policy.1.number. policy.1.title

policy.1.subSections[0].number policy.1.subSections.title

policy.1.subSections.paragraphs

Visitors: Individuals who access our website/platform to view publicly available content
Users/Participants: Individuals who register to participate in hackathons
Team Members: Participants collaborating in hackathon submissions
Event Organizers/Hosts: Organizations or individuals hosting hackathons
Sponsors: Organizations sponsoring hackathons
mployers/Recruiters Employers/Recruiters: Organizations using our platform for hiring or recruitment purposes

1.2 Legal Basis

This Policy complies with:

India's Digital Personal Data Protection Act, 2023 (DPDPA)
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
General Data Protection Regulation (GDPR) – for users in EU jurisdiction
Consumer Protection Act, 2019
Applicable sector-specific regulations

1.3 Important Notice

By accessing or using Fluxor's platform, services, website, and applications (collectively, "Services"), you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any provision herein, please discontinue use of our Services immediately.

2. Definitions

"Personal Data": Any information relating to an identified or identifiable natural person, including but not limited to name, email address, phone number, IP address, device information, location data, and any other information that can directly or indirectly identify an individual.
"Sensitive Personal Data": Personal data relating to passwords, financial information (bank accounts, payment details), health data, biometric data, genetic data, caste, religion, political affiliation, or sexual orientation.
"Processing": Any operation performed on personal data, including collection, recording, organization, storage, adaptation, modification, retrieval, consultation, use, disclosure, transmission, or erasure.
"Data Controller": The entity that determines the purposes and means of processing personal data. Fluxor acts as the primary data controller.
"Data Processor": Any entity that processes personal data on behalf of the data controller. Third-party service providers may act as data processors.
"Consent": A freely given, specific, informed, and unambiguous expression of willingness by the data subject to have their personal data processed.

3. PERSONAL DATA WE COLLECT

3.1 Data Collected During Registration

When you register on Fluxor, we collect

Registration Data Collection

Category	Information	Purpose
Identity Information	First name, last name, username, profile picture	Account creation, identification, profile display
Contact Information	Email address, phone number	Communication, account verification, support
Professional Information	Educational background, skills, experience, resume/CV, portfolio links, LinkedIn profile URL	Hackathon matching, team formation, employer visibility
Profile Details	Bio, interests, technical expertise, programming languages, previous hackathon experience	Smart matching (Flinch AI), personalized recommendations, community building
Location Information	Country, city, timezone	Hackathon localization, geographic targeting, networking
Demographic Information	Gender (optional), age/date of birth	Diversity analytics, age verification for certain hackathons, optional demographic reporting

3.2 Data Collected During Hackathon Participation

When you participate in or host a hackathon

User Data Collection

Data Type	Information	Purpose
Registration Data	Hackathon name, registration date, participation status, team affiliation	Hackathon administration, participant tracking, results management
Submission Data	Project name, project description, source code/repository links, submission files, presentation materials, demo videos, technical documentation	Evaluation, judging, showcase, portfolio building, achievement tracking
Team Information	Names and emails of team members, team roles, collaboration records	Team coordination, credit attribution, results verification
performance data	Scores, rankings, judging feedback, achievement badges, completion status, awards earned	Result generation, certification, leaderboard display, portfolio enhancement
NFT Certificate Data	Wallet address (if claiming NFT certificates), transaction records, certificate metadata	Digital credential issuance, blockchain verification, portable achievement proof
Communication Data	Messages within platform, support tickets, Q&A submissions, comments on submissions	Platform functionality, dispute resolution, user support

3.3 Data Collected from Event Organizers

When organizations host hackathons

Event Organizer Data Collection

Information	Purpose
Organization Information	Organization name, contact person details, company website	Event administration, organizer identification
Event Details	Event details, prize amounts, judging criteria, hackathon-specific terms	Event configuration, transparent communication
Privacy & Compliance	Organizer's data processing requirements and privacy terms	Compliance with event-specific regulations
Payment Information	Payment and billing information	Invoice generation, fund management
Banking Details	Banking details for prize distribution	Prize payout processing

3.4 Data Collected from Sponsors

Company/organization name and contact details
Sponsorship amount and payment information
Marketing preferences and branding requirements
Contact person and communication preferences

3.5 Automatically Collected Data

Purpose: Security, fraud prevention, platform optimization, usage analytics, service improvement

IP address and device identifier
Device type, operating system, browser type, and version
Access times, pages viewed, referral sources
Cookies, web beacons, and similar tracking technologies
Geolocation information (based on IP address, if enabled)
User agent information
Platform interaction patterns

3.6 Data Collected from Third Parties

**Authentication Providers**: Google, GitHub, OAuth providers (name, email, profile picture)
**Payment Processors**: Transaction-related information for hackathon fees or premium services
**Social Media Platforms**: If you connect your social accounts
**Event Organizers**: Information you provided for hackathon registration
**Third-party APIs**: Data from integrated services

4. LEGAL BASIS FOR PROCESSING

Fluxor processes personal data based on the following legal grounds under DPDPA:

4.1 Processing Legal Bases

Data Usage, Legal Basis, and Category

Purpose	Legal Basis	Category
Account creation and authentication	User consent + Performance of contract	Essential
Hackathon participation and management	User consent + Contractual necessity	Essential
Communication and support	User consent + Legitimate interests	Essential
Fraud prevention and security	Legitimate interests + Legal obligation	Essential
AI-powered matching (Flinch AI)	Explicit user consent	Functional
Performance analytics and improvement	Legitimate interests + User consent	Optional
Marketing and promotional communications	Explicit opt-in consent	Optional
Legal compliance and dispute resolution	Legal obligation	Mandatory
NFT certificate issuance	Explicit user consent	Functional
Portfolio building and public profile	User consent	Functional
Employer visibility and recruitment	Explicit user consent	Functional

5. Data Usage and Processing Purposes

5.1 Core Service Delivery

Create and maintain your account
Enable hackathon registration and participation
Facilitate team formation and collaboration
Process and evaluate hackathon submissions
Generate and issue digital certificates
Manage payments and prize distribution
Provide customer support and resolve issues
Verify participant identity and prevent fraud
Communicate event updates and results

5.2 Personalization and Recommendations

Analyze your skills, interests, and experience
Recommend relevant hackathons
Suggest compatible team members
Provide real-time guidance during hackathons
Explicit user consent (opt-in by default, with clear information).
Users can see how they are matched and can opt out at any time.

5.3 Community and Networking

Display your public profile to other developers
Facilitate team connections and collaborations
Enable organizers to view participant information for event management
Create community features and engagement mechanisms
Generate leaderboards and achievement displays (if opted in)

5.4 Analytics and Improvement

Basis: Legitimate business interests and user consent for analytics.

Analyze platform usage patterns
Identify technical issues and optimize performance
Understand user needs and improve features
Generate anonymized statistical reports
Conduct user experience research

5.5 Employer Recruitment

Display your profile, skills, and projects to potential employers
Allow recruiters to contact you through the platform
Facilitate job matching and opportunities
Explicit user consent (opt-in to employer visibility).
Users can manage which employers are allowed to see their profile.

5.6 Compliance and Legal Obligations

Comply with legal requirements from government authorities
Prevent illegal activities and enforce terms of service
Resolve disputes and defend legal claims
Meet tax and financial reporting requirements for prize winners
Maintain records for audit and compliance purposes

5.7 Marketing and Communications

Send event updates and announcements
Provide hackathon recommendations
Share platform news and feature updates
Explicit opt-in consent from users.
Unsubscribe options are provided in every communication.

5.8 Sensitive Uses

Automated Decision-Making :Flinch AI makes recommendations based on automated processing. Users have the right to opt out and request human review.
profiling:User profiling is limited to technical and professional data and does not include sensitive personal categories.

6. Data Sharing and Disclosure

6.1 With Event Organizers

Purpose

Event administration, participant communication, result generation, and evaluation.

Organizer's Responsibility

Event organizers are required to comply with this Privacy Policy when processing shared participant data.

Hackathon-Specific Terms

Individual hackathons may define additional privacy terms which take precedence for that specific event.

6.2 With Team Members

Your name, email, and profile information shared with other team members
Information you explicitly choose to share with your team
Project collaboration data and team communications

6.3 With Employers / Recruiters

Data is shared only if you explicitly opt in to employer visibility.

Public profile information
Skills and areas of expertise
Projects and achievements
Contact information for recruitment purposes

6.4 With Service Providers (Data Processors)

We may share personal data with trusted third-party service providers who process data on our behalf to support platform operations, security, analytics, communication, and payment processing.

Service Providers and Data Sharing

Service	Data Shared	Purpose
Cloud Hosting (AWS / GCP / DigitalOcean)	All platform data	Infrastructure, storage, security
Payment Processors	Email, payment details, transaction information	Payment processing
Email Service Providers	Email address, name, communication preferences	Email delivery, notifications
Analytics Services	Technical data, user behavior (anonymized)	Performance analysis
Authentication Providers	Email, name, profile (if connected)	Account verification
NFT / Blockchain Services	Wallet address, name, certificate data	Certificate issuance
Customer Support Tools	Account data, communication history	Support ticket management
AI / ML Services	Aggregated skill and interest data (anonymized)	AI model training for matching

6.5 Legal Disclosure

We may disclose personal data in the following circumstances:

When required by law or legal process (court orders, subpoenas)
When necessary to protect Fluxor's legal rights and interests
When required to prevent fraud or illegal activities
When necessary to ensure platform security and prevent abuse
When required for government or law enforcement requests

User Notification

We will attempt to notify users of legal requests for their personal data unless prohibited by law or legal process.

6.6 Business Transfer

In the event that Fluxor is acquired, merged, or its assets are sold:

Personal data may be transferred as part of the transaction
Users will be notified of any material changes to privacy practices
The acquiring entity must honor the original privacy commitments

6.8 Aggregated and Anonymized Data

We may share aggregated and anonymized data that cannot identify individual users for the following purposes:

AI model training for smart matching
Platform statistics such as number of participants and hackathons hosted
Industry insights and trend analysis
Research reports (with user consent for research participation)
Marketing and promotional materials

7. International Data Transfers

7.1 Data Localization

Primary Data Storage

Personal data is primarily stored on servers located in India, specifically in the Delhi region, in accordance with applicable ROC jurisdiction requirements.

7.2 Cross-Border Transfers

If personal data is transferred outside India, such as to cloud service providers operating in other regions, Fluxor implements appropriate safeguards to protect user data.

Safeguards

Transfer only to countries with adequate data protection laws (such as the European Union, Canada, and similar jurisdictions)
Use of Standard Contractual Clauses (SCCs) to ensure GDPR compliance
Completion of Data Transfer Impact Assessments prior to any cross-border transfer

Restricted Transfers

Fluxor does not transfer personal data to countries without adequate data protection unless additional legal and technical safeguards are in place.

8. Data Retention

8.1 Retention Periods

Data Retention Schedule

Data Type	Retention Period	Reason
Account Information	Duration of account + 30 days after deletion	Account management and recovery option
Hackathon Participation Data	3 years after hackathon concludes	Results verification, dispute resolution, record-keeping
Hackathon Submission Data	3 years (organizer may request longer)	Portfolio display, achievement verification, intellectual property reference
NFT Certificate Metadata	Permanent (on blockchain)	Verifiable credentials and user-controlled retention
Communication / Support Data	2 years	Dispute resolution and service improvement
Technical / Analytics Data	6 months to 1 year (aggregated indefinitely)	Performance analysis and trend identification
Financial / Payment Data	7 years	Tax compliance and GST requirements
Legal Hold Data	Until legal matter is resolved	Compliance with court orders and legal proceedings
CCTV / Event Data	90 days (or event-specific policy)	Event security and incident investigation
Marketing Data	Until consent is withdrawn	Campaign management and user engagement

8.2 Deletion and Data Minimization

Data is securely deleted using cryptographic erasure or secure deletion protocols
Users may request deletion of non-essential data at any time
Only data required for legal or business purposes is retained
Anonymized and aggregated data has no retention limits

8.3 Account Deletion

When you delete your account:

Profile information is anonymized within 30 days
Hackathon submissions remain available (users may request removal)
Payment records are retained for tax and legal compliance
NFT certificates remain permanently on the blockchain under user ownership
Users can request complete data deletion by contacting privacy@fluxor.io

9. User Rights and Choices

9.1 Rights Under DPDPA

Users have the following rights under the Digital Personal Data Protection Act (DPDPA):

Right to Access

Request details of the personal data we hold about you
Receive a copy of your data in a machine-readable format
Free of charge for one request per year (additional requests may incur nominal fees)
Response provided within 30 days

Right to Correction

Request correction of inaccurate personal data
Request completion of incomplete data
Corrections will be made within 30 days and affected recipients will be notified

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data
Applicable when data is no longer necessary, consent is withdrawn, or processing is unlawful
Exceptions apply for legal obligations, public interest, and established records
Response provided within 30 days

Right to Portability

Request export of your data in machine-readable formats such as CSV or JSON
Transfer data to another service provider upon request
Free of charge
Response provided within 30 days

Right to Restrict Processing

Request suspension of data processing while accuracy is contested
Limit data usage to storage only during restriction
Processing can be reactivated upon user request

Right to Object

Object to marketing communications
Object to profiling and automated decision-making
Opt out of recommendations and personalization features
Requests will be honored within 30 days

Right Against Automated Decision-Making

Request human review for significant automated decisions
Opt out of Fluxor AI-based matching and recommendations
Appeal decisions made solely through automated processing

9.2 Exercising Your Rights

How to Submit Requests

Online Portal: Access "Privacy Controls" from your account dashboard
Email: Send a request to privacy@fluxor.io with the subject "Data Rights Request"
Written Request: Submit a written request to Fluxor’s registered office address

Required Information

Your name and registered email address
Clear description of the request and related data
Preferred response format, if applicable
Any supporting documentation

Verification

We may request verification of your identity to protect your privacy and prevent unauthorized access.

9.4 Marketing Communications

Unsubscribe Link: Available in every marketing email
Account Settings: Disable marketing communications from your dashboard
Contact Us: Email privacy@fluxor.io to request unsubscription

10. Security and Data Protection

10.1 Security Measures

Fluxor implements comprehensive security practices to protect personal data against unauthorized access, loss, misuse, or alteration.

Technical Safeguards

Encryption in Transit: TLS 1.2+ for all data transmission
Encryption at Rest: AES-256 encryption for sensitive data storage
Access Controls: Role-based access control (RBAC) and principle of least privilege
Authentication: Multi-factor authentication (MFA) for sensitive accounts
Network Security: Firewalls and intrusion detection/prevention systems
Vulnerability Management: Regular security assessments and penetration testing
API Security: Rate limiting, authentication, and input validation
Secure Development: Code reviews, SAST/DAST scanning, and secure coding practices

Operational Safeguards

Employee Training: Regular security and data protection training
Access Audit Logs: Continuous monitoring and auditing of data access
Vendor Management: Security assessments for third-party vendors
Incident Response Plan: Documented breach response procedures
Backup and Disaster Recovery: Regular backups, redundancy, and recovery plans
Physical Security: Secured data center access and environmental controls

Administrative Safeguards

Privacy by Design: Privacy considerations built into all systems
Data Minimization: Collection limited to necessary data only
Purpose Limitation: Data used strictly for stated purposes
Regular Audits: Compliance audits and security reviews
Privacy Impact Assessments: Conducted before new processing activities

10.2 Data Breach Notification

In the event of a personal data breach, Fluxor follows a structured incident response process.

In Case of Data Breach

Assess Risk: Determine whether the breach poses a risk to user rights and freedoms
Notify Users: Inform affected users within 72 hours of discovery (if required by law)

Notification Includes

Description of the data involved
Likely consequences of the breach
Measures taken to mitigate potential harm
Contact information for further inquiries

Additional Notifications

Notify relevant government or regulatory authorities if required
Notify hackathon organizers if their data is affected
Provide remediation such as free credit monitoring if financial data is involved

10.3 Limitations

While Fluxor implements strong security measures, no system is completely secure. Absolute security cannot be guaranteed.

Keep passwords confidential
Secure login credentials
Update personal information regularly
Use secure and trusted internet connections

11. Third-Party Links and Services

11.1 External Links

No Endorsement: Links do not imply endorsement of third-party services
Not Our Responsibility: Fluxor is not responsible for third-party privacy practices
Review Their Policy: Users should review third-party privacy policies before providing data

11.3 Embedded Services

Google Analytics: Used for analytics (opt-out available)
YouTube Embeds: Used for video hosting
GitHub Integration: Used for code submission and review
Blockchain Services: Used for NFT certificate issuance
All embedded services operate under their own privacy policies

12. Children's Privacy

12.1 Age Restrictions

Fluxor services are not directed to children under 13 years of age
Users under 13 should not register without verified parental consent
For users aged 13–18, additional protections may apply depending on jurisdiction
Accounts found to violate age restrictions will be deleted
We do not market services to children

12.2 Parental Involvement

Parents or guardians may request information about a child’s personal data
Parents may request deletion of a child’s account
Special privacy protections are provided for minor users

13. Accessibility and Communication

13.1 Privacy Notice Availability

On Website: Linked in the footer of the Fluxor website
In App: Accessible from account settings
Formats: Available in text, PDF, large print, and audio formats (upon request)
Language: Available in English; translations for major Indian languages available upon request

13.2 Communication Methods

Privacy Communication Channels

Method	Details	Purpose
Email	privacy@fluxor.io (response within 7 days)	General privacy-related inquiries and requests
Website Form	Privacy Contact Form	Submitting privacy questions and data requests online
Mailing Address	Fluxor HQ Private Limited, [Registered Address], Delhi, India – 110001	Formal written communication and legal correspondence
Phone	[Support Number] (Business hours, IST)	Urgent privacy or support-related inquiries
Data Protection Officer	dpo@fluxor.io	Direct contact for GDPR and data protection matters

13.3 Response Times

Request Handling Timelines

Request Type	Response Time	Notes
Access Requests	Within 30 days (extendable by additional 30 days if complex)	Applies to data access and portability requests
Deletion Requests	Within 30 days	Includes account and personal data deletion
Correction Requests	Within 30 days	Correction of inaccurate or incomplete data
General Inquiries	Within 7 working days	Non-urgent privacy-related questions
Support Requests	Within 24–48 hours	Technical or platform-related support

14. POLICY CHANGES AND UPDATES

14.1 Modifications to Policy

We may update this Privacy Policy:
When: When regulations change or practices evolve
Notice: Email notification for material changes
Posting: Updated policy posted with revised "Last Updated" date
Acceptance: Continued use of Services = acceptance of new policy

14.2 Material Changes

Material changes include:
New personal data collection types
Changed data usage purposes
Increased third-party sharing
Reduced user rights or protections
Significant retention period changes
For Material Changes: We will provide 30-day notice and allow users to decline with account deletion option.

14.3 Archive

Previous versions of this Policy are available upon request.

15. LEGITIMATE INTERESTS ASSESSMENT

15.1 LIA for AI-Powered Matching (Flinch AI)

Processing Activity: Automated recommendation system using user skills and hackathon data
Legitimate Interest:
Improve user experience through relevant recommendations
Increase platform engagement and successful team formations
Provide value-added service that benefits users
Balancing Test:
User Expectations: Reasonable to expect matching services
Data Type: Non-sensitive (skills, interests, experience)
Proportionality: Minimal intrusion; users can opt-out anytime
Safeguards: Transparent, explainable, subject to appeal
Conclusion: Legitimate interest justified with strong safeguards

16. ACCOUNTABILITY AND GOVERNANCE

16.1 Data Protection Officer (DPO)

Appointment: Fluxor appoints a Data Protection Officer to oversee compliance
Contact: dpo@fluxor.io
Responsibility: Monitor DPDPA compliance, handle data subject requests, conduct audits
Independence: DPO can escalate concerns to management and board

16.2 Data Protection Impact Assessments (DPIA)

DPIA conducted for:
High-risk processing (AI matching, profiling)
New processing activities
Technology changes affecting privacy
Large-scale data collection

16.3 Records of Processing Activities (RoPA)

Fluxor maintains records of all processing activities:
Data categories processed
Purposes and legal basis
Recipients and retention periods
Security measures
Cross-border transfers

17. COMPLAINTS AND ESCALATION

17.1 Internal Escalation

Complaint Process:
1. Submit Complaint
Submit Complaint: Email privacy@fluxor.io with details
2. Acknowledgment
Acknowledgment: Receive confirmation within 2 working days
3. Investigation
Investigation: DPO investigates within 14 days
4. Resolution
Resolution: Fluxor provides remedy or explanation within 30 days
5. Appeal
Appeal: If unsatisfied, escalate to Management/Board

17.2 Regulatory Complaints

Users can file complaints with:
India:
Data Protection Authority (When established under DPDPA)
Ministry of Electronics and Information Technology
Registrar of Companies (ROC), Delhi
EU:
Local Data Protection Authority (for GDPR violations)
Lead Supervisory Authority (for multinational processing)
Other Jurisdictions:
Relevant data protection authority in your country

18. Special Provisions for Different User Types

18.1 Hackathon Participants

Organizers may impose event-specific privacy terms
Organizer terms take precedence for event data
Submissions may be reviewed by third-party judges
Results may be publicly displayed (opt-out available)
Photos/videos may be used for promotion with consent

18.2 Event Organizers

Act as data controllers for participant data
Provide notice of data collection
Comply with applicable privacy laws
Secure participant data
Honor participant rights requests

18.3 Employers / Recruiters

Use data only for recruitment purposes
Comply with employment and data protection laws
No discrimination on protected characteristics
Do not republish user data
Comply with Code on Social Security, 2020

18.4 Sponsors

May receive anonymized statistics and aggregated data
Public winner profiles shared only with consent
Cannot access individual participant data without consent
Cannot reshare data with third parties
Cannot target individuals unless opted in

19. Compliance with Specific Regulations

19.1 DPDPA Compliance

Clear legal basis for all processing
Explicit consent for sensitive data
Easy withdrawal of consent
User rights honored
Records of processing maintained
Breach notification and security safeguards

19.2 IT Rules, 2011 Compliance

Reasonable security practices implemented
Sensitive personal data encrypted
Regular security audits
Published privacy commitments
Grievance redressal mechanism

19.3 Consumer Protection Act, 2019

Consumer privacy rights respected
No unfair or deceptive practices
Clear terms and conditions
Transparent pricing and data usage
Efficient complaint resolution

20. APPENDICES

Appendix A: Cookie Policy

Cookie Management: Users can disable non-essential cookies without affecting core functionality.

Types of Cookies Used

Type	Purpose	Duration
Essential	Authentication, security, platform functionality	Session
Performance	Analytics, usage tracking, optimization	1-2 years
Personalization	User preferences, language settings	1 year
Marketing	Ad tracking, retargeting (if opted in)	1-2 years

Appendix B: Glossary of Terms

DPA: Data Processing Agreement
DPDPA: Digital Personal Data Protection Act, 2023
GDPR: General Data Protection Regulation (EU)
ROC: Registrar of Companies
IST: Indian Standard Time
API: Application Programming Interface
PII: Personally Identifiable Information
IP: Internet Protocol

21. DOCUMENT VERSIONING

Document Versioning

Version	Date	Changes
1.0	January 5, 2026	Initial privacy policy creation
Effective	January 5, 2026

22. LEGAL DISCLAIMER

This Privacy Policy is provided for informational purposes. While we have made every effort to ensure accuracy and legal compliance, this document should not be considered comprehensive legal advice. For specific legal questions, consult with a qualified data protection attorney.

Changes to Indian Laws: This Policy reflects Indian law as of January 2026. Future legislative changes may affect compliance requirements. Fluxor reserves the right to update the Policy in accordance with new regulations.

23. FINAL ACKNOWLEDGMENT

By using Fluxor Services, you acknowledge that you have:

Read and understood this Privacy Policy
Agreed to the terms outlined herein
Understood your rights and our responsibilities
Consented to the collection and processing of your data as described
Had the opportunity to ask questions and seek clarification

Questions?

Questions? Contact privacy@fluxor.io or visit our privacy portal at https://fluxor.io/privacy

Document prepared in compliance with:

Status: Legally reviewed and approved for use

Next Review Date: January 5, 2027

Jurisdiction: Delhi, India

ROC Registration: Fluxor HQ Private Limited

Digital Personal Data Protection Act (DPDPA), 2023
Information Technology Act, 2000
Consumer Protection Act, 2019
GDPR (for international users)
Best practices from industry peers (Hack2Skill, DevPost, DigiEduHack)

Thank you for reading our Privacy Policy