← Home

Privacy Policy

Last updated: June 2026

This Privacy Policy describes how Lytmus (“we”, “us”, or “our”), operated by Anuj Menta, collects, uses, stores, and protects information about you when you use our service at lytmus.com(“Service”). By using the Service you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you sign up, we collect basic account information via Supabase Authentication. This includes your email address and, if you sign in using an OAuth provider such as Google, an OAuth access token and your name or profile picture as shared by that provider. We never receive or store your OAuth provider password.

User-Generated Content

The core of Lytmus is the data you create. This includes:

  • Applications — company names, roles, levels, locations, statuses, and dates
  • Interview rounds — round kind, date, interviewer details, outcome, and notes
  • Questions — interview question text, your approach, solution notes, confidence ratings, and tags
  • Notes and attachments — free-text notes and files you upload related to applications or rounds

This content is stored in your private account and is not shared with other users or third parties, except as described in this policy.

Usage Data

We collect anonymized usage analytics via PostHog to understand how users interact with the Service — for example, which features are used most often and where users encounter friction. This data includes page views, click events, and general session metadata (browser type, OS, approximate country). We do not use this data to build individual profiles or serve advertising.

Payment Data

If you subscribe to a paid plan, payment processing is handled by Razorpay. We do not store your card number, CVV, or full banking details on our servers. Razorpay provides us with a transaction ID, payment status, and the subscription plan details needed to grant you access to paid features. Razorpay is PCI-DSS compliant and their privacy practices are governed by the Razorpay Privacy Policy.

Log Data

Like most web services, our infrastructure (hosted on Vercel) automatically collects server-side logs including IP addresses, request timestamps, and HTTP status codes. These logs are used for security, debugging, and abuse prevention, and are retained for a short period consistent with Vercel's standard retention policies.

2. How We Use Your Information

  • To provide the Service — storing and serving your application data, generating your analytics dashboard, and sending account-related emails (e.g. password reset)
  • To improve the Service — using aggregated, anonymized PostHog analytics to understand usage patterns and prioritize feature development
  • To process payments — passing subscription requests to Razorpay, recording payment status in your profile, and managing billing cycles
  • To communicate with you — responding to support requests and sending important service notices
  • To prevent abuse — monitoring for unusual activity and enforcing our Terms of Service

We do not sell your personal data. We do not use your data to serve third-party advertising.

3. Data Storage and Security

Your account data and user-generated content are stored in a Supabase PostgreSQL database. Supabase is hosted on Amazon Web Services (AWS) in a region within the United States. All data is encrypted at rest and in transit (TLS). Supabase enforces Row-Level Security (RLS) policies so that each user can only access their own records.

File attachments you upload are stored in Supabase Storage with per-user path isolation. Access is authenticated and not publicly guessable.

While we take reasonable technical and organisational measures to protect your data, no system is perfectly secure. Please keep your login credentials confidential and notify us immediately if you suspect unauthorized access to your account.

4. Third-Party Services

We share data with the following third-party providers to operate the Service:

  • Supabase — database, authentication, and file storage. Data is processed under their Privacy Policy.
  • Razorpay — payment processing for Plus and Pro subscriptions. Data is processed under their Privacy Policy.
  • PostHog — product analytics. Anonymized usage events are sent to PostHog. Data is processed under their Privacy Policy. You can opt out by enabling “Do Not Track” in your browser.
  • Vercel — web hosting and edge delivery. Request logs are handled under their Privacy Policy.

We do not sell or rent your personal data to any other third parties.

5. Cookies

Lytmus uses the following categories of cookies and local storage:

  • Authentication cookies — set by Supabase to maintain your logged-in session. These are strictly necessary for the Service to function and cannot be opted out of while you are signed in.
  • Analytics cookies— set by PostHog to distinguish unique sessions and measure engagement. These are first-party cookies (set under the lytmus.com domain). You can block them via your browser's cookie settings or a browser extension such as uBlock Origin.

We do not use third-party advertising cookies.

6. Your Rights

You have the following rights with respect to your personal data. To exercise any of them, email anujmenta@gmail.com:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your account and associated data
  • Export — request an export of your application and question data in a machine-readable format
  • Objection — object to any processing of your data that you believe is not justified

You can also delete your account directly from the Settings page within the app, which will initiate the deletion process.

7. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal data and user-generated content from our active systems within 30 days of the request. Payment records (transaction IDs, subscription history) may be retained for up to 7 years as required by applicable Indian financial and tax regulations.

Anonymized, aggregated analytics data (PostHog events stripped of any user identifiers) may be retained indefinitely for product improvement purposes.

8. Children's Privacy

Lytmus is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will promptly delete it.

9. International Users

Lytmus is operated from India. If you access the Service from outside India, your data may be transferred to and processed in countries whose data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and notify you by email or in-app notice. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at anujmenta@gmail.com. We aim to respond within 5 business days.

Questions about this policy?

anujmenta@gmail.com