Privacy Policy

For the purposes of this Policy:

• "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• "Sensitive Personal Information" means Personal Information that reveals racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or financial information.
• "Processing" means any operation performed on Personal Information, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or erasure.
• "Third Party" means any entity other than the Company, its affiliates, or its authorized service providers.
• "Data Controller" means the entity that determines the purposes and means of Processing Personal Information.

We process your Personal Information based on one or more of the following legal grounds:

• Contractual Necessity: Processing necessary for the performance of a contract with you or to take pre-contractual steps at your request.
• Legitimate Interests: Processing necessary for our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms.
• Legal Obligation: Processing necessary for compliance with legal obligations to which we are subject.
• Consent: Where you have provided explicit consent for specific processing activities, which you may withdraw at any time.
• Vital Interests: Processing necessary to protect your vital interests or those of another person.

3.1 Information You Provide Directly

• Full name and professional title
• Email address (personal and/or professional)
• Telephone and mobile numbers
• Company or organization name
• Mailing and billing addresses
• Resume, curriculum vitae, and employment history
• Professional qualifications and certifications
• Communications and correspondence with us
• Any other information you voluntarily provide

3.2 Information Collected Automatically

• IP address and approximate geographic location
• Device identifiers, type, model, and operating system
• Browser type, version, language, and settings
• Referring URLs and exit pages
• Date, time, and duration of visits
• Pages viewed and interactions with Service features
• Click patterns and navigation paths
• Error logs and performance data

3.3 Information from Third Parties

• Publicly available information from professional networks
• Information from business partners and referral sources
• Data from analytics and advertising partners
• Information from identity verification services

We employ cookies, web beacons, pixels, and similar tracking technologies to enhance your experience and gather information about usage patterns. We obtain your explicit consent before setting non-essential cookies.

4.1 Types of Cookies We Use

• Essential Cookies: Strictly necessary for Service functionality. These cookies are required and cannot be disabled. They include cookies for session management and security.
• Analytics Cookies: Help us understand user behavior through aggregated statistics (e.g., Google Analytics). These cookies are only set after you provide explicit consent.
• Marketing Cookies: Track your activity to deliver relevant advertisements and measure campaign effectiveness. These cookies are only set after you provide explicit consent.

4.2 Cookie Consent

When you first visit our Service, you will be presented with a cookie consent banner that allows you to:

• Accept all cookies
• Accept only essential cookies
• Customize your preferences by cookie category

Non-essential cookies (analytics and marketing) will not be set until you provide explicit consent. You may withdraw your consent or change your preferences at any time by clicking the "Cookie Settings" link in our website footer.

4.3 Consent Records

We record your cookie consent choices, including the timestamp, categories consented to, and relevant metadata. This information is stored locally in your browser and is retained for compliance and audit purposes. If you clear your browser data, you will be asked to provide consent again on your next visit.

We process Personal Information for the following purposes:

5.1 Service Delivery and Operations

• Providing, maintaining, and improving the Service
• Processing and fulfilling your requests and transactions
• Managing user accounts and authentication
• Communicating about your use of the Service

5.2 Business Operations

• Processing employment applications and recruitment
• Managing customer relationships and support inquiries
• Processing payments and preventing fraud
• Conducting internal analytics and business intelligence

5.3 Marketing and Communications

• Sending promotional materials and newsletters (with consent)
• Personalizing content and recommendations
• Conducting surveys and collecting feedback
• Delivering targeted advertising based on your interests

5.4 Legal and Compliance

• Complying with applicable laws and regulations
• Enforcing our Terms of Service and other agreements
• Protecting our rights, property, and safety
• Responding to legal process and government requests
• Detecting, investigating, and preventing security incidents

We may disclose your Personal Information to the following categories of recipients:

6.1 Service Providers

We engage trusted third-party service providers who perform services on our behalf, including cloud hosting, data analytics, payment processing, email delivery, customer support, and marketing services. These providers are contractually bound to protect your information and use it solely for the purposes we specify.

6.2 Business Partners

We may share information with business partners for joint marketing initiatives, co-branded services, or collaborative projects, subject to appropriate confidentiality agreements.

6.3 Advertising Partners

We work with advertising networks and analytics providers who may collect or receive information about your use of the Service to deliver targeted advertisements. This may include sharing device identifiers, browsing data, and inferred interests.

6.4 Legal and Regulatory Disclosures

We may disclose information when required by law, court order, subpoena, or government request, or when we believe disclosure is necessary to: (a) comply with legal obligations; (b) protect our rights, privacy, safety, or property; (c) enforce our agreements; or (d) protect against legal liability.

6.5 Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or other corporate transaction, your Personal Information may be transferred to the acquiring entity or successor. We will provide notice before your information becomes subject to a different privacy policy.

Your Personal Information may be transferred to, stored, and processed in countries other than your country of residence, including India, the United States, and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

When transferring data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by relevant authorities
• Binding Corporate Rules for intra-group transfers
• Certification mechanisms and codes of conduct
• Adequacy decisions where applicable

By using the Service, you consent to the transfer of your information to countries outside your jurisdiction, including countries that may not provide the same level of data protection as your home country.

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account Information: Retained for the duration of your account and for 3 years following account termination or last activity.
• Transaction Records: Retained for 7 years to comply with tax and accounting requirements.
• Employment Applications: Retained for 2 years from the date of submission.
• Marketing Data: Retained until you withdraw consent or for 3 years from last engagement.
• Analytics Data: Retained in aggregated or anonymized form indefinitely.
• Legal Hold Data: Retained as required for pending or anticipated litigation, investigations, or legal proceedings.

Following the applicable retention period, we will securely delete or anonymize your Personal Information, unless longer retention is required or permitted by law.

Subject to applicable law and certain limitations, you may have the following rights regarding your Personal Information:

• Right of Access: Request confirmation of whether we process your Personal Information and obtain a copy of such information.
• Right to Rectification: Request correction of inaccurate or incomplete Personal Information.
• Right to Erasure: Request deletion of your Personal Information under certain circumstances.
• Right to Restriction: Request limitation of processing of your Personal Information.
• Right to Data Portability: Receive your Personal Information in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge Complaint: File a complaint with a supervisory authority.

To exercise these rights, contact us at privacy@acasalabs.com. We will respond within the timeframe required by applicable law (typically 30 days). We may request verification of your identity before processing your request. Certain requests may be subject to applicable exemptions or limitations.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of Personal Information we have collected.
• Right to Delete: Request deletion of Personal Information we have collected, subject to exceptions.
• Right to Correct: Request correction of inaccurate Personal Information.
• Right to Opt-Out: Opt out of the "sale" or "sharing" of Personal Information for targeted advertising.
• Right to Limit: Limit the use of Sensitive Personal Information.
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights.

We do not sell Personal Information in the traditional sense. However, some sharing of information with advertising partners may constitute a "sale" or "sharing" under California law. To opt out, email privacy@acasalabs.com with the subject line "Do Not Sell or Share My Personal Information."

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent local laws. In addition to the rights listed in Section 9:

• We process your data based on the legal bases outlined in Section 2.
• You have the right to lodge a complaint with your local supervisory authority.
• International transfers are protected by appropriate safeguards as described in Section 7.

For GDPR-related inquiries, contact our Data Protection Officer at dpo@acasalabs.com.

For users in India, we comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and Information Technology Act, 2000. Your rights include:

• Right to access information about your Personal Data being processed
• Right to correction and erasure of Personal Data
• Right to grievance redressal
• Right to nominate another person to exercise rights in case of death or incapacity

We will not process Personal Data in any manner that has a detrimental effect on the well-being of a child.

The Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Information from children under 18. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us immediately at privacy@acasalabs.com.

If we discover that we have collected Personal Information from a child under 18 without verified parental consent, we will take steps to delete such information promptly.

We implement appropriate technical and organizational measures to protect Personal Information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee training on data protection practices
• Incident response and breach notification procedures

Disclaimer: While we strive to protect your Personal Information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, and you transmit information at your own risk. We are not liable for any unauthorized access, hacking, data loss, or other breaches beyond our reasonable control.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable law. Notification will include a description of the breach, likely consequences, and measures taken to address the breach. We reserve the right to delay notification if required by law enforcement or if notification would impede an ongoing investigation.

We may use automated systems to process your information for certain purposes, including fraud detection, content personalization, and analytics. These systems may profile users based on their behavior and preferences. You have the right to request human intervention, express your point of view, and contest decisions made solely by automated processing that significantly affect you. To exercise this right, contact us at privacy@acasalabs.com.

The Service may contain links to third-party websites, applications, or services not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access. This Policy applies solely to information collected through our Service.

Some browsers transmit "Do Not Track" (DNT) signals to websites. Due to the lack of a common standard for interpreting DNT signals, our Service does not currently respond to DNT signals. We will update this Policy if a standard is established.

We reserve the right to modify this Policy at any time. Material changes will be communicated through:

• Prominent notice on the Service
• Email notification to registered users (where applicable)
• Update to the "Last Updated" date at the top of this Policy

Changes become effective immediately upon posting unless otherwise stated. Your continued use of the Service following the posting of changes constitutes acceptance of such changes. We recommend reviewing this Policy periodically for updates.

To the maximum extent permitted by applicable law, the Company shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or relating to your use of the Service or this Policy, including but not limited to loss of profits, data, use, goodwill, or other intangible losses. Our total liability shall not exceed the amount paid by you, if any, for access to the Service during the twelve (12) months preceding the claim.

This Policy shall be governed by and construed in accordance with the laws of India, without regard to its conflict of laws principles. Any disputes arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in Surat, Gujarat, India.

Before initiating formal legal proceedings, you agree to first contact us to attempt resolution through informal negotiation. Any claims must be brought within one (1) year after the cause of action arises, or such claim shall be permanently barred.

If any provision of this Policy is held to be invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its original intent. The remaining provisions shall continue in full force and effect.

This Policy, together with our Terms of Service, constitutes the entire agreement between you and the Company regarding the collection, use, and disclosure of Personal Information. This Policy supersedes any prior agreements or understandings, whether written or oral, regarding the same subject matter.

For questions, concerns, or requests regarding this Policy or our data practices, please contact us:

In accordance with applicable Indian law, we have appointed a Grievance Officer to address your concerns regarding your Personal Information. The Grievance Officer shall acknowledge your complaint within 48 hours and resolve it within 30 days.