Privacy Policy for Xtara Career Guidance Platform

1. Introduction

Welcome to Xtara, a comprehensive career guidance platform designed to help students and professionals make informed career decisions. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform and related services.

IMPORTANT: Xtara does NOT track users across different platforms or websites. We do not collect data used to track your activity outside our platform.

By using Xtara, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our platform.

2. Information We Collect

2.1 Personal Information

We collect the following personal information to provide you with personalized career guidance:

• Account Information: Email address, full name, phone number
• Demographic Information: Gender, date of birth, location (state, district, city)
• Educational Information: Current grade, education board, stream (Science/Commerce/Humanities/Arts)
• Academic Performance: Subject-wise marks and exam performance data
• Career Preferences: Interests, career goals, personality traits
• Family Information: Parental influence, family income, siblings information

2.2 Assessment Data

When you complete our career assessment, we collect:

• Personality Assessment: Responses to personality trait questions
• Interest Assessment: Your interests and preferences
• Academic Strengths/Weaknesses: Self-reported academic performance
• Career Aspirations: Your career goals and aspirations
• Financial Background: Family income information for scholarship recommendations

2.3 Usage Data

We automatically collect certain information about your platform usage:

• Device Information: Device type, operating system, browser version
• Usage Analytics: Page views, feature usage, time spent on different sections
• Performance Data: Platform crashes, error logs, performance metrics
• Navigation Data: Pages visited, user journey patterns

2.4 Location Data

We collect location information to provide region-specific career guidance:

• State/Union Territory: For board-specific curriculum recommendations
• District: For local institution and opportunity recommendations
• City: For nearby career opportunities and events

3. How We Use Your Information

3.1 Primary Uses

We use your information to:

• Provide Personalized Career Guidance: Generate career recommendations based on your profile
• Deliver Assessment Results: Provide detailed career path analysis and recommendations
• Recommend Courses and Institutions: Suggest relevant educational opportunities
• Personalize Content: Show relevant articles, stories, and resources
• Improve User Experience: Enhance platform functionality and user interface

3.2 Analytics and Improvement

We use aggregated data to:

• Analyze Usage Patterns: Understand how users interact with the platform
• Improve Features: Enhance existing features and develop new ones
• Optimize Performance: Identify and fix technical issues
• Conduct Research: Improve career guidance algorithms and recommendations

3.3 Communication

We may use your contact information to:

• Send Notifications: Important updates about your career recommendations
• Provide Support: Respond to your questions and provide assistance
• Send Updates: Inform you about new features and improvements
• Share Resources: Send relevant career articles and opportunities

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely using:

• Firebase Firestore: Cloud database for user profiles and assessment data
• Google Cloud Platform: Secure cloud infrastructure
• Encryption: All data is encrypted in transit and at rest
• Access Controls: Strict access controls and authentication

4.2 Data Retention

We retain your data for:

• Active Users: As long as your account is active
• Inactive Accounts: Up to 2 years after last activity
• Assessment Data: Indefinitely for improving our algorithms (anonymized)
• Analytics Data: Up to 3 years for research and improvement purposes

4.3 Data Security

We implement comprehensive security measures:

• Encryption: AES-256 encryption for all sensitive data
• Authentication: Multi-factor authentication for admin access
• Regular Audits: Security audits and vulnerability assessments
• Employee Training: Regular security training for all team members
• Incident Response: Procedures for handling security incidents

5. Data Sharing and Third-Party Services

5.1 Third-Party Services

We use the following third-party services:

• Firebase (Google): Authentication, database, analytics, and hosting
• Google Cloud Platform: Cloud infrastructure and AI services
• Vertex AI (Google): AI-powered career recommendations
• Firebase Analytics: Usage analytics and performance monitoring

5.2 Data Sharing

We do not sell, trade, or rent your personal information. We may share data only in the following circumstances:

• Service Providers: With trusted third-party services that help us operate the platform
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger, acquisition, or sale of assets
• User Consent: With your explicit consent for specific purposes

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access Your Data: Request a copy of all personal information we hold
• Update Information: Correct or update your personal information
• Delete Account: Request deletion of your account and associated data
• Data Portability: Request your data in a portable format
• Opt-Out: Opt out of certain data collection and communications

6.2 Privacy Settings

You can control your privacy through:

• Profile Settings: Update or delete personal information
• Notification Preferences: Control push notifications and emails
• Data Sharing: Choose what information to share
• Assessment Privacy: Control visibility of assessment results

6.3 Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

7. Data Collection and Analytics

7.1 Platform Analytics

We use analytics tools to understand platform usage and improve performance:

• Firebase Analytics: Track platform performance and user behavior within our platform only
• Crash Reporting: Monitor and fix platform crashes
• Performance Monitoring: Track platform speed and reliability

7.2 No Cross-Platform or Cross-Website Tracking

IMPORTANT: Xtara does NOT track users across different platforms or websites. We do not:

• Cross-Platform Tracking: Track your activity in other applications
• Cross-Website Tracking: Monitor your browsing on other websites
• User Profiling: Create profiles based on your activity outside our platform
• Behavioral Advertising: Use your data for targeted advertising across platforms

7.3 Data Not Used to Track You

All data we collect is used solely for:

• Providing personalized career guidance within our platform
• Improving platform functionality and user experience
• Technical support and troubleshooting
• Legal compliance and security

7.4 Opt-Out Options

You can control data collection through:

• Platform Settings: Disable analytics in platform preferences
• Browser Settings: Adjust privacy settings in your browser
• Contact Us: Request complete opt-out of data collection

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify You Promptly: Within 72 hours of discovering the breach
• Provide Details: Explain what information was affected
• Take Action: Implement measures to prevent further breaches
• Cooperate with Authorities: Work with relevant authorities as required

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will:

• Notify Users: Inform you of significant changes
• Update Date: Clearly indicate when the policy was last updated
• Provide Options: Give you the choice to accept or decline changes
• Maintain Transparency: Explain what changes were made and why

10. Your Rights - Account Deletion

You have the right to request the deletion of your account and all associated personal data. We will:

• Process Your Request: Within 30 days of receiving your deletion request
• Delete All Data: Remove your personal information from our systems
• Confirm Deletion: Send you a confirmation email once the deletion is complete
• Retain Legal Records: Keep only information required by law or for legitimate business purposes

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

11.1 Data Protection Officer

For EU users, you can also contact our Data Protection Officer:

Email: dpo@bigmints.com

12. Legal Basis for Processing (EU Users)

For users in the European Union, we process your data based on:

• Consent: For marketing communications and optional features
• Contract Performance: To provide career guidance services
• Legitimate Interest: For platform improvement and security
• Legal Obligation: To comply with applicable laws

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to Know: Request information about data collection and sharing
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of data sales (we do not sell data)
• Non-Discrimination: We will not discriminate against you for exercising your rights

14. India Privacy Rights (DPDPA)

For users in India, you have rights under the Digital Personal Data Protection Act:

• Right to Information: Know what personal data is being processed
• Right to Correction: Correct inaccurate personal data
• Right to Erasure: Request deletion of personal data
• Right to Grievance Redressal: File complaints about data processing

15. Governing Law

This Privacy Policy is governed by the laws of [Your Jurisdiction]. Any disputes will be resolved in the courts of [Your Jurisdiction].