DDIYPR

Privacy Policy

DIYPR by StartupTalky · Last updated 2026-04-24

DIYPR (“we”, “our”, “us”) is operated by StartupTalky. This policy describes how we collect, use, and share information when you use our service at diypr.in.

1. What we collect

Account info

Name, email, profile picture (if provided by Google Sign-in), organization name.

Gmail account (only if you connect it)

We request only the gmail.send OAuth scope. This means we can send emails on your behalf (only when you click Send in our app). We cannot read your inbox, list messages, see contacts, or modify any existing email. OAuth tokens are encrypted at rest using AES-256.

Content you create

Press releases, imported contacts, pitch emails, campaign settings.

Usage data

IP address, browser, pages visited, features used, AI token consumption.

Recipient engagement

When a journalist opens an email you sent via DIYPR, we log timestamp, IP, and user-agent. This is visible only to you, the sender.

2. How we use information

  • Provide and operate the Service
  • Generate AI-powered pitch drafts (via OpenAI and Anthropic — see Section 4)
  • Send transactional emails (account, billing, alerts)
  • Enforce plan limits
  • Improve the Service (aggregated analytics only)
  • Comply with law

We do not sell your data, sell your contacts, or train AI on your pitches.

3. The DIYPR Master Journalist Database

We maintain ~10,000 Indian journalists compiled from publicly available sources (bylines, publication sites, public social profiles). This data is read-only for customers. Journalists can request removal by emailing privacy@diypr.in.

4. Third-party processors

OpenAI & Anthropic (AI drafts, USA), Google (Gmail API, USA), AWS Lightsail (hosting, Mumbai region), Razorpay/Stripe (payments). We have data-processing agreements with each. AI providers are not permitted to train on our users' content.

5. Where data is stored

Primary database and backups are in AWS Mumbai (ap-south-1). AI provider servers are in the USA; content is transient for those calls and not retained beyond the API request.

6. Retention

  • Account data — until you delete your account
  • Campaigns, pitches, contacts — until you delete them
  • Tracking events — 2 years, then aggregated
  • Audit logs — 7 years
  • Billing records — 7 years

After account deletion, data is permanently removed within 30 days; backups within 90 days.

7. Your rights under the DPDP Act 2023

The Digital Personal Data Protection Act 2023 (India) grants you the rights to access, correct, and erase your personal data. You may exercise these rights at any time:

  • Download your data or delete your account directly from your data-rights page (sign-in required).
  • Email privacy@diypr.in for any request we cannot fulfill through self-service. We respond within 30 days.
  • Grievance Officer: Shubham Kumar, StartupTalky — privacy@diypr.in. You may also lodge a complaint with the Data Protection Board of India once constituted.

8. Security

TLS 1.3 in transit, AES-256 at rest for sensitive fields, encrypted backups, limited production access. Breaches affecting personal data are notified within 72 hours.

9. Children

DIYPR is not for users under 18. We do not knowingly collect data from children.

10. Changes

Material changes are emailed to registered users. The “Last updated” date is maintained above.

11. Contact