Privacy Policy

We collect the information you give us (email, name, password) and the information your device reveals (IP address, browser, locale). We use it to run the product, keep it secure, and communicate with you. We don't sell your data, we don't use it to train generic AI models, and we keep it only as long as we need it.

Questions? Write to info@fresherbot.com.

We collect three categories of data:

• Account data: email, name, hashed password, phone (optional), role.
• Usage data: pages visited, actions taken, timestamps. Kept in our audit log for security and product improvement.
• Device + network data: IP address, user-agent, approximate location (country / region).

We do NOT collect precise location, contact lists, social graphs, biometrics, or anything we haven't told you about above.

• Contract: account data and usage data are necessary to deliver the service.
• Legitimate interest: device + network data, used for security and product improvement.
• Consent: anything else (marketing emails, optional analytics). You can withdraw consent at any time.

• Authenticate your account and enforce role permissions.
• Send transactional email (verification, password resets, receipts).
• Detect abuse — rate limiting, suspicious-login alerts.
• Improve the product via aggregated, de-identified usage patterns. Individual behavior is never sold or shared.
• Meet legal obligations (tax, audit, court order).

We share data only with the processors we need to run the service. Each is contractually bound to the same standards we hold ourselves to. Current list:

• Hosting provider (DigitalOcean / AWS)
• Database provider
• Email delivery (Resend / SendGrid)
• Payment processor (Razorpay)
• Error monitoring (Sentry)

We don't share data with advertisers, data brokers, or model-training providers.

Account data: as long as your account is active + 90 days, unless legal retention requires longer.

Audit log: 90 days by default.

Backups: 30-day rolling retention; fully deleted after a canceled account's 90-day window.

Regardless of where you live, we give every user the following rights:

• Access: a copy of the data we hold on you, in JSON.
• Correction: fix anything inaccurate.
• Deletion: we wipe your account and derived records, subject to legal retention.
• Objection: opt out of any optional processing.

To exercise any right, email info@fresherbot.com from the email on your account. We reply within 30 days.

Passwords are hashed with bcrypt. Data in transit is TLS 1.2+. Data at rest is encrypted by the hosting platform. Access to production systems requires MFA. Audit logs record every admin-level action.

Our primary servers are in India. If your data crosses borders we rely on Standard Contractual Clauses with each sub-processor.

The service isn't for users under 16. We don't knowingly collect data from children. If you believe we have, write to info@fresherbot.com and we will delete it.

When we change material points we update the "last updated" date above and email every account at least 14 days before the change takes effect.

Data controller: FresherBot
Email: info@fresherbot.com
Postal: see the contact page.