RDY2WRK logo
RDY2WRK
Personality-aware career support

Privacy Policy

Effective date: 14th June 2026
Last updated: 14th June 2026

This Privacy Policy explains how Apna Vikas Online Services Private Limited (“Apna Vikas”, “we”, “us”, or “our”) processes personal data when you use RDY2WRK (the “Service”). RDY2WRK is owned and operated by Apna Vikas. Apna Vikas® is a registered trademark in India.

We are the data controller for personal data described in this policy. Our registered office is at 5, Golden Woods, 1st Cross Road, CSB Layout, Bangalore, Karnataka, India.

1. Who this policy applies to

This policy applies to users of the RDY2WRK mobile application, related websites, beta registration flows, and any support or data-request channels we operate. The Service is intended for adults aged 18 and over and is not directed at children.

2. Personal data we collect

Depending on how you use the Service, we may collect the following categories of personal data:

  • Account and identity — name, email address, password (stored in hashed form), profile details, login and session identifiers.
  • Assessment data — Enneagram assessment responses, scores, completion status, and related timing metadata.
  • Project and document data — project names, uploaded files (for example CVs and job descriptions), text extracted from documents, and URLs you submit for fetching.
  • AI interaction data — chat messages, voice interaction metadata, tool usage, and AI-generated responses connected to your account and projects.
  • Credits and usage — credit grants, consumption, budget-related records, and feature usage needed to operate the Service.
  • Payment-related data — purchase references and billing metadata from Google Play (Android) or Razorpay (web). We do not store full payment card numbers.
  • Device and technical data — device type, operating system, app version, browser type (where applicable), time zone, IP address, referrer URLs, and similar technical identifiers.
  • Security and fraud-prevention data — reCAPTCHA signals, authentication events, rate-limit records, and security logs.
  • LinkedIn beta data (if you use it) — LinkedIn profile identifiers, name, and business email submitted during beta registration, as permitted by your LinkedIn authorisation.
  • Communications — messages you send us through our data-request or support channels.

3. How we use personal data

We use personal data to:

  • create and manage your account and authenticate you;
  • provide personality-aware career coaching, assessments, and AI tools;
  • store and process your projects, documents, and conversations;
  • operate credits, usage limits, and paid features;
  • process payments through app stores and payment providers;
  • maintain security, prevent abuse, and troubleshoot errors;
  • comply with law and respond to lawful requests;
  • improve reliability and performance of the Service.

We do not use your assessment answers or documents to make solely automated decisions that produce legal or similarly significant effects about you without appropriate safeguards. AI outputs are coaching assistance and require your judgment.

4. Lawful bases for processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, we process personal data on these bases:

Processing activity Lawful basis (Art. 6 GDPR)
Account creation, login, and providing core Service features Performance of a contract
Assessment, projects, documents, and AI coaching tied to your account Performance of a contract
Credits, usage metering, and paid feature delivery Performance of a contract; legal obligation where tax or accounting rules apply
Security monitoring, fraud prevention, reCAPTCHA, and abuse detection Legitimate interests (protecting the Service and users)
Server, error, and traffic logs for reliability Legitimate interests (operating and securing infrastructure)
Optional marketing or non-essential analytics (if introduced later) Consent, where required
Records we must keep for tax, accounting, or legal claims Legal obligation and, where applicable, legitimate interests

Where we rely on legitimate interests, we balance those interests against your rights. You may object to certain processing as described in Section 10.

5. India (Digital Personal Data Protection Act)

If you are in India, we process personal data in accordance with applicable Indian law, including the Digital Personal Data Protection Act, 2023, where it applies. You may contact our grievance officer Sumitha Venkatesh using the data-request channel in Section 11.

6. How we share personal data

We do not sell your personal data. We share data only as needed to run the Service:

  • Cloud and AI infrastructure providers — including Microsoft Azure and Amazon Web Services (AWS) for hosting, storage, and cloud AI / voice-video infrastructure.
  • AI model providers — to generate coaching responses (for example via Azure-hosted AI services).
  • Google — for reCAPTCHA and, on Android, Google Play billing.
  • Razorpay — for web payments.
  • LinkedIn — if you choose LinkedIn beta sign-in, subject to LinkedIn’s own terms and privacy policy.
  • Email delivery providers — to send account, security, and support messages.
  • Professional advisers or authorities — where required by law or to protect rights, safety, and security.

These recipients act as processors or independent controllers according to their role. We require processors to protect personal data under contractual terms appropriate to the processing.

7. International transfers

Personal data may be processed in India and in other countries where our service providers operate, including the United States.

Where required by applicable law (including for EEA and UK users), we rely on appropriate safeguards for international transfers, such as standard contractual clauses approved for international data transfers and comparable protections in our agreements with cloud and AI providers.

8. Retention

  • Active account data — kept while your account is active so we can provide the Service.
  • After a verified deletion request — we aim to erase personal data within one (1) week, including from backups where practicable.
  • Security, traffic, and error logs — kept for up to one (1) week, then deleted or anonymised.
  • Payment and billing records — retained for as long as required by applicable tax, accounting, and payment law (which may be longer than one week).

9. Security

We use administrative, technical, and organisational measures designed to protect personal data, including access controls, encryption in transit where supported, and monitoring for abuse. No method of transmission or storage is completely secure; please use a strong, unique password and keep your login credentials confidential.

10. Your rights

EEA and UK users (GDPR)

Subject to applicable law, you may have the right to:

  • Access personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase personal data in certain circumstances;
  • Restrict processing in certain circumstances;
  • Data portability — receive certain data in a structured, commonly used format;
  • Object to processing based on legitimate interests;
  • Withdraw consent where processing is based on consent (without affecting prior lawful processing);
  • Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of alleged infringement. A list of EU data protection authorities is published by the European Data Protection Board.

India

Where applicable under Indian law, you may have rights to access, correction, erasure, and grievance redressal. Contact our grievance officer: Sumitha Venkatesh

All users

We respond to verified rights requests within approximately one month, unless a longer period is permitted by law. Normal access, correction, deletion, and portability requests are handled free of charge. We may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive, as permitted by law.

11. How to contact us and exercise your rights

EU representative: We have not appointed an EU representative under Article 27 GDPR. If you are in the EEA or UK, please contact us using our data-request form.

To exercise privacy rights, request account deletion, or ask questions about this policy, use our secure data-request form:

Submit a privacy or data request

For deletion and sensitive requests, we use two-step verification (for example confirming control of your registered email or account) before completing the request.

We do not publish a public email address for privacy requests on this website to reduce spam.

12. Cookies and similar technologies

Our marketing site may use essential cookies or local storage needed for security (for example CSRF tokens) and basic functionality. If we introduce non-essential analytics or marketing cookies in the future, we will update this policy and, where required, ask for consent before using them.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may also be communicated through the app or by email where appropriate.

14. Related documents

Please also read our Terms of Service, which govern your use of RDY2WRK.