Data protection, consent, and integrity controls aligned to India's DPDP framework.
This page explains how Threemates Tech Venture approaches privacy governance, notice, consent management, security controls, grievance handling, and user rights in line with the Digital Personal Data Protection Act, 2023 and related obligations.
Effective date
May 6, 2026
Version
1.0
Compliance contact
info@threemates.tech
Primary data residency
India-first hosting with AWS Mumbai as primary region where feasible
Our role
Threemates Tech Venture acts as the Data Fiduciary for the personal data it collects through the website, learner workflows, and operational processes it controls.
Service providers
Cloud, payment, communications, and analytics providers act as processors or service providers to support the purposes disclosed to users.
Rights handling
Verified requests for access, correction, deletion, withdrawal, grievance, and nominee handling can be sent to info@threemates.tech.
Security focus
Controls are designed around confidentiality, integrity, availability, incident response, least privilege, and auditable handling of sensitive workflows.
How Threemates Tech Venture approaches DPDP compliance
Threemates Tech Venture provides digital services and learning programs, so it handles personal data as part of onboarding, payments, course delivery, support, and security operations. We aim to collect the minimum data reasonably needed for those purposes and to explain those uses clearly before or at the point of collection.
Data Fiduciary role
For personal data collected through our site and services, Threemates Tech Venture determines the purpose and means of processing and is therefore the primary accountable entity for those activities.
Third-party tools such as AWS and Razorpay support hosting, payment, and operations under their own contractual and legal obligations.
Operating locations and contact
HQ · Maharashtra
Wework Zenia, 4th Floor, Zenia Building, Arcadia Cir, Hiranandani Estate, Thane West, Maharashtra 400607
Regional · Odisha
Shreehari Vihar, H No 3, Street No 390, Jatni, Khordha, Odisha 752050
Until a separate grievance address is published, all privacy and DPDP matters can be sent to info@threemates.tech.
Processing contexts and compliance basis
We align data processing with the notice presented to the user, the service requested by the user, consent where required, legal obligations, and other purposes permitted under applicable law.
| Processing activity | Typical data involved | How the processing is justified |
|---|---|---|
| Account setup and course delivery | Identity, contact, learner profile, progress data | Notice-based processing connected to the service requested by the user |
| Payments, invoicing, refunds | Billing data, transaction references, order details | Processing required to complete the purchase and meet accounting, tax, and recordkeeping duties |
| Mentoring, support, and learner success | Messages, assignments, session history, support requests | Use consistent with the stated purpose for service delivery and problem resolution |
| Marketing updates and launch announcements | Email address, communication preferences | Separate opt-in consent, with unsubscribe and withdrawal controls |
| Placement or profile sharing with hiring partners | Resume, profile details, portfolio links, achievements | Separate and explicit consent before any external sharing |
| Security monitoring and fraud prevention | IP address, device data, logs, access events | Permitted processing for platform security, abuse prevention, and protection of services and users |
Rights available to users under our DPDP handling process
If you are the individual to whom the personal data relates, you can exercise the following rights by writing to us from a verifiable email address or by providing enough detail for us to confirm identity.
Right to access
You may ask for a summary of the personal data we hold about you and the purposes for which it is being used.
Right to correction
You may request correction or completion of inaccurate, outdated, or incomplete personal data.
Right to erasure
You may request deletion of data that is no longer necessary, subject to retention requirements imposed by law or legitimate operational needs.
Right to grievance redressal
You may escalate complaints through our privacy contact channel if you believe your personal data has been mishandled.
Right to withdraw consent
Where processing is based on consent, you may withdraw it. Some core services may stop if the withdrawn consent is essential to deliver them.
Right to nominate
You may write to us to record a nominee request or authorized representative request, subject to verification and any rule-based requirements that apply.
How consent is collected, logged, and withdrawn
Where consent is the appropriate basis, it should be specific, informed, and easy to withdraw. Our goal is to separate essential processing from optional communications or sharing.
Notice at collection
Forms and registration flows should identify the category of data being collected, the purpose of collection, and the contact path for privacy questions before submission wherever practicable.
Optional uses require choice
Marketing communication opt-ins, hiring-profile sharing, or similar non-essential uses should be presented as separate choices rather than bundled into mandatory access terms.
Withdrawal of consent
Users may withdraw optional consent by emailing info@threemates.tech or by using any unsubscribe option included in marketing messages.
Audit trail and records
Where operationally implemented, we retain records of consent status, timestamps, relevant workflow context, and request outcomes so we can demonstrate compliance if challenged.
Controls used to protect confidentiality, integrity, and availability
Data integrity is not only about secrecy. It also requires accuracy, controlled changes, dependable backups, and quick response to unauthorized activity.
Access control
Internal access is restricted to personnel with a legitimate operational need, and privileged actions should be limited, logged, and periodically reviewed.
Security monitoring
We use logging, alerting, and operational monitoring to detect suspicious activity, failed access attempts, service instability, and signals of abuse or compromise.
Backups and recoverability
Backups, version history, and recovery procedures help reduce the risk of accidental loss, corruption, or destructive change to production data.
Data quality and correction
When a verified user identifies inaccurate information, we aim to correct it promptly in source systems or the next controlled update cycle, subject to evidence and lawful recordkeeping obligations.
Incident response
If a personal data breach is confirmed, we will investigate, contain the issue, document impact, and notify affected users and authorities where required by applicable law.
Periodic improvement
Security and privacy measures evolve with product changes, threat patterns, vendor capabilities, and legal guidance. We may update controls and this page as those expectations mature.
Children's data, cross-border handling, and grievance path
Some situations need extra care, particularly for minors, external processors, and complaints about data handling.
Children's data
If a learner is under 18, parent or guardian involvement may be required before enrollment or continued participation, depending on the service flow and legal requirements in force.
We do not intentionally use children’s data for behavioral advertising or unrelated profiling.
Cross-border processing
Our preferred approach is India-first data residency. If limited cross-border processing occurs through a vendor feature, backup path, or support workflow, it should be subject to lawful restrictions and vendor safeguards.
Grievance channel
Send complaints or rights requests to info@threemates.tech with a clear subject such as DPDP Rights Request or Privacy Grievance and enough information for verification.
We aim to acknowledge genuine requests promptly and resolve them within a reasonable time consistent with applicable law and the complexity of the matter.