Privacy Policy
Platform: Challengez (challengez.in) Operated by: Yukti Engine Version: 1
This Privacy Policy explains how Yukti Engine ("Company", "we", "us", "our") collects, uses, stores, and protects your personal information when you use challengez.in ("Platform"). It is prepared in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and applicable data protection principles.
By using the Platform, you consent to the practices described in this Policy.
1. Information We Collect
1.1 Individual Users (Applicants / Challengers)
| Category | Data |
|---|---|
| Registration | Name, email address, password (stored as a cryptographic hash) |
| Profile | Bio, skills, portfolio links |
| KYC | Government-issued ID document, PAN number (encrypted at rest) |
| Activity | Challenges applied to, applications submitted, teams joined, notifications read |
| Certificates | Participation and selection certificate records |
| Financial | Performance award disbursement records, TDS withheld |
1.2 Organisations (Challenge Hosts)
| Category | Data |
|---|---|
| Registration | Organisation name, email, type, website URL |
| Verification | Documents uploaded during the verification process |
| Challenge data | Challenge briefs, resource packs, private evaluation notes |
| Financial | Escrow funding records, offer letters sent |
1.3 Automatically Collected
- IP address, browser type, device information
- Session tokens (for authentication)
- Usage logs (pages visited, features used)
2. How We Use Your Information
We use your information to:
- Operate, maintain, and improve the Platform.
- Verify individual and organisational identities before granting access.
- Process KYC verification for Performance Award payouts.
- Facilitate challenge matching and application screening (including AI-assisted automated screening).
- Send transactional communications: account notifications, offer letters, and legal agreement updates.
- Moderate content and enforce our Terms and Conditions.
- Comply with legal obligations, including TDS reporting under the Income Tax Act, 1961.
- Protect the security and integrity of the Platform.
We do not use your data for advertising profiling or sell it to third parties.
3. Sensitive Personal Data or Information (SPDI)
Under the SPDI Rules, the following data we collect is classified as sensitive:
- Passwords (stored as one-way cryptographic hashes; not recoverable)
- PAN numbers (encrypted at rest using AES-256)
- Government-issued ID documents (KYC; stored in private, access-controlled cloud storage)
- Financial information (disbursement amounts, bank details for payouts)
We collect SPDI only for lawful purposes and with your consent, as required by the SPDI Rules.
4. Data Sharing
We do not sell your personal data. We share data only in the following circumstances:
4.1 With Challenge Hosts Your identity is disclosed to a Challenge Host only after you are declared a Selected Candidate. Prior to that, your identity remains anonymous to the Challenge Host.
4.2 With Payment Processors For Performance Award disbursements, we share the minimum necessary financial details with our payment gateway provider. (Payment gateway integration is activated once a provider is configured.)
4.3 With Government Authorities We disclose information when required by law, court order, or directive from a competent regulatory authority.
4.4 With Service Providers We engage the following categories of third-party service providers, each bound by appropriate data processing agreements:
- Cloud hosting: Google Cloud Platform (data stored in India where available)
- Email delivery: SendGrid (transactional emails only)
- AI screening: Anthropic Claude API (submission content evaluated; no personal identity data is sent)
4.5 Business Transfers In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion, then anonymised within 30 days |
| KYC documents | As required by applicable law (minimum 7 years for financial records) |
| Challenge and application data | Until the challenge concludes, then 2 years |
| Deleted submissions | Soft-deleted immediately; permanently purged after 90 days |
| Notification records | 1 year |
| Server logs | 90 days |
6. Data Security
We implement the following technical and organisational security measures:
- Encryption at rest: Sensitive data (PAN numbers) encrypted with AES-256.
- Encryption in transit: All data transmitted over HTTPS/TLS.
- Access controls: Role-based access; only authorised personnel access personal data.
- Private file storage: KYC documents and submission files are stored in private cloud buckets with short-lived signed access URLs.
- Password hashing: Passwords are stored using bcrypt; plaintext passwords are never stored.
Despite these measures, no system is completely immune to security incidents. In the event of a data breach that is likely to result in harm, we will notify affected users and the relevant authorities as required by applicable law.
7. Cookies and Session Management
We use the following cookies:
| Cookie Type | Purpose |
|---|---|
| Authentication token | Maintains your logged-in session (httpOnly, secure) |
| CSRF protection | Prevents cross-site request forgery |
We do not use:
- Third-party advertising or tracking cookies
- Cross-site behavioural tracking
You may disable cookies in your browser settings, but this will prevent you from logging in to the Platform.
8. Your Rights
Under applicable Indian law and our voluntary commitments, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Withdrawal of consent: Withdraw consent for processing based on consent. This will not affect processing carried out before withdrawal.
- Grievance: Lodge a grievance with our Grievance Officer (see Section 11).
To exercise any of these rights, email support@challengez.in with the subject line "Privacy Request – [Your Name]".
9. Children's Privacy
The Platform is intended for users aged 18 and above. We do not knowingly collect personal data from persons under 18. If we become aware that a minor has registered, we will delete their account and associated data promptly. If you believe a minor has used the Platform, please notify us at support@challengez.in.
10. Cross-Border Data Transfers
Your data is primarily processed and stored in India. Where we use third-party service providers outside India (e.g., email delivery), data transfers are governed by contractual protections consistent with applicable Indian law.
11. Grievance Officer
In accordance with the Information Technology Act, 2000 and the SPDI Rules, we have designated a Grievance Officer:
Grievance Officer Yukti Engine Email: support@challengez.in
Grievances will be acknowledged within 48 hours and addressed within 30 days of receipt.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When a new version is published, you will be notified and required to re-agree before continuing to use the Platform. The "Version" number at the top of this document will be updated with each revision.
13. Contact
For any privacy queries:
Yukti Engine Email: support@challengez.in Website: yuktiengine.com