DIYPR (“we”, “our”, “us”) is operated by StartupTalky. This policy describes how we collect, use, and share information when you use our service at diypr.in.
1. What we collect
Account info
Name, email, profile picture (if provided by Google Sign-in), organization name.
Gmail account (only if you connect it)
We request only the gmail.send OAuth scope. This means we can send emails on your behalf (only when you click Send in our app). We cannot read your inbox, list messages, see contacts, or modify any existing email. OAuth tokens are encrypted at rest using AES-256.
Content you create
Press releases, imported contacts, pitch emails, campaign settings.
Usage data
IP address, browser, pages visited, features used, AI token consumption.
Recipient engagement
When a journalist opens an email you sent via DIYPR, we log timestamp, IP, and user-agent. This is visible only to you, the sender.
2. How we use information
- Provide and operate the Service
- Generate AI-powered pitch drafts (via OpenAI and Anthropic — see Section 4)
- Send transactional emails (account, billing, alerts)
- Enforce plan limits
- Improve the Service (aggregated analytics only)
- Comply with law
We do not sell your data, sell your contacts, or train AI on your pitches.
3. The DIYPR Master Journalist Database
We maintain ~10,000 Indian journalists compiled from publicly available sources (bylines, publication sites, public social profiles). This data is read-only for customers. Journalists can request removal by emailing privacy@diypr.in.
4. Third-party processors
OpenAI & Anthropic (AI drafts, USA), Google (Gmail API, USA), AWS Lightsail (hosting, Mumbai region), Razorpay/Stripe (payments). We have data-processing agreements with each. AI providers are not permitted to train on our users' content.
5. Where data is stored
Primary database and backups are in AWS Mumbai (ap-south-1). AI provider servers are in the USA; content is transient for those calls and not retained beyond the API request.
6. Retention
- Account data — until you delete your account
- Campaigns, pitches, contacts — until you delete them
- Tracking events — 2 years, then aggregated
- Audit logs — 7 years
- Billing records — 7 years
After account deletion, data is permanently removed within 30 days; backups within 90 days.
7. Your rights
Access, correct, delete, export, or withdraw consent at any time. Email privacy@diypr.in. We respond within 30 days.
8. Security
TLS 1.3 in transit, AES-256 at rest for sensitive fields, encrypted backups, limited production access. Breaches affecting personal data are notified within 72 hours.
9. Children
DIYPR is not for users under 18. We do not knowingly collect data from children.
10. Changes
Material changes are emailed to registered users. The “Last updated” date is maintained above.
11. Contact
- Privacy: privacy@diypr.in
- Support: support@diypr.in
- Data controller: StartupTalky