Privacy Policy

PRIVACY POLICY

Effective Date: 1st July, 2025

1. INTRODUCTION

This Data Protection and Privacy Policy (hereinafter referred to as the “Policy”) is issued by Klevr Edge Private Limited (hereinafter referred to as “Klevr,” “We,” “Us,” or “Our”) in its capacity as Data Controller and Processor, in respect of its product and services branded as Klevr.

This Policy governs the collection, use, processing, storage, and disclosure of Personal Information by Klevr in connection with the use of its mobile applications (iOS and Android), web portal, website, and any related services (collectively referred to as the “Platform”).

This Policy constitutes a legally binding agreement between Klevr and any individual or entity accessing or using the Platform or services, whether as a Customer (Data Subject) or Candidate (Data Subject) (hereinafter collectively referred to as “Data Subject(s)”). By accessing or using the Platform, the Data Subject acknowledges, accepts, and agrees to be bound by the terms of this Policy.

The Data Subject(s) shall have the rights specified herein with respect to the collection, use, and processing of Personal Information. The exercise of such rights may, however, restrict or impair Klevr’s ability to provide certain services, whether in part or in whole.

In case of any query, concern, or requirement of clarification regarding this Policy, the Data Subject(s) may contact Klevr at the contact details provided herein.

2. APPLICABILITY

This Policy shall extend to, bind, and regulate the conduct, obligations, and entitlements of all categories of persons, natural or juristic, who, whether directly or indirectly, voluntarily or involuntarily, interact, transact, engage, or otherwise make use of, or come into contact with, the Platform in any capacity whatsoever, including but not limited to the following:

Customers (Data Subjects), being any legal entity, corporate organisation, for-profit or Not for Profit Organisation, Public or Private Entities, Firms, Government agency, or an individual, who elects, subscribes, contracts, or otherwise engages with Klevr for the purpose of procuring and availing background verification and/or allied services as made available and offered through the Platform, and who, in consideration thereof, remits or agrees to remit payment to Klevr in accordance with the applicable commercial terms;
Candidates (Data Subjects), being any natural person, a legal entity, corporate organisation, for-profit or Not for Profit Organisation, Public or Private Entities, Firms, Government agency, upon whom or in respect of whom the background verification, screening, credential validation, or allied checks are commissioned, initiated, or otherwise carried out at the behest of a Customer (Data Subject), whether with or without the direct initiation of such Candidate (Data Subject), but in all instances strictly subject to the principles of consent and authorisation as may be required under applicable law;
All other visitors, browsers, and incidental users, being any person who, without necessarily registering or transacting, nonetheless accesses, views, or navigates the Platform, thereby generating or permitting the collection of certain technical, device-related, or analytical information traceable to their interaction.

For the avoidance of doubt, the provisions of this Policy shall apply uniformly and without exception to all such categories of Data Subjects as enumerated above, unless expressly excluded or qualified herein or under applicable law.

3. THE INFORMATION WE COLLECT

Klevr, in the ordinary and necessary course of providing background verification and allied services through its Platform, collects, receives, and processes diverse categories of information and data, the nature and scope of which are determined by the specific service, verification, or check requested by the Customer (Data Subject). Such information, being capable of identifying or reasonably relating to a natural person, shall constitute “Personal Information”, and may, depending upon the type of verification sought, include, without limitation, the following:

(a) Personal Identifiers

Name, date of birth, gender, mobile number, email address, residential address, professional work address, and government-issued identification credentials including but not limited to Aadhaar, Permanent Account Number (PAN), Voter Identity Card, Driving Licence, Passport, Visa or any other official identification. For address verification, additional documentary evidence such as ration card, vehicle registration certificate, rental agreements, bank account statements, utility bills, or equivalent proofs may be required. Klevr may, where mandated by the Customer (Data Subject), also obtain testimonials or confirmations from individuals acquainted with the Candidate (Data Subject), including friends, relatives, neighbours, partners, or other associates, for the purposes of; including, but not limited to, conducting character verification, homeowner verification, and others.

(b) Professional Information

Employment history including prior employers, job roles, employment records, salary details, compensation and benefit particulars, and related data. For substantiation, Candidates (Data Subjects) may be required to furnish salary slips, employment letters, appraisal letters, relieving orders, experience certificates, or equivalent records. Where requested, Klevr may also undertake reference checks with professional referees nominated by the Candidate (Data Subject), for the purpose of validating professional competencies, conduct, and qualifications.

(c) Academic Information

Educational background including details of universities, colleges, schools, courses, departments, degrees, and qualifications obtained. Verification may necessitate production of degree certificates, consolidated mark sheets, transcripts, or equivalent academic records issued by the respective institutions.

(d) Criminal Background Information

Data relating to pending or disposed criminal complaints, First Information Reports (FIRs), charge sheets, or any similar proceedings. Court records, civil or criminal, may be accessed and verified to ascertain the existence of pending or past cases. All the information will be collected from the records provided by the Department of Justice and supporting bodies. Where requested by the Customer (Data Subject), Klevr may also conduct international or global database checks to determine whether the Candidate (Data Subject) is, directly or indirectly, associated with organised or serious crimes, or appears in records maintained by regulatory authorities, compliance databases, debarment registers, politically exposed person (PEP) listings, or financial sanctions regimes.

(e) Credit Information

Creditworthiness data including credit history, outstanding loans, defaults, repayment behaviour, and credit scores obtained from authorised credit information companies such as CIBIL or equivalent, typically based on identifiers such as PAN.

(f) Sensitive Personal Information

Depending upon the category of verification requested by the Customer (Data Subject), certain information may fall within the definition of “sensitive personal data,” including but not limited to medical or health-related information, social media records, digital footprint data, or motor vehicle records. The collection of such information or other information shall only be undertaken with explicit, specific, and informed consent of the Candidate (Data Subject), after due notification of the purpose, scope, and necessity of such collection.

Information Collected from Customers

In addition to the information pertaining to Candidates (Data Subjects), Klevr shall, in the ordinary course of contractual dealings with its Customers (Data Subjects), collect, receive, and process certain categories of information, including but not limited to the following:

1. Sign-Up Information for Services

3.1.1 Scope.

In order to lawfully establish an account and enable access to services available on the Platform, Customers (Data Subjects) shall be required to furnish certain identifying particulars at the time of registration.

3.1.2 Categories of Information.

Such particulars shall include, without limitation: (a) full name of the Customer (Data Subject) or its duly authorised representative, comprising first, middle, and last names; (b) complete contact coordinates, including telephone numbers and electronic mail addresses; (c) username, password credentials, and/or other authentication keys, tokens, or identifiers required to permit login and continued secure use of the Platform; and (d) Company or Organisation name and registered address, together with such other details as Klevr may reasonably deem necessary for the lawful provision of its services.

3.1.3 Purpose.

The aforementioned information shall be collected and processed exclusively for the purposes of establishing a contractual relationship between the Customer (Data Subject) and Klevr, enabling secure and authenticated access to the Platform, and ensuring compliance with all applicable legal and regulatory requirements.

2. Billing and Payment Information

3.2.1 Scope.

In consideration of services rendered, Klevr shall collect and process certain billing-related particulars of the Customer (Data Subject) in order to facilitate payment, reconciliation, and financial settlement.

3.2.2 Categories of Information.

Billing and payment information shall include, without limitation: (a) payment card details such as credit or debit card numbers, expiry dates, and associated security codes; (b) billing address and postal details; and (c) any other information reasonably required to process payments, issue invoices, or discharge statutory financial obligations.

3.2.3 Purpose.

Such information shall be utilised solely for the purposes of initiating and completing financial transactions between the Customer (Data Subject) and Klevr, generating receipts or invoices, complying with applicable tax and accounting requirements, and maintaining accurate financial records.

3.2.4 Safeguards.

Klevr shall implement appropriate technical, administrative, and contractual safeguards to ensure that payment information is processed with the highest degree of confidentiality and security, and in compliance with applicable laws governing data security and financial transactions.

3. Usage Information

3.3.1 Scope.

In the ordinary course of service delivery, Klevr may collect, log, and process certain data evidencing the Customer’s (Data Subject’s) use of and interaction with the Platform.

3.3.2 Categories of Information.

Usage Information may include, without limitation: (a) system and network identifiers such as IP addresses, device identifiers, and login credentials; (b) metadata and activity logs evidencing the creation, access, download, or modification of files; (c) system-generated communications such as confirmation emails, notifications, or alerts; (d) encryption keys, session identifiers, and similar technical information necessary to maintain the integrity of service delivery; and (e) contextual details such as time zone, date and time preferences, and any other technical or operational parameters relating to use of the Platform.

3.3.3 Purpose.

Such information shall be collected for the limited purposes of ensuring continuity of services, safeguarding the integrity and security of the Platform, fulfilling contractual obligations to Customers (Data Subjects), and enabling Klevr to optimise, troubleshoot, and improve its systems.

4. Analytics Information

3.4.1 Scope.

In addition to usage information, Klevr may collect and process certain analytical data concerning the performance, effectiveness, and overall user experience of the Platform.

3.4.2 Categories of Information.

Analytics Information may include, without limitation: (a) data obtained through third-party analytical tools, including but not limited to Google Analytics; (b) information derived from Candidate (Data Subject) feedback submitted during the verification process; and (c) web analytics data generated by or in connection with visits to the Platform, such as page views, session durations, navigation patterns, and referral sources.

3.4.3 Purpose.

The collection and analysis of such information shall be undertaken solely to improve the usability, efficiency, and functionality of the Platform; to identify technical issues; to generate aggregated statistical insights; and to enhance the quality of service rendered to Customers (Data Subjects) and Candidates (Data Subjects).

5. Cookies

3.5.1 Scope.

In the operation of the Platform and its associated websites, Klevr may deploy, collect, and process cookies and other similar technologies.

3.5.2 Definition.

For the purposes of this Policy, the term “Cookies” shall mean small data files or fragments stored on a Data Subject’scomputer, mobile device, or other hardware when such Data Subject accesses or interacts with the Platform.

3.5.3 Purpose.

Cookies are employed to: (a) facilitate and expedite the functioning of the Platform; (b) recognise returning Customers (Data Subjects) and Candidates (Data Subjects); (c) preserve session information for the continuity of service; (d) enable personalised user experiences; and (e) support analytics and performance monitoring.

3.5.4 User Choice.

Most web browsers permit Data Subjects to disable or restrict the use of cookies, or to receive notifications prior to the storage of cookies on a device. However, it is expressly acknowledged that disabling or rejecting cookies may impair certain features, functionality, or performance of the Platform, for which Klevr disclaims all liability.

6. Third-Party Information

3.6.1 Scope and Applicability.

In the course of providing background verification and related services through the Platform, Klevr may lawfully collect, receive, access, and process certain information pertaining to third parties. For the purposes of this Policy, the term “Third-Party Information” shall mean any personal data, records, or particulars relating to individuals or entities other than the Customer (Data Subject), including but not limited to Candidates (Data Subjects), referees, landlords, tenants, educational institutions, employers (past or present), regulators, courts, credit bureaus, financial institutions, and any other duly authorised or lawful external sources.

3.6.2 Sources of Third-Party Information.

Third-Party Information may be obtained through one or more of the following lawful means:

(a) directly from the Candidate (Data Subject) concerned, upon grant of explicit consent;

(b) from references, landlords, tenants, or other persons identified by the Candidate (Data Subject) or Customer (Data Subject) for the purpose of verification;

(c) from publicly available records, such as court judgments, statutory filings, government registers, or credit bureau databases;

(d) from regulators, law enforcement authorities, or judicial bodies, where permitted or required under applicable law; and

(e) through third-party service providers or agents lawfully engaged by Klevr to support or supplement the verification process.

3.6.3 Purpose of Collection and Processing.

Third-Party Information shall be collected and processed strictly for the limited purposes of:

(a) conducting identity, address, education, employment, reference, criminal record, credit history, or other verification checks requested by the Customer (Data Subject) and consented to by the Candidate (Data Subject);

(b) complying with contractual obligations owed by Klevr to its Customers (Data Subjects) under valid service agreements;

(d) ensuring the accuracy, completeness, and reliability of verification reports generated by the Platform.

3.6.4 Use and Disclosure.

Klevr may use Third-Party Information solely to the extent necessary for the provision of services as contemplated under this Policy and the relevant service agreements. Disclosure of such information shall be limited to:

(a) the Customer (Data Subject) who has requested the verification, subject always to the **Candidate’s (Data Subject’s)**consent;

(b) regulators, courts, or governmental authorities where disclosure is mandated by law;

(c) service providers or agents engaged by Klevr under strict contractual obligations of confidentiality and data protection; and

(d) any other person or entity as may be expressly authorised by the Candidate (Data Subject) or required under applicable law.

3.6.5 Limitations and Safeguards.

Klevr undertakes that Third-Party Information shall not be sold, leased, licensed, or otherwise exploited for commercial gain, except as directly incidental to the provision of services to Customers (Data Subjects). All such information shall be subject to robust technical and organisational safeguards, including encryption, access controls, and retention protocols, to ensure compliance with applicable data protection laws and to uphold the principles of confidentiality, integrity, and lawful processing.

3.6.6 Exclusion.

For the avoidance of doubt, nothing contained in this Section shall be construed as granting to Klevr any independent right, title, or interest in Third-Party Information, save and except the limited right to collect, process, and disclose such information for the purposes expressly set forth herein. The ownership of such information shall at all times vest in the Data Subject or the lawful custodian thereof.

Information Collected from Third Parties

In addition to information furnished directly by Customers and Candidates, Klevr may, for the purpose of fulfilling its contractual obligations to the Customer and completing the requested background verification services, collect, receive, procure, or otherwise access information pertaining to Candidates or related individuals from third-party sources, which may include but shall not be limited to:

Government Authorities and Public Records: Data, records, or extracts maintained by governmental departments, law enforcement agencies, judicial or quasi-judicial authorities, regulatory bodies, or other statutory repositories, including records of identification, court proceedings, criminal cases, civil disputes, or other legal filings.
Educational Institutions: Information received from schools, universities, boards, or academic institutions for the purpose of verifying academic qualifications, certifications, enrolment, or performance.
Employers and Professional References: Information provided by current or previous employers, managers, supervisors, colleagues, or professional referees nominated by the Candidate or otherwise identified during the verification process, pertaining to employment history, performance, reputation, or professional conduct.
Financial Institutions and Credit Bureaus: Information sourced from banks, non-banking financial companies (NBFCs), credit information companies (including CIBIL and others duly authorised), and financial regulatory databases, for the purpose of conducting credit history and financial integrity checks.
Global Databases and Compliance Lists: Data obtained from international or regional repositories and lists, including but not limited to politically exposed persons (PEP) databases, debarment lists, sanctions registries, compliance databases, and other third-party platforms designed to identify financial crimes, frauds, or reputational risks.
Other Authorised Third Parties: Any other third-party service providers, agents, contractors, partners, or vendors duly engaged or authorised by Klevr, subject always to appropriate contractual obligations of confidentiality and data protection.

For the avoidance of doubt, the collection and processing of information from third-party sources shall be undertaken solely for the purpose of executing the verification services requested by the Customer, and shall at all times be subject to the principles of necessity, proportionality, and consent as prescribed under applicable law, including the Digital Personal Data Protection Act, 2023.

4. HOW WE COLLECT YOUR INFORMATION

4.1 Information Provided Directly by the Data Subject.

4.1.1 Klevr shall collect and process personal and other related information that is voluntarily furnished or otherwise submitted directly by the Customer, Candidate, or any other Data Subject, whether through the Platform, web portal, mobile application, email communications, or such other channels as Klevr may lawfully designate from time to time.

4.1.2 Such information may include, without limitation, personal identifiers, demographic particulars, contact details, employment, educational and financial particulars, supporting documentation, declarations, and any other information reasonably required to conduct, complete, or deliver a background verification or related service.

4.1.3 All such information shall be deemed to have been provided with the knowledge, consent, and authorization of the Data Subject concerned and shall be collected solely for legitimate business and operational purposes as contemplated under this Policy.

4.2 Information Obtained from Third-Party Sources.

4.2.1 In order to perform and deliver specific verification services and to prepare the requisite reports, Klevr may, subject to due authorization and lawful consent, collect and process personal or sensitive personal data from duly recognized third-party sources.

4.2.2 Such third-party sources shall include, but not be limited to:

(a) Public Records – comprising government or statutory databases, Court and tribunal records, law enforcement or judicial repositories, regulatory filings, and any other publicly accessible or legally permissible records maintained by competent authorities, both within and outside the jurisdiction of India; and

(b) Private Records – comprising information or documentation obtained from private or institutional entities, such as educational institutions, former or current employers, professional associations, healthcare establishments, credit information companies, and other legally recognized data controllers or custodians, provided always that requisite consent has been obtained from the relevant Data Subject or stakeholder in accordance with applicable law.

4.2.3 Klevr warrants that any access to or retrieval of third-party information shall be undertaken solely in accordance with prevailing legal norms, and any such data so obtained shall be processed only for the limited purpose of verification and not for any unrelated or extraneous commercial use.

4.3 Information Collected Automatically.

4.3.1 In the course of the Data Subject’s interaction with the Platform, Klevr may automatically collect certain data pertaining to electronic network activity and technical usage, which may include, inter alia, IP addresses, device identifiers, browser specifications, operating system details, access timestamps, session metadata, and other similar digital identifiers.

4.3.2 Such automatically collected information shall be utilized strictly for legitimate operational purposes, including but not limited to monitoring Platform performance, enhancing cybersecurity, ensuring system reliability, and improving service functionality.

4.3.3 Klevr affirms that no automatically collected data shall be disclosed, transferred, or otherwise made available to any third party, save and except as may be required for legitimate internal analytics, compliance with applicable law, or under lawful compulsion of competent authorities.

4.4 Limitation of Collection.

Klevr undertakes that all data collection, whether direct, indirect, or automatic, shall be limited to the extent necessary for the specific and lawful purposes for which such data is collected, and that the same shall be retained and processed in a manner consistent with the principles of necessity, proportionality, and data minimization as recognized under applicable data protection standards.

5. WHO WE SHARE YOUR PERSONAL INFORMATION WITH

5.1 Authorized Recipients.

Without prejudice to the generality of the foregoing, Personal Information may, where necessary and lawful, be shared, transferred, or otherwise made accessible to the following limited categories of recipients, each bound by corresponding obligations of confidentiality and purpose limitation:

5.1.1 Employees, Contractors, Systems, and Authorized Agents of Klevr.

Klevr may disclose Personal Information to its employees, contractual personnel, system administrators, and authorized agents who, by virtue of their role or responsibility, require such access for the sole purpose of performing their legitimate duties or discharging contractual obligations in relation to the services rendered by Klevr.

All such personnel shall be bound, whether by contract, internal policy, or statutory obligation, to maintain the confidentiality of such information, to use the same exclusively for authorized purposes, and to comply with Klevr’s data protection and security standards at all times.

5.1.2 Sub-Contractors, Service Providers, and Vendors.

Klevr may engage duly vetted sub-contractors, independent vendors, or third-party service providers (hereinafter collectively referred to as “Processors”) for the purpose of performing certain limited or ancillary components of the verification process, including data collection, validation, and report compilation.

Personal Information shall be disclosed to such Processors strictly on a “need-to-know” basis and under written contractual arrangements that impose obligations of confidentiality, security, and lawful processing consistent with applicable data protection legislation, ISO standards, and this Policy.

Klevr shall further ensure that such Processors process the data solely for the limited purposes for which it was shared and shall remain accountable for any breach or misuse thereof.

5.1.3 Customers and Candidates.

Upon completion of the verification process, Klevr shall share the finalized background verification report exclusively with:

(a) the Customer who lawfully requested such verification and on whose behalf the processing was carried out; and

(b) the Candidate (Data Subject) who is the subject of the said verification, except where disclosure is lawfully restricted or prohibited.

No other entity or third party shall be granted access to such reports save in the circumstances enumerated below.

5.1.4 Law Enforcement and Judicial Authorities.

Klevr may, without prior consent, disclose Personal Information or background verification reports to any law enforcement agency, regulatory authority, or investigative body, or to any third party expressly authorized under a lawful direction, warrant, summons, or order issued by a competent court or authority under applicable law.

Such disclosure shall be limited strictly to the extent required for compliance with such lawful directive or proceeding, and Klevr shall, where permissible, notify the concerned Data Subject of such disclosure.

5.1.5 Litigation and Legal Proceedings.

Klevr reserves the right to disclose, produce, or submit copies of any background verification report, record, or associated documentation in connection with any claim, dispute, investigation, or legal proceeding (whether threatened, pending, or actual) for the purpose of asserting, establishing, or defending its legal rights, interests, or reputation, or to comply with the obligations imposed by any judicial or quasi-judicial authority.

5.1.6 Consent-Based Disclosures.

Save and except as expressly provided under the foregoing sub-clauses, Klevr shall not disclose, transfer, or share any Personal Information or background verification report with any other person, organization, or third party, unless:

(a) such disclosure has been expressly requested in writing by the Data Subject concerned; or

(b) specific, informed, and unambiguous consent for such disclosure has been duly obtained from the Data Subject in accordance with the principles of the Digital Personal Data Protection Act, 2023, and relevant data protection standards.

5.2 Exclusion of Unauthorized Disclosures.

Any disclosure, transfer, or dissemination of Personal Information not expressly authorized under this Clause shall be deemed unauthorized, unlawful, and in contravention of Klevr’s policies. Klevr expressly disclaims any association, liability, or responsibility for any misuse, leakage, or unauthorized disclosure of data attributable to third parties acting beyond the scope of lawful authorization.

6. PURPOSES FOR WHICH WE COLLECT AND PROCESS PERSONAL INFORMATION

Klevr Edge Private Limited (“Klevr”, “We”, “Us”, or “Our”) affirms that all collection, processing, storage, and dissemination of Personal Information shall be undertaken solely for lawful, legitimate, and explicitly defined purposes as enumerated hereinbelow. The processing of such Personal Information shall at all times remain proportionate to the objectives for which it has been collected and consistent with the principles of necessity, data minimization, and fairness, in accordance with applicable data protection laws and regulations.

6.1 Provision of Services and Preparation of Background Verification Reports

Klevr collects and processes Personal Information, as delineated under Section 3 of this Policy, for the express and limited purpose of performing its contractual and statutory obligations towards its Customers. Such obligations include, inter alia, (i) conducting background verification processes, (ii) preparing and furnishing Verification Reports, (iii) performing analytical functions associated therewith, and (iv) ensuring the operational functionality and performance of Our technological platforms, applications, and systems. The processing of Personal Information in this regard is indispensable to the performance of Our services and constitutes a legitimate basis for processing under applicable data protection frameworks.

6.2 Business Administration and Operational Efficiency

Personal Information such as account credentials, billing particulars, and other operational data may be utilized by Klevr for the execution of its internal business operations. This includes, without limitation, (i) account management, (ii) billing and payment administration, (iii) maintenance and management of Our digital infrastructure, and (iv) rectification or resolution of operational anomalies, discrepancies, or technical malfunctions that may arise in the ordinary course of business. Such processing activities are necessary to facilitate the effective, lawful, and uninterrupted conduct of Klevr’s commercial undertakings.

6.3 Compliance with Legal and Regulatory Mandates

Klevr may process Personal Information where such processing is necessary for compliance with any applicable law, rule, regulation, or order issued by a competent governmental, judicial, or regulatory authority. This includes, but is not limited to:

(i) responding to lawful requests or directions from police, investigative, or enforcement agencies;

(ii) fulfilling statutory or regulatory disclosure obligations;

(iii) protecting, defending, or enforcing the legal rights, proprietary interests, or legitimate business objectives of Klevr; and

(iv) preventing, detecting, and mitigating fraud, abuse, or unauthorized use of Klevr’s systems and services.

Such processing shall be strictly confined to the scope required for legal compliance and the protection of legitimate interests.

6.4 Enhancement of Systems, Processes, and Service Quality

Klevr may utilize collected Personal Information to undertake continuous improvement initiatives in respect of its technological infrastructure, internal processes, and service delivery mechanisms. This may include, inter alia, conducting internal audits and performance evaluations, identifying and correcting defects or inconsistencies, fortifying system integrity and security, and enhancing the overall quality, reliability, and user experience of the services rendered by Klevr.

6.5 Ensuring Safety, Security, and Authenticity

For the purpose of safeguarding the integrity of its platform and maintaining the authenticity of User accounts, Klevr may employ collected Personal Information to verify identities, prevent unauthorized access or account duplication, and detect and deter fraudulent, deceptive, or unlawful activities. Such processing is essential to uphold the safety, confidentiality, and trustworthiness of the Klevr ecosystem and to ensure the continued protection of both Candidates and Customers.

7. PROCESSING OF PERSONAL INFORMATION

7.1 Manner and Scope of Processing

This Privacy Policy, read conjointly with the applicable contractual terms, constitutes the primary and authoritative framework governing the manner, extent, and purposes for which any Personal Information shall be collected, accessed, processed, or otherwise handled by Klevr. Accordingly, Klevr shall process such Personal Information exclusively for the limited and legitimate purposes enumerated under Section 6 of this Policy, and for no other ancillary, collateral, or unauthorized purpose whatsoever.

Klevr shall adopt, implement, and continuously maintain appropriate technical, organizational, physical, and administrative safeguards to prevent any unauthorized, unlawful, or accidental access to, processing of, destruction of, alteration of, or damage to Personal Information. Such measures shall include but not be limited to, encryption protocols, controlled access environments, routine security audits, and other recognized industry-standard data protection practices.

For the avoidance of doubt, Klevr does not own, control, or determine the purposes or means of processing the Personal Information entrusted to it. All such Personal Information, including that used in the preparation of Verification Reports, remains at all times the exclusive property of the respective Candidate. Klevr merely accesses, processes, and utilizes such data to the minimum extent necessary, and strictly with the explicit consent of the Candidate, for the lawful and bona fide purpose of fulfilling the verification request initiated by the Customer.

7.2 Cross-Border Storage and International Data Transfers

Klevr hereby affirms that no direct international transfer of Personal Information is undertaken or facilitated through its India-based operational platform. Notwithstanding the foregoing, certain categories of data, including but not limited to, metadata or system backups, may be stored or mirrored on secure cloud servers operated by Amazon Web Services (AWS), located within the jurisdiction of the United States of America.

Such storage arrangements are implemented solely for the purposes of data resilience, integrity, and business continuity, and are governed by the stringent data protection standards and contractual assurances provided under the AWS data processing agreements and internationally recognized data protection frameworks. Klevr ensures that any such transfer or storage shall be conducted in compliance with applicable Indian data protection laws, and only to jurisdictions offering an adequate level of protection as defined thereunder.

7.3 External Links and Third-Party Websites

The Website and/or Platform operated by Klevr may, from time to time, contain hyperlinks, plugins, or references to third-party websites, digital platforms, or online resources (“External Sites”) which operate independently of Klevr. The inclusion of any such link is provided solely for the convenience of the User and does not constitute endorsement, sponsorship, or affiliation by Klevr.

Users are hereby expressly advised that Klevr neither exercises control over nor assumes responsibility for the manner in which such External Sites collect, store, or process Personal Information. Klevr disclaims all liability arising from any access to, or use of, such External Sites. Users are therefore strongly encouraged to review the respective privacy policies, terms of service, and data-handling practices of any such External Sites prior to engaging with them, and to do so at their sole discretion and risk.

8. YOUR RIGHTS

(a) Right to Rectification

8.1 The Data Subject shall have the right to request rectification, completion, or amendment of any Personal Information held by Klevr that is inaccurate, misleading, obsolete, or incomplete. Klevr may, at its sole discretion, require the Data Subject to furnish reasonable supporting documentation substantiating such claim prior to effecting rectification. Klevr shall not be obligated to amend historical Verification Reports, audit logs, or prior reports which, at the time of issuance, were accurate to the best of Klevr’s knowledge and belief.

(b) Right to Withdraw Consent

8.2 The Data Subject may, at any time and without prejudice, withdraw consent previously granted for the collection, use, or processing of Personal Information. Upon receipt of such withdrawal, Klevr shall forthwith cease further processing of said Personal Information, save and except to the extent such processing is required under law or to protect Klevr’s legitimate interests.

8.3 The Data Subject expressly acknowledges that such withdrawal shall automatically terminate any ongoing verification process, and that any collateral consequence arising therefrom— including adverse impact on employment, tenancy, or engagement prospects—shall not constitute a breach or liability on the part of Klevr.

(c) Right to Erasure (“Right to be Forgotten”)

8.4 The Data Subject may request the deletion or permanent erasure of Personal Information held by Klevr. In instances where Klevr acts as a Processor on behalf of a Customer or other Data Controller, such request shall be duly transmitted to the Data Controller for direction and disposition.

8.5 Should no directive be received from the Data Controller within ninety (90) days from such notification, Klevr may, in its prudent discretion, and subject to applicable retention obligations under law or contract, expunge such Personal Information from its systems.

8.6 Notwithstanding the foregoing, Klevr reserves the absolute right to deny or defer any erasure request where retention is necessary to comply with statutory obligations, enforce contractual rights, or defend Klevr’s legitimate legal interests.

8.7 The Data Subject acknowledges that Klevr neither controls nor assumes liability for the continued retention or independent processing of Personal Information by third-party sources, public databases, Processors, or vendors utilized during verification. Any request for deletion from such independent third parties shall lie directly with those entities, though Klevr may, without obligation, assist in identifying such holders of information.

(d) Right of Access

8.8 The Data Subject shall have the right to obtain confirmation as to whether or not Personal Information concerning them is being processed by Klevr, and where so, to access such information. Klevr shall, upon valid request and verification of identity, furnish an intelligible summary or copy of such information, along with the purposes of processing, categories of Personal Information processed, and the recipients thereof. This right shall not extend to proprietary documentation, confidential audit records, or any material disclosure prohibited by law, contract, or the rights of third parties.

(e) Right to Restriction or Objection to Processing

8.9 The Data Subject may object to, or request restriction of, the processing of their Personal Information where such processing is unlawful, lacks a lawful basis, or is disputed as to accuracy. Klevr may, upon verification of such objection, suspend or limit further processing to the extent reasonably practicable.

8.10 The Data Subject acknowledges that such restriction or objection shall necessarily impede or preclude the completion of the verification process, and that Klevr shall bear no liability for any resultant delay, discontinuation, or prejudice arising therefrom.

(f) Right to Data Portability and Ancillary Rights

8.11 The Data Subject shall have the right to request that Personal Information furnished to Klevr be transmitted, where technically feasible, to the Data Subject or to another Data Controller designated by them, in a structured, commonly used, and machine-readable format.

8.12 Without prejudice to any other rights herein, the Data Subject may further:

(i) lodge a complaint before the competent supervisory or regulatory authority in relation to any alleged contravention by Klevr;

(ii) issue specific posthumous instructions regarding retention, deletion, or continued use of their Personal Information;

(iii) seek disclosure of the categories of Sensitive Personal Information processed in connection with background verification; and

(iv) exercise the right to opt out of any direct marketing or promotional communications issued by Klevr.

(g) Administrative Fees and Excessive Requests

8.13 Klevr shall not levy any charge for the bona fide exercise of rights under this Clause. However, where any request is manifestly unfounded, repetitive, or disproportionate, Klevr reserves the right to impose a reasonable administrative fee reflective of the cost of compliance, or to decline to act on such request, provided reasons are duly recorded.

(h) Redressal Mechanism

8.14 All requests, grievances, or communications relating to the exercise of rights under this Clause shall be directed in writing to support@klevr.club. Klevr shall endeavour to acknowledge and respond to such communications within the timelines prescribed under Applicable Law.

8.15 While the Data Subject retains the right to approach competent authorities or judicial forums, Klevr encourages resolution through its internal redressal mechanism in the first instance. All such proceedings shall be governed by and construed in accordance with the governing law and dispute resolution provisions contained in this Agreement.

9. POLICY WITH RESPECT TO MINORS AND CHILDREN

9.1 Prohibition and Restriction.

Klevr does not knowingly collect, process, or retain any form of Personal Information or Sensitive Personal Information from a child under the age of thirteen (13) years. Klevr explicitly prohibits the creation or operation of user accounts, access credentials, or verification requests relating to any Individual below ten (10) years of age, irrespective of the circumstances, and any such engagement shall be deemed null and void ab initio.

9.2 Parental or Guardian Consent.

In the exceptional circumstance wherein a Customer seeks to initiate or commission a background verification process involving a minor who has not yet attained the age of thirteen (13) years, the Customer shall, at its sole cost, risk, and responsibility, obtain the express, informed, and written consent of the minor’s lawful parent or guardian prior to initiating any verification request. Such consent shall be required to clearly delineate the scope, nature, and purpose of the intended verification, and must be retained by the Customer as evidence of lawful authorization.

Klevr shall not, under any circumstance, be held liable for any omission, insufficiency, or invalidity of such consent, or for any claim, damage, or proceeding arising therefrom.

9.3 Discovery and Remedial Action.

In the event that Klevr becomes aware, through internal review, regulatory notification, or external communication, that Personal Information relating to a child under the age of ten (10) years has been collected, stored, or processed by or through its Platform without the requisite parental or guardian consent, Klevr shall, without assuming any liability, take immediate corrective action to permanently delete such information and to disable or anonymize the associated account or record.

Klevr expressly disclaims any and all responsibility or liability arising out of such inadvertent collection or retention of data, and no obligation of compensation, notice, or restitution shall be construed against it in such cases.

9.4 Notification by Third Parties.

Any person, parent, guardian, or authority who becomes aware that a minor has provided Personal Information to Klevr in contravention of this Clause may notify Klevr forthwith using the Contact Information specified in this Policy. Upon such notification and subsequent verification, Klevr shall expeditiously undertake necessary steps to delete or render permanently inaccessible any such Personal Information, subject to applicable law and procedural safeguards.

9.5 Reservation of Rights.

Klevr reserves the right, without limitation, to refuse, suspend, or terminate access to its Platform, Services, or systems if it reasonably determines that the user does not meet the minimum age requirements or has misrepresented their age for the purpose of obtaining access. Any such determination shall be final and binding, and shall not give rise to any claim for damages or relief against Klevr.

10. DATA SECURITY AND SAFEGUARDING MEASURES

10.1 Commitment to Security.

Klevr Edge Private Limited (“Klevr”, “We”, “Us”, or “Our”) is firmly committed to preserving the integrity, confidentiality, and availability of all Personal Information entrusted to it. All Personal Information collected, processed, or retained through Klevr’s Platform, Services, or allied systems is hosted on secure Amazon Web Services (AWS) cloud infrastructure located within the United States region. Klevr ensures that such hosting arrangements adhere to industry-recognized best practices, including but not limited to DPDP Act and GDPR-aligned cloud compliance frameworks.

10.2 Safeguards and Controls.

Klevr has implemented comprehensive technical, organizational, administrative, and physical safeguards designed to protect Personal Information against accidental, unlawful, or unauthorized access, alteration, disclosure, destruction, or loss. These measures include but are not limited to:

(a) encryption of Personal Information at rest and in transit;

(b) logical access controls and authentication protocols;

(d) incident detection and response mechanisms; and

(e) periodic audits and reviews of security configurations and personnel access privileges.

Such safeguards are continually reviewed, tested, and enhanced in accordance with emerging security standards, technological advancements, and legal requirements. Klevr shall, upon written request and subject to confidentiality obligations, furnish a summary of its data protection and information security policies to Customers, Candidates, or relevant authorities.

10.3 Limitation of Liability.

Notwithstanding the foregoing, Klevr shall not be held liable for any unauthorized access, breach, or misuse of Personal Information arising out of (i) transmission errors, (ii) acts or omissions of third-party Processors, (iii) negligence or willful misconduct by any Customer, Candidate, or their authorized representatives, or (iv) circumstances beyond Klevr’s reasonable control, including force majeure events, cyberattacks, or systemic failures of internet infrastructure.

10.1 PAYMENT SECURITY AND PROCESSING

10.1.1 Third-Party Payment Gateway.

All financial transactions and payments facilitated through the Klevr Platform are securely processed via Razorpay Software Private Limited (“Razorpay”), an independent third-party Processor. Razorpay is fully compliant with prevailing international data protection and payment industry standards, including ISO/IEC 27001, Payment Card Industry Data Security Standard (PCI DSS), and other applicable regulatory frameworks.

10.1.2 Liability Disclaimer.

Klevr does not, at any point, retain, store, or have access to any credit card, debit card, or banking credentials submitted through Razorpay or any authorized Processor. All payment-related information is transmitted directly to the Processorthrough encrypted channels, and the security of such information is governed exclusively by the terms of Razorpay’s privacy and data security policies.

Klevr expressly disclaims any responsibility or liability for loss, fraud, or misuse of financial information that arises due to (i) Customer error, (ii) unauthorized third-party access, or (iii) any breach attributable to the Processor.

11. AMENDMENTS AND UPDATES TO THIS POLICY

11.1 Right to Modify.

Klevr Edge Private Limited reserves the exclusive right, at its sole discretion and without prior notice, to amend, modify, supplement, or update this Privacy Policy, whether in part or in whole, at any time deemed necessary to reflect changes in law, technology, business operations, or processing of Personal Information.

11.2 Publication and Effectivity.

All amendments shall take effect immediately upon publication of the revised Policy on Klevr’s official Platform, unless otherwise specified. Data Subjects are encouraged to periodically review this Policy to remain informed of any updates.

11.3 Consent to Continued Use.

The continued use of Klevr’s Platform, Services, or Products subsequent to any amendment or update shall constitute explicit acknowledgment and acceptance of such revised terms. The present version of this Policy became effective on 22 November 2022, and supersedes all prior iterations or related statements of practice.

12. COMMUNICATIONS AND NOTIFICATIONS

12.1 Service-Related Communications.

Klevr may, from time to time, issue communications that are transactional or service-essential in nature. Such communications may include, without limitation, notifications pertaining to Platform maintenance, Products updates, system availability, account verification, Policy amendments, or other matters essential for the continued operation of Klevr’s Services.

12.2 Non-Marketing Classification.

These communications shall not, under any circumstances, be deemed promotional or marketing in nature, and accordingly, Data Subjects may not opt out of receiving them while maintaining an active account. Should any Data Subject wish to discontinue the receipt of such communications, they may do so solely by deactivating or terminating their account in accordance with the applicable account termination procedures.

12.3 Marketing and Promotional Communications.

Any communications pertaining to marketing, offers, or new Products shall be separately governed by consent mechanisms. Data Subjects retain the right to withdraw such consent or unsubscribe at any time, without affecting their access to mandatory service-related communications.

13.CONTACT INFORMATION AND GRIEVANCE REDRESSAL

13.1 Point of Contact.

For any inquiries, grievances, or requests concerning this Policy, the handling of Personal Information, or any other data protection matter, Data Subjects may contact Klevr at the following address:

Email: support@klevr.club

13.2 Resolution Process.

Upon receipt of a communication, Klevr shall acknowledge the same within a reasonable period and shall endeavor to provide a substantive response or resolution in accordance with applicable legal timelines. Klevr encourages Data Subjects to seek redressal directly through this channel prior to approaching any statutory or regulatory authority, thereby enabling prompt and amicable resolution.

13.3 Regulatory Escalation.

Nothing in this Clause shall preclude any Data Subject from exercising their statutory rights to lodge a complaint or seek relief before the appropriate data protection authority or adjudicatory body, as provided under the Digital Personal Data Protection Act, 2023, or any other applicable law.