Privacy Policy

Last updated: 25 May 2026

Your privacy is important to us. This Privacy Policy ("Policy") applies to services provided by AceCopilot ("we", "us", "our") and our website at acecopilot.ai, our web application at app.acecopilot.ai, and our desktop application (collectively, the "Services") and explains what information we collect from users of our Services (a "user", "you", or "your"), including information that may be used to personally identify you ("Personal Information") and how we use it.

AceCopilot does not sell your data and does not train AI models on your data. When you use the offline transcription mode bundled with our desktop app on Pro and Ultimate tiers, your audio never leaves your device.

We encourage you to read the details below. This Policy applies to any visitor to or user of our Services. Any capitalized terms used herein but not defined shall have the meaning set forth in our Terms of Service.

We reserve the right to change this Policy at any time. We will notify you of any changes by posting a new Policy to this page and, for material changes, by sending notice to the primary email address on your account at least 15 days before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

Scope and Applicability

This Policy applies to your information when you visit our website or otherwise use the Services. It does not apply to any third-party applications or services used in connection with our Services, or any other products, services, or accounts provided by other entities under their own terms of service and privacy policies (collectively, "Third-Party Services"). For example, our Services may transmit data to your chosen meeting platform (Zoom, Google Meet, Microsoft Teams) — these are Third-Party Services governed by their own policies. The Site or Services may also contain links to other websites; we have no control over these sites and they are subject to their own terms of use and privacy policies.

What Information Do We Collect?

Information You Provide to Us

• Account Information. To create an account for the Services, we require your email address, name, and authentication credentials. Authentication is handled by Clerk; we never see your plaintext password. If you sign in via Google, GitHub, or another single-sign-on provider, we receive the identifiers that provider returns to us.

• Payment Information. If you sign up for a paid subscription, our payment processor collects your billing details such as card number, UPI ID, banking information, and billing address. Your payment instrument details are collected and stored by our third-party Payment Processor and use and storage of that information is governed by the Payment Processor's privacy policy. As of the effective date of this Policy, Razorpay is the Payment Processor used within the Services and its privacy policy is available at razorpay.com/privacy. To facilitate your transactions, we store your subscription tier, billing cycle, transaction identifiers, and the last four digits of your payment instrument — but no full card numbers or banking credentials.

• Audio, Transcripts, and Other Session Data. When you use our Services, we may capture audio from your microphone or system audio, transcribe that audio into text, and use the resulting transcripts to generate AI responses. We may also store the questions detected during your sessions, the answers our AI returns, and any code, notes, or files you produce inside the Services. See "Audio Handling" below for important detail.

• Business Contact Information. If you contact us as a business representative, we collect your name, email, phone, job title, and any other information related to the performance of the agreement or potential agreement with us.

• AceCopilot HR Service Information. If you purchase our HR Service (a separate recruitment product, see Refund Policy Section 9), we collect the information you submit through the onboarding form, including: your full name, email, phone number, WhatsApp number, current role and employer, years of experience, current salary, target roles, target salary range, target locations, notice period, current employment status, preferred call timing, blocked-companies list, and any free-text notes you provide. This information is necessary to perform the recruitment service contract with you. It is stored in our database for the duration of the 90-day program plus 30 days after program end (a total of 120 days from payment), after which it is automatically purged unless you have an active dispute or refund claim with us. You may request earlier deletion at any time by emailing privacy@acecopilot.ai, subject to our retention obligations under Indian tax law for payment records.

• Support and Other Information You Provide. When you contact us — through email, support requests, surveys, or other channels — we collect and save a record of the communication and any Personal Information provided in it.

Information We Collect Automatically

When you visit, use, or interact with the Services, we may receive the following ("Technical Information"):

• Log Data. Information your browser or our desktop app automatically sends, including IP address, browser type and version, the date and time of requests, and how you interacted with the Services.
• Usage Data. The features you use, the actions you take, time zone, country, dates and times of access, user-agent string, type of computer or mobile device, network connection, and similar information.
• Device Information. Device name, operating system, and browser. The exact information collected may depend on the type of device you use and its settings. Our desktop app generates a local device identifier on first launch; this identifier is sent with API requests for licence enforcement.
• Analytics. We may use a small number of analytics tools that use cookies to help us understand how users interact with the Services. See "How Do We Use Tracking Technologies" below.

Information We Receive from Third Parties

• Third-Party Authentication. If you sign up or log in using a single-sign-on provider (e.g., Google, GitHub), we receive the authentication information that provider sends to us so you can be identified.
• Service Providers. We may receive information from our service providers who help us operate our business — for example, fraud-prevention signals from our Payment Processor, or aggregated performance data from our infrastructure providers.
• Information from Other Sources. We may obtain information from other sources, including publicly available sources and integrations you consent to.

Audio Handling — important to read

• By default, audio is streamed in real time to a Speech-to-Text provider. Your meeting audio is converted to text and discarded; we do not store the original audio.
• When the offline transcription engine is active (Pro and Ultimate tiers, desktop app on supported platforms), audio is processed entirely on your device. No audio is transmitted to us or to any third party.
• Session recording is opt-in and off by default. If you explicitly enable recording, the audio is stored encrypted at rest and deleted within 30 days of the session ending unless you delete it earlier.

How Do We Use The Information We Collect?

We use the information we collect:

• To deliver and improve the Services and your overall user experience
• To authenticate you, manage your account, and enforce subscription limits
• To process payments and manage subscriptions
• To detect, investigate, and deter fraudulent, abusive, or unauthorized activity
• To respond to your comments and questions and provide customer support
• To send you transactional messages, including confirmations, invoices, technical notices, security alerts, and administrative messages
• To send product updates, newsletters, and other marketing communications (you can opt out at any time)
• To analyze how you use the Services and understand traffic patterns
• To create aggregate, de-identified statistics about Service usage (we will not attempt to re-identify de-identified data, except solely to test that our de-identification is working correctly)
• To comply with applicable law and respond to legal process
• To enforce our Terms of Service and protect our users, the public, and ourselves
• At your direction or with your consent

We do not use your audio, transcripts, or AI conversation content to train AI models — neither our own nor those of any third party.

Do We Share Your Personal Information?

In addition to the specific situations discussed elsewhere in this Policy, we disclose Personal Information in the following circumstances:

• With third parties that perform services to support our core business functions and operations, which may include:
  • Hosting, infrastructure, and cloud computing providers
  • Database administrators and managed-database providers
  • Authentication and identity providers
  • Payment processors (see "Payment Information" above)
  • Speech-to-text and large language model providers (used to deliver our core feature)
  • Email delivery and customer-support providers
  • Analytics, error-monitoring, and security providers
• With our recruitment network — only if you use the HR Service. To deliver the HR Service, we share the information you provide in the onboarding form with our dedicated recruitment team and, where relevant, with referrers and contacts in our extended outreach network. Each outreach is sent on your behalf to reach an HR contact at a target company. We do NOT share your information with: (a) AceCopilot subscription customers (the interview-AI product is a separate user base), (b) recruitment agencies for sale or barter, (c) anyone outside the recruitment network engaged on your behalf, or (d) any party for advertising or marketing purposes. You can request a list of categories of recipients at any time by emailing privacy@acecopilot.ai.
• In connection with a change of ownership or control of all or part of our business (such as a merger, acquisition, reorganization, or asset sale)
• If we have a good-faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to detect, prevent, or investigate fraud, abuse, or security incidents
• If required or permitted by applicable law, including in response to a request from law enforcement or other public authority, or to:
  • (a) comply with a legal obligation
  • (b) protect and defend our rights or property
  • (c) act in urgent circumstances to protect personal safety
  • (d) enforce our Terms of Service or otherwise protect against legal liability
• With your consent or at your direction

A current list of our subprocessors, with their roles and processing locations, is maintained at acecopilot.ai/subprocessors (where available) or available on request from privacy@acecopilot.ai.

How Do We Use Tracking Technologies?

Some features of the Services require the use of "cookies" — small text files stored on your device. Cookies allow our servers to recognize your browser, remember your preferences, analyze trends, and improve the Services. You may delete and block cookies, but parts of the Services may not work or your experience may be diminished.

For full detail, see our Cookie Policy.

How Do We Secure Your Personal Information?

We take reasonable steps to protect your Personal Information against unauthorized access, alteration, disclosure, misuse, or destruction. These steps include:

• TLS 1.2 or higher for all data in transit
• AES-256 encryption for sensitive data at rest
• Hashed passwords (handled entirely by our authentication provider; we never see plaintext passwords)
• Network isolation between application and database tiers
• Principle of least privilege for production access
• Routine dependency and security patching
• Logging and alerting for suspicious activity

If you have an account with us, you are responsible for keeping your account credentials confidential and for logging out after each use on shared devices.

No system is perfectly secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant regulator(s) within the timelines required by applicable law (without undue delay under the Digital Personal Data Protection Act, 2023; within 72 hours under GDPR).

Data Retention

We retain your Personal Information while your account is in existence or as needed to provide the Services to you. After account deletion, we delete your Personal Information from our active systems within 30 days, except where:

• We are required by law to retain certain records — for example, payment, invoice, and transaction records (retained for the period required by Indian tax and accounting law).
• The information has been retained in de-identified or aggregated form.
• The information is held in routine backup copies that age out automatically.
• We have a legitimate need to retain information to investigate fraud, abuse, or legal claims.

Meeting transcripts and AI conversation history are retained for a maximum of 30 days from session end, unless you delete them earlier. Session audio (only if you have opted in to recording) is also retained for a maximum of 30 days.

HR Service onboarding data (the 16 fields you submit on the AceCopilot HR Service onboarding form, including current employer and salary) is retained for 120 days from payment (90-day program + 30-day post-program window for dispute or refund processing). After 120 days, this data is purged from active systems and archived only in payment records required by Indian tax law (Razorpay transaction logs, GST records once we register). You may request earlier deletion at any time by emailing privacy@acecopilot.ai.

Managing Your Privacy

You may request to review, update, correct, port, or delete the Personal Information furnished by you in your account by emailing privacy@acecopilot.ai or through your account settings.

For your protection, we may share and update Personal Information only after we have verified that the request comes from the email address associated with your account. We will respond within 30 days. If we need additional time for complex requests, we will tell you within the first 30 days and explain why.

If you completely and permanently delete all of your Personal Information, your account may be deactivated. We may retain certain information after deletion in de-identified and aggregated form, in archived or backup copies as required by records-retention obligations, or otherwise as required by law.

You may opt out of marketing communications at any time using the unsubscribe link in any such email or by writing to privacy@acecopilot.ai. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

How We Respond to Do Not Track Signals

Your browser settings may allow you to transmit a "Do Not Track" signal to websites you visit. We do not currently alter our practices in response to Do Not Track signals because we do not track our visitors to provide targeted advertising. To learn more about Do Not Track, see allaboutdnt.com.

Children

The Services are not directed to individuals under the age of 18 and we do not knowingly collect Personal Information from children under 18. If you believe we have unknowingly collected any Personal Information from someone under 18, please contact us at privacy@acecopilot.ai and the information will be deleted.

Region-Specific Disclosures

A note to Indian residents (Digital Personal Data Protection Act, 2023)

For the purposes of the DPDP Act, we are the Data Fiduciary. As a Data Principal under the Act, you have the right to:

• Confirm whether we process your personal data and obtain a summary of the processing
• Have us correct or update inaccurate personal data
• Have us erase personal data that is no longer required for the purpose for which it was collected
• Nominate another person to exercise your rights in case of death or incapacity
• Withdraw consent for any processing based on consent
• Have your grievances addressed by our Grievance Officer

Grievance Officer (per Section 8(9) of the DPDP Act):

Shubham Tayade Founder, AceCopilot Email: privacy@acecopilot.ai Postal address: Pimpri-Chinchwad, Maharashtra, India (full address provided on request) Response SLA: 30 days

If you are not satisfied with our response, you may approach the Data Protection Board of India once it has been constituted under the DPDP Act.

A note to European residents

We typically process your information pursuant to the following legal bases:

1. With your consent
2. As necessary to perform our agreement to provide Services to you
3. As necessary for our legitimate interests (including security, fraud prevention, and Service improvement)
4. As necessary to comply with a legal obligation to which we are subject

Subject to applicable law, you have the right to: withdraw any previously provided consent; access, correct, or erase Personal Information about you; restrict or object to certain processing; have your Personal Information exported in a common machine-readable format; and lodge a complaint with the supervisory authority in your jurisdiction. To exercise any of these rights, contact privacy@acecopilot.ai. We will reasonably review and respond to all such requests in accordance with applicable law.

A note to users outside India

The Services are operated from India. Your Personal Information may be stored and processed in India and in any other country where our service providers operate. By using the Services, you consent to the transfer of information to countries outside your country of residence, including India, which may have data protection rules that differ from those of your country. Where required, we rely on Standard Contractual Clauses or other legally recognised transfer mechanisms.

Contact Us

If you have any questions about this Policy, your Personal Information, or the Services, you can contact us at:

• General privacy queries: privacy@acecopilot.ai
• Support: support@acecopilot.ai
• Legal notices: legal@acecopilot.ai

Operator: Shubham Tayade, sole proprietor Business location: Pimpri-Chinchwad, Maharashtra, India

Related Policies

• Terms of Service
• Refund Policy
• Cookie Policy
• Acceptable Use Policy

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts in Pune, Maharashtra.