Privacy Policy

Effective Date: 14th August 2025

Code Karma Technologies Private Limited (“we,” “us,” or “our”) values your privacy and is committed to protecting your personal information (“Personal Data”).

This Privacy Policy (“Policy”) explains how we collect, use, disclose, store, and safeguard your Personal Data when you use our websites, mobile applications, platforms, products, services, and related offerings (“Services”).

By using our Services, you confirm that you have read and understood this Policy. If you do not agree, please do not use the Services.

Scope and Applicability

This Policy applies to all users whose Personal Data is collected, received, stored, used, disclosed, or otherwise processed by us in connection with our business activities, regardless of the user’s country of residence, or location, and regardless of the medium through which such data is collected. This includes, without limitation: 

  • Users who register for, access, browse, or use our Services or any part thereof.


  • Users authorised by our clients to access or use the Services on their behalf.


  • Users who express interest in our Services. 


  • Users who communicate or interact with us through email, telephone, postal mail, instant messaging platforms (including Slack, Microsoft Teams, WhatsApp, and similar tools), social media, webinars, or any other means. 

Information We Collect

We collect and process Personal Data only as necessary for legitimate business purposes, including authentication, account management, security, and communication or as otherwise permitted or required by applicable law. Depending on your interactions with the Services, the Personal Data we collect may include, without limitation:

  • Identity Information such as your name and email address, which may be obtained through third-party authentication providers (e.g., Google Authentication) during user login or account creation. 


  • Contact Information such as email addresses, usernames, display names, and similar identifiers shared during collaboration or communication with us, including through messaging platforms such as Slack, Microsoft Teams, etc. (“Instant Messaging Platforms”). 


  • Communication Information when you interact with us, for instance, through Instant Messaging Platforms, events, emails etc., we may receive and process information you share in the course of such communications, including for instance, your name, email address, and display name. 


  • Account metadata such as your authentication tokens, profile preferences, and linked account identifiers, collected to enable secure access and maintain session integrity.


  • Technical and Usage Data  information automatically collected when you access or use the Services, which may include IP address, browser type, device identifiers, operating system, session logs, pages viewed, and interaction patterns. This data may be used for purposes like security monitoring, service optimisation, troubleshooting, analytics, and improving the user experience.


  • Cookies and Tracking Technologies when you access or use the Services, we and our third-party partners may use cookies, pixels, SDKs, and similar tracking tools to operate, secure, and improve the Services, remember your preferences, analyse usage trends, and deliver relevant content and advertisements. You can manage or disable these technologies through your browser or device settings; however, certain features of the Services may not function properly without them.

How We Collect Information

We collect Personal Data only for lawful and legitimate purposes, including authentication, communication, service delivery, security, and as otherwise permitted or required under applicable law. The methods by which we collect such information include, without limitation:

  • When you sign in via Google Authentication (or similar third-party login providers), you are redirected to the provider’s authentication service, through which we receive basic profile information (e.g., your name, email address, and any other data you authorise Google to share with us). This process is governed by the provider’s privacy policy in addition to this Policy.


  • When you interact with us through Instant Messaging Platforms, emails, events or other channels, we may receive and process information you share in the course of such communications, including your name, email address, display name, and other contact or business-related information necessary for collaboration and service delivery.


  • While we do not actively track or store IP addresses or similar identifiers for profiling purposes, certain technical information (e.g., IP address, device type, browser type, and access timestamps) may be passively collected by our hosting providers, analytics services or communication platforms for operational, troubleshooting, and security purposes.


  • We may receive Personal Data about you from third parties where permitted by applicable law. This information may include your name, email, and other information relevant to the Services we provide. 

Purpose of Data Collection and Use

We collect and process Personal Data only for lawful, specific, and legitimate purposes, and do not use such information in a manner that is incompatible with those purposes.

The purposes for which we collect and use Personal Data include, without limitation:

  • To provide, operate, and maintain our Services, including fulfilling transactions, delivering requested features, and managing user accounts.


  • To communicate with you, respond to enquiries, exchange information, and enable collaboration through communication channels such as email, or Instant Messaging Platforms.


  • To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to establish, exercise, or defend legal claims.


  • For any purpose not otherwise specified in this Policy, where we have obtained your prior consent in accordance with Applicable law.


  • Develop our business and for marketing and communication purposes


  • To operate, maintain and improve the functionality, security and performance of our Services, including through analytics, monitoring, troubleshooting, and fraud prevention measures. 

Lawful Basis for Processing

We process Personal Data only where we have a valid legal basis to do so under Applicable law. Depending on the nature of your interaction with us and the Services, we may rely on one or more of the following lawful bases:

  • Where processing is necessary to enter into or perform our contractual obligations with you or with the organisation you represent, including to provide the Services, manage accounts, and deliver support.


  • Where the processing is necessary for us to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.


  • Where processing is necessary for our legitimate business interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms. Legitimate interests may include operating, securing, and improving our Services; preventing fraud and misuse; and managing business operations.


  • Where the processing is necessary to protect your vital interests or those of another individual, such as in emergencies. 


  • Where the processing is necessary for the performance of a task carried out in the public interest, to the extent permitted by applicable law.

Data Retention

Retention Periods.
We retain Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, as outlined in this Policy, and to comply with our legal, regulatory, contractual, or legitimate business requirements.  The specific retention period for Personal Data may vary depending on: (a) The nature and sensitivity of the Personal Data; (b) The purposes for which it is processed; (c) Applicable legal, tax, accounting, or regulatory requirements; and (d) The potential need to establish, exercise, or defend legal claims. 

Exceptions.
In certain circumstances, we may retain Personal Data for longer periods where: (a) We are required to do so by law or regulatory authorities; (b) The data is relevant to an ongoing or anticipated legal dispute, investigation, or claim; or (c) You have exercised your rights under applicable law in a manner that requires longer retention (e.g., record-keeping for opt-out requests). 

Deletion or Anonymisation.
Once the retention period has expired or the Personal Data is no longer required for the purposes for which it was collected, we will securely delete, destroy, or anonymise such data, unless otherwise required or permitted by law. Subject to this Section 6, we endeavour to delete Personal Information that relating to you when you/ your organisation opts to stop availing of our Services. Sharing of Personal Information.

The Company shall not sell, rent, lease, or otherwise disclose Personal Data to third parties for their independent marketing purposes without the explicit consent of the User. Any sharing of Personal Data shall be strictly in accordance with applicable laws, contractual obligations, and this Policy.

Permitted Disclosures.
The Company may share Personal Data with the following categories of recipients for the purposes set out in this Policy:

  • Where processing is necessary to enter into or perform our contractual obligations with you or with the organisation you represent, including to provide the Services, manage accounts, and deliver support.


  • Where the processing is necessary for us to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.


  • Where processing is necessary for our legitimate business interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms. Legitimate interests may include operating, securing, and improving our Services; preventing fraud and misuse; and managing business operations.


  • Where the processing is necessary to protect your vital interests or those of another individual, such as in emergencies. 


  • Where the processing is necessary for the performance of a task carried out in the public interest, to the extent permitted by applicable law.


Anonymised and Aggregated Data.

The Company may share anonymised or aggregated data, which cannot reasonably identify an individual, for research, analytics, industry benchmarking, and other legitimate business purposes.

Data Storage and Security

The Company is committed to implementing and maintaining robust technical, organizational, and administrative measures to protect all Personal Information in its possession or control from unauthorized access, alteration, disclosure, or destruction, in accordance with applicable law and industry best practices.

  • Personal Data is stored exclusively in secure, encrypted cloud environments hosted by reputable cloud service providers (such as AWS or Microsoft Azure) that comply with recognized international security and privacy standards. 


  • Access to Personal Information is strictly limited to authorized personnel on a role-based, need-to-know basis.


  • Multi-factor authentication (MFA) and strict identity verification measures are implemented for all privileged accounts.


  • Access rights are reviewed periodically and revoked immediately upon role change, contract termination, or other relevant events.


  • The Company maintains continuous security monitoring and logging frameworks.

Data Breach Management

In the event the Company becomes aware of any actual or suspected breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data (“Data Breach”), the Company shall promptly investigate the incident to determine the scope, cause, and impact of the breach.

Notification.

  • Where required under applicable law, the Company shall notify the relevant supervisory authority without undue delay and, where feasible, within the statutory timelines prescribed.


  • If the Data Breach is likely to result in a high risk to the rights and freedoms of affected individuals, the Company shall also notify such individuals without undue delay, providing clear information about: (a) nature of the breach; (b) types of personal data affected; (c) possible consequences; and (d) measures taken or proposed to address the breach and mitigate potential adverse effects.

  • .

Mitigation and Remediation.
The Company shall take all reasonable steps to: (a) contain and limit the scope of the breach; (b) remedy vulnerabilities that led to the breach; and (c) prevent recurrence, including implementing enhanced technical and organizational measures.

Documentation.
The Company shall maintain an internal record of all Data Breaches, whether or not notification is required, in compliance with applicable legal requirements. Such records will include the facts relating to the breach, its effects, and the remedial actions taken.

Third-Party Breaches.

Where a Data Breach occurs at a third-party service provider engaged by the Company, the Company shall ensure that such provider is contractually obligated to notify the Company without undue delay and cooperate fully in the investigation, mitigation, and notification process.

User Rights

Subject to applicable laws, Users have the following rights in relation to their Personal Data processed by the Company:

Right to Access.
Users may request confirmation of whether the Company processes their Personal Data and, if so, obtain a copy of such data along with details of its processing.

Right to Rectification. Users may request correction or updating of any inaccurate or incomplete Personal Data.

Right to Erasure (“Right to be Forgotten”).
Users may request deletion of their Personal Data where: The data is no longer necessary for the purposes for which it was collected; Consent is withdrawn and there is no other legal basis for processing; or Processing is unlawful, subject to applicable legal and contractual retention requirements.

Right to Restrict Processing.
Users may request that the Company limit the processing of their Personal Data in certain circumstances, such as while a correction request is pending or an objection is under review.

Right to Lodge a Complaint.
Users have the right to lodge a complaint with the relevant data protection authority in their jurisdiction if they believe that their rights have been infringed.

Right to Data Portability.
Where applicable under the law, Users have the right to receive the Personal Data they have provided to the Company in a structured, commonly used, and machine-readable format, and have the right to transmit such data to another controller without hindrance from the Company, to the extent technically feasible.


Exercising Rights.
To exercise any of the above rights, Users may contact the Company at info@codekarma.tech. The Company may require reasonable proof of identity before acting on a request. The Company shall respond within the timelines prescribed under applicable laws.

International Data Transfers

Subject to applicable laws, Users have the following rights in relation to their Personal Data processed by the Company:

Cross-Border Transfers.
The Company may transfer, store, and process Personal Data in countries other than the country of the User’s residence, including jurisdictions that may have different data protection laws from those in the User’s home country.

Adequacy and Safeguards.
Where Personal Data is transferred to a country that has not been recognized by the applicable data protection authority as providing an adequate level of protection, the Company shall ensure that such transfers are subject to: (a) appropriate safeguards, such as the use of standard contractual clauses or binding corporate rules; or (b) any other lawful transfer mechanism permitted under applicable laws.

User Acknowledgement.
By using the Company’s Services, Users acknowledge and consent to the transfer, storage, and processing of their Personal Data outside their country of residence in accordance with this Policy and applicable laws.

Children’s Privacy

Subject to applicable laws, Users have the following rights in relation to their Personal Data processed by the Company:

  • he  Services are not directed to, nor intended for use by, individuals under the age of eighteen (18) years. We do not knowingly collect, solicit, or process personal data from individuals under this age threshold.

  • If we become aware that personal data has been collected from an individual under the age of eighteen (18) without verifiable parental or guardian consent, we will promptly take steps to: (a) delete such personal data from our records; (b) terminate the associated account or access; and (c) where required by applicable law, notify the relevant regulatory authorities.

  • Parents or legal guardians who believe that their child has provided us with personal data without their consent may contact us at the details provided in this Policy to request removal of such data.

Changes to This Privacy Policy

We reserve the right to update or modify this Policy as needed to comply with legal requirements or reflect changes in our practices. We will notify users of any changes, modifications or updates in the current privacy policy via disclosures on the official website of the company.

Grievance Redressal

For any privacy-related concerns or grievances, please contact:

Email: info@codekarma.tech
Designated Point of Contact: Anantharam Vanchi Prakash₹

Grievance Redressal

If you have any questions or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: info@codekarma.tech
Business Address:

HD 197 WeWork Vaishnavi, Signature Outer Ring Road, Bellandur, Bangalore South, Karnataka, India, 560103