Privacy Policy
Last Updated: October 16, 2025
Your Privacy Matters: nuBuddy is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
1.1 Personal Information
When you create an account or use nuBuddy, we collect:
- Account Information: Email address, full name, password (encrypted)
- Profile Data: Institute affiliation, role (candidate, institute admin, company admin)
- CV/Resume: Career history, education, skills, and professional information you upload
1.2 Interview and Assessment Data
- Audio Recordings: Voice recordings during AI interview sessions (temporarily stored for transcription)
- Responses: Your answers to interview questions, aptitude tests, and group discussions
- Performance Metrics: Scores, assessments, and AI-generated feedback
- Session History: Interview dates, durations, and module usage
1.3 Automatically Collected Information
- Device Information: Device type, operating system, browser type
- Usage Data: Pages visited, features used, time spent on platform
- IP Address: For security and analytics purposes
- Cookies: Session cookies for authentication (essential for service)
2. How We Use Your Information
2.1 Primary Purposes
- AI Interview Services: Conduct voice-based AI interviews, analyze responses, generate performance reports
- CV Analysis: Parse and analyze CVs, provide dimensional scoring and improvement recommendations
- Skills Assessment: Administer aptitude tests, group discussions, and specialized modules
- Progress Tracking: Maintain interview history, performance trends, and skill development analytics
2.2 Additional Uses
- Account authentication and security
- Billing and payment processing (handled via Razorpay)
- Customer support and communication
- Platform improvement and analytics
- Compliance with legal obligations
3. Data Processing and AI
Important: We use OpenAI GPT-4 for AI interview analysis and feedback generation. All data sent to OpenAI includes explicit instructions that it must NOT be used for model training or any other purposes beyond generating your interview feedback.
3.1 Audio Processing
- Audio recordings are transcribed using OpenAI Whisper API
- Audio files are temporarily stored for processing only
- Audio recordings are automatically deleted after report generation
- We do not permanently store voice recordings
3.2 Data Removal Requests
After each module completion, we automatically request data removal from AI providers. Your interview data is not used to train external AI models.
4. Data Sharing and Disclosure
4.1 Within Your Institute
- Institute Admins: Can view performance reports, analytics, and assessment results for candidates in their institute
- Faculty: Can view student performance data and receive intervention alerts
- Company Admins: Can view aggregated institute-level analytics (no individual candidate data)
4.2 Third-Party Service Providers
We share limited data with:
- OpenAI: For AI interview analysis and transcription (with data removal requests)
- Razorpay: For payment processing (credit purchases only)
- SendGrid: For transactional emails (credentials, notifications)
- Cloud Storage: For secure file storage (encrypted)
4.3 Legal Requirements
We may disclose your information if required by law, court order, or government regulation.
5. Data Security
5.1 Encryption and Protection
- 256-bit AES encryption for data at rest
- HTTPS/TLS encryption for data in transit
- PBKDF2 password hashing with 100,000 iterations
- JWT-based authentication with secure session management
- Single session enforcement (one active session per user)
5.2 Access Controls
- Role-based access control (RBAC)
- Institute-level data isolation
- Audit logging for all sensitive operations
6. Data Retention
6.1 Retention Periods
- Audio Recordings: Deleted immediately after transcription and report generation
- Interview Reports: Retained for 3 years or until account deletion
- CV Data: Retained while account is active
- Account Data: Retained until you request deletion
6.2 Temporary Files
Temporary files (uploaded CVs, audio recordings) are automatically cleaned up every 24 hours.
7. Your Privacy Rights
7.1 Access and Control
You have the right to:
- Access: View all data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Deletion: Request complete account and data deletion
- Export: Download your interview reports and performance data
- Opt-out: Decline optional data processing (analytics, marketing)
7.2 Account Deletion
To delete your account:
- Contact your institute administrator for candidate accounts
- Contact support@nubuddy.com for admin accounts
- All data will be permanently deleted within 30 days
8. Cookies and Tracking
8.1 Essential Cookies
We use session cookies for:
- User authentication (required)
- Security and fraud prevention
- Session state management
8.2 No Third-Party Tracking
We do not use advertising cookies or third-party tracking pixels.
9. Children's Privacy
nuBuddy is intended for users aged 16 and above. We do not knowingly collect data from children under 16. If we discover such data, it will be immediately deleted.
10. International Data Transfers
Your data may be processed in servers located in different countries. We ensure appropriate safeguards through:
- Standard contractual clauses with service providers
- Compliance with GDPR, CCPA, and Indian data protection laws
- Encryption during transit and at rest
11. Compliance Standards
nuBuddy complies with:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- DPDPA (Digital Personal Data Protection Act, India)
- SOC 2 security standards
- NIST cybersecurity framework
- OWASP security best practices
12. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be:
- Posted on this page with updated "Last Updated" date
- Notified via email for material changes
- Effective immediately upon posting (unless stated otherwise)
13. Contact Us