w
withRemote
HomeServicesCase StudiesResourcesAboutContact
Available today
Legal

Privacy Policy

How we collect, use, and protect personal information. Governed by Indian law including the DPDP Act, 2023.

Template notice. This document is a starting template. Review with qualified counsel before relying on it for any specific jurisdiction or contract.
Last updated: 2026-05-13

1. Introduction

withRemote Solutions Pvt Ltd (CIN: U78100GJ2025PTC160520), a private limited company incorporated under the Companies Act, 2013, having its registered office at A-9 Gajanan Park, Nr Sai Chowkdi, Manjalpur, Vadodara, Gujarat 390011, India ("withRemote", "we", "us", "our") provides remote engineering talent placement, managed Employer-of-Record (EOR) services, and product-development services.

We respect your privacy and are committed to protecting personal information you share with us. This Privacy Policy explains what information we collect, how we use it, who we share it with, how we secure it, and the rights you have over it. It applies to visitors of withremote.ai, candidates, clients, and personnel engaged by us.

This Policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

2. Information we collect

2.1 Information you provide

  • Contact details — name, work email, phone, company.
  • Service inquiry data — role briefs, project requirements, budget ranges, timezone preferences.
  • Candidate data (if you apply or are sourced) — resume, work history, skills, salary expectations, references, right-to-work documentation.
  • Billing and payroll data — bank or payment instrument details, tax identifiers (PAN, GSTIN, equivalent international IDs), statutory documents (for engaged personnel).

2.2 Information collected automatically

  • Log data — IP address, browser type, pages viewed, referrer.
  • Cookies and similar technologies — see our Cookie Policy.
  • Usage analytics — anonymised counts of feature interactions on Talent OS or our site.

2.3 Information from third parties

Where lawful, we may receive information from public professional networks (LinkedIn, GitHub), referral partners, background-check providers, and reference-checkers — limited to what is necessary for vetting and placement.

2.4 Sensitive personal data or information (SPDI)

Under SPDI Rules, 2011 and the DPDP Act, certain categories of information (financial information, biometric data, health records) receive heightened protection. We process SPDI only with explicit consent, only when necessary for an engagement, and store it with additional encryption and access controls.

3. How we use information

We use the information we collect for the following purposes:

  • Match candidates to roles and present shortlists to clients.
  • Operate Talent OS, payroll, EOR, and compliance services.
  • Communicate about engagements, invoices, and product updates.
  • Comply with legal obligations (income tax, GST, PF, ESI, statutory filings under Indian law, plus equivalent obligations under foreign jurisdictions where we operate).
  • Detect, prevent, and address fraud and security incidents.
  • Improve our services through aggregated analytics.

4. Legal bases for processing

4.1 Under the DPDP Act, 2023 (India)

We process personal data under one or more of the following lawful bases:

  • Consent (Section 6) — explicit, informed, and revocable.
  • Legitimate uses (Section 7) — including provision of services, employment, public interest, and compliance with judgment/court order.
  • Performance of a contract — where processing is necessary to deliver an engagement you have entered into with us.

4.2 Under foreign law (where applicable)

Where the EU GDPR, UK GDPR, California CCPA/CPRA, or other foreign data-protection regimes apply (because of the data subject's location or the engagement structure), we rely on the equivalent lawful basis under that law: contract, legitimate interest, legal obligation, or consent.

5. Sharing of information

We share information only with parties that need it, under appropriate contractual safeguards:

  • Clients — limited candidate data necessary to evaluate a shortlist.
  • Service providers — payroll processors, hosting providers, analytics vendors, background-check firms, all bound by confidentiality and data-protection obligations.
  • Authorities — when legally required (court orders, statutory filings, law-enforcement requests under Indian or applicable foreign law).
  • Successors — in connection with mergers, acquisitions, or asset transfers, subject to confidentiality.

We do not sell personal information.

6. Cross-border data transfers

withRemote operates in India (registered in Gujarat), the United States, Canada, and the United Arab Emirates. Information may be transferred between these jurisdictions and to our service providers in other countries.

Where transfers are made out of India to jurisdictions notified under the DPDP Act, we ensure such transfers are permitted under Section 16 of the Act. Where transfers are made into the EEA / UK, we use Standard Contractual Clauses or equivalent safeguards.

7. Data retention

We retain personal data only as long as necessary for the purposes described, to comply with legal obligations under Indian or applicable foreign law (including statutory retention periods for tax, employment, and corporate records), to resolve disputes, and to enforce agreements.

Candidate profiles in our talent database are retained for up to 36 months after last activity unless you ask us to remove them earlier. Financial and employment records related to engaged personnel are retained for 8 years under Indian tax law.

8. Security

We implement reasonable security practices and procedures as required by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 — equivalent to ISO 27001 controls — including encryption in transit, access controls, vendor due diligence, audit logging, and least-privilege design.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Your rights

9.1 Under the DPDP Act (India)

If you are a Data Principal under the DPDP Act, you have the following rights:

  • Right to access information about personal data processed by us.
  • Right to correction and erasure of personal data.
  • Right to grievance redressal.
  • Right to nominate another individual to exercise rights on your behalf in case of incapacity or death.

To exercise any right, contact our Grievance Officer (details in Section 12). We will respond within the timeframes required by the DPDP Act.

9.2 Under foreign law (where applicable)

If you are located in the EEA, UK, California (CCPA/CPRA), or other jurisdictions with specific data subject rights, you may have additional or different rights, including the right to data portability and the right to object to processing.

10. Children

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children. Under Section 9 of the DPDP Act, we are required to obtain verifiable consent from the parent or lawful guardian before processing personal data of a child. If you believe a child has provided us personal data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy. Material changes will be posted on this page and, where required by law, communicated by email. The "Last updated" date at the top reflects the most recent revision.

12. Grievance Officer & contact

As required under Section 5(9) of the Information Technology Rules, 2011 and Section 8(10) of the DPDP Act, 2023, we have appointed a Grievance Officer:

  • Name: Neel Mehta, Co-Founder & COO
  • Email: [email protected]
  • Phone: +1 (480) 418-6390
  • Postal: withRemote Solutions Pvt Ltd, A-9 Gajanan Park, Nr Sai Chowkdi, Manjalpur, Vadodara, Gujarat 390011, India

We aim to acknowledge grievances within 24 hours and resolve them within 30 days.