KINVYAKSHA — PRIVACY POLICY

Version: 1.0

Effective Date: 26 June 2026

Entity Status: KinVyaksha is currently a pre-incorporation entity in the process of being formally established as a legal entity under applicable Indian law. This Policy is issued by the founders in the capacity of Founding Promoters of KinVyaksha and shall continue to bind the formally incorporated entity upon registration.

Jurisdiction: Hyderabad, Telangana, India

SECTION 1 — SCOPE AND APPLICABILITY

This Privacy Policy ("Policy") governs the collection, use, processing, storage, sharing, and deletion of personal data and information by KinVyaksha ("the Company", "we", "us", "our") from the following categories of data subjects:

Applicants for any internship, employment, engagement, or collaboration program offered by the Company
Individuals who participate in any screening, evaluation, interview, assessment, or onboarding process of the Company
Interns, contributors, collaborators, and any other individuals formally engaged by the Company under any capacity
Visitors to any digital properties, websites, platforms, or services operated or used by the Company

This Policy applies regardless of the channel through which data is collected — including but not limited to: online forms, third-party platforms, email, video calls, telephone, messaging applications, physical documents, file uploads, social media, or any other means.

By submitting an application, participating in the selection process, accepting any offer of engagement, or using the Company's digital properties, the data subject is deemed to have read, understood, and accepted this Policy in its entirety. If the data subject does not agree with this Policy, they must not submit their data or participate in any process of the Company.

SECTION 2 — DATA CONTROLLER IDENTITY

Controller Name: KinVyaksha

Contact Email: Contact

Registered / Operational Address: Hyderabad, Telangana, India

Incorporation Status: Under process. This Policy and all obligations hereunder are assumed by the formally incorporated entity upon registration, and such registration shall constitute automatic assumption of all Policy obligations without further notice to data subjects.

SECTION 3 — DATA WE COLLECT

The Company collects the following categories of personal data, to the extent provided by or relevant to the data subject:

3.1 Identity and Contact Information

Full legal name (as per official certificates or government records)
Date of birth
Gender
Nationality and Indian residency status
Permanent and current residential address
Email address(es)
Mobile and telephone number(s)
Native / primary language
Photograph(s)

3.2 Educational and Professional Information

Secondary education details (10th standard / equivalent)
Higher secondary education details (12th standard / intermediate / equivalent)
Degree program details: institution name, program, semester, year of study
Prior work experience, internships, projects, or academic achievements
Resume / curriculum vitae
Certificates, mark sheets, transcripts, and educational proof documents

3.3 Government-Issued Identity Documents (KYC)

Government-issued photo identification: The Company may collect a copy of one or more of the following: PAN Card, Aadhaar Card (voluntary, offline copy only — the Company does not use UIDAI's authentication infrastructure), Passport, Voter ID Card, Driving License, or other government-issued identity documents.
Note on Aadhaar: Aadhaar is collected solely on a voluntary basis, in the form of a physical or digital copy, for the purpose of identity verification. The Company does not use UIDAI's biometric authentication systems and does not mandate Aadhaar as the exclusive identity proof. Individuals may alternatively provide any other government-issued photo ID. Refusing to provide Aadhaar will not be the sole basis for rejection.
Proof of current enrolment in an educational institution (fee receipt, college ID, mark sheet, bonafide certificate, or equivalent)
Any other documents voluntarily submitted or shared by the data subject

3.4 Device and Technology Information

Laptop model, operating system
Mobile device model and operating system
Internet connectivity type and quality
IP address(es), browser type and version, device identifiers

3.5 Activity, Usage, and Interaction Data

Application submissions and form responses
Communication records (emails, messages through designated platforms)
Activity logs from platforms and tools used in connection with the Company
Task completion and submission records
Usage patterns and timestamps on company-designated platforms
All communications between parties conducted through official Company platforms — including but not limited to: messages, voice notes, file shares, call logs, and any reactions or metadata — may be monitored, recorded, logged, tracked, stored, analyzed, and processed by the Company at any time and for any legitimate Company purpose.
The Company may also record conversations, voice exchanges, or audio segments occurring incidentally during or between formal sessions, including before or after scheduled calls. Such recording is not confirmed as routine practice but the Company reserves the right to do so.
Inter-party communications conducted on Company-designated platforms are not private. The Intern shall have no expectation of privacy in any communication made through a Company channel.

3.6 Video, Audio, and Visual Data

Video recordings of interviews (any stage of selection)
Video recordings of any official meeting, call, session, review, or interaction
Audio transcripts generated from recorded sessions
Screenshots, photographs, or images captured during official interactions
Any other audio-visual data generated in the context of the engagement

3.7 Legal and Conduct Information

Criminal record declarations submitted by the data subject
Any correspondence or documentation related to conduct, disputes, or violations
Disciplinary records within the Company's engagement

Voluntarily submitted links to LinkedIn, GitHub, personal portfolio, or other platforms
Any publicly available information relevant to the evaluation process

3.9 Third-Party and AI-Processed Data

Data received from tools used by the Company (Google Forms, Notion, Trello, Discord, etc.)
Processed outputs from artificial intelligence tools used by the Company
Usage and processing logs generated by third-party platforms

SECTION 4 — PURPOSES OF PROCESSING

The Company processes personal data for the following purposes:

4.1 Internship and Engagement Selection: Evaluating applications, conducting screening, administering assessments and interviews, communicating with candidates.

4.2 Identity Verification and KYC: Verifying the identity, age, educational enrolment, and eligibility of candidates and interns.

4.3 Operational Execution: Assigning tasks, tracking outputs, providing feedback, conducting reviews, and managing the day-to-day operations of the internship.

4.4 Legal Compliance and Documentation: Fulfilling obligations under applicable Indian law, maintaining records, and responding to regulatory requirements.

4.5 Dispute Resolution and Legal Defense: Retaining records to defend or pursue legal claims, arbitration proceedings, or regulatory inquiries.

4.6 Security and Fraud Prevention: Detecting and preventing unauthorized access, fraudulent applications, impersonation, or security incidents.

4.7 Business Records and Institutional Memory: Retaining operational records, evaluation data, and engagement history for internal business purposes.

4.8 Communication: Contacting data subjects through any medium (email, phone, messaging, social media, or other channels) in connection with the selection process, internship, and any subsequent matters.

4.9 Research, Analysis, and Improvement: Anonymized or aggregated analysis of application patterns, selection data, and operational performance for organizational improvement.

4.10 Artificial Intelligence Processing: Processing data using AI tools and systems for any of the above purposes, including but not limited to summarization, pattern recognition, evaluation assistance, and operational automation.

SECTION 5 — LEGAL BASIS FOR PROCESSING

The Company relies on the following legal bases under applicable Indian data protection law, including the Digital Personal Data Protection Act, 2023 (DPDPA):

5.1 Consent: The data subject's affirmative consent as provided at the time of application and further confirmed through the internship agreement.

5.2 Contractual Necessity: Processing necessary for the performance of the internship agreement or to take steps prior to entering into such agreement at the request of the data subject.

5.3 Legitimate Interests: Processing necessary for the legitimate interests of the Company, including record-keeping, security, fraud prevention, legal defense, organizational management, and business continuity, provided such interests are not overridden by the rights of the data subject.

5.4 Legal Obligation: Processing required to comply with any applicable Indian law, court order, regulatory requirement, or governmental direction.

SECTION 6 — DATA RETENTION

6.1 General Retention: The Company retains personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, accounting, or reporting requirements, and for the purposes of dispute resolution, legal defense, and institutional records.

6.2 Default Position: In the absence of a specific retention trigger (such as deletion request or legal requirement), the Company may retain personal data indefinitely for legitimate business purposes. The Company does not commit to any automatic deletion timeline.

6.3 Deletion Requests: A data subject may request deletion of their personal data by writing to Data Protection (Admin). The Company shall process such requests within thirty (30) calendar days of the date of receipt of a valid request. Processing time may be extended by an additional thirty (30) days in complex cases, with prior notice to the data subject.

6.4 Partial Retention Post-Deletion: Even upon processing a deletion request, the Company reserves the right to retain:

Data that is required for compliance with a legal obligation
Data that is required for the establishment, exercise, or defense of legal claims
Anonymized, aggregated, or non-personally-identifiable data that cannot reasonably be used to identify the individual
Records of the fact of the engagement (without personal identifiers) for institutional record-keeping

6.5 Exceptions to Deletion: The Company is not obligated to delete data where deletion would interfere with ongoing legal proceedings, regulatory investigations, or the Company's right to defend legal claims.

7.1 Internal Sharing: Personal data may be shared with authorized persons within the Company, including but not limited to: founding promoters, SPOC-designated managers, appointed reviewers, evaluation committees, and any other persons expressly authorized by the Company's leadership. The Company is not responsible for the actions of authorized individuals who misuse data contrary to their authorization, provided the Company exercised reasonable care in granting access.

7.2 Third-Party Service Providers (Data Processors): The Company utilizes third-party platforms and services to collect, store, process, and manage data. These include but are not limited to: Google (Forms, Drive, Meet, Workspace), Discord, Notion, Trello, Microsoft services, and any other platforms designated from time to time. By using the Company's processes, the data subject acknowledges and consents that their data may be processed through these platforms, which are governed by their own privacy policies and terms of service. The Company shall not be responsible or liable for the data handling, security practices, or privacy policies of any third-party service provider, including any data breach, loss, misuse, or unauthorized disclosure arising from such third-party's systems or actions.

7.3 Artificial Intelligence Systems: The Company may use artificial intelligence tools and systems to process, analyze, review, or generate insights from personal data. By participating in the Company's processes, the data subject consents to their data being processed by such AI systems. The Company shall not be liable for any output, error, inaccuracy, or consequence arising from AI processing of the data.

7.4 Legal Disclosures: The Company may disclose personal data to law enforcement, courts, regulatory bodies, or government authorities as required by applicable Indian law, court order, or regulatory directive, without prior notice to the data subject where such notice is not required or is prohibited by law.

7.5 Business Transfers: In the event of merger, acquisition, restructuring, or other business transfer of the Company or any part thereof, personal data may be transferred to the successor entity, subject to equivalent protections.

7.6 Future Committees and Structures: As the Company evolves and establishes internal committees, review bodies, or governance structures, personal data may be shared with such bodies as appropriate and authorized by the Company's leadership.

7.7 No Sale of Personal Data: The Company does not sell personal data to any third party for commercial purposes.

7.8 No Unauthorized Sharing by Third Parties: Where data is accessed by an authorized or unauthorized internal party beyond their permitted scope, the Company shall not be responsible for such individual's actions. The Company maintains its own access controls and policies, and breach by an individual shall be treated as their personal liability and not the Company's institutional liability.

SECTION 8 — DATA SECURITY

8.1 The Company implements reasonable administrative, technical, and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

8.2 The Company does not guarantee absolute security of any data. Digital systems are inherently susceptible to unauthorized access, cyberattacks, system failures, and other threats beyond the Company's control. The Company shall not be liable to the data subject for any loss, damage, harm, or consequence arising from a security breach, cyberattack, unauthorized system access, data theft, or any other security incident, whether or not such incident is caused by the Company's negligence, except where such exclusion is prohibited by applicable Indian law.

8.3 In the event of a personal data breach that the Company becomes aware of, the Company shall take reasonable steps to contain and remediate the breach and shall notify the relevant regulatory authority as required under applicable Indian law. Notification to affected data subjects shall be provided where required by law.

SECTION 9 — DATA SUBJECT RIGHTS

Subject to applicable Indian law, including the DPDPA 2023, data subjects have the following rights:

9.1 Right to Access: Request information about the personal data the Company holds about them.

9.2 Right to Correction: Request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure: Request deletion of personal data (subject to the limitations in Section 6 above).

9.4 Right to Withdraw Consent: Withdraw consent to processing, noting that withdrawal does not affect the lawfulness of processing prior to withdrawal and may result in the Company being unable to continue the engagement.

9.5 Right to Grievance Redressal: Lodge a grievance with the Company at Grievance Redressal and Support.

9.6 Limitations: These rights are subject to applicable exceptions, including where processing is necessary for legal compliance, legal claims, or other legitimate purposes as defined by the DPDPA and related regulations.

9.7 Response Timeline: The Company shall acknowledge receipt of a rights request within [7] working days and respond within [30] calendar days, extendable by an additional [30] days in complex cases.

SECTION 10 — CHILDREN'S DATA

The Company does not intentionally collect personal data from persons below the age of 18. All applicants and interns must confirm they are 18 years or above. If the Company becomes aware that it has inadvertently collected data from a person below 18, it will take reasonable steps to delete such data.

SECTION 11 — COMMUNICATIONS

11.1 The Company reserves the right to communicate with candidates and interns through any medium, including but not limited to: email, SMS, phone call, WhatsApp, LinkedIn, Instagram, and any other digital or physical communication channel.

11.2 Communications may include notifications about selection status, internship matters, Company updates, and any other matters the Company deems relevant.

11.3 Communications may continue after the internship period for legitimate business purposes including follow-up, certificate issuance, or legal correspondence.

11.4 The data subject may opt out of non-essential communications by writing to Communications (Admin). Opting out of communications does not affect any ongoing legal or contractual obligations.

SECTION 12 — COOKIES AND DIGITAL PROPERTIES

The Company may operate websites, portals, or other digital properties in the future that use cookies and tracking technologies. A separate Cookie and Digital Properties Policy shall apply to such properties. Where no separate policy exists, this Privacy Policy shall apply to the fullest extent possible.

SECTION 13 — CHANGES TO THIS POLICY

13.1 The Company reserves the right to modify, update, or replace this Policy at any time, at its sole discretion, with or without prior notice.

13.2 The updated Policy shall be effective from the date it is made available (by email notification, posting on the Company's communication channels, or other means).

13.3 Continued participation in any Company process after a Policy update constitutes acceptance of the updated Policy.

13.4 The Company shall not be liable for any change in this Policy or for any changes in applicable law, government regulations, third-party platform policies, or any other external factors that affect data processing, regardless of whether such changes are notified to data subjects.

SECTION 14 — LIMITATION OF LIABILITY

14.1 To the maximum extent permitted by applicable Indian law, the Company's aggregate liability to any data subject arising under or in connection with this Privacy Policy shall not exceed a nominal sum of ₹1,000/- (Rupees One Thousand Only).

14.2 The Company shall not be liable for any indirect, consequential, special, punitive, or incidental damages of any nature arising from or related to data processing under this Policy.

14.3 Claims based on alleged violation of this Policy must be brought within twelve (12) months of the date on which the data subject became aware of, or should reasonably have become aware of, the alleged violation.

SECTION 15 — GOVERNING LAW AND DISPUTE RESOLUTION

15.1 This Policy shall be governed by and construed in accordance with the laws of India.

15.2 Any dispute arising from or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts and tribunals in Hyderabad, Telangana, India.

15.3 Prior to initiating any formal legal proceedings, the parties shall attempt to resolve the dispute through good-faith negotiation for a period of thirty (30) days.

SECTION 16 — CONTACT

For any questions, requests, or grievances related to this Policy:

KinVyaksha — Privacy Team Email: privacy@kinvyaksha.com

This Privacy Policy is issued as a foundational document of KinVyaksha. It is subject to modification as the Company formalizes its legal structure and as applicable law evolves. This document does not constitute legal advice. Persons with specific legal concerns should consult a qualified Indian advocate.

Last updated: - | Version: 1.0