Privacy Policy
Last updated: June 2025 · Governing law: India (DPDP Act, 2023)
For any privacy-related concerns or requests, contact us at privacy@archwyse.com. We respond within 30 working days as required under the DPDP Act, 2023.
1. Who We Are
ArchWyse is an AI-powered High-Level Design interview platform. We act as a Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act), which means we determine the purpose and means of processing your personal data.
2. Data We Collect
Account data — your name, email address, and a bcrypt-hashed password (never readable by us). Organization accounts also store company name. We record the date and time you gave consent to this policy.
Interview & session data (candidates) — audio recordings of your verbal responses, complete conversation transcripts (your answers and AI questions), diagram data you draw during interviews (JSON and PNG format), and AI-generated evaluation scores and written feedback.
Assessment & proctoring data (OA candidates) — if you take an organization-administered assessment, AutoProctor collects a trust score, tab-switch events, and suspicious-activity flags during the session. We store this result against your invite record.
Payment data (organizations only) — Stripe order IDs and payment IDs for dispute reference. We do not store card numbers or bank details; Stripe handles payment processing directly.
3. Why We Use Your Data
We process your data only for the following purposes:
- Creating, verifying, and maintaining your account
- Conducting AI-powered interview sessions and generating evaluations
- Sharing your interview result with the organization that invited you (OA candidates only)
- Processing subscription and top-up payments (organizations)
- Detecting and preventing fraudulent or unauthorized activity
- Meeting obligations under applicable Indian law
4. Third Parties We Share Data With
| Third Party | What We Share | Purpose |
|---|---|---|
| OpenAI (USA) | Audio recordings, text transcripts | Speech transcription (Whisper) and AI evaluation (GPT) |
| AutoProctor | Proctoring session data | Trust score and violation detection during OA assessments |
| Stripe | Payment transaction metadata | Payment processing for organization subscriptions |
| Resend | Your email address | Sending OTPs, assessment invites, and system emails |
Each third party processes data under their own privacy policy. Data transferred to OpenAI (USA) is subject to standard contractual safeguards under applicable cross-border transfer rules.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Practice session transcripts and audio | Deleted automatically 2 years after creation |
| OA assessment sessions | Deleted automatically 2 years after creation |
| Account data | Until you delete your account |
| Payment records | 7 years (financial record-keeping requirement under Indian law) |
6. Your Rights Under the DPDP Act, 2023
As a Data Principal, you have the following rights:
- Right to Access — request a summary of personal data we hold about you
- Right to Correction — request correction of inaccurate or incomplete data
- Right to Erasure — delete your account and all associated personal data (see Section 7)
- Right to Withdraw Consent — you may withdraw consent at any time; note this may prevent continued use of the service
- Right to Nominate — nominate a person to exercise your rights in case of death or incapacity
- Right to Grievance — raise a complaint with our Grievance Officer or with the Data Protection Board of India
To exercise any of these rights, email privacy@archwyse.com.
7. Deleting Your Account
Candidates: Go to Profile → Delete Account. This immediately and permanently deletes your account, all interview sessions, transcripts, audio references, and evaluations. Your email is unlinked from organization invites (invite records are retained for the org's reference but no longer associated with your account).
Organizations: Go to Profile → Delete Account. This deletes your organization account, all assessments, all candidate invites, and all private questions you created.
Payment records are retained for 7 years regardless of account deletion, as required by Indian financial regulations.
8. Data Security
- Passwords are hashed using bcrypt — never stored or readable in plaintext
- All data is transmitted over HTTPS/TLS
- Authentication uses short-lived JWT tokens stored in browser local storage
- Database access is restricted to application servers only
In the event of a data breach affecting your personal data, we will notify you and the Data Protection Board of India within 72 hours of becoming aware of it.
9. Children
ArchWyse is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact privacy@archwyse.com immediately.
10. Changes to This Policy
We may update this policy to reflect changes in law or our data practices. We will notify registered users by email of material changes at least 15 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.