Privacy Policy

Veenavarse ("tiikme", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you use the tiikme platform ("Platform"), including our website, mobile applications, and all associated services.

This Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDPA)of India and, where applicable, the EU General Data Protection Regulation (GDPR) and other relevant data protection laws.

By using the Platform, you consent to the practices described in this Policy. If you do not agree, you must not access or use the Platform.

We collect the following categories of personal data:

We process your personal data for the following purposes and legal bases:

We will not use your personal data for any purpose incompatible with those listed above without obtaining your prior consent.

We share your personal data only as described below:

• With Organisations (employers): Your anonymised profile card may be visible to Organisations searching for talent. Your full Flex (including name and contact details) is shared ONLY after you explicitly approve an access request from that Organisation.
• With Squad members: When you invite colleagues to verify your experience, their name and professional details are associated with your Flex entry. They can see that you invited them.
• With service providers: We engage trusted third-party processors including cloud hosting (Supabase / AWS), payment processors (Razorpay), email service providers (Resend), and analytics tools — all bound by data processing agreements.
• With Level Up partners: If you enrol in a course or hackathon and consent to sharing, we provide your name and email to the course provider to facilitate enrolment.
• For legal reasons: We may disclose data to comply with a court order, governmental request, or applicable law; to enforce our Terms; or to protect the rights, property, or safety of tiikme, our users, or the public.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to applicable law and notification to affected users.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

You have fine-grained control over your Flex profile visibility:

• Public Flex: A shareable link version of your profile, visible to anyone with the link. You can disable this at any time.
• Open to Work: Enabling this flag makes your anonymised profile card discoverable to Organisations in the talent pool. Disabling it removes you from discovery.
• Flex Access Requests: Organisations must request access. You approve or decline each request. You can see a full log of all access approvals in your account settings.
• Data export: You may download all your Flex data at any time from Settings → Privacy → Export My Data.
• Account deletion: You may delete your account from Settings → Account. Upon deletion, your personal data will be permanently removed within 30 days, except where retention is required by law.

We retain your personal data for as long as your account is active or as needed to provide services. Specific retention periods:

• Account and Flex data: Retained for the duration of your account, plus 90 days post-deletion to allow recovery if requested.
• Usage logs: 12 months from collection, then anonymised.
• Communication records: 3 years, or as required by law.
• Payment records: 7 years as required by Indian tax and accounting law.
• Security logs: 24 months for fraud and security investigations.

We implement industry-standard security measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256);
• Row-level security (RLS) enforced at the database level;
• Supabase Auth with secure JWT tokens and refresh token rotation;
• Regular security audits and penetration testing;
• Access controls limiting employee access to production data on a need-to-know basis;
• Multi-factor authentication for internal administrative systems.

Despite these measures, no system is completely secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users and the relevant data protection authority within the timelines required by law.

Your data is primarily processed and stored within India. Where data is transferred to servers or processors outside India (e.g., US-based cloud services), we ensure appropriate safeguards are in place through standard contractual clauses or equivalent mechanisms as required under the DPDPA.

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
• Functional cookies: Remember your preferences (e.g., theme, language). Enabled by default; you can disable in browser settings.
• Analytics cookies: Collect anonymised usage data to help us improve the Platform (e.g., page views, feature adoption). Opt-out available via our cookie banner.
• Marketing cookies: Used only with your explicit consent to personalise ads on third-party platforms. We do not deploy these by default.

You can manage cookie preferences via your browser settings or the cookie preference centre accessible from the footer. Disabling essential cookies may impair Platform functionality.

Subject to applicable law, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (subject to legal retention obligations).
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests, including for direct marketing.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
• Grievance: Lodge a complaint with our Data Protection Officer or the relevant data protection authority.

To exercise any of these rights, contact our Data Protection Officer at privacy@tiikme.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

Tiik AI processes your Flex profile data, usage history, and job preferences to generate personalised recommendations. Specific practices:

• AI inference runs on your data to generate match scores, skill-gap recommendations, and career suggestions.
• Chat conversations with Tiik are stored to maintain session context and improve service quality. You can delete your chat history at any time from the Tiik interface.
• We may use anonymised and aggregated chat data to improve AI model performance. We do not use identifiable personal data to train external models without explicit consent.
• tiikme does not use your Flex data to train or fine-tune large language models for third-party commercial purposes.

The Platform is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us at privacy@tiikme.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page indicates when the latest revision was made.

For privacy-related questions, concerns, or requests, contact our Data Protection / Grievance Officer:

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India (once operational) or the relevant supervisory authority in your jurisdiction.