Privacy Policy

1. Who We Are — Data Fiduciary Identity

Techotlist Connects LLP is the Data Fiduciary under the DPDP Act, 2023. As Data Fiduciary, we determine the purposes and means of processing your Personal Data and are responsible for compliance with applicable data protection laws.

• Name of Data Fiduciary: Techotlist Connects LLP
• Registered Address: Flat No 102, First Floor of Fortune Chambers, Image Garden Road, Madhapur, Hyderabad, Shaikpet, Telangana, India, 500081
• Data Privacy Contact Email: support@techotlist.com
• Grievance Officer: Phani, +91 - 9705675599
• Data Rights Portal: https://techotlist.com/privacy-policy
• Data Protection Board Complaint Portal: Email to support@techotlist.com

2. Scope of This Policy

This Privacy Policy applies to all individuals who access or use the Techotlist Platform, including:

• Jobseekers — individuals seeking employment opportunities via the Platform.
• Bench Sales Marketers — professionals representing candidates for IT staffing placements.
• Recruiters — professionals or companies posting job requirements and searching for candidates.

This Policy applies to Personal Data collected through the Platform, our website, email communications, chat interface, and any other digital interaction you have with us.

3. Legal Basis for Processing

Under the DPDP Act, 2023, consent is the primary legal basis for processing Personal Data. We process your Personal Data on the basis of your free, specific, informed, unconditional, and unambiguous consent, which you provide when you register and use the Platform.

Where applicable, we may also process Personal Data without explicit consent where: (a) you have voluntarily provided data and have not indicated non-consent to its processing; or (b) processing is required for compliance with applicable law or legal proceedings.

4. Personal Data We Collect — By User Type

We collect only the minimum Personal Data necessary for the specified purposes (data minimisation).

We do not collect sensitive personal data (such as biometric data, health data, financial data beyond payment processing, or caste/religion data) and have no intention of doing so.

5. How We Use Your Personal Data

5.1 Jobseeker Data

• Account Authentication: We use your email address to create and manage your account, verify your identity, and allow you to log in securely to the Platform.
• Platform Communications: We use your email address and phone number to send you job match notifications, application status updates, system alerts, and Platform announcements.
• Job Matching and Candidate Submissions: Your resume and skills information is made visible to Recruiters and Bench Sales Marketers on the Platform to facilitate job placements.
• Platform Operations and Security: We use your usage data, login timestamps, and IP address for security monitoring, fraud detection, and Platform performance optimization.
• Payment Processing (Future): When payment features are launched, your payment information will be used solely to process subscription or service fee transactions via a PCI DSS-compliant third-party processor. Techotlist Connects LLP will not directly store raw credit card numbers, CVVs, or full card data.

5.2 Bench Sales Marketer and Recruiter Data

• Account Authentication and Access Control: Your Company Email ID is used exclusively to create your account, verify your employment status, and control Platform access in accordance with our Company Email ID policy.
• Platform Operations and Security: Usage data, login timestamps, and IP addresses are used for security monitoring, fraud detection, and Platform performance.

We will not use your Personal Data for any purpose other than those specified above without obtaining fresh, explicit consent from you.

6. How We Share Your Personal Data

Techotlist Connects LLP does not sell your Personal Data. We share Personal Data only in the following circumstances:

• With Other Platform Users: Jobseeker profile information (resume, skills, job preferences) is visible to authenticated Recruiters and Bench Sales Marketers on the Platform for the purpose of job matching and placements. This is the core function of the Platform and you consent to this sharing upon registration.
• With Third-Party Service Providers (Data Processors): We engage trusted third-party providers to support Platform operations, including cloud hosting providers, email delivery services, analytics services, and AI processing tools. These providers process Personal Data only on our instructions and are contractually bound to implement equivalent security safeguards. They may not use your data for their own purposes.
• With Payment Processors (Future): When payment functionality is launched, payment data will be shared with our PCI DSS-certified third-party payment processor. Techotlist Connects LLP will not have direct access to or store raw credit card data.
• Legal and Regulatory Disclosure: We may disclose Personal Data if required to do so by applicable law, court order, government request, or to comply with our legal obligations, including reporting to the Data Protection Board of India.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, Personal Data may be transferred to the acquiring entity. You will be notified of such transfer via the Platform or your registered email address.

We do not share Personal Data with advertisers, marketing companies, or any third parties for their commercial purposes.

7. Company Email ID Policy and Data Protection

All Bench Sales Marketers and Recruiters must register and log in using a Company Email ID issued by their current employer. Personal email accounts on public domains (Gmail, Yahoo, Hotmail, Zoho, iCloud, Outlook.com, etc.) are strictly prohibited.

This requirement protects corporate data integrity. The data associated with your account — including job postings, hotlists, and messages — is linked to your employer's email domain, not to you personally.

Upon change of employment and deactivation of your prior Company Email ID:

• Job postings, hotlists, and all chat/message history will be permanently and automatically deleted.
• Professional connections (Prospects network) will be retained and carried over to your new account.

This policy is a fundamental part of our data protection framework and is described in full in Section 2.3 of the User License Agreement.

8. Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable law. The specific retention periods are:

• Jobseeker Data: Retained for the duration of your active account, plus 6 months after account deletion to allow for platform operational wind-down, unless earlier deletion is requested or required by law.
• Recruiter / Bench Sales Marketer Data: Company Email ID and usage data retained for the duration of the active account. Job postings, hotlists, and messages are automatically deleted upon deactivation of the associated Company Email ID. Connections are retained indefinitely or until the User requests deletion.
• Payment Records (Future): Transaction confirmation records will be retained for the period required under applicable accounting and tax law. Raw payment card data is not retained by Techotlist Connects LLP.
• Security and Compliance Logs: Login timestamps, IP addresses, and access logs are retained for 6 months for security and fraud detection purposes.

We will notify you at least 48 hours before completing any scheduled erasure of your Personal Data, giving you an opportunity to request preservation if needed.

9. Your Rights as a Data Principal

Under the DPDP Act, 2023 and DPDP Rules, 2025, you have the following enforceable rights with respect to your Personal Data:

We will respond to all valid data rights requests within a reasonable timeframe as prescribed by applicable law. We may ask you to verify your identity before processing a request.

10. Data Security

Techotlist Connects LLP implements the following security safeguards as required by the DPDP Act, 2023 and DPDP Rules, 2025:

• Encryption: Personal Data is encrypted in transit (TLS/HTTPS) and at rest using industry-standard encryption protocols.
• Access Controls: Access to Personal Data is restricted on a need-to-know basis, with role-based access controls and multi-factor authentication for administrative systems.
• Access Logging and Monitoring: All access to systems containing Personal Data is logged and monitored for suspicious activity.
• Data Backups: Regular encrypted data backups are maintained to ensure continuity in the event of system failure.
• Intrusion Detection: We use intrusion detection and prevention systems to identify and respond to unauthorized access attempts.
• Third-Party Security: All third-party processors are contractually required to implement equivalent security measures.

Despite these measures, no system is completely secure. We encourage you to keep your credentials confidential and report any suspicious activity to support@techotlist.com immediately.

11. Future Payment Data and PCI DSS Compliance

Techotlist Connects LLP is planning to launch payment processing functionality. When launched, the following safeguards will apply:

• Third-Party Processor: All credit and debit card transactions will be processed by a PCI DSS v4.0-certified third-party payment processor. Techotlist Connects LLP will not directly collect, store, process, or transmit raw card data including Primary Account Numbers (PANs), CVVs, or PINs.
• Tokenization: Where technically feasible, we will implement tokenization so that only anonymized tokens (not actual card details) are stored on our systems.
• Scope Limitation: Our cardholder data environment (CDE) will be scoped to the minimum necessary, reducing exposure and compliance burden.
• User Notification: When payment features are launched, this Privacy Policy will be updated with specific details of the payment processor, data collected, and applicable PCI DSS compliance level. Users will be notified of these updates.
• No Retention of Card Data: Techotlist Connects LLP will retain only transaction confirmation records (transaction ID, amount, date, user reference) for accounting and legal purposes. Full card details will never be retained on our systems.

12. Data Breach Notification

In the event of a personal data breach affecting your Personal Data, Techotlist Connects LLP will:

• Notify You Promptly: Inform all affected Data Principals without undue delay in plain, accessible language. The notification will include: (a) a description of the nature of the breach; (b) the possible impact on your data and rights; (c) the steps we have taken or will take to address the breach; and (d) contact details for further assistance.
• Report to the Data Protection Board: Submit a comprehensive breach report to the Data Protection Board of India within 72 hours of becoming aware of the breach, as required by the DPDP Act, 2023.
• Remediation: Take all reasonable steps to contain, investigate, and remediate the breach and prevent recurrence.

You must immediately notify us at support@techotlist.com if you suspect any unauthorized access to your account or compromise of your credentials.

13. Children's Data

The Techotlist Platform is not intended for use by individuals under the age of 18. We do not knowingly collect Personal Data from minors. If we become aware that a person under 18 has created an account or submitted Personal Data on the Platform, we will immediately delete that data and terminate the account.

If you are a parent or guardian and believe your child has provided Personal Data to us without your knowledge or consent, please contact us immediately at support@techotlist.com.

In the event we introduce services that may be accessed by minors (which we do not currently offer), we will obtain verifiable parental or guardian consent as required by the DPDP Act, 2023, before processing any such Personal Data.

14. Cookies and Tracking Technologies

The Platform may use cookies and similar tracking technologies (such as local storage and analytics pixels) for the following purposes:

• Essential Cookies: Necessary for the Platform to function correctly (e.g., session management, login authentication). These cannot be disabled.
• Analytics Cookies: Used to understand how Users interact with the Platform in aggregate (e.g., page views, feature usage). These help us improve Platform performance.
• Security Cookies: Used to detect and prevent fraudulent or unauthorized activity.

We do not use cookies for advertising or third-party marketing purposes. You may manage your cookie preferences via your browser settings, but disabling essential cookies may affect Platform functionality.

15. Cross-Border Data Transfers

The Techotlist Platform is operated in India and primarily serves the US IT staffing market. Personal Data collected through the Platform may be processed by our servers and third-party service providers located in India and potentially in other jurisdictions.

We ensure that any cross-border transfer of Personal Data is conducted in accordance with applicable Indian law, including any data localisation requirements notified by the Central Government under the DPDP Act, 2023. Where required, we implement appropriate contractual safeguards before transferring Personal Data outside India.

16. International Users and GDPR

While the Platform is primarily governed by Indian law, Users accessing the Platform from the European Union (EU) or European Economic Area (EEA) may have additional rights under the General Data Protection Regulation (GDPR). If you are an EU/EEA resident using our Platform, please contact us at support@techotlist.com to understand how your rights under GDPR apply to your use of Techotlist.

17. Changes to This Privacy Policy

Techotlist Connects LLP may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or Platform features. When we make material changes, we will:

• Update the "Effective Date" at the top of this Policy.
• Notify you via your registered Company Email ID and/or via a prominent notice on the Platform at least 5 days before the changes take effect.
• Where required by law, obtain fresh consent from you for any new processing purposes.

Your continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must discontinue use of the Platform.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Techotlist Connects LLP — Data Privacy Team

• Data Privacy Email: support@techotlist.com
• Grievance Officer: Phani, +91 - 9652024275
• Registered Address: Flat No 102, First Floor of Fortune Chambers, Image Garden Road, Madhapur, Hyderabad, Shaikpet, Telangana, India, 500081
• Data Rights Portal: https://techotlist.com/privacy-policy
• Security Breach Reporting: Email to support@techotlist.com
• Data Protection Board of India: Ministry of Electronics and Information Technology (MeitY), Electronics Niketan, 6 CGO Complex, Lodhi Road, New Delhi - 110003

This Privacy Policy is a standalone document issued in compliance with Rule 3 of the Digital Personal Data Protection Rules, 2025. It must be read alongside the Techotlist User License Agreement (Version 1.0). Techotlist Connects LLP recommends that you consult a qualified legal professional to confirm this Policy's alignment with all applicable regulations before deployment.