Company
Privacy Notice
Plain-language notice for how Credensa collects, uses, protects, shares, and lets you control personal data.
DPDP-ready controls
Consent, access, correction, deletion, withdrawal, nomination, and grievance workflows are available.
Specific purposes
Personal data is collected for account access, resume workflows, security, exports, and support.
Private by default
Career records, resumes, uploads, and portfolios stay private unless you publish or share them.
Who operates the service
Credensa is a career intelligence, resume, portfolio, and application workflow platform. For Indian users, Credensa acts as a Data Fiduciary for account and product data it determines how to process.
- Service operator: Credensa
- Service URL: https://credensa.in
- Privacy and grievance email: credensainfo@gmail.com
- Grievance Officer: Zuber Shaikh, Credensa
Information we collect
We collect only data needed to create an account, run the product, secure the service, and support you.
- Account data: name, username, email, password credential, OAuth profile data where used
- Career data: resumes, notebook entries, projects, skills, cover letters, portfolios, job descriptions
- Uploads and exports: images, screenshots, PDFs, and files you choose to upload or generate
- Security data: sessions, IP-derived metadata, user agent, auth events, abuse prevention logs
- AI workflow data: prompts, generated drafts, proof checks, workflow status, provider metadata
Why we process data
Each processing purpose has a defined reason. We do not rely on a broad legitimate-interest basis for private-company processing under DPDP.
- Account creation and authentication
- Resume, career record, ATS analysis, cover letter, portfolio, and PDF export workflows
- Optional AI generation and refinement when you run those features
- Security, fraud prevention, rate limiting, and service reliability
- Support, grievance handling, and legal compliance
Consent and withdrawal
Consent is requested separately from Terms acceptance where required. Optional consent can be withdrawn from Privacy & Data settings.
- Signup asks for a standalone privacy notice acceptance before account creation
- AI, analytics, and marketing purposes are tracked as separate processing purposes
- Withdrawal is recorded in an auditable consent log
- Core service processing can be stopped by deleting the account or submitting an erasure request
Processors and cross-border transfer
Credensa may use service providers in India or other countries for hosting, auth, storage, email, monitoring, AI, and payment workflows. Transfers are monitored against Government of India restrictions as they are notified.
- Hosting/database: managed hosting, database, CDN, and configured infrastructure providers
- Authentication: email/password identity, session management, and optional OAuth providers
- Storage/export: object storage, upload, export, and document-rendering services
- AI providers: hosted AI model, AI gateway, and optional local/self-hosted model providers
- Monitoring/email/payments: error monitoring, transactional email, billing, payment, and consent-gated analytics providers
Retention and deletion
Account and career data is retained while your account is active. You can delete content or delete your account from the app.
- Resume, career, portfolio, and upload data is deleted when you delete it or delete your account
- Operational logs are minimized and should follow a defined security retention period
- Backups follow provider purge cycles and are not used for new processing after deletion
- Records legally required for tax, billing, fraud, or security may be retained separately where required
Your DPDP rights
Authenticated users can use Privacy & Data settings for self-serve controls. You may also contact the grievance email.
- Right to access a summary and export of personal data
- Right to correction through profile, career record, resume, and request workflows
- Right to erasure through account deletion or specific erasure request
- Right to withdraw optional consent
- Right to nominate another person for rights exercise in case of death or incapacity
- Right to grievance redressal
Children and minors
Credensa is not intended for users under 18. Users under 18 must not create an account unless Credensa implements a verifiable parental consent process for that account.
- No targeted advertising is intended for child users
- No behavioural tracking should be enabled for identified child users
- Accounts suspected to belong to a minor may be restricted pending verification
Security and breach response
Credensa uses technical safeguards for authentication, rate limiting, access controls, private uploads, and monitoring. If a confirmed personal data breach occurs, Credensa will assess impact and notify affected users and competent authorities where required.
- HttpOnly session cookies and server-side session validation
- Private-by-default storage for new uploaded objects
- Rate limiting and login lockout controls
- Breach records should include discovery time, affected data categories, root cause, and remediation
Manage privacy controls
Use the self-serve dashboard for export, consent withdrawal, nomination, and grievance requests.