Privacy Policy

Myro is a product of Myro Career Intelligence Private Limited, a company incorporated in India with its registered office at Vasant Vihar, West Delhi, Delhi, India (“we”, “us”). Myro is an Intelligence-as-a-Service platform for job seekers, available at himyro.com. We also publish the Myro Job Tracker Chrome extension.

A. Myro Web Platform

• ›Account data: email address and password hash — to create and authenticate your account.
• ›CV data: CV text or file you upload — to extract skills and generate job matches.
• ›Skill data: skills extracted from your CV — to compute your Myro Score and recommend roles.
• ›Job application data: jobs you save, track, or apply to — to power your tracker and diary.
• ›Diary entries: text you write in /diary — to track your progress and build skill evidence.
• ›Usage data: page visits and feature interactions — to maintain service reliability.

B. Myro Job Tracker Chrome Extension

• ›Job page content: when you click “Save”, the extension reads the job title, company, location, description, and URL from the current page. Sent to your Myro account only.
• ›API token: your Myro Bearer token is stored locally in chrome.storage.local to authenticate requests. Never sent to any third party.
• ›No passive collection: the extension does not monitor your browsing, collect web history, or run without your explicit action.

C. Signing in with Google or LinkedIn

• ›What they share: your name, email, and profile picture — plus, for LinkedIn, the public headline you've already published. Nothing private, nothing you haven't already made public.
• ›What we never do: we don't post for you, message your network, or read who you're connected to. If something needs to leave Myro, you tap a button to send it.

• ›To provide and improve Myro services
• ›To compute your Myro Score and job match recommendations
• ›To generate personalised action plans and CV variants
• ›To authenticate you and keep your account secure

We collect and process your personal data only for the specific purposes described in this policy and the purposes for which you have given consent. We do not use your data for any new, unrelated purpose without asking you first. We process your data on the basis of the consent you give when you sign up and use the Service, and, where applicable, for the legitimate uses permitted under the Digital Personal Data Protection Act, 2023.

Infrastructure providers we use:

• ›Supabase — database hosting (EU/US regions)
• ›Railway — backend hosting
• ›Vercel — frontend hosting
• ›OpenRouter / Groq / Google — LLM inference for skill extraction and job ranking. Job description text and CV text may be sent to these providers.

No data is sold or shared with employers, recruiters, or data brokers.

Some of our infrastructure and AI inference providers process data on servers located outside India (for example, in the European Union or the United States). By using the Service you acknowledge that your data may be processed in these locations. We only use providers that we believe apply appropriate safeguards, and we do not transfer personal data to any country or territory restricted by the Government of India.

• ›Account data: retained until you delete your account.
• ›CV data: retained until you delete it or your account.
• ›Extension token: stored locally on your device; cleared when you remove the extension or reset your token in settings.

Under India’s Digital Personal Data Protection Act, 2023, you have the right to access your personal data, correct inaccuracies, request erasure of your data, withdraw consent you have previously given, nominate another person to exercise your rights in the event of death or incapacity, and export your data. Withdrawing consent is as easy as giving it — you can delete your account or revoke data processing at any time from Settings, or by emailing grievance@himyro.com. Withdrawing consent does not affect processing already carried out, and may mean we can no longer provide some or all of the Service.

To raise a concern or complaint about how we handle your data, see our Grievance Redressal section below.

Myro uses session cookies for authentication only. No tracking cookies. No third-party advertising cookies.

Because we use only strictly-necessary authentication cookies and no analytics, advertising, or tracking cookies, no cookie-consent banner is required under the EU ePrivacy Directive or the UK PECR. If we ever introduce non-essential cookies, we will request your consent first.

Data is encrypted in transit (TLS) and at rest. Access is controlled via Row Level Security in Supabase, so each account can only access its own records. Authentication is managed by Supabase; passwords are never stored in plain text. No system is perfectly secure, but if a breach affects your personal data we will notify affected users and the relevant authorities as required by law.

This policy is governed by the laws of India. Where applicable, we process personal data in line with India’s Digital Personal Data Protection Act, 2023. The rights described in Section 06 apply to you regardless of where you are located.

Myro is not directed at children under 13. We do not knowingly collect data from children under 13.

We will update this page when our practices change. Continued use after changes constitutes acceptance. Check the “Last updated” date at the top of this page.

In accordance with the Information Technology Act, 2000 and the rules made under it, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address your concerns about how we handle your personal data or content on the Service.

If you have a complaint — for example, about a request to access, correct, or delete your data, a withdrawal of consent that was not honoured, or any other privacy concern — you may contact:

We will acknowledge your complaint within twenty-four (24) hours of receipt and will resolve it within fifteen (15) days, in line with applicable Indian law. If your complaint concerns content you have asked us to remove, we will act within the timelines required by law.

Questions about this policy? Reach us at: