Brototype (Packapeer Academy Private Limited) Privacy Policy
This Privacy Policy explains how Packapeer Academy Private Limited (Brototype) collects,
uses, discloses, and protects your personal information when you use our website and/or
mobile app (collectively, "Services"). We take your privacy seriously and are committed to
protecting your personal data in accordance with applicable laws including the Digital Personal Data
Protection Act, 2023 (DPDP Act).
If you have any questions, complaints, or requests about this policy, please contact our Grievance Officer
(see section "Grievance Redressal").
1. Key Terms & Definitions
- Data Principal – The individual to whom the personal data relates (i.e., you, the
user).
- Data Fiduciary – Packapeer Academy Private Limited (Brototype), which
decides how and why your personal data is processed.
- Data Processor – Any third party who processes personal data on behalf of the Data
Fiduciary (for example, cloud hosting providers, analytics services).
- Personal Data – Any information that relates to an identified or identifiable
individual.
- Processing – Any operation performed on personal data (collection, storage, disclosure,
alteration, erasure, etc.).
- Consent – Freely given, specific, informed, unambiguous, and capable of being withdrawn
as required by law.
- Legitimate Use – As defined under the DPDP Act, circumstances where
processing is allowed even without consent (e.g., legal obligations, public order, emergency, etc.).
2. Applicability
This Policy applies to:
- All users of the Brototype website and mobile app
- Personal data in digital form, and data collected offline if digitised later.
It does not apply to:
- Information collected offline (unless digitised later), unless otherwise stated.
- Information belonging to third parties, publicly available data (insofar as law permits).
3. Types of Data Collected
We collect and process various kinds of personal data, which may include:
| Category |
Examples / Specifics |
Purpose of Collection |
| Basic Identifiers |
Name, email address, phone number, address, gender, date of birth |
User registration, communication, verification |
| Account Details |
Profile photos, educational background / qualifications (if applicable) |
Personalization, account management |
| Device & Technical Data |
IP address, device identifier, OS version, browser information, device model, screen
resolution |
Security, troubleshooting, analytics |
| Usage & Behavioural Data |
Pages/screens visited, time spent, clicks, features used, app crashes, log files |
Improving UX / UI, optimizing performance, diagnosing technical issues |
| Authentication / Verification Data |
OTPs, phone state info (for drop calls, verification), device tokens, etc. |
Ensuring account security, verifying identity |
| Communications Data |
Messages you send us, emails, support requests, feedback |
Responding to support, improving services |
4. Legal Basis & Principles of Processing
Under the DPDP Act, we process your data on the following legal bases:
- Consent – Where we ask for permission to collect your data for specific purposes (for
example: marketing messages, optional profile data).
- Legitimate Uses – For example, to perform our contract with you, to comply with law, to
protect public interest, to ensure security, and prevent fraud.
We adhere to key data protection principles:
- Purpose Limitation: We collect data only for specified, explicit, and legitimate
purposes. We do not process it in ways incompatible with those purposes.
- Data Minimization: We collect only what is necessary for the purposes.
- Accuracy: We make reasonable efforts to ensure data is accurate, complete, and up to
date.
- Storage Limitation: We retain data only for as long as needed for the purpose, or to
comply with legal obligations, after which we securely delete or anonymize it.
- Integrity & Confidentiality: We apply security safeguards to protect data against
unauthorised or unlawful processing, accidental loss, destruction, or damage.
5. How We Collect Data
We collect Personal Data through:
- User Registration / Account Setup – when you sign up or register with us.
- Forms & Surveys – contact forms, feedback, queries.
- Communications – emails, chats, support tickets.
- Cookies & Other Tracking Technologies – When you use our software services
- Automatically – server logs, device/usage data.
- Third Parties – e.g. third-party analytics, social media logins, payment gateways.
6. Use of Data
We use the information we collect for following purposes:
- To allow you to access and use the Services (login, account management).
- To verify your identity and secure your account.
- To operate, maintain, improve and personalize our Services (UI/UX, features).
- To communicate with you (Service announcements, updates, support).
- With your consent, to send promotional and marketing messages.
- For analytics — understand usage patterns, fix bugs, monitor performance.
- To fulfill legal obligations (taxes, government regulations).
- To detect, prevent and act upon fraudulent, suspicious, or illegal activities.
7. Disclosure / Sharing of Data
We may disclose your data to:
- Service Providers / Vendors who assist us (hosting, analytics, payments, communication
tools). We ensure such third parties have appropriate contractual obligations to protect data.
- Affiliates / Business Partners (with your consent or as permitted by law).
- Authorities when required by law (court orders, regulatory bodies, criminal
investigations).
- In event of business transaction e.g. sale, merger, acquisition — only with appropriate
protections and subject to the terms of this policy.
We may share aggregated / anonymised information that cannot reasonably identify you.
8. Cross‑Border Data Transfers
If your Personal Data is transferred to or processed in a country outside India:
- We will ensure appropriate safeguards are in place (contracts, secure practices).
- We will comply with any regulations prescribed by the government regarding transfer.
9. Data Retention
We retain personal data:
- As long as necessary to fulfill the purpose(s) for which it was collected.
- To comply with legal, tax, regulatory obligations.
- After data is no longer necessary, it will be deleted or anonymized in a secure manner.
For example:
- Log files and analytics data may be retained for a shorter period (e.g. 1‑2 years) unless otherwise
required.
10. Security Measures
We implement reasonable security measures, including (but not limited to):
- Encryption (in transit with TLS/SSL; at rest where feasible).
- Access controls (role‑based access, least privilege).
- Secure authentication (password hashing, OTP / 2FA where relevant).
- Regular security audits, penetration testing.
- Secure backups.
- Monitoring for potential security incidents.
11. Children's Data
- If you are under 18, please do not use the Services without parental or guardian consent.
- For children's data, we will obtain verifiable parental consent where required.
- We will not carry out targeted behavioural advertising for children or profiling that is harmful.
12. Cookies, Tracking & Similar Technologies
- We use cookies or similar tracking tools (web beacons, SDKs, pixels etc) to facilitate:
- Functionality (keeping you logged in, preferences)
- Analytics (understanding how the Services are used)
- Marketing (only with your consent)
- You can disable or block cookies via browser settings or device settings. But disabling certain cookies
may affect how the Services work.
- Details of the types of cookies used (session, persistent, third‑party), their purpose, lifespan should
be clearly described.
13. Your Rights Under DPDP Act
As a Data Principal you have the following rights:
- Access – Request information about what personal data of yours is held, processed, by
whom, how, etc.
- Correction / Update – Ask us to correct or update any inaccurate or incomplete personal
data.
- Erasure – Request deletion of your personal data when it's no longer needed and there
is no legal obligation to retain it.
- Restriction of Processing – Ask us to limit how we use your personal data in certain
circumstances.
- Objection – Object to processing for certain purposes (e.g. marketing) under
conditions.
- Nomination – You can nominate someone to exercise rights on your behalf in event of
incapacity or death.
You may exercise these rights by contacting us via the contact information below. We strive to respond to
such requests within 30 days, unless law prescribes otherwise.
You also have certain duties as a Data Principal (as per DPDP Act), including:
- Not impersonating others
- Not submitting false information
- Not making frivolous or false complaints
14. Personal Data Breach
In the event of a data breach (accidental or unauthorized access, disclosure, loss, etc.), we will:
- Assess the nature, sensitivity, and number of affected data principals.
- Notify the Data Protection Board of India, and all affected users/data principals where required, in the
manner prescribed.
- Take remedial actions to contain and mitigate the breach.
- Review and update our security measures to prevent reoccurrence.
Timeline of notification will follow what is required under law / rules (once prescribed).
15. Grievance Redressal
If you have any questions, concerns or wish to exercise your rights, you can reach out to:
Grievance Officer
Name:
Email:
Phone:
We commit to:
- Acknowledge your complaint within 14 working days.
- Provide a written response (or resolution) within 30 days
16. Policy Updates
- We may update this Privacy Policy from time to time (due to changes in law, our practices, or for new
services).
- If the changes are material, we will notify you via the app, email, or prominent notice on our
website.
- We will indicate the "Last Updated" date at the top.
17. Contact Information
If you have questions, concerns, or need to address privacy issues: