Privacy Policy

1. Introduction

Leapath Technology (“Leapath”, “we”, “us”, or “our”) operates the Leapath Placement Intelligence Platform (the “Platform”) accessible at https://www.leapath.tech. The Platform is provided to higher-education institutions, their Training and Placement Officers (“TPOs”), enrolled students, and authorised recruiters to support placement readiness, skill assessment, and employer-matching workflows.

This Privacy Policy explains what personal data we collect, why we collect it, the legal grounds on which we rely, how we share and protect it, and the rights available to data subjects. It is designed to comply with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, and is structured in alignment with the transparency standards of the EU General Data Protection Regulation (GDPR).

This Policy applies to all individuals who access the Platform. Where an institution acts as the data controller for student records, the institution’s own privacy notice may apply in addition to this Policy.

2. Information We Collect

We collect the following categories of information, either directly from users, from the institutions that engage us, or automatically through use of the Platform.

2.1 Account and Identity Information

• Full name, institutional email address, contact phone number, role (student, TPO, faculty, recruiter, administrator).
• Institutional affiliation, enrolment number or employee identifier where provided by the institution.
• Authentication credentials and session metadata.

2.2 Academic and Employability Data

• Programme of study, branch, semester or year, academic scores and grade history where shared by the institution or student.
• Skill assessment responses, scores, attempt history, and derived readiness indicators.
• Resume content, project information, certifications, and self-declared experience.
• Profile verification status and supporting metadata.

2.3 Institutional Data

• Institution profile, departmental structure, placement cell configuration, and authorised user lists.
• Aggregated cohort data, placement records, and outcome metrics provided by the institution.

2.4 Recruiter Data

• Company name, point-of-contact details, role requirements, and shortlisting criteria.
• Limited interaction logs reflecting candidate views and shortlist activity within the Platform.

2.5 Technical and Usage Data

• IP address, device type, browser, operating system, and approximate location derived from IP.
• Pages accessed, features used, timestamps, and diagnostic logs.
• Cookies and similar technologies as described in Section 9.

We do not knowingly collect government-issued identifiers, financial account numbers, biometric data, health information, or other categories of sensitive personal data unless an institution explicitly contracts for a feature that requires it, in which case additional safeguards apply.

3. How We Use Your Information

We process personal data to:

• Provide, operate, and maintain the Platform and its core features, including skill assessments, readiness scoring, profile verification, employer matching, and analytics dashboards.
• Authenticate users, manage role-based access, and prevent unauthorised use.
• Generate aggregated insights and benchmarks for institutional decision-making.
• Communicate with users regarding service updates, security notices, and support requests.
• Improve product quality, including diagnostics, error resolution, and feature development using de-identified or aggregated data wherever feasible.
• Comply with legal obligations and respond to lawful requests from regulators, courts, or law-enforcement authorities.

Readiness scores and skill indicators produced by the Platform are decision-support outputs. They are intended to assist institutions and recruiters and are not, by themselves, determinative of any placement, hiring, or academic outcome.

4. Legal Basis for Processing

We rely on the following legal grounds, depending on the nature of the processing and the user category:

• Contractual necessity: processing required to deliver the Platform under our agreement with the contracting institution or recruiter.
• Consent: where individuals voluntarily provide information, such as resume content, optional profile fields, or assessment participation outside an institutional mandate. Consent may be withdrawn at any time, subject to Section 8.
• Legitimate interests: for security monitoring, fraud prevention, product analytics, and improvement of services, balanced against the rights of data subjects.
• Legal obligation: where processing is required to comply with applicable law.

5. How We Share Information

We do not sell personal data. We share information only as described below.

5.1 With Institutions

Student data is made available to the user’s affiliated institution and its authorised personnel for placement, mentoring, and academic-administration purposes. The institution determines internal access policies for its own users.

5.2 With Recruiters

Where an institution enables employer matching, a defined subset of profile and assessment data may be made visible to recruiters whom the institution has authorised. Recruiters are bound by contractual obligations restricting use of such data to legitimate recruitment activities.

5.3 With Service Providers

We engage selected third-party processors to provide infrastructure, hosting, email delivery, analytics, and support services. These processors operate under written agreements that require confidentiality, defined processing purposes, and security obligations consistent with this Policy.

5.4 Legal and Protective Disclosures

We may disclose information where required by law, in response to valid legal process, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Leapath, its users, or the public.

5.5 Corporate Transactions

In the event of a merger, acquisition, financing, or sale of assets, personal data may be transferred subject to continuing protections substantially consistent with this Policy.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to provide the Platform, comply with legal obligations, resolve disputes, and enforce agreements.

• Active student profiles are retained for the duration of the institution’s subscription and for a defined period thereafter as specified in the institutional agreement.
• Assessment records and audit logs are retained in line with the institution’s retention configuration, subject to a default reasonable retention window.
• De-identified and aggregated data may be retained beyond these periods for analytics, benchmarking, and product improvement.

Upon termination of the institutional agreement, data is deleted or returned in accordance with the Data Processing & Security Policy.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures are described in greater detail in our Data Processing & Security Policy and include encryption in transit, access control, environment segregation, and audit logging.

No method of electronic transmission or storage is entirely secure. While we work to protect personal data, we cannot guarantee absolute security and users share information with us at their own risk.

8. Your Rights

Subject to applicable law, individuals may exercise the following rights in relation to their personal data:

• Access: request confirmation of whether we process data about them and obtain a copy of such data.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of data that is no longer necessary, subject to legal and contractual retention requirements.
• Withdrawal of consent: where processing is based on consent, withdraw such consent without affecting prior lawful processing.
• Objection and restriction: object to or seek restriction of certain processing activities.
• Grievance redressal: raise concerns with our Grievance Officer as set out in Section 12.

Where data is processed on behalf of an institution, requests should ordinarily be directed to that institution. We will support institutions in honouring valid requests in accordance with our Data Processing Agreement.

9. Cookies and Similar Technologies

The Platform uses cookies and similar technologies for authentication, session management, preference storage, security, and analytics. Strictly necessary cookies are required for the Platform to function. Optional analytics cookies may be controlled through browser settings or, where available, an in-product preference centre.

Disabling certain cookies may limit Platform functionality.

10. Students and Younger Users

The Platform is designed for use within higher-education institutions and is not directed at children under 13. Where users are minors under applicable local law, processing takes place under the framework established by the contracting institution, which is responsible for obtaining any parental or legal-guardian consent required.

If we become aware that personal data has been collected from a minor without appropriate authorisation, we will take reasonable steps to delete it.

11. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be notified through the Platform or by email to institutional administrators. The “Last Updated” date at the top of this Policy indicates when it was most recently revised. Continued use of the Platform following an update constitutes acceptance of the revised Policy.

12. Contact and Grievance Officer

For questions about this Policy or to exercise your rights, please contact:

• Leapath Technology — Privacy Office
• Email: info@leapath.tech
• Website: https://www.leapath.tech

In accordance with the Information Technology Act, 2000 and applicable rules, complaints regarding the processing of personal data may be addressed to our Grievance Officer at info@leapath.tech. We endeavour to acknowledge complaints within a reasonable period and to resolve them in accordance with applicable law.