Traitfit — Psychometric Assessment Platform

    Privacy Policy

    Effective Date: 1 January 2026

    1. Introduction & Your Privacy Commitment

    1.1 Brainberg Knowledge Solutions Private Limited ("Brainberg", "we", "our", "us") recognizes the importance of protecting your personal information. Your privacy is extremely important to us. We invest substantial thought, effort, tools, technology, managerial safeguards, and operational processes to protect your personal data.

    1.2 This Privacy Policy explains how we collect, use, process, store, share, disclose, and protect your information when you access or use our website Traitfit.com, platform 'Traitfit', assessments, tools, and services provided thereunder (collectively, the "Platform").

    1.3 By accessing or using the Platform, you: (i) confirm that you have read and understood this Privacy Policy; (ii) acknowledge that this Privacy Policy forms an integral part of the Terms & Conditions; (iii) give your free, informed, unconditional and specific consent to the collection and processing of your data under the Digital Personal Data Protection Act, 2023 ("DPDPA") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules, 2025"), to the extent such provisions are in force; and (iv) provide consent under the General Data Protection Regulation ("GDPR"), where applicable.

    1.4 If you do not agree with this Privacy Policy, you should stop using the Platform immediately.

    1.5 If you use the Platform on behalf of another individual (such as a student, minor, employee, dependent, or end-user), you represent that you are authorised to accept this Privacy Policy on their behalf.

    2. Compliance With Applicable Laws

    2.1 This Privacy Policy is published in accordance with, and to demonstrate compliance with, the following legal frameworks:

    2.1.1 Indian Law

    • Digital Personal Data Protection Act, 2023 (DPDPA), including the DPDP Rules, 2025, to the extent such provisions have been notified and brought into force in accordance with the Government's phased implementation schedule.
    • Section 43A of the Information Technology Act, 2000, relating to compensation for failure to protect personal data, to the extent consistent with the DPDPA framework and any notified security standards, as applicable.
    • CERT-In Directions, 2022, governing cybersecurity incident reporting, log maintenance, time-bound breach notification, and security hygiene requirements.

    2.1.2 European Union – GDPR

    2.2 Where applicable, the processing of personal data of individuals located in the European Union/EEA is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

    2.3 For such processing, Brainberg acts as the "Data Controller", responsible for ensuring compliance with GDPR's principles, lawful bases, obligations, and data subject rights.

    3. Categories of Information We Collect

    3.1 To provide our services effectively, Brainberg collects the following categories of personal information ("Information"). We collect only the information necessary for lawful and specified purposes, in accordance with the DPDPA and the DPDP Rules, 2025.

    3.1 Personal Identifiable Information (PII)

    3.1.1 This includes information that can identify you directly or indirectly, such as: (i) name, gender, age, date of birth; (ii) email address, mobile number, postal address; (iii) parent/guardian details (for minors); (iv) employer, school, institution, or organizational details; and (v) user account information and login identifiers (excluding passwords).

    3.2 Sensitive/Special Category Information

    3.2.1 Some Brainberg services (e.g., assessments, behavioural analysis, cognitive profiling, recommendations) may involve processing information that is considered: (i) sensitive personal data under the DPDPA framework; and (ii) special category data under the GDPR.

    3.2.2 This includes, without limitation: (i) assessment responses; (ii) psychological, behavioural, emotional, and cognitive indicators; (iii) reports, scores, summaries, insights, and recommendations; (iv) information exchanged between you and Brainberg experts/assessors; and (v) data relating to minors (processed with parental or institutional authorisation).

    3.2.3 Such information is collected only with explicit, affirmative consent, or with valid institutional authorisation for school/organizational assessments, as permitted by applicable law.

    3.3 Technical and Usage Data

    3.3.1 When you use the Platform, we may automatically collect: (i) IP address, device identifiers, device type, and operating system; (ii) browser type, version, language, and session logs; (iii) date and time of access, clickstream data, and usage patterns; (iv) referrer URLs and exit pages; (v) internet service provider (ISP) information; and (vi) diagnostic, security, and performance analytics (including crashes and load times).

    3.3.2 The above collection may involve the use of cookies, tags, pixels, and similar tracking technologies, as further detailed in Section 9 (Cookies and Tracking Technologies).

    3.3.3 Proctoring-Related Technical Data: For certain assessments or tests conducted on the Platform that require online proctoring, and only for the duration of such assessment, Brainberg (or its authorised proctoring service provider) may additionally collect limited technical and monitoring data, which may include: (i) camera feed, images, or video recordings; (ii) audio recordings (where enabled); (iii) screen sharing, screen recordings, or screen captures; and (iv) session-level device, browser, and integrity signals relevant to assessment conduct.

    3.4 Information You Voluntarily Provide

    3.4.1 This includes any information you choose to share, such as: (i) emails, messages, responses, or communications with Brainberg; (ii) documents, files, or materials voluntarily uploaded by you; (iii) support, feedback, or survey responses; and (iv) additional data provided during onboarding, consultations, or follow-ups.

    3.5 Payment & Transaction Data

    3.5.1 For paid services, we may collect: (i) payment mode (UPI, card, net banking, wallet); (ii) masked card details or tokenized identifiers; (iii) billing address; and (iv) transaction metadata (amount, date/time, status).

    3.5.2 All payments are processed through secure, compliant, PCI-DSS certified payment gateways. Brainberg does not store full card or banking details.

    4. Information We Do NOT Collect

    4.1 Except as expressly stated under Clause 4.2 (Test Proctoring) below, Brainberg does not, and will not, collect, access, monitor, or record: (i) keystrokes (including any keylogging outside the Platform); (ii) form inputs entered outside the Platform; (iii) passwords entered in third-party websites or applications; (iv) screenshots, screen recordings, or camera feeds unrelated to the use of the Platform; (v) files, documents, or content stored on your device without your active upload; or (vi) any information not intentionally submitted by you or not visible to you on the screen.

    4.2 Test Proctoring During Assessments

    4.2.1 Certain assessments/tests on the Platform may require online proctoring to protect test integrity, prevent impersonation, and detect malpractice ("Proctoring"). Where Proctoring is enabled, Brainberg (and/or its authorised proctoring service provider) may collect and process limited information during the assessment session, which may include: (i) live camera feed and/or periodic photographs; (ii) audio (where enabled); (iii) screen-sharing/screen recording or periodic screen captures; (iv) device/browser signals and session logs (including IP address, timestamps, and technical diagnostics); and (v) identity verification inputs where required for the test.

    4.2.2 Proctoring (i) is activated only for the duration of the assessment session (and related verification checks), (ii) is disclosed through pre-test notice and/or a separate proctoring consent prompt, and (iii) is used only for: (i) identity verification and candidate authentication; (ii) detecting prohibited behaviour or policy violations; (iii) generating integrity flags/reports for authorised institutional users (schools/employers) or Brainberg administrators; and (iv) investigating disputes, appeals, or integrity incidents.

    4.2.3 Brainberg does not use proctoring data for advertising or unrelated profiling, and access to such data is restricted on a strict need-to-know basis. Proctoring data is retained only for the period set out in the Data Retention clause (or as required by the relevant institution/applicable law), after which it is deleted or irreversibly anonymised, as applicable.

    4.3 Brainberg does not run spyware, hidden keyloggers, or surveillance tools to monitor your device outside the Platform, and does not access device content without your active interaction and authorisation as described in this Privacy Policy.

    5. Legal Basis for Processing (DPDPA & GDPR)

    5.1 Under DPDPA (India)

    5.1.1 Brainberg processes personal data under the following lawful bases:

    • Consent: Free, specific, informed and unconditional consent provided by the Data Principal (or by the authorised parent, guardian or institutional authority in the case of minors).
    • Legitimate Uses under Section 7 of the DPDPA: We may process personal data without consent only where such processing is expressly permitted as a 'legitimate use' under Section 7 of the DPDPA, to the extent applicable and notified.
    • Performance of a Service or Contract: Processing required to deliver Brainberg's assessments, reports, analytics, and Platform services to the data principal or to the institution/organization availing such services.

    5.1.2 Certain obligations under Section 7 and other provisions of the DPDPA and DPDP Rules, 2025 may apply in phases and will be complied with by Brainberg as and when such provisions are notified and brought into legal effect.

    5.2 Under GDPR (EU/EEA Users)

    5.2.1 For users located in the European Union/EEA, Brainberg processes personal data in accordance with the following lawful bases under the GDPR:

    • Consent – Article 6(1)(a): Explicit, informed consent for assessments, behavioural analysis and similar processing.
    • Contractual Necessity – Article 6(1)(b): Processing necessary for providing Brainberg's services and fulfilling contractual obligations.
    • Legitimate Interests – Article 6(1)(f): Processing required for: (a) Platform security and fraud detection; (b) service improvement; and (c) analytics (non-intrusive and privacy-preserving), only where such interests do not override the rights and freedoms of the data subject.
    • Legal Obligations – Article 6(1)(c): Compliance with legal or regulatory requirements applicable to Brainberg.

    5.2.2 Sensitive/Special Category Data (GDPR): Sensitive or special category data (such as psychological, behavioural or cognitive information) is processed only under: (i) explicit consent – Article 9(2)(a); and (ii) with safeguards under Article 9, including purpose limitation, data minimisation, and appropriate security measures.

    6. How We Use the Information

    6.1 Brainberg uses your personal information strictly for lawful, specific and clear purposes, as permitted under the DPDPA, the DPDP Rules, 2025, and, where applicable, the GDPR.

    6.2 Your Information may be used for the following purposes:

    • Provision of Services: To provide, operate, deliver, personalise and maintain Brainberg's assessments, reports, learning tools, behavioural insights, and related services.
    • Assessment Processing & Report Generation: To process assessment responses, generate scores, insights and recommendations, and deliver personalised or institution-requested reports.
    • Communication & Notifications: To contact you with service-related updates, alerts, administrative messages, recommendations, and necessary information relating to your use of the Platform.
    • Matching With Experts: To assign, match or connect you with qualified Brainberg experts, assessors, counsellors, or support personnel, as required for service delivery.
    • Billing & Transactions: For invoicing, payment processing, confirmations, receipts, fraud prevention, and related transactional communication.
    • Platform Administration & Improvements: To supervise, administer, audit, troubleshoot, analyse usage, enhance functionality, ensure service quality, and improve the overall user experience.
    • Analytics, Research & Product Development: To conduct research, analytics, quality benchmarking, and product development strictly using anonymised or aggregated data that cannot identify any individual.
    • Safety, Security & Fraud Prevention: To detect, prevent, or respond to security incidents, fraudulent activities, misuse of the Platform, or situations involving risk of harm, safety concerns, or unlawful activities.
    • Legal, Regulatory & Compliance Purposes: To comply with applicable laws, regulations, court orders, government directions, reporting obligations, and to establish or defend legal claims.

    6.3 Brainberg does not sell, lease, trade, or rent personal data to any third party for marketing, advertising, or commercial gain.

    7. User Responsibilities

    7.1 As a user ("Data Principal"), you agree to the following responsibilities when accessing or using the Platform:

    • Accuracy of Information: You will provide accurate, complete and up-to-date information and promptly update the same whenever changes occur.
    • Authenticity of Data Provided: You confirm that all information submitted belongs to you or that you are duly authorised to provide such information.
    • Account Security: You will maintain the confidentiality of your account credentials, including passwords, access codes, OTPs, and login details.
    • Secure Device and Network Use: You will access the Platform through secure devices and networks, maintain updated operating systems and security software, and avoid using public or unsecured networks for accessing sensitive information.
    • Prohibited Access & Misuse Prevention: You will not attempt unauthorised access, reverse engineering, scraping, tampering, or misuse of the Platform or its content.
    • Compliance With Laws & Institutional Policies: If you access Brainberg services through an organisation, you agree to comply with applicable institutional policies and lawful instructions.
    • Notification of Unauthorised Use: You agree to immediately notify Brainberg of any unauthorised access, breach, compromise, or suspected misuse of your account or personal information.

    7.2 Consequences of Providing Incorrect or Misleading Information: If you provide incorrect, incomplete, misleading, unauthorised, or outdated information, Brainberg may: (i) restrict, suspend, or terminate your access to the Platform; (ii) decline to provide or continue services; or (iii) take any other action required to maintain platform integrity or comply with the law.

    8. When We May Disclose Your Information

    8.1 Brainberg may disclose your personal information only in the following limited and lawful circumstances:

    • With Your Explicit Consent: When you voluntarily authorise Brainberg to share your information with a specific person, organisation, expert, or third party.
    • For Service Delivery: To Brainberg's authorised experts, assessors, psychologists, or support personnel strictly for the purpose of processing assessments, generating reports, providing guidance, and enabling Platform functionality.
    • With Third-Party Service Providers: To carefully selected third-party processors who assist us with cloud hosting, data analytics, email/SMS communication, secure payment processing, customer support systems, and identity verification.
    • With Schools, Institutions, or Employers: For assessments conducted through educational institutions, employers, corporate learning programs, or training initiatives, Brainberg may share relevant assessment reports as authorised by the institution.
    • Data Sharing With Corporate Clients or Employers: Where Brainberg conducts assessments on behalf of corporate clients, the resulting data may be shared only with the explicit, informed consent of the individual Data Principal.
    • Legal, Regulatory and Compliance Obligations: When required by law, regulation, subpoena, court order, or government directive.
    • To Prevent Harm or Ensure Safety: Where necessary to prevent or respond to risk of harm, abuse, exploitation, credible threats, or illegal activities.
    • Corporate Transfers: In the event of a merger, acquisition, or restructuring, your information may be shared with the acquiring entity, subject to continuity of privacy safeguards.

    8.2 Minimal Disclosure Principle: Brainberg always discloses only the minimum amount of personal data necessary for the specific lawful purpose. Brainberg does not sell, rent, or trade your personal information to third parties.

    9. Cookies and Tracking Technologies

    9.1 Brainberg uses cookies and similar tracking technologies to improve the functionality and performance of the Platform.

    9.2 We use cookies and tracking technologies for the following purposes:

    • Essential/Strictly Necessary Cookies: Maintaining login sessions, security and fraud prevention, and loading pages and enabling navigation.
    • Functional Cookies: Remembering language settings, storing saved preferences, and enabling smoother navigation.
    • Performance & Analytics Cookies: Understanding user behaviour, monitoring traffic patterns, diagnosing technical issues, and improving product design and performance.
    • Advertising/Marketing Cookies (If Used): Brainberg does not conduct targeted advertising using personal data without explicit consent.

    9.4 User Choices & Cookie Management

    9.4.1 You may choose to: (i) accept all cookies; (ii) reject non-essential cookies; or (iii) manage cookie preferences through your browser or device settings.

    9.4.2 Disabling essential cookies may affect the functionality of the Platform.

    9.5 Special Requirements for EU Users (GDPR & ePrivacy Directive)

    9.5.1 For users located in the European Union/EEA: (i) we display a GDPR-compliant cookie banner; (ii) no non-essential cookies are activated without explicit consent; (iii) consent can be withdrawn at any time; and (iv) processing is based on Article 6(1)(a) for optional cookies and Article 6(1)(f) for essential security-related cookies.

    9.6 Compliance With DPDPA

    9.6.1 Under the DPDPA and DPDP Rules, 2025, cookies that are linked or linkable to a user are treated as personal data.

    9.6.2 Such cookies require: (i) clear notice; (ii) consent (unless essential); and (iii) an easy mechanism to withdraw consent.

    10. Communications & Promotional Messages

    10.1 Brainberg may communicate with you through various channels, including email, SMS, phone calls, in-platform notifications, push notifications, and messaging services.

    10.2 Such communications fall under the following categories:

    • Service-Related Communications: Essential communications including account verification, password reset, security alerts, assessment updates, report availability, billing confirmations, and policy changes. These cannot be unsubscribed from.
    • Transactional Communications: Messages necessary for completing or confirming payments, assessment submissions, enrolment, institutional reporting, and support interactions.
    • Promotional/Marketing Communications: With your consent, Brainberg may send communications relating to new services, offers, updates, newsletters, and event invitations. You may unsubscribe at any time.
    • Institutional or Organisational Communications: If you access Brainberg through an organisation, communications may be authorised by that institution.
    • Safety, Security & Legal Communications: Brainberg may contact you without consent for data breach notifications, safety risks, legal or regulatory obligations, and dispute resolution.

    11. Social Media Widgets

    11.1 Our Platform may include social media features or widgets provided by third parties. These features may automatically collect certain information about you, including your IP address, pages visited, and interaction data.

    11.2 Your interaction with these features is governed solely by the respective third party's privacy policy and terms of service. Brainberg does not control what data these platforms collect or how they use it.

    11.3 Use of these widgets is completely optional. You may avoid interaction by not clicking on them, blocking third-party cookies, or using privacy settings.

    12. Payment Security

    12.1 Brainberg takes payment security extremely seriously. All card and banking details are encrypted using industry-standard protocols during transmission, and all transactions are processed through authorised, RBI-compliant, PCI-DSS certified payment gateways.

    12.2 Brainberg does not store full card numbers, CVV codes, net banking login details, or wallet/UPI PINs.

    12.3 Payment processing complies with DPDPA, IT Act Section 43A, RBI guidelines, PCI-DSS, and GDPR (where applicable).

    13. No Liability for Device-Level Data Theft

    13.1 While Brainberg implements robust security measures, Brainberg is not responsible or liable for any loss, compromise, or theft of data arising from issues on your personal device or network that are outside Brainberg's control, including malware, unauthorised access caused by insecure networks, device theft, or misuse of credentials.

    13.2 You are strongly advised to: (i) install reputable security software; (ii) regularly update your device; (iii) use strong passwords and multi-factor authentication; (iv) avoid public or unsecured Wi-Fi networks; and (v) log out after each session on shared devices.

    14. Confidentiality & Security Measures

    14.1 Brainberg implements appropriate technical, organisational, and administrative safeguards to protect your personal data, including industry-standard encryption, SSL/TLS protocols, firewalls, role-based access control, multi-factor authentication, secure backups, vulnerability scanning, and secure development practices.

    14.2 No Brainberg employee or administrator has access to your plain-text password; all passwords are stored using irreversible cryptographic hashing.

    14.3 While Brainberg implements strong security measures, no method of transmission over the internet or electronic storage is completely secure. We continuously update and enhance our security posture.

    15. Third-Party Contractors & Independent Tool Providers

    15.1 Brainberg uses carefully selected third-party service providers to support the delivery of the Platform. These providers are contractually bound to strict confidentiality obligations, process data only on Brainberg's instructions, and implement adequate technical safeguards.

    15.2 Certain third-party tools may act as independent data controllers under their own privacy policies. Your interaction with such tools is governed exclusively by the third party's terms.

    15.3 Brainberg shares only the minimum amount of information necessary and never sells or rents your personal data to third parties.

    16. International Data Transfers

    16.1 Brainberg may process or store your personal data in India and other jurisdictions where our trusted service providers operate, subject to applicable legal requirements and adequate safeguards.

    16.2 For EU/EEA residents, Brainberg transfers personal data outside the EU only in accordance with Chapter V of the GDPR, including Adequacy Decisions, Standard Contractual Clauses (SCCs), and additional Schrems II safeguards where required.

    16.3 Brainberg does not transfer personal data internationally unless the transfer is necessary, legally permitted, and adequately safeguarded.

    17. Your Rights

    17.1 Brainberg respects your rights as a Data Principal (under the DPDPA) and as a Data Subject (under the GDPR, where applicable).

    Under DPDPA (India)

    • Right to Access: Request details about your personal data processed by us.
    • Right to Correction & Updating: Request correction of inaccurate or incomplete data.
    • Right to Withdrawal of Consent: Withdraw your consent at any time.
    • Right to Erasure: Request erasure of your personal data, subject to legal retention requirements.
    • Right to Grievance Redressal: Raise a grievance with Brainberg's Grievance Officer.
    • Right to Nominate: Nominate another individual to exercise your rights in the event of death or incapacity.

    Under GDPR (EU/EEA Users)

    • Right of Access – Article 15: Know what data is processed and obtain a copy.
    • Right to Rectification – Article 16: Correct inaccurate or incomplete data.
    • Right to Erasure ("Right to be Forgotten") – Article 17
    • Right to Restrict Processing – Article 18
    • Right to Data Portability – Article 20: Receive your data in a structured, machine-readable format.
    • Right to Object – Article 21: Object to processing based on legitimate interests, including profiling.
    • Rights Related to Automated Decision-Making – Article 22
    • Right to Withdraw Consent – Article 7(3)
    • Right to Lodge a Complaint – Article 77: Lodge a complaint with your national supervisory authority.

    17.4 All rights requests will be processed within statutory timelines. Brainberg may request additional information to verify your identity before acting on any request.

    18. Data Retention

    18.1 Brainberg retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing services, compliance with legal obligations, audit, and institutional requirements.

    18.2 Personal data will be erased or anonymised when the purpose of processing is fulfilled, you withdraw consent, or no legal basis remains for retention.

    18.3 Brainberg may retain anonymised, aggregated, or de-identified data indefinitely for research, statistical analysis, and product improvement.

    19. Grievance Officer / Data Protection Officer (DPO)

    In compliance with the DPDPA, DPDP Rules 2025, GDPR, and other applicable laws, Brainberg designates the following Data Protection Officer / Grievance Officer:

    Brainberg Knowledge Solutions Private Limited

    Data Protection Officer / Grievance Officer

    Address: MR. Nilesh Thakur – Brainberg Knowledge Solutions, Prestige Icon, Prabhat Road

    Email: nilesh@traitfit.com

    Phone: 9975389160

    19.2 The DPO/Grievance Officer is responsible for receiving and responding to user grievances, addressing rights requests, coordinating breach notifications, ensuring DPDPA and GDPR compliance, and acting as the point of contact for regulatory authorities.

    19.3 All grievances and rights requests will be addressed within statutory timelines.

    19.4 If you are not satisfied with the resolution under the DPDPA, you may escalate to the Data Protection Board of India (DPBI) once operational.

    20. Changes to This Privacy Policy

    20.1 Brainberg may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, Platform updates, data processing practices, security enhancements, or operational needs.

    20.2 If material changes are made, a notice will be displayed on the Platform and/or you will be notified by email or other appropriate means.

    20.3 Brainberg will not process your existing personal data for any new or incompatible purpose without providing notice and obtaining fresh consent where required by law.

    20.4 Your continued use of the Platform after such changes constitutes your acknowledgment and acceptance of the updated Privacy Policy.