Privacy Policy

1. Who We Are

KairoPact Private Limited ("KairoPact", "we", "us", "our") is a bionic execution infrastructure company — human-led and AI-supported — registered in India, providing technology services to non-governmental organisations (NGOs), development sector entities, and corporate social responsibility (CSR) teams.

Registered address: KairoPact Private Limited, India

Data Fiduciary & Grievance Officer: Abhilash (Founder, CEO & Grievance Officer) — abhilash@kairopact.com

Note: Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), the entity that determines the purpose and means of processing personal data is referred to as the "Data Fiduciary".

2. Scope of This Policy

This policy applies to all personal data we collect through:

• Our website at kairopact.com and any subdomains
• Our product platform, Axon™
• Our consultant and partner onboarding processes (including the ImpactMatch network)
• Email communications and enquiry forms

It does not apply to third-party websites we may link to. We are not responsible for the privacy practices of those sites.

3. What Personal Data We Collect

3.1 Data you provide to us

When you contact us, register interest, or apply to join the ImpactMatch consultant network, we may collect:

• Name, email address, phone number, and location
• Professional profile information (experience, thematic areas, availability)
• Organisation affiliation and role
• Information submitted via contact or enquiry forms

Sensitive credentials (PAN, GST, bank details, identity documents) are not collected through this website.

3.2 Data collected automatically

When you visit our website, we may collect:

• IP address and approximate location
• Browser type, operating system, and device type
• Pages visited, time spent, and navigation patterns
• Referring URL

3.3 Data processed through AI systems

KairoPact's products and services are AI-assisted. Where organisational data, project information, or other content is shared with us as part of a service engagement, it may be processed through AI pipelines. The following principles apply:

• Client and organisational data is never used to train, fine-tune, or prompt-engineer AI models for any purpose other than the contracted engagement.
• Data shared with us is processed only to the extent required to deliver the agreed service.
• AI outputs in client-facing workflows are subject to mandatory human review before delivery. AI drafts; our practitioners approve.
• We use third-party AI model providers whose published terms do not permit training on customer data.

For full details see our AI Policy.

4. Why We Use Your Data

We use your personal data only for the following purposes, and only where we have a lawful basis under the DPDP Act, 2023:

5. How We Share Your Data

We do not sell your personal data. We share it only in the following limited circumstances:

• With technology service providers who process data on our behalf — subject to appropriate data processing agreements
• With NGO or CSR clients where your profile is relevant to a specific engagement, and only with your prior knowledge
• With legal or regulatory authorities if required by applicable law

6. Data Storage, Security, and Breach Notification

Personal data may be processed by trusted service providers in India and other jurisdictions. We take reasonable technical and organisational measures to protect your data, including:

• Access controls limiting who can view personal data internally
• Encryption in transit (HTTPS/TLS)
• Regular review of third-party vendor security practices

In the event of a personal data breach, we will notify the Data Protection Board of India and affected individuals in accordance with the DPDP Act.

7. How Long We Keep Your Data

• Enquiry and contact data: up to 2 years from last contact
• Consultant profile data: for the duration of your engagement with ImpactMatch, plus 1 year
• Platform usage data: per our service agreement with the relevant client organisation

8. Your Rights Under the DPDP Act

Under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access information about the personal data we hold about you
• Correct inaccurate or incomplete personal data
• Request erasure of personal data where the purpose for which it was collected is no longer being served
• Withdraw consent at any time where consent is the basis for processing
• Raise a grievance with us regarding our handling of your personal data

9. Consent and How You Give It

Where we rely on consent as our legal basis, we will ask for it clearly and separately before collecting your data. You may withdraw consent at any time by contacting us at abhilash@kairopact.com.

10. Cookies and Tracking

Our website may use essential cookies necessary for basic functionality. We do not currently use advertising cookies or cross-site tracking. You can control cookie settings through your browser at any time.

11. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently done so, please contact us immediately at abhilash@kairopact.com.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the version number and effective date at the top of this page.

13. Contact Us and Grievance Redressal

For questions, concerns, or to exercise your rights, please contact our designated Grievance Officer:

We will acknowledge your request promptly and respond within 30 days.