Privacy Policy

OfferLens is a personal project operated by Riyansh Pal, based in India. It is not a registered company. Contact: riyansh2502@gmail.com or via LinkedIn.

Only what is needed to make the product work. Specifically:

• Account identity. Sign-in is via Google only. We receive your name, email address, and Google profile picture URL. We never see or store your Google password.
• Sign-in telemetry. Timestamp of your last sign-in and a count of how many times you have signed in. Used only to understand product activity (admin dashboard).
• Offer details you enter. Company, role, base salary, bonus, equity grants, sign-on bonus, benefits, and work mode. This data is the product.
• Comparisons and AI insights you generate. The scored comparison snapshot and any AI-generated verdict / trade-off / negotiation text linked to it.
• Your “current role” if you set one, so it can baseline future comparisons.

We do not collect: phone number, address, payment info, biometric data, or device fingerprinting. There are no third-party advertising trackers on this site.

To produce comparisons and AI verdicts, certain data leaves our server. Here is the full list — nothing else is shared:

• Azure OpenAI (Microsoft). When you click “Generate AI verdict”, the comparison snapshot (compensation numbers, weights, normalized scores, and company names) is sent to Azure OpenAI for analysis. Microsoft’s commercial Azure OpenAI service does not use customer data to train its models. Your name and email are never included in the prompt.
• Google Gemini (Google). Used only to fetch public Indeed ratings for the catalog of companies. The company name is sent — never any user-specific data.
• Public APIs (no auth). Yahoo Finance (stock prices), Reddit (sentiment), Hacker News (sentiment), and an FX rates feed. Only the company name or ticker symbol is sent.
• Authentication providers. If you sign in with Google, Google sees that you used it to access this site (standard OAuth). We do not share anything else with Google.

We do not sell, rent, or trade your data. We do not run marketing or ad tracking pixels.

Your account, offers, and comparisons are stored in an Azure Database for PostgreSQL Flexible Server hosted in East Asia. The web application runs on Azure Static Web Apps, also in Asia. Connections are encrypted in transit (TLS) and the database requires SSL.

As long as your account exists. If you delete your account (email us — see contact below), we delete your user row, which cascades to: all your offers, all your comparisons, all your saved AI insights, your weight profile presets, and your sign-in telemetry. The catalog of public companies you compared against is shared across users and is not deleted.

As a Data Principal under India’s Digital Personal Data Protection Act, 2023, you can:

• Ask what personal data we hold about you
• Ask us to correct any inaccurate personal data
• Ask us to delete your account and all associated data
• Withdraw consent at any time (which means deleting your account)
• Lodge a complaint with the Data Protection Board of India

To exercise any of these, email riyansh2502@gmail.com. We will respond within 30 days.

We set exactly one cookie: a secure, httpOnly session cookie issued by Auth.js (NextAuth) when you sign in. It contains your signed session token and lasts 7 days. We do not use analytics cookies or third-party cookies. We do keep an anonymous, server-side counter of how many times each page is rendered (no IP, no cookie, no user-agent retained) so we can report aggregate traffic to potential sponsors.

Best-effort: HTTPS everywhere, SSL-required Postgres, and Google OAuth for sign-in (we never handle your password). We are not a regulated financial or healthcare service; you should not enter information you would not be comfortable losing in a worst-case breach. If you discover a vulnerability, please report it to riyansh2502@gmail.com before disclosing publicly.

The service is intended for working adults evaluating job offers. We do not knowingly collect data from anyone under 18. If you believe a child has signed up, please email us and we will delete the account.

If we make a material change (e.g. start collecting a new field, add a new third-party processor), we will update the “last updated” date at the top of this page. For significant changes, signed-in users will see a notice on the dashboard the next time they visit.