Opiliant ("we", "us", "our") operates the IELTS preparation service available at opiliant.com. This policy explains how we handle personal data when you sign up, use the service, or contact us. By using Opiliant you agree to this policy.
1. What we collect
1.1 Account information
When you sign in with Google, we receive your name, email address, and profile picture from Google. We store these to identify your account, send service emails, and personalise your dashboard. We do not receive your Google password and we cannot access any other Google service on your behalf.
1.2 Evaluation content
We store the essays, speaking transcripts, listening answers, and reading responses you submit. We also store the AI-generated band scores, criterion breakdowns, and feedback returned to you. This content is private to your account and visible only to you.
1.3 Usage data
We collect basic analytics — pages visited, features used, response times — to understand which parts of the product work and which need improvement. This is aggregated and not used to profile individual users.
1.4 Payment data
Payments are processed exclusively by Razorpay. We receive a transaction ID, a subscription ID, and the status of each charge. We never see or store your card number, CVV, or banking credentials.
2. Why we collect it
- To provide the service. Account data identifies you; evaluation content lets us return your results and history.
- To process payments. Razorpay needs subscription metadata to charge you and to honour cancellations.
- To improve the product. Usage analytics shape what we build next and help us catch performance regressions.
- To communicate. We send essential service emails — receipts, subscription changes, and account notices.
- To meet legal obligations. Tax, fraud prevention, and compliance with applicable Indian law.
3. Who we share data with
We do not sell personal data. We share data only with the service providers we need to operate Opiliant:
| Provider | Purpose | Data shared |
|---|---|---|
| Authentication (OAuth) | Name, email, profile picture | |
| Supabase | Database hosting (PostgreSQL) | Account, evaluations, subscription metadata |
| OpenAI | AI evaluation (GPT-4o, Whisper, TTS) | Your essay/transcript content for evaluation |
| Razorpay | Payments and subscriptions | Name, email, payment details |
| Vercel | Application hosting | Request logs and runtime telemetry |
Each of these processors is bound by its own privacy and security commitments. OpenAI processes your evaluation content under their API data policy — by default this means the content is not used to train OpenAI's models.
4. How long we keep your data
- Account data: for as long as your account exists. Deleted within seven business days of an account deletion request.
- Evaluations and history: retained while your account exists, so you can revisit past attempts.
- Payment records: retained for seven years to comply with Indian tax law.
- Aggregated analytics: retained indefinitely in anonymous form.
5. Your rights
Wherever you are in the world, you have the following rights over your personal data on Opiliant:
- Access — request a copy of the data we hold on you.
- Correction — ask us to fix any inaccuracies.
- Deletion — ask us to delete your account and all associated data.
- Portability — request your data in a machine-readable export.
- Withdrawal of consent — withdraw consent for processing at any time by deleting your account.
To exercise any of these rights, email us at the address in the contact section. We respond within seven business days.
6. Security
We protect your data with industry-standard measures: encrypted connections (TLS) for all traffic, encrypted-at-rest storage in Supabase, and strict access controls on production systems. No system is perfectly secure — we will notify affected users within seventy-two hours if a breach affecting personal data occurs.
7. Cookies
We use a minimal set of cookies, all strictly necessary for the service:
- Session cookie — keeps you signed in. Expires when you sign out.
- CSRF protection — prevents cross-site request forgery attacks during sign-in.
- Announcement-bar state — remembers if you dismissed the announcement bar (stored in localStorage, not a cookie).
We do not use third-party advertising or tracking cookies.
8. Children
Opiliant is not directed at children under sixteen and we do not knowingly collect data from them. If you believe a minor has created an account, contact us and we will delete the account immediately.
9. International transfers
Our infrastructure providers (Supabase, OpenAI, Vercel) may process data in regions including the United States and the European Union. We rely on each provider's standard contractual clauses and security commitments for these transfers.
10. Changes to this policy
We update this policy when our practices change. Material changes are communicated by email to your account address and announced on the dashboard at least seven days before they take effect. The effective date at the top of this page reflects the current version.
11. Contact
Data protection enquiries
Email: support@opiliant.com
We respond to data requests within seven business days. For urgent security or breach concerns, mention "security" in the subject line and we will prioritise the reply.