Privacy Policy

1.1 Information You Provide

• Account Information -- When you sign up, we collect your name, email address, and profile picture (if signing in via Google OAuth). If you use email-based login, we collect your email and a hashed password.
• Payment Information -- When you subscribe, payment details are collected and processed by our payment partners (Razorpay and PayPal). We do not store your full credit card numbers, bank account details, or UPI IDs on our servers. We receive and store transaction identifiers, subscription IDs, payment amounts, and billing status.
• Resume Uploads -- If you upload a resume for personalized AI responses, the resume content is processed within the Desktop App to tailor suggestions. Resume files are not permanently stored on our servers unless you opt in to saving session data.
• Support Communications -- When you contact us via email or through the Website, we collect the content of your messages, your email address, and any attachments you provide.
• Prospect Briefing Data -- In Sales Call mode, if you fill in the Prospect Briefing Form, that data is processed locally during the session for AI coaching purposes.

1.2 Information Collected During Sessions

• Audio Data -- The Desktop App captures system audio (from video call platforms) or microphone audio (in Practice mode) during active sessions. Audio is streamed in real-time to third-party transcription services for speech-to-text processing. Audio is not recorded or permanently stored on our servers.
• Transcription Data -- Real-time transcriptions are generated from audio during sessions. If you have opted in to data saving, transcriptions may be stored in your account for later review. If data saving is disabled, transcriptions are discarded when the session ends.
• AI-Generated Content -- Responses, summaries, notes, action items, and other content generated by the AI during sessions. Storage follows the same opt-in data saving preferences as transcription data.
• Screenshot Data -- When you use the screenshot feature (e.g., in Coding mode or Analyze Screen), the captured image is processed for AI analysis and is not permanently stored unless data saving is enabled.
• Speaker Identification Data -- In modes that support speaker diarization (Sales, Meeting, Notes, Recruiting), audio characteristics are used to distinguish speakers. This is processed in real-time by our transcription provider and is not stored as biometric data.

1.3 Information Collected Automatically

• Device & System Information -- Operating system, app version, platform (Windows/macOS), architecture, and device type.
• Usage Data -- Features accessed, session durations, modes used, credit consumption, and interaction patterns within the Desktop App and Website.
• Log Data -- IP address, browser type, referring pages, timestamps, and access logs when you visit the Website.
• Installation Data -- When you install or update the Desktop App, we collect the app version, platform, architecture, and OS version to track active installations and provide support.
• Cookies & Similar Technologies -- We use cookies and local storage on the Website for authentication, session management, analytics, and preference storage (see Section 7).

1.4 Information from Third Parties

• Google OAuth -- When you sign in with Google, we receive your name, email, and profile picture as authorized by you during the OAuth consent flow.
• Payment Providers -- Razorpay and PayPal may provide us with transaction status, subscription lifecycle events, and payment failure notifications.

We use the information we collect for the following purposes:

• Providing the Services -- To operate, deliver, and maintain the Desktop App and Website, process your sessions, generate AI responses, and manage your account.
• Billing & Payments -- To process subscriptions, track credit usage, issue invoices, and manage payment lifecycle events (renewals, cancellations, failures).
• Communication -- To send transactional emails (subscription confirmations, payment receipts, credit alerts), respond to support requests, and provide service-related notifications.
• Improvement & Analytics -- To analyze aggregate usage patterns, identify bugs, improve service performance, and develop new features. We use anonymized and aggregated data for these purposes.
• Security & Fraud Prevention -- To detect and prevent unauthorized access, abuse, fraud, and other harmful activities.
• Legal Compliance -- To comply with applicable laws, regulations, legal processes, or enforceable government requests.

Given the sensitive nature of audio data processed during interviews, sales calls, and meetings, we want to be transparent about how it is handled:

• Real-Time Processing Only. Audio is streamed in real-time to transcription services and is processed on-the-fly. We do not record, download, or permanently store raw audio files on our servers.
• No Audio Retention. Once the transcription service converts audio to text, the audio stream is discarded. There is no audio archive.
• Transcription Storage is Opt-In. Transcriptions and AI-generated content are only stored in your account if you have enabled data saving in the Desktop App settings. When disabled, all session content is discarded when the session ends.
• No AI Training. Your audio, transcriptions, and session content are never used to train, fine-tune, or improve our AI models or any third-party models.
• Speaker Diarization. Speaker identification is performed by our transcription provider in real-time. Speaker labels (Speaker 0, Speaker 1, etc.) are derived from audio characteristics during the session. This data is not stored as biometric identifiers.

We do not sell your personal information. We share information only in the following circumstances:

Service Providers

We work with trusted third-party service providers who process data on our behalf to deliver the Services:

• Supabase -- Database hosting, authentication, and backend infrastructure
• Razorpay -- Payment processing for users in India (subject to Razorpay's Privacy Policy)
• PayPal -- Payment processing for international users (subject to PayPal's Privacy Policy)
• Deepgram -- Real-time speech-to-text transcription and speaker diarization for Sales, Meeting, Notes, Recruiting, and Lecture modes
• AssemblyAI -- Speech-to-text transcription for Interview Copilot mode
• OpenAI -- AI language model processing for generating responses and content
• Hostinger -- Email delivery infrastructure (SMTP)

Each service provider is contractually obligated to process your data only as necessary to perform their services and in accordance with applicable privacy laws.

Other Sharing Circumstances

• Legal Requirements -- We may disclose your information if required to do so by law, regulation, legal process, or governmental request.
• Protection of Rights -- We may share information to protect the rights, property, or safety of Craqly, our users, or the public.
• Business Transfers -- In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
• With Your Consent -- We may share your information for purposes not described here with your explicit consent.

Your account data (name, email, subscription information, credit balance) is retained for as long as your account is active. Session data (transcriptions, AI responses, meeting notes) is retained only if you have opted in to data saving, and you may delete it at any time.

• Account Data -- Retained while your account is active and for a reasonable period after account deletion for legal, tax, and audit purposes.
• Payment Records -- Retained as required by applicable financial regulations and tax laws (typically 5-7 years).
• Session Data -- Retained only if you opt in to saving. You can delete individual sessions or all saved data from your account at any time.
• Usage Analytics -- Aggregated and anonymized analytics data may be retained indefinitely as it cannot be used to identify individual users.
• Support Communications -- Retained for as long as needed to resolve your inquiry and for quality assurance purposes.
• Email Logs -- Records of emails sent to you (subscription confirmations, alerts, etc.) are retained for troubleshooting and compliance purposes.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

We implement reasonable technical, administrative, and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest in our database
• Row-level security (RLS) policies to ensure users can only access their own data
• Secure authentication via Google OAuth and hashed password storage
• Regular security reviews of our infrastructure and third-party integrations
• Access controls limiting employee access to user data on a need-to-know basis

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents and notifying affected users as required by law.

We use the following types of cookies and similar technologies on the Website:

• Essential Cookies -- Required for authentication, session management, and core website functionality. These cannot be disabled without impacting the Services.
• Analytics Cookies -- Help us understand how visitors interact with the Website, which pages are visited most, and how to improve user experience. These collect anonymized, aggregated data.
• Preference Cookies -- Store your preferences such as theme (light/dark mode) and language settings.

The Desktop App uses local storage for authentication tokens and user preferences. It does not use tracking cookies.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Website.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access -- Request a copy of the personal information we hold about you.
• Correction -- Request correction of inaccurate or incomplete personal information.
• Deletion -- Request deletion of your personal information, subject to legal retention requirements.
• Data Portability -- Request your data in a structured, commonly used, machine-readable format.
• Restriction -- Request that we restrict processing of your personal information in certain circumstances.
• Objection -- Object to the processing of your personal information for certain purposes.
• Withdraw Consent -- Where processing is based on your consent, you may withdraw consent at any time.

Data Saving Controls

The Desktop App provides granular controls over data saving. You can choose to:

• Enable or disable saving of session transcriptions
• Enable or disable saving of AI-generated responses and notes
• Delete individual sessions or all saved data from your account
• These preferences can be changed at any time in the Desktop App settings

To exercise any of your rights, contact us at support@craqly.com. We will respond to your request within 30 days.

For Users in India

We comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian data protection regulations. You have the right to access, correct, and request deletion of your personal data. For grievances, contact our Grievance Officer at support@craqly.com.

For Users in the European Economic Area (EEA) / UK

If you are located in the EEA or UK, the General Data Protection Regulation (GDPR) and UK GDPR apply. Our legal bases for processing personal data include: performance of a contract (providing the Services), legitimate interests (security, analytics, service improvement), consent (where applicable), and legal obligations. You have additional rights under GDPR including the right to lodge a complaint with your local supervisory authority.

For Users in California

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to know what personal information is collected, request deletion, opt out of sales (we do not sell your data), and not be discriminated against for exercising privacy rights.

Your information may be transferred to and processed in countries other than the country in which you reside, including India and the United States, where our service providers operate. These countries may have data protection laws that differ from your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements with our service providers.

The Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with their personal information, please contact us at support@craqly.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and may notify you via email or through the Services. Your continued use of the Services after the updated policy becomes effective constitutes your acceptance of the changes.

We encourage you to periodically review this page for the latest information on our privacy practices.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@craqly.com
• Website: craqly.com
• Company: Fyrosoft Technologies

For privacy-specific inquiries, you can also reach our Data Protection contact at the email address above.