Privacy Policy

RIBRIZ OVERSEAS VENTURES PRIVATE LIMITED (“RIBRIZ”, “we”, “our”, or “us”), CIN U85499KA2024PTC187740, operates the website ribriz.com and the RIBRIZ AI-powered study abroad platform (the “Service”). This Privacy Policy explains what personal data we collect from you, how we use it, and your rights regarding that data.

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

We use the information we collect to:

• Create and manage your account and authenticate you securely.
• Power AI features including university matching, admission-chance prediction, SOP generation, and interview preparation.
• Process payments and manage subscription plans.
• Send transactional emails (OTPs, receipts, application reminders) and, where you have opted in, marketing communications.
• Analyse usage to improve the platform, fix bugs, and develop new features.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with applicable legal obligations under Indian law.

We do not sell your personal data to third parties. We do not use your documents or academic data to train external AI models without your explicit consent.

We rely on the following lawful bases under applicable Indian data-protection law (including the Digital Personal Data Protection Act, 2023):

• Contract: processing necessary to provide the Service you have signed up for.
• Consent: marketing emails and optional analytics — you may withdraw consent at any time.
• Legitimate interests: security, fraud prevention, and product analytics.
• Legal obligation: compliance with tax, corporate, and other statutory requirements.

We share data only in the following circumstances:

All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security standards. We may also disclose data when required by law, court order, or government authority.

We retain your account data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 90 days, except where we are legally required to retain it longer (for example, financial records which must be kept for 7 years under Indian tax law).

We implement industry-standard safeguards: TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

Our service providers may process data outside India. We ensure such transfers comply with applicable law and that adequate safeguards are in place through standard contractual clauses or equivalent mechanisms.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated data.
• Withdraw consent for marketing communications at any time via the unsubscribe link or account settings.
• Port your data in a machine-readable format.
• Nominate a nominee as provided under the Digital Personal Data Protection Act, 2023.

To exercise any right, email us at privacy@ribriz.com. We will respond within 30 days.

The Service is not directed to children under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected such data without parental consent, we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be notified to you by email or by a prominent notice on the platform at least 7 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy-related queries or to exercise your rights, contact our data-protection contact at: