Rezizz ("we", "us", or "our") operates NeoGuru, a SaaS platform available at neo-guru.com. This Privacy Policy explains how we collect, use, protect, and share information about you.
Important distinctions:
Coaches are subscription customers who use NeoGuru to manage their coaching practice, clients, schedules, and payments.
Clients are end-users invited by their Coach to participate in coaching sessions, journaling, goal-setting, and community features.
Important: Rezizz provides software tools only. We do NOT provide coaching, counselling, therapy, medical advice, or mental health treatment. If you or anyone else is in crisis, please contact emergency services (112 in India).
Age requirement: NeoGuru is restricted to users 18 years of age and older.
2. How We Obtain Consent
We collect personal information only with your explicit consent. Your consent is:
Explicit: You actively agree (e.g., by signing up, ticking consent boxes, clicking "Accept").
Purpose-specific: You know what data we're collecting and why. We don't collect data beyond what's needed for the stated purpose.
Freely given: You can withdraw consent at any time by emailing us at hello@rezizz.com.
For couple coaching: Both partners must provide explicit consent to share couple coaching notes, goals, and session records.
Important for Coaches: Under the Digital Personal Data Protection Act 2023 (DPDP Act), your clients' data is YOUR responsibility. You must obtain your own clients' consent, maintain your own privacy policy, and ensure lawful processing. Rezizz is your Data Processor — see Section 11.
3. Information We Collect
3.1 Account Data
When you create a NeoGuru account, we collect:
Full name
Email address
Phone number
Password (stored as a bcrypt hash — we never see your plain password)
Profile avatar/photo
City/location
Theme preference (light/dark mode)
3.2 Coach Professional Data
If you register as a Coach, we also collect:
Specializations (e.g., marriage coaching, parenting, career)
Years of experience
Professional bio
Practice name
UPI ID (for payment collection — stored encrypted)
3.3 Coaching & Client Data (Sensitive)
Coaches and Clients create sensitive information on NeoGuru:
Coaching type: Marriage, parenting, career, general, or other specializations
Session notes: Coaching notes, progress summaries, action items created by the Coach
Journal entries: Client reflections, thoughts, and personal insights (content + mood rating)
Goals & Tasks: Life goals, coaching tasks, accountability items
Coach private notes: Coaches can write private observations about each client. These notes are NEVER visible to clients but are stored on our servers.
Partner info (couple coaching): For clients in couple coaching, we store information about their partner (name, relationship role, consent status)
3.4 Payment Data
When Coaches and Clients make payments:
Subscription plans, amounts, and due dates
Payment method (UPI, bank transfer, card — via Razorpay/Instamojo)
UTR references (Unique Transaction Reference) and payment proofs
Invoices and billing history
We do NOT store: Full credit card numbers, CVV codes, bank account numbers, UPI credentials, or passwords for payment systems. All payments are processed by certified third-party payment processors (Razorpay, Instamojo). These processors are PCI-DSS compliant and operate their own secure payment infrastructure.
3.5 Communication Data
Messages and communications on NeoGuru:
Private messages between Coach and Client (stored on our servers)
Group chat messages
Important: Messages marked "private" by coaches are for UI organization only. They are NOT end-to-end encrypted and are stored on NeoGuru servers in plain text.
All files are stored with private signed URLs (valid for 1 hour)
3.7 Technical Data
We automatically collect technical information:
Error logs: When the app encounters an error, we collect your user ID, error message, browser information, and the page URL where the error occurred. Error logs are retained for 30 days.
AI-generated summaries: If you use Zoom integration, NeoGuru may use AI services (Anthropic Claude API) to generate meeting summaries and insights. Data processed by Claude is used solely to provide these features and is not used to train or improve AI models, in accordance with Anthropic's commercial API policies. Data is encrypted in transit and subject to Anthropic's 30-day safety retention policy.
Device type, browser, operating system
IP address (via server logs, retained for security purposes)
3.8 Analytics
We use third-party analytics services:
Vercel Analytics: Collects page views, performance metrics, and user interactions (no PII)
Sentry (error monitoring): Collects error stack traces and browser context (with user ID for correlation)
Communications: Sending transactional emails via Resend (account notifications, meeting confirmations, security alerts, and reminders — limited to essential communications only), push notifications, account recovery
Error monitoring: Identifying bugs and improving platform stability
Analytics: Understanding how users interact with the platform, identifying feature usage patterns
AI-powered features: Certain features use Anthropic's Claude API to generate summaries and insights from meeting data and user inputs. Data shared with Claude is processed solely to provide these features and is not used to train or improve AI models. See Section 5 for sub-processor details.
Legal compliance: Meeting regulatory requirements, responding to legal requests
What we do NOT do: We do not sell, share, or license your data to advertisers. We do not create user profiles for advertising or marketing purposes. We do not use coaching content, journal entries, or personal notes for any purpose other than supporting your coaching relationship.
5. Information Sharing & Third Parties
We share your information with trusted sub-processors that help us operate NeoGuru. All sub-processors are contractually bound to protect your data.
Sub-Processors:
Service
Purpose
Location
Supabase
Database, authentication, file storage
Singapore
Vercel
Hosting, CDN, deployment
Global
Razorpay
Payment processing (UPI, cards)
India
Instamojo
Payment processing (UPI, bank transfer)
India
Zoom
Video conferencing, meeting summaries
United States
Google (Calendar, Meet)
Calendar integration, video meetings
United States
Resend
Email delivery (transactional)
United States
Anthropic (Claude API)
AI-powered meeting summaries and insights
United States
Sentry
Error monitoring
United States
Google API Services User Data Policy
NeoGuru's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide or improve user-facing features (calendar management, scheduling, and meeting links initiated by the user). We do not transfer or sell Google user data to third parties, except as necessary to provide and improve our services or as required by law. We do not use Google user data to train machine learning models.
Zoom Integration Data
Zoom integration is used to enable video conferencing and, where applicable, meeting summaries. We access only the data requested during your Zoom consent flow. You can disconnect the Zoom integration at any time via NeoGuru Settings. Upon disconnection, we will stop fetching data from your Zoom account. Associated meeting metadata will be deleted within 30 days in accordance with our Data Retention policy (Section 9), unless otherwise required for your coaching records.
Google Calendar & Meet Data
Google integrations are used to allow users to view, create, and manage calendar events and associated meeting links (including Google Meet). We access only the data necessary for scheduling and managing meetings initiated by the user — specifically: calendar event read/write access for the user's primary calendar.
Cross-border transfers: These sub-processors may store or process data outside India. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws. Transfers comply with DPDP Act Section 23 (lawful purpose, legitimate interest, contract performance, legal obligation, explicit consent).
Notification of changes: If we add, remove, or change a sub-processor, we will provide 30-day notice via email and in-app notification.
6. Data Storage & Security
We implement reasonable technical and organizational measures to protect your data:
Password hashing: Passwords are hashed using bcryptjs (never stored in plain text)
Encryption in transit: All communication uses TLS 1.2 or higher
Encryption at rest: Sensitive values (auth tokens, payment secrets) are encrypted with AES-256-GCM
Rate limiting: We rate-limit API endpoints to prevent abuse
Access control: Role-based access (Admin, Coach, Client). Data is scoped to users
Signed URLs: File downloads use signed URLs with 1-hour expiry
Important: No system is 100% secure. While we take security seriously, we cannot guarantee absolute protection against all threats. If you have concerns about your data security, please contact us immediately.
7. Cookies & Tracking
We use minimal cookies:
Session JWT cookie (essential): Stores your login token so you stay signed in
OAuth nonce cookies (essential, temporary): Used during login with external providers (Google, etc.)
localStorage: Stores your push notification preference only (no tracking)
Vercel Analytics: No PII, no user tracking. Only aggregated page view and performance data.
No advertising cookies: We do not place or use cookies for advertising purposes
Most browsers allow you to control cookies via settings. Disabling essential cookies may break login functionality.
8. Your Rights (DPDP Act 2023)
Under the Digital Personal Data Protection Act 2023, you have the following rights:
Right to access: Request a copy of your personal data. We'll respond within 30 days.
Right to correction: Request correction of inaccurate data.
Right to erasure ("right to be forgotten"): Request deletion of your data. We delete account data within 30 days and purge from backups within 90 days.
Right to data portability: Request your data in a portable format (CSV/JSON) within 15 days.
Right to grievance redressal: Lodge a complaint with our Data Protection Officer.
Right of nomination: Nominate a person to access your data in the event of death or incapacity.
Right to withdraw consent: You can withdraw consent at any time. This does not affect processing done before withdrawal.
To exercise any of these rights, you may initiate account and data deletion directly within the application via Settings → Danger Zone, or email hello@rezizz.com.
9. Data Retention
We retain data only as long as necessary:
Account data: Retained until you request deletion. Then deleted within 30 days, purged from backups within 90 days.
Error logs: Retained for 30 days for debugging purposes.
Password reset tokens: Retained for 1 hour, then deleted.
OAuth tokens: Retained until you disconnect the integrated service.
Backups: We maintain backups for disaster recovery. Deleted data is purged from backups within 90 days.
Tax/legal records: Retained up to 7 years for accounting and legal compliance.
Dispute records: Retained up to 2 years to resolve payment or service disputes.
10. Data Breach Notification
In the unlikely event of a data breach involving personal data, we will:
Notify the Data Protection Board of India within 72 hours (as required by DPDP Act)
Notify affected users within 30 days via email and in-app notification with details of the breach and remedial actions
Document the breach and implement corrective measures to prevent recurrence
11. Coach Data Processing (Important)
Critical: Coaches are "Data Fiduciaries" under the DPDP Act 2023. Rezizz is a "Data Processor" providing software tools.
Coaches must:
Obtain explicit written consent from each client before processing their data on NeoGuru
Maintain your own privacy policy disclosing how you collect and process client data
Respond to client data requests (access, correction, deletion) within 30 days
Be responsible for any data breaches you cause or enable (e.g., sharing client data inappropriately)
Ensure clients understand they are sharing sensitive information with you, not Rezizz
Rezizz's role: We provide the technical platform, maintain security, comply with this Privacy Policy, respond to legal requests, and support your compliance. A Data Processing Agreement (DPA) is available upon request at hello@rezizz.com.
12. Children's Privacy
NeoGuru is restricted to users 18 years and older. We do not knowingly collect data from minors.
For couple/family coaching with minors: If a Coach invites a minor client to NeoGuru for family coaching, the Coach must obtain parental or guardian consent per DPDP Act Section 12. Rezizz is not responsible for verifying minor consent — this is the Coach's responsibility.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. For material changes, we will provide 30-day notice via:
Email notification to your registered address
In-app notification
Updated posting on the website
Your continued use of NeoGuru after changes constitutes acceptance of the updated policy.
14. Significant Data Fiduciary Status
Currently, Rezizz is not notified as a "Significant Data Fiduciary" (SDF) under DPDP Act. If we are notified as an SDF in the future, we will:
Appoint a Data Protection Officer (DPO)
Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing
Undergo regular security and compliance audits
Maintain detailed records of processing activities
15. Contact Us
Questions about our Privacy Policy?
Data Protection Officer: Email: hello@rezizz.com
Rezizz (a partnership firm) Coimbatore, India
Response times: We acknowledge receipt within 48 hours and aim to resolve data requests within 30 days.
Escalation: If you are not satisfied with our response, you can file a complaint with the Data Protection Board of India.