Privacy Policy

Last updated 15 July 2026

Who we are

Ingrid (ingrid.fyi) is operated by Gridilytic (OPC) Private Limited, based in Bangalore, India ("Ingrid", "we", "us"). This policy explains what personal data we collect, why, how we handle it, and the rights you have over it under India's Digital Personal Data Protection Act, 2023 (the "DPDP Act").

What we collect

We collect the following, and only what the service needs:

  • Account data. When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We never see your Google password.
  • CV data. When you use the radar, we receive the CV file you upload (PDF or DOCX) and the information extracted from it, such as skills, experience, and the profile matches we compute.
  • Configuration and roadmap data. The targets and confidence answers you provide, and the roadmap and progress generated from them.
  • Payment data. When you buy a paid product, payment is handled by our payment processor. We receive confirmation and a transaction reference. We do not receive or store your full card details.
  • Usage and technical data. Basic logs needed to operate and secure the service, such as request metadata. Our page analytics are aggregate: they do not store your IP address or any identifier that singles you out.

How we use your data

We use your data to:

  • Authenticate you and maintain your session.
  • Produce your radar and build and deliver your roadmap.
  • Operate, secure, debug, and improve the service.
  • Contact you about your radar or roadmap, and respond to your requests.

We do not sell your personal data, and we do not use your CV to build any public-facing page.

Cookies and local storage

We use only what sign-in requires — there are no advertising or tracking cookies on Ingrid:

  • Session cookie. Set when you sign in, so we know it is you on each request. It expires after 30 days of inactivity, and signing out removes the session immediately.
  • Security (CSRF) cookie. Protects signed-in actions against forged cross-site requests.
  • A display hint in your browser's local storage. Remembers whether to paint the header as signed-in before the page finishes loading. It is cosmetic, never used to authorize anything, and you can clear it at any time.

The public pages work fully without signing in, and reading them sets none of the above.

Consent and legal basis

We process your personal data on the basis of the consent you give when you sign in and use the service, and where applicable for legitimate uses permitted under the DPDP Act, such as security and meeting legal obligations. You may withdraw consent at any time, as described under "Your rights" below. Withdrawing consent may mean parts of the service can no longer function for you.

Who processes your data

We use a small number of service providers (data processors) to run Ingrid. They process your data only on our instructions:

  • Cloud hosting and storage — Amazon Web Services. Your account data, sessions, and uploaded files are stored in the AWS Mumbai region, in India.
  • Authentication — Google, when you sign in with your Google account.
  • AI processing — OpenAI, to parse your CV and to validate roadmap inputs. When you use the radar, the text of your CV is processed on OpenAI's servers outside India.
  • Payment processing — our payment processor, for paid products.
  • Email delivery — for notifications you receive from us.

Where a provider processes data outside India, we rely on the transfer mechanisms permitted under applicable law.

How long we keep it

We keep your data for as long as your account is active and for as long as we need it to provide the service and meet legal, accounting, and security obligations. Sessions expire after 30 days of inactivity; signing out ends a session immediately. You can ask us to delete your data, subject to those obligations, using the grievance contact below.

Your rights

Under the DPDP Act you have the right to:

  • Access a summary of the personal data we hold about you and how we process it.
  • Ask us to correct or update inaccurate or incomplete data.
  • Ask us to erase your personal data, subject to legal retention requirements.
  • Withdraw consent.
  • Nominate another person to exercise your rights in the event of your death or incapacity.
  • Raise a grievance with us, and escalate to the Data Protection Board of India if unresolved.

To exercise any of these, contact our Grievance Officer below.

Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or misuse. No system is perfectly secure, and we cannot guarantee absolute security, but we work to keep your data protected and to address issues promptly.

Children

Ingrid is intended for users who can lawfully enter into a contract. It is not directed at children. We do not knowingly collect personal data from children in a manner that requires verifiable parental consent.

Grievance Officer

If you have any question, request, or complaint about your personal data, contact our Grievance Officer:

  • Name: Aunindo Shankar
  • Email: support@ingrid.fyi

We will acknowledge and respond to grievances within the timelines required under the DPDP Act.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "last updated" date above and, where the change is significant, take reasonable steps to notify you.