This Privacy Policy explains how Inturno ("we", "us", "our") collects, uses, and safeguards information when you visit inturno-in.lovable.app (the "Service"). This page is maintained by the Inturno team to answer common privacy questions about the Service.
1. Who we are
Inturno is an independent aggregator that surfaces verified internship listings published on the official career pages of third-party employers. We are not a recruiter, staffing agency, or employer of record. We do not charge candidates a fee at any stage.
2. Information we collect
- Account data — when you sign in (e.g. with Google), we receive your email, name, and a unique identifier from the auth provider.
- Usage data — standard server and browser logs (IP, user-agent, pages visited, timestamps) used to keep the Service reliable and secure.
- Cookies — strictly-necessary cookies for authentication and session management. We do not use third-party advertising or cross-site tracking cookies.
- Publicly available listing data — internship details (title, stipend, location, description, apply link) fetched from each employer's own careers page or applicant-tracking system. No candidate data is collected through the apply link — clicking it takes you to the employer directly.
3. How we use information
- To operate, secure, and improve the Service.
- To authenticate admin users and enforce role-based access.
- To diagnose errors and prevent abuse.
- To comply with applicable law and respond to lawful requests.
We do not sell your personal information. We do not share it with advertisers.
4. Legal bases (GDPR/DPDP)
Where applicable, we rely on (a) your consent for optional features, (b) legitimate interests for security and product analytics, and (c) legal obligation for compliance. For Indian users, we process personal data in line with the Digital Personal Data Protection Act, 2023 (DPDP).
5. Data retention
Account data is retained while your account is active and for a reasonable period thereafter. Server logs are retained for up to 90 days unless required longer for security or legal reasons. You can request deletion at any time (see Section 8).
6. Sub-processors & infrastructure
- Lovable Cloud — hosting, database, authentication, edge compute.
- Google — OAuth sign-in (only if you choose Google sign-in).
- Public applicant-tracking systems (Lever, Greenhouse, etc.) — read-only fetches of public job postings. No personal data is sent.
7. Security
We use industry-standard safeguards including HTTPS in transit, encrypted storage, Row-Level Security policies on every database table, and least-privilege access for admin functions. No system is perfectly secure; please report any suspected vulnerability to the contact below.
8. Your rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or withdrawal of consent for your personal data. Contact us at the address in Section 11 and we will respond within 30 days.
9. Children
The Service is intended for users aged 16 and above. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top of this page.
11. Contact
Questions or requests? Send us a message via our contact form.