Privacy Policy

Welcome to Mentark ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our career analytics and diagnostic platform.

This Privacy Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 (as amended in 2008), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By using our services, you consent to the collection and use of your personal data as described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

Name of Data Fiduciary: Mentark

Contact Information:

• Email: connect@mentark.com
• Website: https://mentark.com
• Address: Ambad, Jalna Maharashtra, INDIA PIN code 431204

Grievance Officer: [Name of Grievance Officer]
Email: connect@mentark.com
Address: Ambad, Jalna Maharashtra, INDIA PIN code 431204

We collect the following categories of personal data:

3.1. Personal Identification Information

• Full name
• Email address (optional, for registered users)
• Age (17-22 years)
• Gender (Male, Female, Other, Prefer not to say)
• City and State

3.2. Educational Information

• Educational institution name, city, state, and type
• Academic level (11th, 12th, Graduate)
• Degree type and specialization (for graduate students)
• Academic year (Y1, Y2, Y3, Y4)

3.3. Diagnostic and Assessment Data

• Responses to diagnostic questions (JEE/NEET preparation)
• Responses to career stimulation questions
• Analytics scores and indices
• Session data and timestamps

3.4. Technical and Usage Data

• Anonymous ID (browser fingerprint or generated identifier)
• Device information (browser type, operating system)
• IP address (anonymized where possible)
• Cookies and similar tracking technologies
• Usage patterns and interaction data

3.5. Payment Information

When you make payments through Razorpay, we do not store your payment card details. Payment information is processed securely by Razorpay in accordance with their privacy policy and RBI guidelines. We only receive transaction IDs and payment status.

We process your personal data for the following purposes:

• Service Delivery: To provide career analytics, diagnostic assessments, and personalized insights
• Analytics and Reporting: To generate academic and cognitive indices, career path recommendations, and analytical dashboards
• AI-Powered Descriptions: To generate personalized explanations and career path narratives using AI services (OpenAI, Google Gemini, Perplexity)
• Account Management: To create and manage your user account, track your progress, and enable multi-attempt tracking
• Payment Processing: To process payments for premium services through Razorpay
• Service Improvement: To improve our algorithms, user experience, and service quality
• Legal Compliance: To comply with applicable Indian laws and regulations
• Security and Fraud Prevention: To protect our platform from fraud, abuse, and security threats

We process your personal data based on the following legal grounds under the DPDP Act, 2023:

• Consent: Your explicit, informed, and unambiguous consent to use our services
• Legitimate Use: Processing necessary for providing the services you have requested
• Legal Obligations: Compliance with applicable laws and regulations

You have the right to withdraw your consent at any time. However, withdrawal of consent may affect your ability to use certain features of our services.

We may share your personal data with the following third parties:

6.1. AI Service Providers

• OpenAI: For generating career path explanations and narrative content (data processed in accordance with OpenAI's privacy policy)
• Google Gemini: For generating dashboard explanations and research tasks (data processed in accordance with Google's privacy policy)
• Perplexity: For career research and industry information (data processed in accordance with Perplexity's privacy policy)

Note: When we share data with AI providers, we only share processed analytics data and context, never raw personal responses or identifying information beyond what is necessary for the service.

6.2. Payment Gateway

• Razorpay: For processing payments (payment data is handled by Razorpay in accordance with RBI guidelines and Razorpay's privacy policy)

6.3. Cloud Infrastructure

• Supabase: For database storage and backend services (data stored in secure, encrypted databases)

6.4. Error Tracking

• Sentry: For error monitoring and debugging (only technical error data, no personal information)

6.5. Legal Requirements

We may disclose your data if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

We do not sell your personal data to third parties. All third-party service providers are contractually bound to protect your data and use it only for the purposes we specify.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

• User Profiles: Retained for the duration of your account and up to 3 years after account deletion request
• Diagnostic Responses: Retained for 5 years for analytics and service improvement purposes
• Analytics Data: Retained for 5 years for historical analysis and service enhancement
• Payment Records: Retained for 7 years as required by Indian tax and accounting laws
• Anonymous IDs: Retained for 1 year after last activity

Upon expiration of the retention period, we will securely delete or anonymize your personal data in accordance with our data deletion procedures.

We implement reasonable security practices and procedures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, in compliance with the IT Act, 2000 and DPDP Act, 2023.

Our security measures include:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Employee training on data protection and privacy
• Secure cloud infrastructure with industry-standard safeguards
• Regular backups and disaster recovery procedures

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Under the DPDP Act, 2023, you have the following rights regarding your personal data:

• Right to Access: You can request a copy of your personal data that we hold
• Right to Correction: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data, subject to legal retention requirements
• Right to Withdraw Consent: You can withdraw your consent at any time
• Right to Grievance Redressal: You can file a complaint with us or the Data Protection Board
• Right to Nominate: You can nominate someone to exercise your rights in case of death or incapacity

To exercise any of these rights, please contact us at connect@mentark.com or use our grievance redressal mechanism. We will respond to your request within 30 days.

Our services are designed for students aged 17-22 years. For users below 18 years of age, we require parental or lawful guardian consent before processing personal data.

We do not engage in behavioral monitoring or targeted advertising directed at minors. We take special care to protect the privacy and security of children's data.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at connect@mentark.com.

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our services. For detailed information about our cookie practices, please refer to our Cookie Policy.

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our services.

Some of our third-party service providers (such as OpenAI, Google, and Perplexity) may process your data outside India. When we transfer data outside India, we ensure that:

• The transfer is necessary for providing the services you have requested
• The recipient has adequate data protection measures in place
• We have contractual agreements requiring the recipient to protect your data

By using our services, you consent to such cross-border transfers as necessary for service delivery.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to registered users (if you have provided an email address)
• Displaying a prominent notice on our platform

Your continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes.

If you have any concerns, complaints, or questions about this Privacy Policy or our data practices, you can contact us:

• Email: connect@mentark.com
• Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days

If you are not satisfied with our response, you have the right to file a complaint with the Data Protection Board of India as per the DPDP Act, 2023.

For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact: