Privacy Policy & Data Protection

Overview

This Privacy Policy explains how we process Personal Data. StratGrid Private Limited and its affiliates (“StratGrid”, “we”, “our”, and/or “us”) value the privacy of individuals who use our platform (https://stratgrid.in) or services that link to this Privacy Policy (collectively, our “Services”).

This Privacy Policy is addressed to individuals outside our organisation with whom we interact in our course of business, including registered users, other users of our platform or services, customers, personnel of corporate customers and vendors, applicants for employment, and visitors to our premises (together, “you”).

This Privacy Policy applies to multiple categories of individuals, including clients, users of our platform, and individuals employed or managed under EOR, MSP, or resource augmentation arrangements. Where applicable, we provide role-specific notices and disclosures to ensure transparency.

This Privacy Policy may be amended or updated from time to time to reflect changes in our practices or changes in applicable law. We encourage you to read this Privacy Policy carefully and to regularly check this page to review any changes.

1. Definitions

• Adequate Jurisdiction — A country or territory recognised as providing an adequate level of protection for Personal Data under an adequacy decision.
• Controller — The entity that decides how and why Personal Data is Processed. StratGrid Private Limited is the Controller of your Personal Data.
• Cookie — A small file placed on your device when you visit a website, including our platform.
• GDPR — The General Data Protection Regulation (EU) 2016/679 and the UK GDPR, as applicable.
• DPDP Act — The Digital Personal Data Protection Act, 2023 (India).
• Personal Data — Information about any individual, or from which any individual is directly or indirectly identifiable.
• Processing — Anything done with any Personal Data, whether or not by automated means, including collection, storage, use, disclosure, or destruction.
• Processor — Any person or entity that Processes Personal Data on behalf of the Controller.
• Sensitive Personal Data — Personal Data about race, ethnicity, political opinions, religious beliefs, biometric data, health, sexual life, criminal offences, or national identification numbers.

2. Collection of Personal Data

We collect or obtain Personal Data about you from the following sources:

• Data provided to us — When you contact us via email, our platform, or any other means, or submit a job application.
• Data obtained in person — During meetings, conferences, interviews, or events we attend.
• Relationship data — Collected in the ordinary course of our relationship with you (e.g. where we provide a service to you or your employer).
• Data you make public — Information you choose to make public, including via social media.
• Platform data — Collected when you visit our platform or use any features or resources available on or through it.
• Registration details — Collected when you use, or register to use, our platform, products, or services.
• Third-party information — Collected from third parties who provide it to us (e.g. law enforcement authorities or referral partners).

3. Categories of Personal Data We Process

We process the following categories of Personal Data:

• Personal details — Given name(s), preferred name.
• Demographic information — Gender, date of birth, nationality, title.
• Contact details — Address, telephone number, email address, social media details.
• Professional details — Employment history, qualifications, skills, language abilities.
• Consent records — Records of any consents given, including date, time, and subject matter.
• Payment details — Invoice records, billing address, payment method, payment amount.
• Platform usage data — Device type, operating system, browser type, IP address, login details, usage data.
• Employment-related data (EOR/MSP) — Employment contracts, tax identification numbers, payroll and compensation details, benefits data, time and attendance records, and performance-related information. Such data is processed solely for delivering our services in accordance with applicable employment and data protection laws.
• Views and opinions — Any views and opinions you choose to send us or publicly post about us.

Not all of the above will apply to you. This depends on your specific relationship with StratGrid (e.g. employee, user, client).

4. Sensitive Personal Data

We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of our business. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law, relying on one of the following legal bases:

• Compliance with applicable law — Where Processing is required or permitted by applicable law.
• Detection and prevention of crime — Where Processing is necessary for the detection or prevention of crime.
• Establishment, exercise or defence of legal claims — Where Processing is necessary for legal proceedings.
• Consent — Where we have obtained your express consent prior to Processing.

5. Purposes of Processing and Legal Bases

Provision of services

Providing our platform, products, or services; communicating with you in relation to the services. Legal basis: contractual necessity, legitimate interest, or consent.

Compliance checks

Fulfilling regulatory compliance obligations, Know Your Client checks, identity verification, and screening against sanctions lists. Legal basis: legal obligation, contractual necessity, or legitimate interest.

Operating our business

Operating and managing our platform, products, and services; notifying you of changes. Legal basis: contractual necessity, legitimate interest, or consent.

Communications and marketing

Communicating with you to provide news and information you may be interested in; personalising our platform and services; enabling opt-out or unsubscribe where applicable. Legal basis: legitimate interest or consent.

Security and fraud prevention

Maintaining physical and electronic security; detecting, preventing, and investigating fraud and breaches of policy. Legal basis: legal obligation or legitimate interest.

Legal compliance and claims

Complying with legal and regulatory obligations; establishing, exercising, or defending legal claims. Legal basis: legal obligation or legitimate interest.

Recruitment

Recruitment activities, advertising positions, interview activities, analysis of suitability, and handling job applications. Legal basis: legal obligation, legitimate interest, or consent.

6. Disclosure of Personal Data to Third Parties

We disclose Personal Data to other entities within StratGrid and to the following third parties:

• You and, where appropriate, your appointed representatives.
• Legal and regulatory authorities, upon request or for reporting breaches of applicable law.
• Accountants, auditors, consultants, lawyers, and other outside professional advisors, subject to confidentiality obligations.
• Third-party Processors (such as payment service providers), subject to binding contractual data protection obligations.
• Any relevant party, regulatory body, governmental authority, or court, for legal proceedings or prevention of criminal offences.
• Any other relevant third-party service providers, subject to binding contractual confidentiality obligations.

Where sub-processors are engaged — including those located in India or other jurisdictions — we ensure they are subject to binding contractual obligations to maintain confidentiality, integrity, and security of Personal Data.

7. International Transfer of Personal Data

Due to the international nature of our business, we may transfer Personal Data to recipients in countries other than the country in which the data was originally collected. This includes transfers to India, the United States, the United Kingdom, and the EEA.

Where we transfer Personal Data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions, or other legally recognised transfer mechanisms under applicable law, including the GDPR and India’s DPDP Act 2023.

8. Retention of Personal Data

We retain Personal Data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where Personal Data is no longer required, we will securely delete or anonymise it in accordance with applicable law.

For data processed in the context of EOR or MSP arrangements, we retain employment-related data for the period required under applicable employment and tax laws in each relevant jurisdiction.

9. Security of Personal Data

We implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include access controls, encryption, regular security assessments, and employee training.

Where we engage third-party Processors, we require them to implement equivalent security measures and to Process Personal Data only in accordance with our instructions.

10. Your Rights

Subject to applicable law, you may have the following rights in relation to your Personal Data:

• Right of access — The right to obtain confirmation of whether we Process your Personal Data, and a copy of the data we hold about you.
• Right to rectification — The right to have inaccurate or incomplete Personal Data corrected.
• Right to erasure — The right to have your Personal Data deleted in certain circumstances.
• Right to restriction — The right to restrict the Processing of your Personal Data in certain circumstances.
• Right to data portability — The right to receive your Personal Data in a structured, commonly used format and to transmit it to another controller.
• Right to object — The right to object to the Processing of your Personal Data where we rely on legitimate interest as our legal basis.
• Right to withdraw consent — Where we rely on consent as our legal basis, the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at hello@stratgrid.in. We will respond within 30 days.

11. Rights of EEA Data Subjects

If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to lodge a complaint with your local Data Protection Authority. The legal bases we rely on for Processing your Personal Data are as set out in Section 5 of this Privacy Policy.

Where we transfer your Personal Data outside the EEA, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

12. India DPDP Act 2023 Compliance

StratGrid Private Limited is an Indian-registered entity and is subject to the Digital Personal Data Protection Act, 2023 (DPDP Act). We process personal data in accordance with the provisions of the DPDP Act, including:

• Lawful purpose — We process personal data only for lawful purposes for which consent has been given or for which processing is permitted under the DPDP Act.
• Data Principal rights — You have the right to access, correct, and erase your personal data, and to withdraw consent at any time.
• Data Fiduciary obligations — We fulfil all obligations as a Data Fiduciary under the DPDP Act, including maintaining appropriate security safeguards and notifying you in the event of a data breach.
• Cross-border transfers — We transfer personal data outside India only to countries or territories notified by the Indian Government as permissible under the DPDP Act.

For DPDP Act queries, please contact our designated point of contact at hello@stratgrid.in.

13. Cookies

We use cookies and similar technologies on our platform. Cookies help us improve your experience, understand how our platform is used, and deliver relevant content and advertising.

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our platform. By continuing to use our platform without adjusting your cookie settings, you consent to our use of cookies as described in this Privacy Policy.

We use the following types of cookies:

• Strictly necessary cookies — Required for the platform to function. These cannot be disabled.
• Analytics cookies — Help us understand how visitors use our platform (e.g. Google Analytics).
• Marketing cookies — Used to deliver relevant advertisements and track campaign effectiveness.
• Preference cookies — Remember your settings and preferences.

14. California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• The right to know what Personal Information we collect about you and how it is used and shared.
• The right to delete Personal Information we have collected from you, subject to certain exceptions.
• The right to opt out of the “sale” or “sharing” of your Personal Information.
• The right to non-discrimination for exercising your privacy rights.
• The right to correct inaccurate Personal Information.
• The right to limit the use and disclosure of Sensitive Personal Information.

StratGrid does not sell your Personal Information. To exercise any of your California rights, please contact us at hello@stratgrid.in.

15. Contact Us

If you have any questions about this Privacy Policy, or wish to exercise any of your rights in relation to your Personal Data, please contact us:

• Entity — StratGrid Private Limited
• CIN — U72900KA2025PTC153689
• Address — 4th Floor, #1 Akhitaan, Kundhalli Brookfield, ITPL Main Road, Bangalore – 560036, Karnataka, India
• Email — hello@stratgrid.in

This Privacy Policy was last updated in May 2026. StratGrid Private Limited reserves the right to amend this Privacy Policy at any time. We will notify you of material changes by posting the updated policy on our platform with a revised effective date.