Limited onboarding: 3 slots this quarter • Serving 10 active clientsBook a 15-min consult|Call: 022-24601806WhatsApp
Skillset Squad
ServicesPricingOur TeamCase StudiesOur BrandsCareersProcessSecurityAboutResourcesContact

Privacy Policy

Skillset Squad Private Limited

Email: support@skillsetsquad.com

Phone: +91 22 24601806 (022-24601806)

Last updated: 4 September 2025

We respect privacy, build with least-privilege access, and only collect what we need to deliver results. This policy explains what we collect, why, how we use it, how we share it, and the rights you have.

1) Who we are

This Privacy Policy describes how Skillset Squad Private Limited ("Skillset Squad", "we", "us", "our") processes personal data in connection with:

  • Our websites, landing pages, forms, and newsletters (collectively, the "Sites");
  • Our professional services (Discord management, social media management, video editing, customer care, and related consulting) delivered to our clients (the "Services");
  • Our marketing and sales activities, including giveaways and events.

For most client work we act as a Processor (or "Service Provider/Processor/Contractor" under applicable laws) processing data on behalf of our client (the "Controller/Business"). For our Sites, marketing, hiring, and internal operations, we act as a Controller/Business.

2) Scope & audience

This policy applies to visitors, prospective clients, client representatives, community/users we interact with while operating client communities or support, job applicants, and vendors. It does not override any contract, Data Processing Addendum (DPA), or platform-specific terms (e.g., Discord, Meta, X/Twitter, YouTube). In case of conflict, the stricter term applies.

3) Types of data we collect

A. Data you provide directly

  • Contact and business info: name, job title, company, email, phone, country/time zone.
  • Service briefs & content: brand guidelines, assets, creative briefs, storyboards, scripts, raw footage/audio, thumbnails, design files, and any metadata provided to deliver Services.
  • Support & community operations: messages or tickets you submit to our help channels, feedback, giveaway entries.
  • Billing & contracts: contract details, billing contact, invoicing information (payments are processed via PCI-compliant third-party processors; we do not store full card data).

B. Data we create or derive

  • Project records & reports: performance metrics, analytics summaries, moderation logs, QA notes, delivery status, and internal annotations.
  • Operational metadata: timestamps, assignment, versioning, approval state.

C. Data we collect automatically (Sites & some Services)

  • Device/usage data: IP address, device/browser type, language, referring URLs, pages viewed, time on page, clicks, error logs.
  • Cookies/identifiers: session cookies, preference cookies, analytics/attribution cookies (see Cookies & Tracking).

D. Data from third parties/platforms

  • Platform data (as permitted): Discord handles/IDs, role info, message/event participation metadata; social platform handles/IDs, public profile data; analytics from GA4, Search Console, and ad platforms; CRM/ESP interactions; ticketing system metadata.
  • Influencer/giveaway data: social handle, eligibility checks, entries, winner validation data.

Special categories: We do not intentionally collect sensitive personal data (e.g., health, biometrics) unless a client's specific workflow requires it and we have explicit written instructions and lawful basis.

4) Purposes & legal bases

When we are Controller/Business (e.g., Sites, marketing, hiring)

  • Provide and improve Sites (legitimate interests/consent where required).
  • Respond to inquiries & schedule consultations (contract/legitimate interests).
  • Marketing & newsletters (consent/legitimate interests; opt-out anytime).
  • Security, fraud prevention, diagnostics (legitimate interests/compliance).
  • Legal, accounting, compliance (legal obligations/legitimate interests).
  • Recruitment (pre-contract steps/legitimate interests; consent if required).

When we are Processor/Service Provider (client Services)

Deliver contracted Services (per client's documented instructions):

  • community operations (Discord moderation, events, tickets)
  • social posting & engagement
  • video editing & delivery
  • customer support operations
  • analytics/reporting
  • Improve quality & reliability (e.g., QA reviews, playbook improvements) as permitted under contract.
  • Security & platform compliance (e.g., anti-spam/anti-abuse).

In Processor roles, our client determines lawful bases and provides notices/consent to end users as required by law.

5) Cookies & tracking technologies

We use:

  • Strictly necessary cookies (authentication, security, basic functions).
  • Preferences cookies (remember choices like language, forms).
  • Analytics cookies (aggregate usage, performance).
  • Marketing/attribution cookies (campaign effectiveness).

Where required, we will present a cookie banner and honor your choices. You can also control cookies in your browser. Some features may not function without essential cookies.

Do Not Track: Browser "DNT" signals are not consistently honored by industry; we apply privacy choices via our consent tools instead.

6) How we share data

We share personal data only as needed:

  • With clients (when we act as Processor, we provide outputs, logs, and reports to the client who is Controller).
  • With vendors/sub-processors who help us operate (hosting, storage, ticketing/helpdesk, analytics, email/ESP, project management, creative tools, communications). We require appropriate contracts, confidentiality, and data-protection commitments.
  • With professional advisors (legal, tax, audit) under confidentiality.
  • With authorities if required by law or to protect rights, safety, and security.
  • Business transfers: in a merger, acquisition, or reorganization, data may transfer subject to this Policy's protections.

We maintain a current list of sub-processor categories and will provide details on request. A DPA is available for clients.

7) International transfers

We are India-based and serve global clients. Data may be processed in India and other countries where our team or vendors operate. When laws require protections for cross-border transfers (e.g., EU/UK), we use recognized safeguards such as:

  • Standard Contractual Clauses (SCCs) and UK addendum/IDTA, as applicable.
  • Contractual and technical measures (encryption, access controls, minimization).
  • DPDP (India): we comply with Government of India transfer requirements, where applicable.

8) Security

We implement technical and organizational measures designed to protect personal data, including:

  • Encryption in transit (TLS) and at rest where feasible;
  • Role-based, least-privilege access; credential vaulting;
  • Environment separation; audit trails for privileged actions;
  • Vendor due diligence and contractual safeguards;
  • Employee confidentiality obligations and training;
  • Secure deletion and disposal practices.

No method of transmission or storage is 100% secure. If we learn of a security incident affecting personal data, we will notify the appropriate parties without undue delay and in accordance with applicable law and our contractual commitments.

9) Data retention

We retain data only as long as necessary for the purposes stated or as required by law/contract. Typical horizons (unless otherwise agreed with a client):

  • Site analytics & logs: 12–26 months (aggregate afterward).
  • Sales & support inquiries: up to 24 months from last interaction.
  • Contract/billing records: 7 years (or as legally required).
  • Service work product (Processor): per client instructions (e.g., project term + defined archival window).
  • Giveaway records: per legal/regulatory requirements and fraud prevention needs.

We will anonymize or securely delete data when retention ends.

10) Your privacy rights

Depending on your location, you may have rights including:

  • Access: know whether we process your data and obtain a copy.
  • Correction: rectify inaccurate or incomplete data.
  • Deletion: request deletion, subject to legal/contract limits.
  • Restriction: limit processing in certain cases.
  • Portability: receive data in a portable format (where applicable).
  • Object: object to processing (e.g., marketing).
  • Withdraw consent: where processing is based on consent.

EU/EEA & UK (GDPR/UK GDPR)

You have the rights above and may lodge a complaint with your local Supervisory Authority. If Article 27 representation applies, we will provide contact details upon request via support@skillsetsquad.com.

California, Virginia, Colorado, Connecticut, Utah (CCPA/CPRA & similar)

  • Right to know categories/specific pieces of personal information collected.
  • Right to delete and correct.
  • Right to opt-out of "sale" or "sharing" (as defined by law).
  • Right to limit use of sensitive personal information (if applicable).
  • Non-discrimination for exercising rights.

We do not sell personal information as "sale" is commonly defined. We also do not knowingly "share" personal information for cross-context behavioral advertising. If any specific activity is deemed "sharing" under state law, we will provide an opt-out mechanism.

India (DPDP Act, 2023)

You may access, correct, erase, and withdraw consent per the DPDP. You can raise grievances with our Grievance Officer via support@skillsetsquad.com or the phone number above. We will support consent managers where applicable.

How to exercise rights: Email support@skillsetsquad.com with the subject "Privacy Request". We will verify your identity (and, where allowed, your authorized agent's authority) and respond within the statutory period. If we process your data as a Processor, we will redirect your request to the relevant Controller (our client).

Appeals: If you are unsatisfied with our decision, you may reply to our response email to escalate, or contact your regulatory authority.

11) Children's privacy

Our Sites and Services are not directed to children under the age of 13 (or 16 where applicable). We do not knowingly collect data from children. If you believe a child has provided personal data, contact us and we will take appropriate steps.

12) Platform-specific processing (Discord, social, support)

When operating communities or support for a client:

  • We follow the relevant platform's Terms and policies.
  • We may access public or permitted content, metadata, and IDs to moderate, organize events, manage tickets, and generate analytics for the client.
  • We implement anti-spam/anti-abuse and eligibility checks for giveaways.
  • Where required, we provide or assist clients with community notices.

For video editing, we process footage, voice/likeness, and project files solely to deliver agreed outcomes, under confidentiality and secure asset handling.

13) Giveaways & promotions

For each giveaway we or a client run, we will publish official rules describing eligibility, entry mechanics, prizes, selection, and disclosures. We may collect participant information to validate entries, contact winners, prevent fraud, and comply with laws. Unless otherwise stated, giveaway data will not be used for unrelated marketing without consent.

14) Automated decision-making & AI

We may use automation to route tickets, detect spam/abuse, or prioritize tasks. We do not make decisions with legal or similarly significant effects solely by automated processing without human review.

For creative or operational workflows, we may use AI-assisted tools (e.g., transcription, captioning, color correction, summarization) under confidentiality and vendor terms. We do not use your materials to train third-party foundation models unless you or our client expressly authorize it and the vendor contract permits an opt-out/opt-in aligned with your instruction.

15) Third-party links & sites

Our Sites may link to third-party websites or services. Their privacy practices are governed by their own policies. Review those policies before providing personal data.

16) Job applicants

If you apply for a role, we will process your CV/resume, contact details, interview notes, and reference information to evaluate your application. If unsuccessful, we may retain your details for a limited period to consider you for future roles (subject to your preferences and applicable laws).

17) Changes to this policy

We may update this Privacy Policy to reflect changes in laws, technology, or our practices. We will post the updated version with a new "Last updated" date. If changes materially affect your rights, we will provide additional notice (e.g., on the Site or by email where appropriate).

18) Contact & grievance redressal

Controller inquiries (Sites/marketing) & general privacy questions:

EU/UK individuals: If Article 27 representation is required for your matter, contact us and we will provide representative details or handle your request directly as permitted.

India (DPDP) – Grievance:

You may contact our Grievance Officer at support@skillsetsquad.com or by phone at +91 22 24601806. We will acknowledge and resolve grievances within timelines prescribed by the DPDP Rules.

Postal address: 8th Floor, Arunachal Bhavan, Sector 30A, Vashi, Navi Mumbai, Maharashtra - 400703

19) Controller–Processor roles (summary)

When we act as Controller/Business:

Sites, marketing, sales, recruitment, our own vendor management, and internal operations. This Privacy Policy applies directly.

When we act as Processor/Service Provider:

For client Services (community ops, social, video, support), we process personal data strictly under the client's instructions and our contract/DPA. In such cases, the client is responsible for providing notices and obtaining consents where required. We assist with data subject requests and incident response consistent with the DPA.

Data Processing Addendum (DPA): Available on request. The DPA incorporates appropriate international transfer mechanisms (e.g., SCCs/UK IDTA) and defines our security, confidentiality, sub-processing, and assistance obligations.

20) Region-specific disclosures (high level)

EU/EEA & UK:

Lawful bases include consent, contract performance, legitimate interests, and legal obligations. Data subjects may complain to their Supervisory Authority.

California (CCPA/CPRA):

We are a Service Provider or Contractor when serving clients, and a Business for our Sites/marketing. We do not "sell" personal information. We do not knowingly "share" personal information for cross-context behavioral advertising. You may authorize an agent to submit requests; we will require proof of agency and verify your identity.

India (DPDP):

We process personal data in compliance with applicable DPDP provisions. We support consent withdrawal, access, correction, and erasure requests. Cross-border transfers comply with Government of India notifications, if any.

21) Your choices

  • Emails/Newsletters: Click unsubscribe in any email or reach us at support@skillsetsquad.com.
  • Cookies/Tracking: Use the cookie banner (where available) or browser settings to manage preferences.
  • Platform settings: Adjust privacy and notification settings on Discord/social platforms you use.
  • Consent: Where our processing is based on consent, you can withdraw it at any time; this does not affect prior lawful processing.

Short version

We process only what we need to deliver our Services, keep it secure, don't sell your data, and honor your rights. Questions? support@skillsetsquad.com · +91 22 24601806