KNOVIA.AI PRIVACY POLICY

1. Purpose of Data Collection

Knovia collects your personal data for the following specific and lawful purposes:

• Assessment & Scoring: To generate your Knovia Role-Readiness Score (KRS) - an evidence-based employability score that evaluates your readiness for specific technology roles.
• AI-Powered Insights: To provide AI-generated skill gap analysis, learning recommendations, and resume improvement suggestions.
• Evidence Verification: To verify the authenticity of your skills through GitHub API validation, certificate review, and mentor confirmation workflows.
• Platform Operations: To maintain and operate the Platform, fix bugs, improve accuracy of our scoring models, and develop new features.
• Communication: To send you account notifications, score reports, feature updates, and feedback requests.
• Safety & Compliance: To detect and prevent fraud, enforce our Terms of Use, and comply with applicable laws.

We do not collect personal data for any purpose other than those stated above. Your data is never sold, rented, or traded to third parties for marketing or advertising purposes.

2. Information We Collect

We collect the following categories of personal data, each linked to the specific purpose for which it is required:

2.1 Personal Identification Data

Collected during account registration and profile setup:

• Full name, email address, and phone number - for account creation, authentication, and communication
• Date of birth (optional) and gender (optional) - for demographic analytics only
• City and state of residence - for location-relevant role recommendations
• College name, degree, branch, and graduation year - for academic context in your readiness score

2.2 Profile, Resume & Professional Data

Provided by you during onboarding and profile completion:

• Resume file (PDF/DOCX only) and its parsed contents - for resume quality scoring and ATS analysis
• Education details, internship and work experience, projects, and freelance work - for evidence scoring
• Skills (manually added and AI-extracted from your resume) - for role fitment and gap analysis
• Certifications, uploaded certificates, and certificate URLs - for learning evidence verification
• LinkedIn profile link - for profile completeness and branding assessment
• GitHub username and public repository metadata (fetched via GitHub API) - for technical skill evidence scoring

2.3 Assessment & Evidence Data

• MCQ assessment scores and coding assessment results (via Knovia platform)
• Code artefacts and repository metadata extracted through GitHub API (public repositories only)
• Verified experience data from mentor or manager email confirmations
• Admin-reviewed certificate approval or rejection logs
• Combined Evidence Confidence Factor calculations

2.4 Learning & Certifications Data

• Course completions and certificates from external platforms (Udemy, Coursera, LinkedIn Learning, etc.)
• Degree completion details and learning activity timestamps
• Learning Quotient computation metadata

2.5 Behavioural & Track Record Data

• Internship and freelance project timelines (start/end dates)
• GitHub repository update timestamps and activity continuity
• Mentor/employer feedback ratings
• Consistency and cadence score computations

2.6 System & Usage Data (Automatically Collected)

• Device type, operating system, browser type, and version
• IP address and approximate geographic location
• Session data, log data, and page interaction metadata
• Cookies and local storage tokens (see Section 8 for details)

2.7 AI-Generated Derivative Data

Knovia creates the following derivative information from your inputs using AI processing:

• Skill Gap Reports and role-specific learning recommendations
• ATS-friendly resume suggestions
• Role Fitment Scores and Skill Evidence Confidence Factors
• Combined Predictor Dashboard outputs
• AI-generated text summaries, insights, and explanations

These outputs are generated using Azure-hosted infrastructure and OpenAI APIs. Your personal data is not used to train AI models (see Section 3.2 for details).

3. How We Store and Protect Your Data

3.1 Hosting & Infrastructure

Your data is hosted on Microsoft Azure Cloud, which maintains the following certifications and standards:

• ISO/IEC 27001:2022 (Information Security Management)
• SOC 1 Type II and SOC 2 Type II
• GDPR-equivalent data protection controls
• Encryption at rest (AES-256) and in transit (TLS 1.2+)

3.2 AI Processing & Data Safety

AI-powered features use OpenAI APIs through secure, encrypted API calls. Specifically:

• Your personal data is NOT used to train OpenAI models or any third-party AI models
• OpenAI does not retain input data beyond 30 days for abuse monitoring purposes
• No human review of your data occurs at OpenAI unless required for safety investigation
• No fine-tuning of AI models is performed using your personal data without your separate, explicit consent

3.3 Security Practices

• All data transmitted to and from Knovia.ai is encrypted using HTTPS/TLS protocols
• Google OAuth 2.0 is used for secure authentication - we do not store your Google password
• Role-based access controls restrict internal access to personal data
• System activity logging and security monitoring are in place
• Periodic security audits and vulnerability assessments are conducted
• Data breach detection and response procedures are maintained (see Section 10)

4. Legal Basis for Processing

Under the DPDPA, we process your personal data based on the following legal grounds:

• Consent: You provide explicit, informed consent at the time of registration and at each stage where additional data is collected. Consent is granular - you can withdraw consent for specific processing activities without affecting others.
• Voluntary Provision for Specified Purpose: Where you voluntarily provide data during profile completion, resume upload, or assessment participation, such data is processed for the purpose of delivering the Platform services you have requested.
• Legal Obligation: Where processing is necessary to comply with applicable laws, respond to legal proceedings, or cooperate with regulatory authorities.

5. How We Obtain Your Consent

Knovia implements the following consent mechanisms in compliance with the DPDPA:

• Registration Consent: At the time of account registration, you are presented with this Privacy Policy and our Terms of Use. You must actively check a consent checkbox confirming that you have read and agree to both documents before your account can be created.
• Data Upload Consent: When you upload a resume, certificates, or connect your GitHub account, a clear notice explains what data will be processed and why. You actively confirm before each action.
• Cookie Consent: On first visit, a cookie consent banner is displayed explaining what cookies are used, their purpose, and your option to accept or reject non-essential cookies.
• Recruiter Visibility Consent: If you choose to make your profile visible to recruiters, a separate, explicit opt-in is required with a clear explanation of what data will be shared.

You may withdraw your consent at any time by contacting privacy@knovia.ai or using the in-app settings. Withdrawal of consent will result in cessation of the relevant processing activity. Some core platform features may become unavailable if consent for essential processing is withdrawn.

6. How We Share Your Information

We do NOT sell, rent, or trade your personal data to any third party. We may share your data only in the following limited circumstances:

6.1 Service Providers (Data Processors)

The following third-party service providers process data on our behalf under strict contractual obligations:

• Microsoft Azure - cloud hosting, compute, and storage infrastructure
• OpenAI - AI text generation and analysis via API (no model training on your data)
• Google (OAuth 2.0) - authentication services
• Email service providers - for transactional and notification emails

6.2 Recruiters (Only With Your Explicit Opt-In)

If you choose to make your profile visible to recruiters, we may share: your profile details, Knovia Role-Readiness Score, and skill evidence snapshot. You can revoke this visibility at any time from your dashboard settings.

6.3 Legal & Regulatory Authorities

We may disclose your data when required by law, court order, or government regulation, or when necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

7. Your Rights Under Indian Law (DPDPA 2023)

As a data principal, you have the following rights under the Digital Personal Data Protection Act, 2023:

• Right to Access: Request access to a summary of your personal data being processed.
• Right to Correction & Erasure: Request correction of inaccurate or incomplete personal data, and erasure of data that is no longer necessary for the stated purpose.
• Right to Withdraw Consent: Withdraw your consent for any or all processing activities at any time.
• Right to Nominate: Nominate another individual to exercise your data rights on your behalf.
• Right to Grievance Redressal: Lodge a complaint with the Data Protection Board of India if you believe your data rights have been violated.

To exercise any of these rights: Email us at privacy@knovia.ai with the subject line "Data Rights Request - [Your Name]". We will acknowledge your request within 48 hours and fulfill it within 30 days, unless a longer period is justified and communicated to you.

8. Cookies & Tracking Technologies

Knovia uses cookies and similar technologies for the following purposes:

You can manage cookie preferences through the cookie consent banner displayed on your first visit, or at any time through your browser settings. Disabling essential cookies may prevent core platform features from functioning correctly.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Upon account deletion, all personal data is permanently removed from active systems. Backup copies are purged within the retention cycle specified above. Recruiter visibility is revoked immediately upon deletion.

10. Data Breach Notification

In the event of a personal data breach that is likely to cause harm to you, Knovia will:

• Notify the Data Protection Board of India as soon as practicable, and in any case within the timeframe prescribed under the DPDP Rules.
• Notify affected data principals (you) via email and in-app notification, describing the nature of the breach, the data affected, and the steps we are taking to mitigate harm.
• Take immediate technical and organizational measures to contain and remediate the breach.
• Maintain a breach register documenting all incidents, investigations, and remediation actions.

11. Children's Privacy

Knovia is designed for individuals aged 18 years and above. We do not knowingly collect personal data from individuals under the age of 18.

If we become aware that we have inadvertently collected personal data from a minor (under 18 years), we will promptly delete such data and terminate the associated account. If you are a parent or guardian and believe your child has provided data to Knovia, please contact us immediately at privacy@knovia.ai.

In the event that Knovia introduces features for users between 16-18 years of age in the future, we will implement verifiable parental consent mechanisms as required under the DPDPA before processing any such data.

12. International Data Transfers

Your data is primarily stored and processed in India on Microsoft Azure infrastructure. Limited international transfers occur only for:

• OpenAI API processing - data is transmitted to OpenAI servers (US/EU) via encrypted API calls for AI text generation. No data is retained by OpenAI beyond 30 days.
• Cloud redundancy - Microsoft Azure may replicate data across regions as part of its global infrastructure for reliability and disaster recovery.

All international transfers are conducted using Standard Contractual Clauses (SCCs), encryption in transit, and contractual safeguards that ensure a level of protection equivalent to Indian law. We will comply with any restrictions on cross-border data transfer notified by the Central Government under Section 16 of the DPDPA.

13. AI Transparency

Knovia uses artificial intelligence in the following areas of the Platform:

• Skill extraction from uploaded resumes
• Generation of skill gap analysis reports
• Learning and course recommendations
• Resume improvement suggestions
• Scoring explanations and predictor summaries

We are committed to full transparency about our AI usage:

• AI is used as an assistive tool - all scores and insights are informational, not deterministic
• AI outputs do not constitute hiring decisions. Recruiters must apply independent human judgment
• We do not use AI for automated decision-making that produces legal or similarly significant effects on you without human review
• We do not train proprietary AI models on your personal data without your separate, explicit consent
• AI-generated content is clearly labelled as such within the Platform

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA, the details of the Grievance Officer are as follows:

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 30 days of receipt. If you are not satisfied with the resolution, you may escalate your complaint to the Data Protection Board of India.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email to the address associated with your account
• We will display a prominent in-app notification alerting you to the changes
• Where required, we will seek your renewed consent for any new processing activities

Your continued use of the Platform after the updated policy is posted constitutes your acceptance of the changes.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

This Privacy Policy is published and made available in accordance with the Digital Personal Data Protection Act, 2023, and is accessible at all times from the footer of every page on knovia.ai, near all data collection forms, and within the user account settings.