Legal

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Built, Not Born™ handles personal data under India-facing privacy and information technology principles, including the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, where applicable. It is written in plain language so you can understand what we collect, why we collect it, how to withdraw consent, and how to contact us.

We collect only what we need to deliver the product, keep it secure, process payments, maintain access, improve the experience, and meet legal obligations. We do not sell your personal data. We do not share your personal data with data brokers.

1. Data fiduciary and contact

For this website and product, Built, Not Born™ / Rishikar Krishna acts as the data fiduciary or controller for the personal data we decide to collect and use. Our data, privacy, consumer, and grievance contact is:

Built, Not Born™ Support
Email: support@builtnotborn.in
Website: builtnotborn.in

2. What we collect

Depending on how you use the product, we may collect:

Account data - name, email address, Google account identifier, authentication status, account creation date, and access status.
Diagnostic data - your answers to diagnostic questions, the work moment you choose to describe, generated diagnosis, mapped chapter, and result history.
Reader and practice data - chapters opened, reading progress, highlights, reflections, notes, practice entries, streaks, and saved actions.
Payment and access data - payment status, order ID, payment ID, plan, access duration, refund status, and transaction metadata needed to verify access. Full card, bank, UPI, and payment credentials are processed by Razorpay or the relevant payment processor and are not stored by us.
Testimonials and feedback - testimonial text, rating or feedback, name/display name, consent status, approval status, and any public attribution you choose.
Communications - support emails, deletion requests, rights requests, complaint messages, and related correspondence.
Usage, device, and security data - pages visited, buttons clicked, diagnostics started/completed, checkout events, browser/device information, IP-derived approximate location, cookies, analytics IDs, logs, and security events.

3. Sensitive information and free-text warnings

The product is not designed to collect medical records, therapy notes, mental-health diagnoses, biometric data, sexual orientation, passwords, payment instrument details, government IDs, employer trade secrets, client confidential information, or legally privileged material. Do not submit those details in diagnostic free-text fields, testimonials, reflections, or support messages.

If you voluntarily include sensitive personal data or confidential third-party information in a free-text field, you confirm that you have the right to submit it. We may process it only to provide the product, protect safety/security, respond to your request, comply with law, or delete/moderate it.

4. Why we use personal data

We use personal data for specific, lawful, and product-related purposes:

To create and secure your account.
To run the diagnostic, generate or retrieve your diagnosis, and map your chapter.
To provide reader access, highlights, reflections, practice entries, and progress tracking.
To process payment, verify access, prevent payment abuse, and handle refunds or disputes.
To send emails you request or need for access, support, security, product updates, and transactional purposes.
To publish testimonials only where you voluntarily submit and permit publication.
To maintain security, prevent fraud, debug errors, investigate misuse, and protect users and infrastructure.
To measure aggregate product performance, improve copy, improve flows, and understand where users get stuck.
To comply with legal, tax, accounting, cyber security, consumer, payment, regulatory, and lawful government obligations.

5. Consent, withdrawal, and product consequences

Where consent is the basis for processing, consent should be free, specific, informed, unambiguous, and given through clear affirmative action. You may withdraw consent by using account controls where available or by emailing support@builtnotborn.in.

Withdrawal does not affect processing already completed before withdrawal. If you withdraw consent needed to provide a feature, we may be unable to provide that feature, preserve your saved result, send requested emails, or maintain account access. We may continue processing without consent where law permits or requires it, such as for payment records, fraud prevention, security logs, legal claims, tax compliance, or lawful requests.

6. Cookies, analytics, and advertising measurement

We use session cookies and local storage to keep the product functional and maintain sign-in state. We also use analytics and measurement tools such as Google Analytics, Google Ads tags, and Microsoft Clarity to understand aggregate usage, page performance, campaign performance, and conversion paths.

Analytics and advertising measurement tools may set cookies or similar identifiers. We use them to improve Built, Not Born™, debug friction, understand campaigns, and measure paid traffic. We do not sell your personal data to advertisers or data brokers. If we add consent controls, your choices will govern non-essential cookies where required by law.

7. Who we share data with

We share data only with service providers and processors needed to operate the product:

Supabase - database, authentication, and storage.
Google - sign-in authentication, analytics, and advertising measurement.
Razorpay - payment processing and payment verification.
Resend or email providers - transactional email delivery.
Hosting and infrastructure providers - website hosting, delivery, logs, and uptime.
AI infrastructure providers - generation or support of diagnostic output where applicable.
Professional advisers and authorities - lawyers, auditors, accountants, payment processors, courts, regulators, law enforcement, cyber security agencies, or government authorities where required or reasonably necessary.

Processors are expected to process data only for instructed purposes, subject to their own security, privacy, and compliance obligations. We do not rent or sell personal data.

8. International transfers

Some service providers may process or store data outside India. Where personal data is transferred or accessed internationally, we use service providers that support reasonable data protection and contractual safeguards, and we will follow applicable Indian law, including any transfer restrictions notified by the Government of India.

9. Security safeguards

We use reasonable technical and organizational measures to protect personal data, including authentication controls, access limits, provider security features, HTTPS, database controls, logging, and operational review. No online system is perfectly secure. You are responsible for keeping your email, Google account, device, and browser secure.

If we become aware of a personal data breach or cyber security incident requiring notice, we will take appropriate steps to contain, assess, and notify affected users, the Data Protection Board, CERT-In, payment processors, or other authorities where legally required.

10. Data retention

We retain personal data only as long as reasonably needed for the purposes described in this Policy, unless a longer period is required or permitted by law, payment rules, tax/accounting obligations, fraud prevention, security, dispute resolution, or legal claims.

Account and product data is generally retained while your account is active.
Diagnostic, result, reader, and practice data is retained while needed to provide your saved experience.
Payment and access records may be retained for tax, audit, fraud, chargeback, and legal purposes even after account deletion.
Security logs and associated records may be retained for investigation, cyber security, legal, or statutory purposes.
Published testimonials may remain public until you request removal and we have a reasonable opportunity to remove them from future display.
Aggregate, de-identified, or anonymized analytics may be retained for product improvement.

11. Your rights

Subject to identity verification and applicable law, you may request:

Access or information about personal data processed by us.
Correction, completion, or update of inaccurate or incomplete personal data.
Erasure/deletion of eligible personal data.
Withdrawal of consent where processing is based on consent.
Grievance redressal if you believe your personal data rights have not been handled properly.
Nomination of another individual to exercise your rights in the event of death or incapacity, where applicable law provides for it.

To exercise these rights, email support@builtnotborn.in. We may ask for information needed to verify your identity and locate your account. We aim to respond within 30 days where possible and within the period required by applicable law.

12. Account deletion

You can delete your account and app data from the account screen where available, or request deletion by email. Deletion may remove your profile, diagnostic results, highlights, practice entries, reading progress, testimonial drafts, and related app data. Deletion does not automatically create a refund and may not remove data we must keep for payment, fraud prevention, security, tax, accounting, legal, or regulatory reasons.

13. Children

Built, Not Born™ is intended for adults and working professionals. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account or submitted data, contact us at support@builtnotborn.in. We may delete the account and related data, subject to lawful retention.

14. Data accuracy and your duties

Please provide accurate information when creating an account, purchasing access, requesting correction/erasure, leaving testimonials, or contacting support. You should not submit another person's personal data unless you have permission or another lawful basis.

15. Testimonials and public content

Testimonials are published only when submitted voluntarily and approved for publication. Do not include confidential employer/client information, sensitive personal data, or another person's personal data in a testimonial. You may request removal by emailing support. We may retain records needed to prove consent, handle disputes, prevent fake reviews, or comply with law.

16. Legal requests and safety

We may disclose information where required by law, court order, government direction, regulator, payment processor, or lawfully authorized agency, including for verification of identity, prevention or detection of offences, investigation, prosecution, cyber security incidents, fraud prevention, or protection of rights and safety.

17. Changes to this policy

We may update this Privacy Policy as the product, law, or service providers change. If changes are material, we may notify you by email, in-product notice, or website notice. Continued use of the product after changes are posted means the updated Policy applies from the stated effective date.

18. Contact and grievance escalation

For privacy, data, account, consumer, or legal requests:

Built, Not Born™ Support
Email: support@builtnotborn.in
Website: builtnotborn.in

If your privacy grievance is not resolved through our contact process, you may have the right to approach the Data Protection Board of India once the relevant statutory process is available and applicable.

This policy applies to builtnotborn.in and associated services. It is governed by the laws of India, including the Information Technology Act, 2000, the IT SPDI Rules, 2011 where applicable, the Digital Personal Data Protection Act, 2023, and the Digital Personal Data Protection Rules, 2025 as they come into force.