Privacy Policy
VAAGAI TECKNOWLEDGE
PRIVACY POLICY
Effective Date: May 6, 2025 Last Updated: May 6, 2025 Version: 1.0
1. INTRODUCTION AND SCOPE
This Privacy Policy ("Policy") is issued by Vaagai Tecknowledge, a sole proprietorship registered under the laws of India, having its principal place of business at 6/639, Lakshmi Nagar Main Road, Lakshmi Nagar, Virudhunagar, Tamil Nadu, India (hereinafter referred to as "Vaagai Tecknowledge," "Company," "we," "us," or "our").
This Policy governs the collection, processing, storage, disclosure, transfer, and protection of Personal Data obtained through our services, including:
The Clubus.io SaaS platform for membership management (accessible globally);
Custom software development services;
Training services offered under the brand name Coders College;
Our websites, mobile applications (Android and iOS), application programming interfaces (APIs), and all associated digital properties (collectively, the "Services").
This Policy applies to all categories of individuals who interact with our Services:
Tenant/Admin Users — organisations, institutions, or businesses that subscribe to and administer the Clubus.io platform;
End Users — individual members of Tenant organisations who access the platform at a Tenant's invitation;
Visitors — individuals who browse our websites or applications without registering an account;
Students — individuals enrolled in or inquiring about Coders College training programmes.
By accessing or using any of our Services, you acknowledge that you have read, understood, and agreed to the collection and use of your information as described in this Policy. If you do not agree, you must immediately discontinue use of our Services.
Jurisdictional Note: This Policy is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and all other applicable data protection and privacy laws.
2. DEFINITIONS
For the purposes of this Policy, the following definitions shall apply:
"Personal Data" means any information that relates to an identified or identifiable natural person, including but not limited to name, email address, phone number, IP address, device identifiers, and usage data.
"Data Principal" / "Data Subject" means the natural person to whom the Personal Data relates.
"Data Fiduciary" / "Data Controller" means Vaagai Tecknowledge, which determines the purposes and means of processing Personal Data.
"Data Processor" means any third party that processes Personal Data on behalf of and under the instructions of the Data Fiduciary.
"Tenant" / "Admin User" means any organisation, institution, or business entity that subscribes to the Clubus.io platform for managing its own membership or user base.
"End User" means a natural person who accesses the platform as a member of a Tenant organisation.
"Visitor" means any individual who accesses our websites or mobile applications without registering an account.
"Student" means a natural person enrolled in or registered for any training or educational programme offered under Coders College.
"Services" means all products, platforms, applications, and services provided by Vaagai Tecknowledge, collectively.
"Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, retrieval, use, disclosure, transmission, or deletion.
"Consent" means a freely given, specific, informed, and unambiguous indication by the Data Principal of agreement to the processing of their Personal Data.
3. DATA CONTROLLER / DATA FIDUCIARY INFORMATION
Vaagai Tecknowledge is the Data Fiduciary (under the DPDP Act), Data Controller (under the GDPR), and Business (under the CCPA) for all Personal Data collected through its Services.
|
|
Entity Name | Vaagai Tecknowledge |
Legal Structure | Sole Proprietorship |
GST Number | 33DKHPS0026J1Z8 |
Registered Address | 6/639, Lakshmi Nagar Main Road, Lakshmi Nagar, Virudhunagar, Tamil Nadu, India |
Contact / Grievance Email | vaagaitecknowledge@gmail.com |
Grievance Officer | Proprietor, Vaagai Tecknowledge |
For data rights requests, grievances, or privacy-related queries, please write to vaagaitecknowledge@gmail.com with the subject line "Data Rights Request" or "Privacy Grievance."
4. CATEGORIES OF PERSONAL DATA COLLECTED
4.1 Tenant / Admin Users
Full legal name and designation of the authorised representative;
Organisation name and tax/GST registration details (for billing purposes);
Business email address and official contact phone number;
Billing name, billing address, and invoice details;
Login credentials (passwords are stored only in hashed/encrypted form; plaintext passwords are never stored);
Platform configuration settings, usage logs, and audit trail data;
Technical data including IP addresses, browser type, device type, and operating system.
4.2 End Users
Full name and profile photograph (if uploaded by the user or Tenant);
Email address and mobile phone number;
Member ID, membership status, and role information as assigned by the Tenant;
Attendance records, transaction history, and event participation data;
Communication preferences;
Device information, IP address, and session/activity data.
4.3 Website and App Visitors
IP address and approximate geolocation (city and country level only);
Browser type, version, and device identifiers;
Pages visited, time spent on pages, and referring URLs;
Cookie data and similar tracking technology data (detailed in Section 10).
4.4 Students (Coders College)
Full name, email address, and contact number;
Educational background, where voluntarily submitted;
Course enrolment and training progress data;
Payment transaction records (processed exclusively by third-party gateways; no card or bank account data is stored by us).
4.5 Sensitive Personal Data — Explicit Exclusion
Vaagai Tecknowledge does NOT collect, store, or process sensitive personal data including but not limited to:
Aadhaar numbers or biometric identifiers;
Permanent Account Numbers (PAN) or other tax identification numbers;
Bank account numbers, credit or debit card details, or financial credentials of any kind;
Health, medical, or insurance data;
Caste, religion, or political affiliation.
All payment processing is handled exclusively by certified third-party payment gateways. No payment card or banking credentials are transmitted to or stored on our systems at any point.
5. LEGAL BASIS FOR PROCESSING
5.1 Under the DPDP Act, 2023 (India)
Consent of the Data Principal, provided through an express, informed, and unambiguous affirmative action at the point of data collection;
Legitimate uses as defined under the DPDP Act, including processing necessary for the performance of a contract, compliance with legal obligations, and employment-related purposes;
State-directed processing pursuant to applicable statutes, regulations, or orders of courts and tribunals.
5.2 Under the GDPR (EEA / UK)
Article 6(1)(a) — Consent of the data subject;
Article 6(1)(b) — Performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract;
Article 6(1)(c) — Compliance with a legal obligation to which the controller is subject;
Article 6(1)(f) — Legitimate interests pursued by the controller or by a third party, provided such interests are not overridden by the fundamental rights and freedoms of the data subject.
5.3 Under the CCPA (California)
Processing as necessary to fulfil the purpose for which the consumer provided the information;
Processing with the consumer's prior consent where required by applicable law;
Processing pursuant to any exception permitted under the CCPA/CPRA.
6. PURPOSES OF DATA PROCESSING
We collect and process Personal Data solely for the following specified, explicit, and legitimate purposes:
Provision, operation, maintenance, and continuous improvement of our Services;
Account creation, authentication, and user identity verification;
Processing and administration of subscriptions and training enrolments;
Generating and dispatching invoices, payment confirmations, and receipts;
Sending service-related communications including system alerts, feature updates, and downtime notices;
Sending promotional and marketing communications, subject to prior user consent and applicable opt-out rights;
Providing customer support and resolving disputes or complaints;
Fraud detection, misuse prevention, and platform security monitoring;
Compliance with applicable laws, regulations, regulatory directions, and legal process;
Internal analytics for improving platform performance, usability, and user experience;
Auditing, record-keeping, and enforcement of our Terms and Conditions;
Communicating changes to our policies or services.
We do not sell, rent, or commercially exploit Personal Data to third parties for their independent marketing or advertising purposes.
7. METHODS OF DATA COLLECTION
7.1 Direct Collection
Data you provide to us directly, including through:
Account registration and onboarding forms;
User profile creation and settings updates;
Course enrolment forms (Coders College);
Support tickets, feedback forms, and direct email communications;
Surveys or voluntary submissions.
7.2 Automated Collection
Data collected automatically when you use the Services, including through:
Server logs, session data, and diagnostic logs;
Cookies, web beacons, and pixel tags (see Section 10);
Mobile application analytics and crash reporting tools;
Third-party analytics platforms such as Google Analytics and similar tools.
7.3 Collection via Third Parties
Data received from third parties in connection with providing the Services, including:
Payment confirmation data from third-party payment gateways (Razorpay, Stripe, Cashfree, Billdesk, and future providers);
Message delivery status information from communication service providers (MSG91, WhatsApp Business API via Meta);
Infrastructure telemetry and system performance data from cloud service providers (Amazon Web Services, Firebase).
8. THIRD-PARTY DATA PROCESSORS AND SERVICE PROVIDERS
To provide our Services, we engage third-party service providers who may access or process Personal Data on our behalf. All such third parties are bound by contractual data processing agreements requiring them to implement appropriate security measures and to process data strictly as instructed by us.
8.1 Payment Gateways
Payments are processed exclusively by certified third-party payment gateways, which currently include or may include Razorpay, Stripe, Cashfree, Billdesk, and such additional payment service providers as may be incorporated from time to time. Each gateway operates under its own privacy and security standards, including PCI-DSS compliance. We do not store payment card details, bank account numbers, or equivalent sensitive financial information.
8.2 Communication Service Providers
We use third-party platforms to deliver:
SMS notifications — via MSG91 and similar licensed providers, subject to TRAI (Telecom Regulatory Authority of India) regulations and the Telecom Commercial Communications Customer Preference Regulations, 2018;
WhatsApp Business messages — via the Meta WhatsApp Business API, subject to Meta's Platform Policy and WhatsApp Business Policy;
Email communications — via transactional and marketing email service providers.
8.3 Cloud Infrastructure
Our platform and data are hosted on cloud infrastructure provided by Amazon Web Services (AWS), which may include servers located in multiple regions globally, including India, the United States, and the European Union. We may also utilise Firebase (a Google product) for certain application functionalities including real-time data and push notifications.
8.4 Analytics
We may use analytics tools such as Google Analytics and similar platforms to collect and analyse aggregate and anonymised usage data. These tools may use cookies and similar tracking technologies. Where required by applicable law, we will obtain your consent prior to deploying non-essential analytics.
8.5 Future Integrations
Our platform is designed to integrate with additional third-party tools and service providers over time, including notification APIs, communication platforms, identity services, and other SaaS tools. Any future integrations that involve access to Personal Data will be governed by appropriate data processing agreements. This Policy will be updated to reflect material new integrations, and users will be notified in accordance with Section 18.
9. CROSS-BORDER DATA TRANSFERS
As a global service provider, Vaagai Tecknowledge may transfer Personal Data to countries outside India, including to countries within the European Economic Area, the United States, and other jurisdictions where our data processors operate.
Such transfers shall be effected only in accordance with applicable law:
For EEA/UK data subjects: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms under Chapter V of the GDPR.
For Indian residents: All cross-border transfers are subject to such conditions as may be notified by the Central Government under Section 16 of the DPDP Act, 2023 and applicable rules thereunder.
For California residents: Transfers are governed by the CCPA and applicable privacy regulations.
By using our Services, you acknowledge and consent to the transfer of your data to countries that may not have equivalent data protection laws, subject to the safeguards described in this Section.
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Types of Cookies We Use
Essential / Necessary Cookies: Required for the fundamental functioning of the platform, including session management, authentication, and security. These cookies cannot be disabled without materially affecting service availability.
Functional Cookies: Used to remember your preferences, personalisation settings, and user interface configurations.
Analytics Cookies: Used to collect anonymised or aggregated information about how users interact with the platform, enabling us to measure performance and improve our Services.
Marketing / Tracking Cookies: Used, where consent has been obtained, to deliver relevant communications and measure the effectiveness of promotional campaigns.
10.2 Third-Party Cookies
Certain third-party services integrated with our platform may place their own cookies on your device. We do not control the operation of such third-party cookies. Please refer to the respective privacy policies of those third parties for more information.
10.3 Cookie Management and Consent
You may manage or disable cookies through your browser or device settings at any time.
Please note that disabling essential cookies may significantly affect the functionality of our Services.
Where required by applicable law, including the GDPR and the EU ePrivacy Directive, we will obtain your prior, informed consent before deploying any non-essential cookies.
Consent to non-essential cookies may be withdrawn at any time through our cookie preference centre or browser settings.
11. DATA RETENTION
We retain Personal Data for no longer than is necessary for the purposes for which it was collected, subject to any legal obligation requiring longer retention. The following specific retention periods apply:
Data Category | Retention Period |
Active account data | Duration of active account/subscription |
Post-termination account data | 90 days from the date of termination or closure |
System backup data | Up to 90 days from backup creation date |
Financial and transaction records | Up to 8 years (as required by Indian accounting and tax laws) |
Communication records (email, SMS, WhatsApp) | Up to 2 years for compliance and dispute resolution |
Visitor/analytics data | As per the applicable analytics tool's retention policy (typically 26 months) |
Post-termination: Upon termination or deletion of an account, Personal Data is retained for ninety (90) days to allow for account recovery, dispute resolution, or statutory compliance, after which it is permanently and irrecoverably deleted from all our systems, including backups.
Tenants/Admin Users are entitled to request an export of their organisational data at any time prior to the expiry of the 90-day post-termination retention window.
12. DATA SECURITY
Vaagai Tecknowledge implements appropriate technical and organisational security measures to protect Personal Data against unauthorised access, disclosure, alteration, loss, or destruction. Such measures include:
Encryption of data in transit using industry-standard Transport Layer Security (TLS/HTTPS);
Secure storage of data with access controls and role-based permissions;
Passwords stored only in hashed/encrypted form; plaintext passwords are never stored or transmitted;
Periodic security assessments and vulnerability evaluations;
Restricted access to Personal Data on a strict need-to-know basis;
Confidentiality obligations imposed on all employees, contractors, and service providers who access Personal Data.
Important limitation: No method of electronic transmission or storage is entirely secure. Vaagai Tecknowledge does not guarantee the absolute security of your data. We shall not be held liable for security breaches that are attributable to circumstances beyond our reasonable control, provided we have implemented and maintained reasonable security measures.
Breach Notification: In the event of a Personal Data breach that is likely to result in a risk to the rights and freedoms of Data Principals, we shall notify affected individuals and applicable regulatory authorities in accordance with the timelines and procedures prescribed under the DPDP Act, the GDPR, and other applicable law.
13. RIGHTS OF DATA PRINCIPALS / DATA SUBJECTS
Subject to applicable law and identity verification, you have the following rights with respect to your Personal Data held by us. To exercise any of these rights, please submit a written request to vaagaitecknowledge@gmail.com with the subject line "Data Rights Request."
13.1 Right to Access
You have the right to request confirmation of whether we process your Personal Data and to obtain a copy of such data. Requests will be fulfilled within thirty (30) days, subject to verification of your identity.
13.2 Right to Correction
You have the right to request correction of inaccurate, incomplete, or outdated Personal Data held by us. Certain corrections may be made directly through your account settings.
13.3 Right to Erasure / Right to be Forgotten
You have the right to request deletion of your Personal Data, subject to our legal obligations to retain certain categories of data as described in Section 11. Deletion of data may result in the inability to continue using the Services. Deletion requests will be processed within the timelines prescribed by applicable law.
13.4 Right to Data Portability
Where technically feasible and required by applicable law, you may request a copy of your Personal Data in a structured, commonly used, machine-readable format (CSV or JSON).
13.5 Right to Withdraw Consent
You may withdraw your consent to data processing at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal. Withdrawal of consent may be submitted via email or through your account settings.
13.6 Right to Object
Where we process your Personal Data on the basis of legitimate interests, you may object to such processing at any time. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
13.7 Rights Under the DPDP Act, 2023 (Indian Residents)
Indian residents specifically have the right to:
Obtain a summary of their Personal Data being processed and the processing activities;
Correct and update inaccurate or incomplete Personal Data;
Request erasure of Personal Data, subject to statutory retention obligations;
Grievance redressal through the Grievance Officer;
Nominate another individual to exercise their data rights on their behalf in the event of death or incapacity.
13.8 Rights Under the CCPA (California Residents)
California residents have the right to:
Know what personal information is being collected about them;
Know whether their personal information is being sold or disclosed, and to whom;
Opt out of the sale of their personal information (Note: Vaagai Tecknowledge does not sell personal information as defined under the CCPA);
Request deletion of their personal information, subject to applicable exceptions;
Not be discriminated against for exercising their CCPA rights;
Correct inaccurate personal information (as provided under the CPRA);
Limit the use and disclosure of sensitive personal information (we do not collect sensitive personal information as defined under the CCPA).
13.9 Rights Under the GDPR (EEA / UK Residents)
EEA and UK-based data subjects have all rights as described in Sections 13.1 through 13.6 above, as well as the right to lodge a complaint with the competent supervisory authority in their member state if they believe their GDPR rights have been infringed.
14. TENANT DATA OWNERSHIP AND EXPORT RIGHTS
As between Vaagai Tecknowledge and a Tenant, the Tenant retains ownership of the organisational data (member records, attendance data, transaction history, and other data input by the Tenant) stored on the Clubus.io platform. Vaagai Tecknowledge acts as a Data Processor with respect to such organisational data and processes it only on the instructions of the Tenant.
Tenants may request an export of their organisational data in CSV or JSON format at any time during the active subscription period by contacting vaagaitecknowledge@gmail.com.
Upon termination of a Tenant's subscription:
Organisational data will be retained for ninety (90) days from the termination date, during which the Tenant may request an export;
After expiry of the 90-day retention window, all such organisational data shall be permanently and irrecoverably deleted from our systems, including backups.
15. MINORS AND PARENTAL CONSENT
Our Services may be accessed by individuals under the age of eighteen (18), including student members of Tenant organisations and students enrolled in Coders College programmes. The following provisions apply to minors:
The Tenant/Admin User who onboards a minor onto the Clubus.io platform is solely responsible for obtaining verifiable parental or guardian consent on behalf of such minor prior to the collection of their Personal Data.
Parents and legal guardians have the right to review, correct, or request the deletion of Personal Data of their minor children by contacting vaagaitecknowledge@gmail.com.
Vaagai Tecknowledge does not knowingly collect Personal Data directly from children under the age of thirteen (13) without verifiable parental or guardian consent. If we discover that Personal Data from a child under thirteen (13) has been collected without such consent, we shall promptly delete it.
For EEA/UK data subjects where consent is the legal basis, we require parental or guardian consent for data subjects under the age of sixteen (16), unless the applicable member state law specifies a lower age limit (not below thirteen years).
16. COMMUNICATION CONSENT AND OPT-OUT
16.1 Types of Communications
We may send the following types of communications to users:
Transactional / Service Communications — These include account-related alerts, payment confirmations, billing notifications, system maintenance notices, and critical service updates. These communications are necessary for the delivery of the Services and are not subject to a general opt-out.
Promotional / Marketing Communications — These include information about new features, offers, events, and training programmes. These are only sent with your prior consent.
WhatsApp Business Messages — Sent via the Meta WhatsApp Business API. These are subject to Meta's Messaging Policy and require explicit, separate consent from the user.
16.2 Consent to Communications
Promotional communications via email, SMS, and WhatsApp are only sent with your prior informed consent. Consent is obtained at the time of account registration or subscription. Consent for WhatsApp communications is collected as a separate, explicit action independent of general registration consent.
All SMS communications comply with:
The Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018;
TRAI Bulk SMS / Commercial Communication guidelines;
The DND (Do Not Disturb) registry requirements.
16.3 Opt-Out Mechanisms
You may opt out of promotional communications at any time through any of the following methods:
Clicking the "Unsubscribe" link in any marketing email;
Replying STOP to any promotional SMS;
Replying STOP to any promotional WhatsApp message;
Updating your communication preferences through your account settings; or
Sending a written opt-out request to vaagaitecknowledge@gmail.com.
Opt-out requests will be processed within ten (10) business days. Opting out of promotional communications will not affect the delivery of transactional or service communications.
17. MOBILE APPLICATION
Our Services are available as mobile applications on Android (Google Play Store) and iOS (Apple App Store). The mobile application may collect:
Device identifiers (advertising ID, IMEI where permitted), operating system version, and app version;
Push notification tokens for delivering account alerts and service notifications;
Crash logs and diagnostic data for performance monitoring.
Important: All payment transactions within the mobile application are processed through external payment links and are NOT conducted via in-app purchase mechanisms. This approach is consistent with applicable Google Play Store and Apple App Store policies governing third-party payment processing for SaaS subscription services.
You may manage app permissions — including notifications, camera access, and storage access — at any time through your device operating system settings.
18. CHANGES TO THIS POLICY
Vaagai Tecknowledge reserves the right to amend this Policy at any time to reflect changes in our practices, services, or applicable law.
Material changes will be notified to registered users via email and/or through a prominent notice on our platform at least fourteen (14) days before the change takes effect.
Minor or non-material changes may be made without prior notice and will be reflected by updating the "Last Updated" date at the top of this Policy.
Changes required by law may be implemented with shorter notice or with immediate effect.
Continued use of the Services following the effective date of any amendment constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.
19. GRIEVANCE REDRESSAL
In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the following grievance mechanism is in place:
|
|
Grievance Officer | Proprietor, Vaagai Tecknowledge |
vaagaitecknowledge@gmail.com | |
Subject Line | "Privacy Grievance" |
Postal Address | 6/639, Lakshmi Nagar Main Road, Lakshmi Nagar, Virudhunagar, Tamil Nadu, India |
Acknowledgement Timeline | Within 48 hours of receipt |
Resolution Timeline | Within 30 days of receipt |
EEA/UK residents who believe their GDPR rights have been violated may lodge a complaint with the competent Data Protection Supervisory Authority in their EU member state or in the UK (Information Commissioner's Office).
California residents may contact the California Privacy Protection Agency (CPPA) or the California Attorney General's Office if they believe their CCPA rights have been violated.
20. GOVERNING LAW
This Policy shall be governed by and construed in accordance with the laws of the Republic of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and all applicable rules and regulations thereunder.
Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Virudhunagar, Tamil Nadu, India, without prejudice to any mandatory statutory rights or remedies that may be available to users in their respective jurisdictions under applicable local law.
— End of Privacy Policy —
Vaagai Tecknowledge | www.vaagai.org.in | Virudhunagar, Tamil Nadu, India GST: 33DKHPS0026J1Z8