreement. Where any third party independently determines the purposes and means of Processing Personal Data, such third party shall act as an independent controller or business, the Privacy Policy shall not apply to such independent Processing activities, and the Users shall be governed by the respective privacy policies, terms, and conditions of such third party for such Processing. Users are advised to review third-party policies and terms and conditions at their own risk and liability.

The Company collects Personal Data necessary to provide AI-driven interview advisory and preparatory services. Mandatory data includes name, email address, resume, client name, job description, and role name. Email verification is required. Disposable or anonymous email addresses are prohibited. Identity verification beyond email authentication is not required.

Optional contextual information may be provided to enhance personalization of advisory responses. Phone numbers are not mandatory. Users must be at least eighteen years old to use the Platform. The Company does not knowingly collect Personal Data from minors and will delete such data upon discovery.

The Platform records and transcribes voice input to enable contextual AI Processing. Video is not recorded. Screen capture is part of the Platform’s functionality.

Stored data may include voice recordings (audio), interview questions, AI Outputs, chat logs, and text transcripts for future User reference. The Company does not use advertising cookies or cross-site tracking technologies for advertising profiling or behavioral advertising. The Platform and its service providers may process limited device, network, and usage data (which may include IP address, device/app identifiers, app version, and event/log data) for authentication, security, fraud prevention, reliability, analytics, and crash/error reporting. The Company does not sell such data or use it for cross-context behavioral advertising.

Interview questions, AI Outputs, chat logs, voice recordings, transcripts, and other session data may be stored within Company-controlled infrastructure for User reference. Due to local installation, certain outputs, recordings, transcripts, screen captures, or temporary files may also reside on the User’s device. The Company does not control retention of data stored exclusively on User devices.

Personal data is Processed for providing, operating, securing, maintaining, and improving AI-driven advisory services. Processing enables speech-to-text conversion, AI response generation, personalization, analytics, Credit validation, fraud prevention, enterprise Credit oversight, and system security.

Under GDPR, Processing is based on contractual necessity, legitimate interests relating to fraud prevention, system integrity, and Service improvement, and explicit consent where required for sensitive data or voice Processing. Under the DPDP Act, Processing occurs on the basis of valid consent and legitimate uses permitted by law.

Under CCPA/CPRA, Personal Data is collected and used for business purposes including Service provision, security, and analytics. The Company does not sell Personal Data and does not engage in targeted advertising.

Personal data is not used for AI model training, benchmarking, or profiling unrelated to Service delivery. Anonymized and aggregated data may be used for analytics and product improvement.

The Platform uses automated AI systems to generate advisory outputs. These outputs are produced without human review. The system does not perform automated decision-making that produces legal effects or similarly significant impacts under GDPR.

The AI agent does not evaluate candidates, make employment decisions, rank applicants, certify qualifications, or interact with employers. It provides advisory guidance only. Users retain full autonomy over decisions made in response to AI Outputs.

AI Outputs may contain inaccuracies or incomplete responses. The Company does not guarantee accuracy or error-free functioning. Users are responsible for evaluating outputs before relying upon them.

No profiling is conducted for marketing, targeted advertising, or behavioral advertising purposes.

The AI agent is installed and executed on the User’s local system. Certain data may be Processed locally before synchronization with Company-hosted infrastructure. The Company does not maintain continuous control over locally stored data.

Users are solely responsible for securing their devices, operating systems, networks, and storage environments. The Company is not responsible for malware, device-level breaches, unauthorized access, or local data loss.

The Company’s data protection obligations apply to data processed within Company-controlled cloud systems and through third-party service providers engaged by the Company under contractual obligations. Data retained exclusively on User devices remains under User control.

Users must independently delete local files if desired. Local storage may persist after account deletion unless removed by the User.

The Company may disclose Personal Data to third-party service providers (including speech-to-text providers and AI service providers) solely as necessary to provide the Services and under contractual restrictions designed to limit Processing to Service delivery purposes.

The Company may engage service providers including, but not limited to, authentication and identity providers, hosting and storage providers, payment processors, speech-to-text providers, AI service providers, and analytics/crash reporting providers. These entities act solely as Data Processors or Service Providers, as the case may be, under binding contractual obligations.

All Processors are governed by Data Processing Agreements consistent with GDPR, DPDP Act requirements, and CCPA service provider obligations. Sub-processors may be engaged where necessary, subject to equivalent safeguards.

Enterprise clients may access session data for Credit monitoring purposes only. Enterprise clients act as independent controllers for student data they collect and provide.

Personal data may be processed in jurisdictions including the United States and other locations where infrastructure providers operate. Cross-border transfers occur as part of Service delivery.

For EU users, transfers outside the European Economic Area are governed by appropriate safeguards, including Standard Contractual Clauses where applicable.

Users acknowledge and consent to international data transfers consistent with this Policy.

The governing contractual law remains the laws of India, without limiting mandatory data protection rights under local laws.

Personal data is retained while the User maintains an active account and as necessary to provide Services. Upon deletion request or account termination, Personal Data stored within Company-controlled systems is deleted or irreversibly anonymized.

Upon account deletion, all User data stored within Company-controlled systems is deleted or irreversibly de-identified. Deleted data may remain in encrypted backups for a limited period and may be overwritten or deleted on a rolling basis, subject to applicable law.

Anonymized data that cannot identify an individual may be retained indefinitely for analytics and compliance.

Users remain responsible for deleting locally stored data from their own devices.

Users have the right to access, correct, delete, and obtain a copy of Personal Data processed by the Company, subject to legal limitations.

EU users have rights under GDPR including the right to restriction of Processing, objection to Processing based on legitimate interests, and data portability where applicable.

California residents have the right to know, delete, correct, and opt-out of sale or sharing. The Company confirms it does not sell or share personal information as defined by CCPA.

Indian users have rights under the DPDP Act including the right to access information about Processing, correction, erasure, and grievance redressal.

Requests will require identity verification. Excessive or abusive requests may be refused as permitted by law.

The Company implements reasonable technical and organizational safeguards including access controls, authentication protocols, and encryption where appropriate.

Payment Processing is handled by third-party payment processors. The Company does not store full payment card details.

Operational logs may be maintained for security and fraud prevention purposes. Such logs are limited and retained only as necessary.

In the event of a data breach affecting Company-controlled systems, notification will occur in accordance with applicable law, without admission of liability.

No system can guarantee absolute security. Users acknowledge inherent cybersecurity risks.

The Platform is strictly limited to individuals aged eighteen years or older. The Company does not knowingly collect data from minors. If data from a minor is discovered, it will be deleted promptly. No parental consent mechanism is provided.

Use by minors constitutes violation of Terms of Service.

Users may contact the Company regarding privacy concerns or data protection complaints. EU users have the right to lodge complaints with supervisory authorities in their country of residence. Indian users may exercise grievance redressal rights under the DPDP Act.

Contact details: support@rolelanded.ai

The Company may update this Privacy Policy at its discretion. The Effective Date will reflect updates.

Material changes may be communicated through the Platform or email where appropriate.

Continued use after updates constitutes acceptance of the revised Policy.

If a User does not agree with changes, the User must discontinue use and request account deletion.