1. Introduction
Welcome to Dwelphin ("we", "our", or "us"). Dwelphin is an AI-powered career command center (SaaS platform) accessible at https://www.dwelphin.tech/. We are committed to protecting your Personal Data and being transparent about how we use it. This Privacy Policy explains what data we collect, why we collect it, how we process it, and your rights as a user.
2. Who We Are (Data Controller)
- Company Name: Dwelphin
- Website: https://www.dwelphin.tech/
- Registered Country: India
- Contact / DPO Email: dwelphin18@gmail.com
3. Data Collection & Purpose
We collect and process personal data strictly to provide and secure our services. Below is a breakdown of what we collect and why.
⚠️ India's Digital Personal Data Protection Act 2023 (DPDP Act) applies. Legal bases under GDPR Article 6 are also referenced below for our international users.
| Category | Data Points | Purpose & Legal Basis |
|---|---|---|
| Account & Identity | Full name, email address, job title, career interests, hashed password. | To authenticate you and personalise AI recommendations. Basis: Contractual Necessity / Consent |
| Usage & Technical | IP address, browser type, device info, session logs. | To secure the platform, prevent fraud, and analyse usage. Basis: Legitimate Interest / Legal Obligation |
| Communication | Email preferences, support tickets, survey responses. | To provide customer support and send opted-in news digests. Basis: Consent |
| AI Interactions | Prompts, queries, and AI-generated text outputs. | To deliver the core AI career features. Basis: Performance of a Contract |
4. Third-Party Services (Sub-Processors)
Dwelphin uses specialised infrastructure providers to deliver our services. These sub-processors process data strictly under our instructions. We do NOT sell your data to any third party.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Profile Data | Duration of active account + 12 months after deletion request (compliance). |
| AI Interaction Logs | 6 months, after which data is completely anonymised. |
| Email Delivery Logs | Retained temporarily as per Resend's infrastructure policies. |
| Security & Access Logs | 12 months on a rolling basis for fraud prevention. |
6. International Data Transfers
Dwelphin is based in India. However, some of our sub-processors (Supabase on AWS, Vercel, Groq, Resend) operate globally and may process data in the United States or other jurisdictions. By using Dwelphin, you acknowledge this international transfer. We ensure our sub-processors provide adequate safeguards via standard contractual protections.
7. Your Rights
Depending on your jurisdiction (e.g., GDPR, DPDP), you hold several fundamental rights regarding your personal data:
Right to Access & Portability
You may request a copy of the personal data we hold about you in a machine-readable format at any time.
Right to Correction
You may request the correction of any inaccurate or incomplete personal information associated with your account.
Right to Deletion (To be Forgotten)
You may request permanent deletion of your account and personal data from our active systems.
Right to Withdraw Consent
If processing is based on consent (like our news digest), you can opt out instantly without affecting the core service.
To exercise your rights, please email dwelphin18@gmail.com. We will process your request within 30 days.
8. California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do NOT sell personal information. To exercise your CCPA rights, contact dwelphin18@gmail.com.
9. India Residents (DPDP Act 2023)
Dwelphin complies with the Digital Personal Data Protection Act 2023. You have the right to access, correct, and erase your personal data. You may also nominate a person to exercise these rights on your behalf in the event of death or incapacity. Contact our Data Fiduciary at dwelphin18@gmail.com.
10. Data Security
We take data security seriously. Dwelphin enforces HTTPS encryption in transit, utilises Supabase's Row Level Security (RLS) for data isolation, and implements strict internal access controls. However, no internet transmission is mathematically infallible. Please choose a strong password and keep it confidential.
11. Contact Us
If you have questions about this Privacy Policy, sub-processors, or want to exercise your legal rights, please contact our team:
© 2025 DWELPHIN. All rights reserved.
Back to top ↑