Our Privacy Commitment
We believe in transparency and giving you control over your data. We never sell your personal information, we minimize data collection, and we provide tools for you to export or delete your data at any time.
Quick Navigation
1. Introduction
Welcome to ClarUP ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
By using ClarUP, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
2. Information We Collect
Information You Provide
- Account Information: Name, email address, and profile details when you register.
- Assessment Responses: Your answers to personality, interest, and value assessments.
- Career Preferences: Skills, experience, education background, and career goals you share.
- Payment Information: Billing details processed through Razorpay (we don't store full card numbers).
- Communications: Messages you send us, feedback, and support requests.
Information Collected Automatically
- Usage Data: Pages visited, features used, time spent, and interaction patterns.
- Device Information: Browser type, operating system, device type, and screen resolution.
- Log Data: IP address, access times, and referring URLs.
- Cookies: Small data files stored on your device (see Cookie section below).
3. How We Use Your Information
We use your information for the following purposes:
Providing Our Services
Generate personalized career reports, learning paths, and recommendations based on your assessments.
Account Management
Process payments, manage subscriptions, and maintain your account security.
Communication
Send administrative emails, updates, security alerts, and respond to your inquiries.
Improvement & Analytics
Analyze usage patterns (anonymized) to improve our AI models and user experience.
Legal Compliance
Comply with legal obligations and enforce our terms of service.
6. Data Security
We implement robust security measures to protect your data:
- Encryption: All data is encrypted in transit (TLS/SSL) and at rest
- Secure Hosting: Data stored in SOC 2 compliant data centers
- Access Controls: Strict authentication and role-based access for employees
- Regular Audits: Periodic security reviews and vulnerability assessments
- Payment Security: PCI-DSS compliant payment processing through Razorpay
Note: While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
7. Data Retention
We retain your personal data only as long as necessary for the purpose it was collected. The schedule below is the default — specific data may be deleted earlier on user request, or kept longer where law requires.
| Data Category | Retention Period | Trigger to Delete |
|---|---|---|
| Account & Profile (name, email, role) | Lifetime of account | 30 days after account deletion request |
| Assessment Responses & Results | Lifetime of account | 30 days after account deletion request |
| Skill Claims & Career Pins | Lifetime of account | 30 days after account deletion request |
| Payment & Invoice Records | 8 years | Statutory retention — Indian Income Tax & GST rules. Cannot be deleted earlier. |
| Auth & Session Logs (login IP, device) | 90 days | Auto-purged on rolling window |
| Email Logs (sent / failed transactional emails) | 180 days | Auto-purged |
| Support Communications | 3 years | Last contact + 3 years |
| Admin Audit Trails (impersonation, role changes) | 5 years | Required for security & compliance review |
| Anonymized Aggregate Analytics | Indefinite | No personal identifiers retained |
When you delete your account, we delete or anonymize your data within 30 days, except where retention is required by law (e.g., payment records under Indian tax law, audit trails for security compliance). After the retention window expires, data is hard-deleted from active systems; encrypted backups roll off within an additional 90 days.
8. Your Rights (GDPR, India DPDP 2023 & Beyond)
Depending on your location, you have the following rights regarding your data:
Right to Access
Request a copy of all your personal data
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your data ("Right to be Forgotten")
Right to Data Portability
Export your data in a structured, machine-readable format
Right to Object
Opt out of certain processing, like marketing
Exercise Your Rights: You can export your data and delete your account directly from your account settings. For other requests, contact us at privacy@clarup.com.
For Users in India — Digital Personal Data Protection Act, 2023
ClarUP processes personal data of users in India in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"). Under this law you have the following rights as a Data Principal:
- Right to Access: Obtain a summary of personal data being processed, the processing activities, and the identities of any Data Fiduciaries / Processors with whom your data has been shared.
- Right to Correction & Erasure: Request correction of inaccurate data and erasure of personal data no longer required for the purpose collected (subject to statutory retention obligations listed in Section 7).
- Right to Grievance Redressal: Raise a complaint with our Grievance Officer (details below). We will respond within the statutory timeframe.
- Right to Nominate: Nominate another individual to exercise these rights on your behalf in the event of death or incapacity.
- Right to Withdraw Consent: Where processing relies on your consent, you may withdraw it at any time from account settings. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Grievance Officer (India): grievance@clarup.com
Data Protection Officer: dpo@clarup.com
Unresolved grievances may be escalated to the Data Protection Board of India once it is operational under the DPDP Act.
ClarUP is a Data Fiduciary under the DPDP Act. We process children's data only with verifiable parental consent, do not undertake tracking, behavioural monitoring, or targeted advertising directed at children, and do not process personal data of children in a way likely to cause detrimental effect.
9. Children's Privacy
ClarUP is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately and we will take steps to delete it.
10. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) for EU data transfers
- Service providers with adequate data protection certifications
- Appropriate encryption and security measures for all transfers
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this page
- For significant changes, we will notify you via email or a prominent notice on our site
- We will provide at least 30 days' notice before major changes take effect
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices:
Privacy Inquiries: privacy@clarup.com
General Support: hello@clarup.com
Data Protection Officer: dpo@clarup.com
Grievance Officer (India — DPDP Act, 2023): grievance@clarup.com