Privacy

Privacy Policy

Last updated 15 June 2026. Plain language, no boilerplate. If anything is unclear, email me at manikumarjami@gmail.com.

The short version

manikumarjami.com is a personal site. Most of it collects nothing. The Psychology Lab, the Gold & Silver Rates page, and the MAPC exam prep page are the only sections that ask for your email, and only when you opt in. Your data is processed lawfully under the Digital Personal Data Protection Act, 2023 (India), GDPR (EEA), and UK GDPR.

Data Fiduciary (DPDP Act 2023, Section 2(i)): Mani Kumar Jami, Bengaluru, India.
Grievance Officer (DPDP Act 2023, Section 8(9)): Mani Kumar Jami — manikumarjami@gmail.com. Response within 7 working days for any data-related request (access, correction, erasure, consent withdrawal, complaint).
You are the Data Principal — the person whose data is being processed. Your rights are listed in the Your Rights section below.

Zero-storage commitment. As of 18 May 2026 the Labs submission flow does not write your email, name, scores, or any other field to a database. The serverless function that handles the submission validates your input, sends you one results email via Resend, and discards every value. Nothing to delete, because nothing was kept.

What this site collects, and when

Pages that collect nothing

The home page, all section pages (/about, /career, /portfolio, /skills, etc.), the DriveX case study, the blog index, and individual blog posts. Visiting these pages does not store anything about you on a server controlled by me.

The Psychology Lab

Seven self-assessments live at /labs. They behave differently depending on the test:

Wellbeing screener (PHQ-9 + GAD-7)Never gated. Your answers and scores never leave your browser. No email collection. No server call.
Attachment Style (ECR-S)Same. The instrument's license is academic / non-commercial, so this test deliberately stays free of any data pipeline.
Big Five, Career Interest, Student Stress, Cognitive SnapshotHeadline result is free with no signup. The full deep-report unlocks after you enter your email so I can deliver the report. The email is sent once via Resend and nothing is stored on any database I control.

What the unlock submission contains, and what happens to it

When you fill in the unlock form for the four gated tests, this data is sent to /api/submit as a one-shot request:

Your emailUsed once to send you your results email. Discarded after the email is dispatched.
First nameOptional. Only used to personalise the email greeting. Discarded after dispatch.
The test IDe.g. "big-five". Tells the email which per-test interpretive copy to include.
Your scores summaryThe human-readable percentile breakdown shown on your results page (e.g. "Openness: 78th percentile (high)"). Embedded into the email body and discarded after dispatch. Your raw item-by-item answers stay in your browser.
The results URLThe link back to your personal results page, embedded in the email button so you can revisit the deep report.
Newsletter opt-in flagTrue / false based on the checkbox you ticked. If true, the email includes a newsletter subscription confirmation line and a hidden form on the lab page also posts your email to my Substack publication (Substack stores it from that point on). If false, the email is a one-time results delivery and nothing else happens.

The submission handler does not write anything to a database. There is no audit row, no analytics row, no operator notification email. Your data exists in three transient places: the request body Vercel passes to the function (lives milliseconds), Resend's send pipeline (processes the email in transit per Resend's terms), and your own inbox (forever, because that is yours).

One narrow exception: to prevent abuse, the function keeps an ephemeral in-memory map of recent submission counts per IP, keyed on a 16-character SHA-256 hash of the IP. The window is one hour, and the map is wiped whenever Vercel cold-starts the function. The hashed IP is never written to disk and never sent to any third party.

Where the data goes

ResendResend is the transactional email service that delivers your results email. The function passes the email body to Resend and Resend hands it to your mail provider. Resend retains short-term send logs per its own terms. The sending domain is a subdomain I own and have verified (labs.manikumarjami.com). I do not store anything on Resend either. Resend privacy policy.
SubstackIf you ticked the newsletter checkbox, your email is also posted to my Substack publication "Thought Mechanic" via a hidden form on the lab page. Substack sends its own confirmation email and hosts the subscription from that point on. You can unsubscribe via the link in any newsletter email or in the results email. Substack privacy policy.
VercelThe site is hosted on Vercel. Vercel processes server logs (IP, User-Agent, path, timing) for hosting and abuse prevention, with a 4-week retention. These logs are tied to requests, not to identities, but they do exist while the retention window holds. Vercel privacy policy.

What stays in your browser only

The Psychology Lab uses your browser's localStorage for one thing only: saving your in-progress quiz answers so you can close the tab and resume later. Those keys are cleared automatically when you finish a test. The unlock state and your email are not stored on your device. Each visit requires a fresh email submission to unlock the deep report. Old keys from before 18 May 2026 are removed automatically the next time you open the lab.

Gold & Silver Alerts (gold-rates page)

The Gold & Silver Rates page has one optional email collection: the price alert subscribe form. It is the only place on this page that collects personal data, and only if you choose to subscribe.

Lawful basis (DPDP Act 2023 / GDPR): your explicit, freely-given consent via the checkbox at point of collection. We do not pre-tick the box, we do not let the form submit without it, and we record the consent text, timestamp, source URL, and a hashed IP at the moment you tick it, so we can prove your consent if ever asked.

What we store, and where:

Your email addressStored in our Brevo contact list ("Gold & Silver Alerts"). Brevo is an EU-based ESP under GDPR. Used only to send alert emails when gold or silver moves more than 5% in a day vs the previous day's national average. We never share your email with any third party for marketing, never sell or rent it, and never use it for unrelated promotions.
Consent metadataTimestamp of consent, the consent text you agreed to, the page URL where you signed up, and a one-way SHA-256 hash of your IP address (truncated to 16 hex chars, sufficient to prove uniqueness, insufficient to re-identify). Stored as Brevo contact attributes alongside your email.

How to unsubscribe (one-click, fool-proof):

Every alert email and the welcome email contain a one-click unsubscribe link. Clicking it instantly removes you from the alerts list and blacklists your email at Brevo so no future list could accidentally re-add you.
Gmail and Outlook also surface a native "Unsubscribe" button at the top of every email we send (per RFC 8058, we include the List-Unsubscribe and List-Unsubscribe-Post: One-Click headers).
If neither works, email manikumarjami@gmail.com with the subject "unsubscribe gold alerts" and we will remove you within 1 working day.

Retention: we keep your email and consent metadata in Brevo for as long as you are subscribed. When you unsubscribe, the contact is removed from the alerts list and blacklisted. Brevo's own retention policy applies for any residual logs on their side, see Brevo privacy policy.

The rate data itself is not personalised. Looking at rates does not require an account, an email, or a cookie. The page loads the same rates for everyone.

MAPC Exam Prep (mapc page)

The MAPC exam prep page collects an email when you submit the lock-unlock form to receive subject-wise answer guides (PDFs).

Lawful basis (DPDP Act 2023 / GDPR): your explicit, freely-given consent via the checkbox at point of collection. The submit button is gated on the checkbox; the form will not submit without it.

What we store, and where:

Your email addressUsed to (a) send you the requested PDF via a one-time HMAC-signed download link, and (b) add you to the "Thought Mechanic" Substack newsletter list. The transactional email is sent via Resend (primary) or Brevo (fallback). If both delivery providers fail, your request is queued on a private GitHub Gist and retried within 24 hours, then deleted from the queue.
The PDF requestedTells us which subject/paper guide to deliver. Not linked to your identity beyond the single transactional send.
Newsletter consent flagTrue/false based on the checkbox you ticked.

Retention & unsubscribe: the Substack subscription persists until you unsubscribe via the link in any newsletter email. Resend/Brevo retain short-term send logs per their own terms. There is no database on our side that stores your email after the send completes.

Cookies and analytics

I use Vercel Analytics, Vercel Speed Insights, and PostHog (EU region) to count page views, measure load performance, and understand site usage. Vercel Analytics is configured for anonymous, cookieless tracking. PostHog uses localStorage + a first-party cookie to maintain anonymous session continuity but does not link your browsing to your real identity (no email, no name). Vercel Analytics privacy · PostHog privacy.

Advertising

This site does not serve third-party advertisements. No AdSense, no ad networks, no banner ads anywhere. Revenue comes from the Substack newsletter, Topmate coaching sessions, and consulting engagements, none of which require placing trackers on this site.

Retention

I do not retain Lab submission data on my own systems. The submission handler does not write to a database. The only persistence is:

Your inboxThe results email is yours forever, unless you delete it.
Substack subscriptionIf you opted in, Substack hosts the subscription per Substack's retention policy. Unsubscribe via any newsletter email or via the link in the results email.
Vercel logs4-week retention of server logs (IP, User-Agent, path, timing). Tied to requests, not identities.
Resend send logsShort-term retention per Resend's terms.

If you want any of the above removed, contact the respective service directly, or email me at manikumarjami@gmail.com and I will help.

Cross-border data transfer

Some of the third-party processors we use are based outside India:

Vercel (United States)hosting + edge functions + 4-week server logs
Resend (United States)transactional email delivery (primary)
Substack (United States)newsletter hosting (only if you opt in)
Google AdSense (United States & global)ad serving on /gold-rates and /mapc only
Brevo (European Union, France)Gold & Silver alerts list + MAPC delivery fallback
PostHog (European Union, Germany)privacy-respecting product analytics

Each provider is bound by their own privacy policy (linked throughout this page). Under the DPDP Act 2023, India recognises cross-border transfers to jurisdictions that have not been restricted by the Central Government, and as of the date of this policy, none of the above jurisdictions are restricted. Under GDPR / UK GDPR, transfers to the US rely on the EU–US Data Privacy Framework and Standard Contractual Clauses where applicable.

Your rights

Under the DPDP Act 2023 (India) and GDPR / UK GDPR (EEA / UK), you have the following rights over your personal data. To exercise any of them, email the Grievance Officer at manikumarjami@gmail.com — response within 7 working days.

Right to accessAsk what personal data we hold about you. Because we do not maintain a self-hosted database, this usually means we will tell you what we sent to Brevo / Substack / Resend on your behalf and how to query those providers directly.
Right to correctionAsk us to correct any inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten")Ask us to delete your personal data. We will remove you from any list we control (Brevo gold/silver alerts list) and instruct downstream processors (Substack, Resend) to delete what they hold.
Right to withdraw consentYou can withdraw consent at any time, instantly and free of cost. The one-click unsubscribe link in every email is the fastest path. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to data portability (GDPR)Receive a copy of the personal data you have provided to us in a structured, commonly-used format.
Right to object / restrict processing (GDPR)Object to or restrict our processing of your personal data.
Right to nominate (DPDP Act, Section 14)Nominate another individual to exercise your rights on your behalf in the event of death or incapacity.
Right to grievance redressal (DPDP Act, Section 13)Raise a grievance with the Grievance Officer above. If unresolved, escalate to the Data Protection Board of India.

Children's data

This site and all its sub-apps (Psychology Lab, Gold & Silver Rates, MAPC exam prep, blog) are intended for users aged 18 and above.

Under the DPDP Act 2023, Section 9, we do not knowingly collect personal data from any individual under the age of 18 without the verifiable consent of a parent or lawful guardian. We do not engage in tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child has submitted personal data on this site, email manikumarjami@gmail.com immediately and we will delete the data within 24 hours.

The Wellbeing screener (PHQ-9 + GAD-7) is a clinical-grade screening tool and should be used only with adult judgement or under professional guidance.

Disclaimers

The Psychology Lab provides self-reflection tools, not clinical diagnoses. None of the assessments here are a substitute for a licensed mental-health professional. If you are in crisis, please contact a helpline: KIRAN 1800-599-0019 (India, 24/7), Vandrevala 1860-2662-345 (India, 24/7), AASRA +91-9820466726 (India, 24/7), or your local emergency services.

Updates to this policy

If I change anything substantive on this page I will update the "Last updated" date at the top. I will not silently change what data is collected or how it is used.

Contact

Email manikumarjami@gmail.com for any privacy question, deletion request, or correction.