OpteroAI

Privacy Policy

Last updated: April 16, 2026

1. Data controller

OpteroAI Technologies ("OpteroAI," "we," "us") is the data controller responsible for your personal data. We are registered in India under the Companies Act, 2013.

Contact: privacy@optero.ai

Address: OpteroAI Technologies, Bengaluru, Karnataka, India

2. What we collect

We collect the following categories of personal data:

Account information

  • Name, email address, and phone number (provided during sign-up)
  • Authentication data from Google, LinkedIn, or phone OTP

Profile data

  • Resume content (uploaded or pasted)
  • Skills, experience, education
  • Job preferences (roles, locations, remote/hybrid/onsite)
  • Salary expectations and current compensation
  • Career priorities and deal-breakers

LinkedIn data

  • Public profile data when you connect LinkedIn (name, headline, experience, skills)
  • Used to enrich your profile for better matching

Gmail data

  • Email metadata: sender, subject, date, and snippet
  • Email content of job-related emails only (used for classification)
  • We use this data solely to detect application status updates (interview invites, offers, rejections)

Browser extension data

  • Job listing data from supported sites (LinkedIn, Indeed, Glassdoor, Levels.fyi, Naukri)
  • We only capture data from job listing pages, not your general browsing activity

Usage data

  • Pages visited within OpteroAI, features used, and interaction patterns
  • Collected via PostHog analytics (with your consent)

Device and technical data

  • Browser type, operating system, IP address
  • Collected automatically for security and debugging purposes

3. How we use your data

  • Score and rank job listings based on your profile and preferences
  • Generate AI-powered match recommendations and career insights
  • Track your application pipeline and detect status changes via Gmail
  • Classify emails to identify interview invites, offers, and rejections
  • Parse and analyze resumes for profile building
  • Provide AI-powered offer evaluation and interview preparation
  • Process payments and manage your billing
  • Communicate with you about the Service (account updates, security alerts)
  • Improve the Service using aggregated, anonymized data
  • Detect and prevent fraud, abuse, and security threats

4. Legal basis for processing (GDPR)

If you are in the European Economic Area, we process your data under these legal bases:

  • Consent: For Gmail access, LinkedIn profile access, and analytics cookies. You can withdraw consent at any time.
  • Contract performance: For processing data necessary to provide the core Service (account management, job matching, application tracking).
  • Legitimate interest: For security, fraud prevention, and Service improvement using anonymized data.
  • Legal obligation: For complying with applicable laws, tax requirements, and responding to legal requests.

5. Gmail API compliance (Google Limited Use Policy)

Our use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We access Gmail data solely to detect job application status updates (interview invites, offers, rejections, acknowledgments).
  • We do not use Gmail data for advertising, marketing, or any purpose unrelated to the Service.
  • We do not sell, share, or transfer Gmail data to third parties except as necessary to provide the Service (e.g., AI classification via Google Cloud Vertex AI).
  • Access is limited to reading email metadata and content of job-related emails only.
  • We do not store full email bodies. We extract classification results and discard the raw content.
  • You can disconnect Gmail at any time from your settings. Disconnecting immediately revokes our access.

6. AI processing

Your data is processed by Claude (Anthropic) via Google Cloud Vertex AI to generate match scores, recommendations, email classifications, and career insights. Specifically:

  • Data sent to the AI model is not used to train foundation models (per Vertex AI data processing terms).
  • We send only the minimum information needed for each request.
  • AI processing occurs in the us-east5 Google Cloud region.

7. Data sharing

We do not sell your personal data. Ever.

We share data only with the following service providers, strictly for operating the Service:

  • Google Cloud Platform -- Infrastructure hosting, AI processing (Vertex AI), database (Cloud SQL), authentication (Firebase)
  • Razorpay -- Payment processing for Indian users
  • Paddle -- Payment processing for international users
  • PostHog -- Product analytics (with your consent)

We may disclose data if required by law, court order, or government request, or to protect the safety and security of our users and the Service.

8. Data storage and security

Your data is stored on Google Cloud Platform with the following protections:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • OAuth tokens encrypted via Cloud SQL Customer-Managed Encryption Keys (CMEK)
  • Parameterized queries to prevent SQL injection
  • Rate limiting on all API endpoints
  • Input validation on all user-provided data
  • Regular security updates and dependency audits

9. Data retention

  • Active accounts: Data is retained for as long as your account is active.
  • Deleted accounts: All personal data is permanently deleted within 30 days of account deletion.
  • Gmail tokens: Revoked immediately when you disconnect Gmail.
  • Anonymized data: Aggregated, anonymized data (e.g., salary statistics, market trends) may be retained indefinitely as it cannot be linked back to you.
  • Legal obligations: We may retain certain data longer if required by law (e.g., tax records, legal disputes).

10. Your rights

Regardless of where you are located, you have the following rights:

  • Access: View all your personal data from the settings page.
  • Correction: Edit your profile data at any time.
  • Deletion: Delete your account and all associated data.
  • Export: Request a copy of your data by contacting us.
  • Withdraw consent: Disconnect Gmail, revoke LinkedIn access, or disable analytics at any time.
  • Restrict processing: Request that we limit how we use your data.
  • Object: Object to processing based on legitimate interest.
  • Complaint: Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at privacy@optero.ai. We will respond within 30 days.

11. DPDPA 2023 compliance (Indian users)

For users in India, we comply with the Digital Personal Data Protection Act, 2023 (DPDPA):

  • Data fiduciary: OpteroAI Technologies acts as a Data Fiduciary under the DPDPA. We process your data only for the purposes described in this policy.
  • Consent: We obtain your consent before collecting and processing personal data. Consent is specific, informed, and freely given.
  • Data principal rights: As a Data Principal, you have the right to access, correct, and erase your personal data, and to nominate another person to exercise these rights on your behalf.
  • Grievance officer: For grievances related to data processing, contact our Data Protection Officer at privacy@optero.ai.
  • Data breach notification: In the event of a personal data breach, we will notify the Data Protection Board of India and affected users as required by the DPDPA.

12. GDPR rights (European users)

If you are in the European Economic Area (EEA), you have the following additional rights under the General Data Protection Regulation (GDPR):

  • Right to data portability (receive your data in a machine-readable format)
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to object to automated decision-making
  • Right to lodge a complaint with your supervisory authority

Our AI scoring and matching does involve automated processing, but we do not make solely automated decisions with legal or significant effects. You always have the final decision on which jobs to apply for.

13. CCPA rights (California users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You can request what personal information we collect, use, and disclose.
  • Right to delete: You can request deletion of your personal information.
  • Right to opt-out: We do not sell personal information, so there is nothing to opt out of.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at privacy@optero.ai.

14. International data transfers

Your data may be processed in the following regions where our cloud infrastructure operates:

  • India (asia-south1) -- Primary database and application hosting
  • United States (us-east5) -- AI processing via Google Cloud Vertex AI

Where data is transferred outside your jurisdiction, we rely on Google Cloud's data processing agreements and standard contractual clauses to ensure adequate protection.

15. Cookies

We use the following types of cookies:

  • Essential cookies: Session cookie (opteroai_session, httpOnly, 14-day expiry) for authentication. Theme preference. These are required for the Service to function.
  • Analytics cookies: PostHog analytics for understanding how the Service is used. These are only set with your consent via the cookie consent banner.

We do not use advertising cookies. You can manage your cookie preferences at any time through the cookie consent banner.

16. Children

OpteroAI is a professional career tool designed for adults. We do not knowingly collect personal data from children under the age of 13 (or 16 in the EEA). If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@optero.ai.

17. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before taking effect. The "Last updated" date at the top of this page reflects when the policy was last modified.

18. Contact and Data Protection Officer

For any privacy-related questions, data requests, or concerns, contact our Data Protection Officer:

Email: privacy@optero.ai

Address: OpteroAI Technologies, Bengaluru, Karnataka, India

We will respond to all legitimate requests within 30 days. In complex cases, we may extend this by an additional 30 days, in which case we will inform you of the extension and reasons.