Privacy Policy

Effective date: March 31, 2026

This Privacy Policy describes how Kootami collects, uses, stores, secures, and discloses personal data across public pages, authentication flows, organization workspaces, member operations, event modules, and support channels.

For law-specific details, seeDPDP Compliance Notice. For tracking technologies, seeCookie Policy.

1. Scope

This policy applies to Kootami-operated public websites, tenant portals, public-form routes, event registration pages, membership onboarding forms, and platform support interactions.

2. Data Roles and Accountability

Kootami operates as a multi-tenant platform. Depending on context, Kootami may act as a processor/service provider for tenant organizations, and as a controller/data fiduciary for platform security, fraud prevention, and service administration.

3. Categories of Personal Data

  • Identity Data: Name, email, phone, profile metadata, user identifiers.
  • Membership Data: Organization/chapter selection, member status, plan and onboarding inputs.
  • Event Data: Registration details, ticketing context, attendance/workflow records.
  • Payment Data: Payment state, invoice references, non-sensitive transaction metadata.
  • Support Data: Tickets, service communications, issue logs, user-provided attachments.
  • Technical Data: Device/browser data, log telemetry, IP, auth/session metadata.

4. Sources of Data

  • Data provided directly by users via forms and account workflows.
  • Data provided by organizations and their authorized administrators.
  • System-generated records from platform usage, logs, and security controls.
  • Data from integrated services where users or organizations enable those integrations.

5. Purposes of Processing

  • Deliver tenant features for membership, governance, events, and communications.
  • Authenticate users and secure platform access.
  • Detect abuse, fraud, policy violations, and operational anomalies.
  • Support billing, audit, dispute handling, and legal compliance obligations.
  • Improve product quality, reliability, and accessibility.

6. Lawful Bases and Consent

Processing may rely on one or more lawful bases including contract necessity, legitimate interests, legal obligations, and consent where required. Where consent is the basis, users may withdraw consent subject to legal and operational limits.

7. DPDP Compliance (India)

Kootami privacy controls are designed to align with the Digital Personal Data Protection Act, 2023 and applicable rules. Data principals may request access, correction, erasure (subject to legal exceptions), consent withdrawal, and grievance handling through the channels below.

Detailed DPDP handling framework:DPDP Compliance Notice.

8. Data Sharing and Disclosure

We may disclose data only where necessary and lawful, including:

  • Tenant organization administrators and authorized role-holders.
  • Infrastructure, communication, support, and payment service providers under contract controls.
  • Auditors, legal advisors, regulators, and authorities where legally required.
  • Fraud-prevention and security workflows needed to protect users and platform integrity.

We do not sell personal data.

9. Cross-Border Transfers

When cross-border processing is necessary, Kootami applies governance and contract safeguards consistent with applicable legal requirements and platform risk controls.

10. Data Retention and Deletion

Data is retained for the minimum period required for service operations, legal compliance, dispute handling, fraud prevention, and security auditing. Retention periods vary by data class and tenant policy.

11. Cookies and Similar Technologies

Kootami uses cookies, local storage, and equivalent technologies for secure authentication, session continuity, usability preferences, and aggregate service analytics.

Full details:Cookie Policy.

12. Security Controls

  • Transport encryption and access control layers.
  • Role-based permissions and tenant data isolation principles.
  • Operational logging, monitoring, and incident response mechanisms.
  • Backup, recovery, and service continuity safeguards.

13. Children and Sensitive Cases

Kootami is not intended for children where parental or guardian authorization is legally required. If such data is identified without valid authorization, corrective action including deletion may be taken.

14. User Rights and Requests

Subject to applicable law, users may request access, correction, deletion, portability, or processing restrictions. Where a request concerns organization-managed records, we may coordinate with the tenant administrator.

15. Contact and Grievance Redressal

16. Policy Updates

We may update this policy to reflect legal, security, operational, or product changes. Material updates are published with revised effective dates.