AchieversIT Toolkit ("the Toolkit", "we", "our") is a career-tools product operated for and on behalf of AchieversIT. This policy explains what we collect, why we collect it, and your rights as a data principal under India's Digital Personal Data Protection Act (DPDP), 2023.
1. What we collect
- Anonymous session ID — set as an HttpOnly cookie (
ct_sid) the first time you visit. Lets us tie your generations and rate-limits to a browser without you signing in. - Email address — when you sign in with Google or via magic-link email. We receive your verified email (and display name) from Google's OAuth profile endpoint.
- Tool inputs and AI outputs — what you type into each tool and what the AI returns. Stored against your session/account so you can revisit past generations.
- IP address and request metadata — for rate limiting and abuse prevention. Not shared, not sold.
- Payment metadata — if/when paid tools are enabled, Razorpay order IDs and payment status. We do not see or store your card or UPI details — those go directly to Razorpay.
2. What we do not collect
- We don't track you across other websites.
- We don't use advertising cookies.
- We don't sell or rent your data to anyone.
3. How we use it
- To run the tools you ask us to run (sending your inputs to an AI model).
- To show you your generation history when you sign in.
- To prevent abuse via rate limits.
- To process payments via Razorpay, when paid features are turned on.
4. AI processing
When you submit a tool form, the text you provide is sent to a large-language-model provider (currently Anthropic's Claude, via a hosted gateway). The provider processes the request and returns the response. We do not control how upstream providers retain inputs — please review their policies if your inputs are sensitive. Do not paste highly confidential information (passwords, PII you don't want a third party to see, etc.) into any tool.
5. Cookies
ct_sid— anonymous session identifier. HttpOnly, SameSite=Lax, Secure in production. Expires after 1 year.g_oauth_state— short-lived CSRF token used during Google sign-in. Deleted as soon as you finish signing in.
6. Sharing
We share data only with the third parties needed to run the service: our hosting provider (Vercel), our database provider (Neon Postgres), the AI provider (Anthropic / our LLM gateway), our payment provider (Razorpay, when enabled), and Google (when you choose to sign in with Google). Each of those operates under its own data-processing terms.
7. Retention
- Generations are kept while your account is active.
- Anonymous sessions and their generations age out 12 months after last use.
- Payment records are kept for 7 years to meet Indian tax/audit requirements.
8. Your rights under DPDP
You have the right to:
- Access the data we hold about you.
- Correct it if it's wrong.
- Delete your account and your associated generations.
- Withdraw consent for processing.
- Lodge a complaint with India's Data Protection Board.
To exercise any of these, email us at the contact below. We aim to respond within 14 days.
9. Security
Data is encrypted in transit (TLS) and at rest (Neon Postgres + Vercel environment variables). Passwords and OAuth secrets are never written to client-side code. We rotate keys when we suspect exposure.
10. Children
The Toolkit is intended for users 18 and older. We do not knowingly process data from minors. If you believe a minor has used the service, contact us and we'll delete the data.
11. Changes
We update this policy when we change how we handle data. Material changes get announced on the home page for at least 14 days before they take effect.
12. Contact
For privacy questions or DPDP requests: write to AchieversIT via achieversit.com.
This policy describes current product behavior in plain English. For Indian-law-specific interpretation, consult a qualified data protection officer or lawyer.