Privacy Policy

Interpretation

Words with capitalized initials have meanings defined below. Definitions apply regardless of whether they appear in singular or plural form.

Definitions

Account

A unique account created for You to access the Service or parts of it.

Affiliate

An entity that controls, is controlled by, or is under common control with TKNOPS, where "control" means ownership of 50% or more of shares or voting rights.

Company / We / Us / Our

Refers to TKNOPS Technology Private Limited, a company incorporated under the Companies Act, 2013 in India.

Consent Manager

A person registered with the Data Protection Board of India who enables a Data Principal to give, manage, review, and withdraw consent through an accessible, transparent, and interoperable platform, as defined under the DPDP Act.

Cookies

Small files placed on Your computer, mobile device, or any other device by a website, containing details of Your browsing.

Country

India.

Data Fiduciary

Under the DPDP Act, means TKNOPS as the entity that determines the purpose and means of processing of personal data.

Data Principal

Under the DPDP Act, means You, the individual to whom the personal data relates.

Data Processor

Under the DPDP Act, means any person who processes personal data on behalf of TKNOPS.

Device

Any device that can access the Service (computer, mobile phone, tablet).

DPDP Act

The Digital Personal Data Protection Act, 2023, together with the Digital Personal Data Protection Rules, 2025, and any amendments thereto.

GDPR

The EU General Data Protection Regulation, where applicable to users in the European Economic Area.

Personal Data

Any data about an individual who is identifiable by or in relation to such data.

Service

Refers to the reApply.io website, platform, and related applications.

Service Provider / Data Processor

Any natural or legal person who processes data on behalf of TKNOPS.

Usage Data

Data collected automatically, either generated by use of the Service or from the Service infrastructure (e.g., the duration of a page visit).

Website

Refers to reApply.io, accessible at https://reapply.io

You

The individual accessing or using the Service.

Types of Data Collected

Personal Data

While using the Service, We may ask You to provide certain personally identifiable information that can be used to contact or identify You. This may include, but is not limited to:

• Email address
• First name and last name
• Phone number (optional)
• Billing address and PIN/ZIP code
• Resume content, employment history, education, skills, and professional information You upload
• Job postings, company names, and role descriptions You submit for analysis
• Cover letter inputs and other career-related content
• Usage Data

Because reApply.io is a career intelligence platform, the Service necessarily processes detailed professional and employment-related information You voluntarily provide.

Usage Data

Usage Data is collected automatically when using the Service. It may include Your Device's IP address, browser type and version, the pages of the Service You visit, the time and date of Your visit, time spent on pages, unique device identifiers, and other diagnostic data. When You access the Service via a mobile device, We may also collect mobile device type, unique mobile device ID, mobile operating system, mobile browser type, and similar identifiers.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies (beacons, tags, scripts) to track activity on the Service, authenticate users, remember preferences, and analyze performance. Cookies can be:

• Session Cookies – deleted when You close Your browser.
• Persistent Cookies – remain on Your Device until they expire or are deleted.

Categories We use:

You may opt out of non-essential cookies via Your browser settings or our in-product cookie preferences.

TKNOPS may use Personal Data for the following purposes:

• To provide and maintain the Service, including AI-powered job analysis, company research, gap analysis, and generation of resumes and cover letters.
• To manage Your Account and registration as a user.
• For performance of a contract – delivering the products or services You have purchased.
• To contact You by email, push notifications, or other electronic means regarding updates, security alerts, and informational messages.
• To provide news, offers, and information about features or services similar to those You use, where You have not opted out.
• To manage Your requests and customer support tickets.
• To improve our Service, including training and improving Our AI models in a privacy-respecting manner. We do not use the content of Your private resumes, cover letters, or uploaded personal data to train third-party foundation models without Your explicit consent.
• For business transfers – evaluating or conducting mergers, acquisitions, or restructuring.
• For analytics, identifying usage trends, and measuring the effectiveness of campaigns.
• To comply with legal obligations under Indian law.

Lawful Basis under the DPDP Act

In line with Section 6 and Section 7 of the DPDP Act, We process Your Personal Data primarily on the basis of:

1. Your free, specific, informed, unconditional, and unambiguous consent, obtained at the point of collection through a clear notice; or
2. Certain legitimate uses as defined under Section 7 of the DPDP Act, including the voluntary provision of data by You for a specified purpose and compliance with legal obligations.

We may share Your information in the following situations:

• With Service Providers / Data Processors: payment processors, cloud hosting providers, AI model providers, analytics vendors, email and communication providers, and customer support tools — bound by data processing agreements.
• With Affiliates: subject to this Privacy Policy.
• With business partners: to offer You certain products, services, or promotions.
• For business transfers: in connection with any merger, sale of assets, financing, or acquisition.
• With law enforcement when required to comply with a legal obligation, court order, or governmental request under Indian law (including the Information Technology Act, 2000 and the DPDP Act).
• With Your consent: for any other purpose disclosed at the time of collection.

We do not sell Your Personal Data to third parties for monetary consideration.

TKNOPS will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, and as required under the DPDP Act and other applicable Indian laws.

In accordance with Section 8(7) of the DPDP Act, We will erase Your Personal Data once the specified purpose is no longer served by retention, unless retention is required for compliance with a legal obligation (such as taxation, accounting, or dispute resolution).

Usage Data is generally retained for shorter periods, except where used to strengthen security or improve functionality, or where retention is legally required.

Your information, including Personal Data, may be processed at TKNOPS' operating offices in India and in any other location where Our Service Providers operate. This means Your information may be transferred to — and maintained on — servers located outside India.

In line with Section 16 of the DPDP Act, We may transfer personal data outside India to any country or territory except those specifically restricted by the Central Government of India by notification.

TKNOPS will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy, including entering into appropriate contracts with cross-border Service Providers.

The security of Your Personal Data is important to Us. In accordance with Section 8(5) of the DPDP Act, We implement reasonable security safeguards to prevent personal data breaches, including:

• Encryption of data in transit (TLS/HTTPS) and at rest where appropriate
• Access controls and authentication
• Regular security reviews
• Employee confidentiality obligations
• Vendor due diligence

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Data Breach Notification

In the event of a personal data breach, We will notify the Data Protection Board of India and affected Data Principals as required under the DPDP Rules, 2025, including details of the nature, extent, and likely consequences of the breach, and the mitigation measures We have taken.

If You are a resident of India (or a Data Principal whose data is processed in India), the DPDP Act provides You with the following rights:

• Right to access information: Obtain a summary of the personal data being processed, the processing activities, and the identities of other Data Fiduciaries and Processors with whom Your data has been shared.
• Right to correction and erasure: Request correction of inaccurate or misleading data, completion of incomplete data, updating, and erasure of personal data no longer necessary for the specified purpose.
• Right of grievance redressal: Use Our grievance redressal mechanism (see Section 13) before approaching the Data Protection Board.
• Right to nominate: Nominate another individual who shall exercise Your rights in the event of Your death or incapacity.
• Right to withdraw consent: Withdraw consent at any time, as easily as it was given. Withdrawal will not affect the lawfulness of processing prior to withdrawal, and may limit Our ability to provide certain features.

To exercise these rights, contact Us at [email protected] or use the in-product privacy controls. We may verify Your identity before responding. We will respond within the timelines prescribed under the DPDP Rules.

Because reApply.io is an AI-powered career intelligence platform, You acknowledge that:

• Your uploaded resumes, job descriptions, and inputs are processed by AI models (some operated by Us, some by trusted third-party AI providers under data processing agreements) to generate the outputs You request.
• We instruct Our AI vendors not to train their foundation models on Your private content, and We rely on enterprise/API agreements with privacy-preserving terms where available.
• AI outputs may contain inaccuracies. You are responsible for reviewing and verifying any AI-generated content before use.

Our Service is not directed to anyone under the age of 18. We do not knowingly collect personal data from children. Under Section 9 of the DPDP Act, if We process the personal data of a child or a person with a disability (with a lawful guardian), We will obtain verifiable consent from the parent or lawful guardian and will not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

If You are a parent or guardian and believe Your child has provided Us with Personal Data, please contact Us at [email protected] and We will take steps to delete that information.

If You are located in the European Economic Area (EEA) or the United Kingdom, You may have additional rights under the GDPR / UK GDPR, including the right to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent at any time.

Our legal bases for processing under GDPR include consent, performance of a contract, legal obligations, and legitimate interests (such as securing and improving the Service). You may lodge a complaint with Your local data protection authority. To exercise GDPR rights, contact [email protected].

We work with the following categories of Service Providers, each governed by their own privacy policies:

• Cloud hosting & infrastructure (e.g., AWS, Google Cloud, Microsoft Azure)
• AI model providers (e.g., OpenAI, Anthropic, Google) – under enterprise agreements
• Payment processor: Dodo Payments – We do not store payment card details. Payment information is provided directly to Dodo Payments, which complies with PCI-DSS standards and applicable card-network security requirements. Their privacy practices are governed by their own privacy policy.
• Analytics providers (e.g., Google Analytics)
• Email & communications providers
• Customer support tools

We strongly advise You to read the privacy policies of any third-party websites or services You interact with via reApply.io.

In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, 2023, We have appointed a Grievance Officer to address complaints regarding the processing of Your personal data or the Service.

The Grievance Officer shall acknowledge complaints within 24 hours and resolve them within 15 days of receipt.

If You are not satisfied with the resolution, You may approach the Data Protection Board of India under the DPDP Act.

Our Service may contain links to third-party websites that are not operated by Us — including job boards, company websites, and external resources. If You click on a third-party link, You will be directed to that site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We may update this Privacy Policy from time to time. We will notify You of any material changes by email and/or a prominent notice on the Service, and update the “Last updated” date at the top.

You are advised to review this Privacy Policy periodically. Continued use of the Service after changes become effective constitutes Your acceptance of the revised policy.

If You have any questions, concerns, or requests regarding this Privacy Policy or Your Personal Data, please contact us: