Privacy Policy

1. Introduction

CareerSage Consultants Private Limited ("we", "us", "our", "CareerSage", "The Career Company", or "TCC") operates TCC Campus (https://tcccampus.com), a B2B SaaS platform for campus placement teams at Indian colleges and universities.

This Privacy Policy explains how we collect, use, store, share, and protect personal data. It applies to institutional administrators, placement team members, and any individual whose data is processed through the Platform.

This policy is compliant with the Information Technology Act, 2000 and IT Rules, 2011, and is designed to align with the Digital Personal Data Protection Act, 2023 (DPDP Act) as rules are notified.

2. Definitions

Client / Institute: The institution subscribing to the Platform.
Client Data: Data entered/uploaded/generated within a Client tenant.
Authorized User: User granted access by a Client Super Admin.
Tenant: Client-specific isolated workspace.
TCC Database: Proprietary company and recruiter contact database curated by TCC.
Personal Data: Data relating to an identified/identifiable natural person.
Student Data: Student personal data uploaded for batch profile microsites/class profiles.
Data Principal: Individual to whom personal data relates.
Data Fiduciary: Entity determining purpose and means of processing.

3. Data Processing Roles

3.1 TCC as Data Processor

For Client Data, TCC acts as Data Processor and the Client is Data Fiduciary. We process Client Data solely to deliver contracted services and do not use Client Data for advertising, profiling, model training, or unrelated commercial use.

3.2 TCC as Data Fiduciary

TCC is Data Fiduciary for account registration data, usage analytics metadata, data in the TCC Database, and payment/billing information.

3.3 Client as Data Fiduciary

Clients are responsible for lawful basis, required consent (including student consent), data accuracy, access controls, and legal compliance for data they upload.

4. Data We Collect

4.1 Account Registration Data

Full name
Email address (institutional preferred)
Phone number
Role in placement team
Institution association

4.2 Client Data (Stored, Not Accessed in Normal Course)

Includes company records, contact records, activity logs, pipeline data, notes, meetings, tasks, and uploaded documents. This data remains within the Client tenant.

4.3 Student Data (Batch Profile Microsites)

If enabled by Client, student profile data may be uploaded and published via microsite URL with field-level visibility controls. Client is solely responsible for obtaining required consent.

4.4 TCC Database (TCC-Curated Data)

Sourced from publicly available information and TCC relationships. Client tenant data is never aggregated into the TCC Database.

4.5 Usage Data and Analytics

Includes login timestamps, feature usage, device/browser details, IP, and performance signals for security and product improvement.

4.6 Payment and Billing Data

Billing contact data and transaction records are collected. Card data is processed by PCI-DSS-compliant payment processors.

5. How We Use Your Data

Purpose	Data Used	Legal Basis
Providing the Platform and its features	Account data, Client Data (processing only)	Contract performance; legitimate interest
User authentication and access control	Name, email, phone, role, IP address	Contract performance; security
Sending transactional communications	Email address	Contract performance
Technical support and troubleshooting	Account data; Client Data (approved impersonation only)	Legitimate interest; consent
Platform improvement and analytics	Aggregated, anonymized usage data only	Legitimate interest
Billing and invoicing	Billing contact details, transaction records	Contract performance; legal obligation
Compliance with legal obligations	As required by applicable law	Legal obligation
Security and fraud prevention	IP address, login patterns, session data	Legitimate interest; legal obligation

We do NOT use your data for:

Advertising, marketing profiling, or behavioral targeting
Selling, renting, or trading data
Training machine learning models on Client Data
Cross-tenant data sharing or aggregation

6. Data Isolation and Multi-Tenant Architecture

Each Client operates in a logically isolated tenant workspace.
Cross-tenant queries are architecturally blocked for application users.
Search, reporting, and analytics are tenant-scoped.
TCC Database is separate from Client tenant data stores.

8. Data Security

Encryption: AES-256 at rest, TLS 1.3 in transit.
Access Controls: RBAC, least privilege, administrative safeguards, audited impersonation.
Infrastructure: India-hosted cloud, firewalling, intrusion monitoring, vulnerability scanning.
Audit and Monitoring: Immutable audit logs retained for 2 years.
Backup and Recovery: Daily backups (30-day retention), RPO less than 1 hour, RTO less than 4 hours.
Incident Response: Client notification without undue delay, and within 72 hours of confirmed awareness.

9. Data Retention

Data Type	Retention Period	Post-Retention Action
Client Data (active tenant)	For the duration of the subscription	See below for post-termination
Client Data (after contract termination)	12 months in suspended/read-only state	Archived; re-activation or export on request
Client Data (archived)	Additional 12 months (24 months total)	Permanently deleted and irrecoverable
Account registration data	Active account + 12 months after deactivation	Anonymized or deleted
Usage analytics (aggregated)	36 months	Permanently deleted
Audit logs	24 months	Permanently deleted
Payment and billing records	As required by Indian tax/accounting law (typically 8 years)	Secure destruction after legal retention
TCC Database records	Retained and updated on an ongoing basis	Individual records deactivated upon request
Student Data (microsites)	Until deleted by Client or subscription termination	Deleted within 30 days of request/termination

Clients may request full export of Client Data (CSV or JSON) during the 12-month post-termination retention period. After 24 months from termination, Client Data is permanently and irreversibly deleted.

10. Rights of Data Principals

Right of access
Right of correction and erasure
Right to withdraw consent (where applicable)
Right to grievance redressal
Right to nominate

Authorized users should first approach their institution Super Admin/Placement Head for tenant data rights requests. Individuals in the TCC Database may request correction/removal at saarthi@thecareercompany.in.

11. Cookies and Similar Technologies

Essential/Functional Cookies: Session management, auth, security, CSRF protection.
Analytics Cookies: Aggregated usage analytics for performance improvements.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

12. Children's Data

The Platform is intended for institutional placement teams and is not directed at individuals under 18. If data of individuals under 18 is uploaded by a Client, the Client is responsible for obtaining required guardian consent.

13. Cross-Border Data Transfers

Client Data and Personal Data are primarily stored and processed within India (AWS ap-south-1 or GCP asia-south1). Some limited operational processing by third-party providers may occur outside India with contractual safeguards.

14. Grievance Redressal and Contact

Grievance Officer / Privacy Contact

CareerSage Consultants Private Limited

Corporate Address: The Career Company Office, InFED Block, IIM Nagpur, MIHAN NON-SEZ, Nagpur, 441108

Email: saarthi@thecareercompany.in

We acknowledge requests within 48 hours and endeavor to resolve them within 30 days.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect operational, legal, or technology changes. Material updates are communicated via email to authorized users and/or via platform notices.

Continued use of the Platform after the effective date of updates constitutes acceptance of the revised policy.

16. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Disputes are subject to the exclusive jurisdiction of the courts at Vadodara, Gujarat.

- End of Privacy Policy -