Consistar

Privacy Policy

Effective Date: 1 June 2025  ·  Last Updated: 1 June 2025  ·  Platform: Consistar


1. Overview

  • This Privacy Policy explains how Consistar collects, uses, stores, and protects your personal data when you use our AI-powered career execution platform.
  • It applies to all users who visit our website, register an account, complete the career intake, or receive emails from Consistar.
  • By using the Platform, you consent to the data practices described in this Policy.
  • This Policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 of India.
  • If you do not agree with this Policy, please stop using the Platform and contact us to delete your data.

2. Our Core Privacy Commitments

  • We do not sell your personal data to any third party, ever.
  • We do not share your data with advertisers or ad networks.
  • We do not use your data for any purpose beyond delivering and improving the Platform.
  • You can request access, correction, or deletion of your data at any time.
  • We collect only the minimum data necessary to deliver the Service.

3. Data We Collect

a) Account Data

  • Name, email address, and profile photo URL collected via Google OAuth 2.0 at registration.

b) Career Intake Data

  • Career stream selection (e.g. IT, UPSC, CA, MBBS, MBA).
  • Current role, career goal, experience level, and answers to up to 10 intake questions.
  • Collected when you complete the intake questionnaire.

c) Plan and Progress Data

  • Your AI-generated 90-day career plan stored as JSON.
  • Readiness score (0–100).
  • Daily tasks completed, milestone status, and streak count.
  • Career wins you voluntarily log on the Platform.

d) Payment Data

  • Razorpay order ID, payment status, subscription tier (Free / Pro Monthly / Pro Annual), and amount paid.
  • We do not store card numbers, CVV, UPI PINs, or any raw payment credentials. These are handled exclusively by Razorpay.

e) Usage Data

  • Pages visited, features used, session duration, button clicks, browser type, and device type.
  • Collected automatically via PostHog analytics in anonymized form.

f) Email Logs

  • Email send timestamp, open status, and email type (welcome, weekly nudge, milestone, etc.).
  • Collected via Resend.com for delivery diagnostics.

What we do NOT collect:

  • Aadhaar number, PAN card, bank account details, or any government-issued ID.
  • Biometric data or precise GPS location.
  • Social media passwords or access tokens beyond Google sign-in.
  • Sensitive personal data beyond what is listed above.

4. How We Use Your Data

  • Account data (name, email) — to create your account, send transactional emails, and identify you within the Platform.
  • Career intake responses — to generate your AI-powered readiness score and 90-day execution plan via the Anthropic Claude API.
  • Plan and progress data — to display your dashboard, track milestones, maintain your streak, and generate weekly progress emails.
  • Payment data — to verify your subscription status, unlock Pro features, and generate payment receipts via Razorpay.
  • Usage data — to understand how users interact with the Platform, identify bugs, and improve the user experience. Never for ad targeting.
  • Email logs — to ensure delivery of transactional emails and diagnose failures.
  • Outcome data — to populate your achievement timeline and, with your explicit consent only, as anonymized success stories.
  • Legal bases for processing under DPDP Act 2023: consent (given at registration), contractual necessity (to deliver your subscription), and legitimate interest (to maintain platform security and improve service quality).

5. AI Processing and Third-Party APIs

  • Consistar uses the Anthropic Claude API to generate your 90-day career plan.
  • When you submit your intake form, your career stream and intake answers are transmitted to Anthropic's API servers for processing.
  • Your name, email address, and payment information are never sent to Anthropic.
  • Anthropic's processing is governed by Anthropic's own Privacy Policy available at anthropic.com/privacy.
  • By using Consistar, you acknowledge and consent to this data transfer for the purpose of plan generation.

Other third-party services we use:

  • Razorpay — payment processing. Receives your payment transaction details. Governed by Razorpay's Privacy Policy.
  • Resend.com — transactional email delivery. Receives your email address and email content for delivery purposes only.
  • PostHog — product analytics. Receives anonymized usage events only. No personally identifiable information is sent.
  • Google OAuth — authentication. Google provides your name and email upon sign-in. We do not access your Google contacts, Gmail, Drive, or any other Google service.
  • Railway and Vercel — cloud hosting for backend and frontend respectively. Both maintain SOC 2 compliant infrastructure.
  • Supabase — database and authentication. Stores all Platform data encrypted at rest.

6. Data Sharing

  • We do not sell, rent, or trade your personal data.
  • We share data only with the service providers listed in Section 5, strictly for delivering Platform features. All vendors are contractually bound to process data only for the specified purpose.
  • We may share data if required by a valid court order, government authority, or applicable Indian law. We will notify you where legally permissible before complying.
  • If Consistar is acquired or its assets transferred, your data may transfer as part of that transaction. We will notify you via email at least 30 days in advance and give you the option to delete your account.
  • We may share aggregated, anonymized statistics for marketing or research. This data cannot be linked back to you.
  • We never share your data with advertisers, data brokers, social media platforms, marketing agencies, insurance companies, or employers.

7. Data Storage and Security

  • All database records are encrypted at rest using AES-256 via Supabase.
  • All data transmitted between your browser and our servers uses TLS 1.2 or higher (HTTPS).
  • We use Google OAuth 2.0 for authentication — no passwords are stored on our servers.
  • Only the founding team has access to production data. Access is logged and audited.
  • Card and UPI data is handled exclusively by Razorpay, which is PCI-DSS compliant. Consistar never stores raw payment credentials.
  • All third-party API keys (Anthropic, Razorpay, Resend) are stored as server-side environment variables and never exposed to the client.
  • In the event of a data breach affecting your personal data, we will notify you via email within 72 hours of becoming aware of it, as required by the DPDP Act 2023.

8. Data Retention

  • Active account data — retained for the duration your account is active.
  • Career plan and progress data — retained for the life of your subscription plus 6 months after cancellation so you can reactivate and resume.
  • Payment records — retained for 7 years as required by Indian financial regulations (GST compliance).
  • Email logs — retained for 12 months for delivery diagnostics, then permanently deleted.
  • Usage and analytics data — retained in anonymized form for up to 24 months for product improvement.
  • Deleted accounts — all personal data is purged within 30 days of an account deletion request, except where retention is legally required.

9. Cookies and Tracking

  • Authentication session cookie (Required) — keeps you logged in after Google OAuth sign-in. Expires on session end or after 30 days.
  • PostHog analytics (Analytics) — tracks anonymized page views, feature usage, and click events to improve the Platform. No personally identifiable information is sent.
  • Razorpay (Required during payment only) — used during the payment flow to prevent fraud and ensure secure transactions.
  • We do not use advertising cookies, retargeting pixels, Facebook Pixel, Google Ads tracking, or any third-party marketing trackers.
  • You can disable non-required cookies via your browser settings, though this may affect Platform functionality.

10. Your Rights Under DPDP Act 2023

  • Right to Access — you may request a copy of all personal data we hold about you, including intake responses, plan, and account information.
  • Right to Correction — you may request correction of any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure — you may request deletion of your account and all associated personal data. We will complete this within 30 days.
  • Right to Data Portability — you may request your data in a structured, machine-readable format (JSON) so you can take it elsewhere.
  • Right to Withdraw Consent — you may withdraw consent for data processing at any time. Note: this will require account deletion as processing is necessary to deliver the Service.
  • Right to Grievance Redressal — you may lodge a complaint with our Data Protection Officer (see Section 15). Unresolved complaints may be escalated to the Data Protection Board of India.
  • To exercise any of these rights, email support@consistar.in with the subject line “Data Rights Request” and your registered email address. We will respond within 30 days.

11. Children's Privacy

  • Consistar is intended for users 18 years of age or older.
  • We do not knowingly collect personal data from children under the age of 18.
  • If you are a parent or guardian and believe your child has provided us with personal data without your consent, contact us immediately at support@consistar.in. We will delete such data promptly upon verification.
  • Users under 18 using the Platform with parental consent must have their parent or guardian agree to these Terms and this Privacy Policy on their behalf.

12. Email Communications

  • By creating an account, you consent to receive the following transactional emails which are necessary to deliver the Service: welcome email, career plan ready notification, weekly progress report, streak achievement notifications, milestone celebration emails, payment confirmations, and account security alerts.
  • Transactional emails cannot be fully opted out of while your account is active, as they are integral to the Platform's accountability mechanism.
  • You can manage notification frequency from your account settings.
  • We may also send product update emails (new features, improvements) on an opt-in basis. You can unsubscribe from these at any time using the unsubscribe link in each email.
  • We will never send you marketing emails for third-party products.
  • All emails are delivered via Resend.com. Your email address is shared with Resend solely for delivery purposes.

13. Links to Third-Party Platforms

  • Your AI-generated career plan may include links to third-party resources such as exam portals, preparation platforms, job boards, or documentation sites.
  • Consistar is not responsible for the privacy practices or content of any third-party platform.
  • When you click an external link, you leave the Consistar Platform and are subject to that platform's own privacy policy.
  • We do not receive any data about your activity on third-party platforms.

14. Changes to This Policy

  • We may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or Platform features.
  • When we make material changes, we will update the “Last Updated” date at the top of this page.
  • We will send a notification email to your registered email address at least 14 days before the changes take effect.
  • We will display a notice within the Platform on your next login.
  • Your continued use of the Platform after the effective date constitutes your acceptance of the updated Policy.
  • If you do not agree with the changes, you may request account deletion before the effective date.

15. Contact and Grievance Redressal

  • For any privacy-related queries, data rights requests, or complaints, contact our Data Protection Officer:
  • Email: support@consistar.in
  • Subject line to use: “Privacy Request” or “Data Rights Request”
  • Response time: We will respond within 30 days of receiving your request.
  • If your complaint is not resolved to your satisfaction within 30 days, you have the right to escalate it to the Data Protection Board of India once constituted under the DPDP Act 2023.

© 2026 Consistar. All rights reserved. This Privacy Policy is governed by the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000 of India.