Privacy Policy

Version 2026-04-27

What this means in plain English

  • Your data stays in India. We host on AWS in the Mumbai region (ap-south-1).
  • We never share your phone or email with an employer until you allow it. Every reveal is logged.
  • You can ask us to delete your account and your photo, audio, and video at any time.
  • We do not collect Aadhaar, PAN, or any government ID number.
  • Sign-in is by email and password only. We do not use social log-ins or trackers that read your contacts.

The summary above is for clarity only. The full policy below is the binding version.

FaujiLink Privacy Policy

Effective date: _[TO BE FILLED IN BEFORE PUBLIC LAUNCH]_ Version: 1.0 (draft) Applies to: faujilink.com and the FaujiLink mobile-friendly web app.

1. Who we are

FaujiLink is operated by Water Apps Pty Ltd, an Australian company (the Data Fiduciary under India's Digital Personal Data Protection Act, 2023 — the "DPDPA").

Although Water Apps Pty Ltd is registered in Australia, FaujiLink is built for users in India and runs entirely on AWS infrastructure inside India (the Mumbai region, ap-south-1). For that reason this policy is written to comply with the Digital Personal Data Protection Act, 2023 (DPDPA) of India, not the Australian Privacy Act.

If anything in this policy is unclear or you want to exercise any of your rights, write to our Grievance Officer:

> Grievance Officer (FaujiLink) > _[Grievance Officer name — to be filled in]_ > Email: _[grievance officer email — e.g. grievance@waterapps.com.au — to be filled in]_ > Postal address: _[address — to be filled in]_

We will acknowledge every grievance promptly. We are working towards a fixed response time and will publish that commitment here once we are confident we can meet it consistently.

2. What this policy covers

This policy explains:

  • What personal information we collect from you
  • Why we collect it
  • How long we keep it
  • Who else can see it
  • How we keep it safe
  • What rights you have, and exactly how to use them

Plain-English version: we collect only what we need to help an ex-serviceman get hired, and we don't share it anywhere except with the employer who specifically asks to contact you, after they have agreed to our rules.

3. Personal data we collect

3.1 If you register as a professional (ex-serviceman)

| What we collect | Why | |---|---| | Full name | So an employer knows who they are talking to | | Photo | To put a face to the profile (employers expect this) | | Mobile number (E.164 format, e.g. +919876543210) | The way employers will contact you | | Email address (optional) | Account login and notifications | | City, state, pincode | So employers in your area can find you | | Service branch (Army / Navy / Air Force / Other) | A core filter employers use | | Rank or role | To show your service background | | Years of service | A core filter employers use | | Retirement status (retired / premature_retired / available_soon) | So employers know when you can start | | Skills (chosen from our list) | The most important search filter | | Short bio (optional, 500 characters max) | A free-text introduction | | Audio or video intro (optional, ≤ 60 seconds, ≤ 20 MB) | Lets you stand out | | Availability (immediate / 15 days / 30 days) | Helps employers plan | | Job type preference (full-time, part-time, contract) | Filters out non-matches | | Willingness to relocate (yes/no) | Filter |

We do not collect Aadhaar. See the separate document no-aadhaar-policy.md for why.

3.2 If you register as an employer

| What we collect | Why | |---|---| | Company name | So professionals know who is contacting them | | Contact person's name | The same | | Email address | Account login and notifications | | Mobile number | Verification and contact | | GSTIN (optional, India GST number) | Voluntary — helps us verify the business is genuine |

3.3 What we automatically record

When you use the service we record:

  • The fact that you logged in (Cognito holds this)
  • Server-side request logs that include a request ID, your user ID and which action you took (kept in CloudWatch Logs for 90 days minimum)
  • If you are an employer: every time you reveal a candidate's mobile number, we record the reveal — your user ID, the candidate's user ID, and the timestamp — so we can audit misuse and so the candidate can be told who saw their number.

We do not run any third-party analytics SDK (no Google Analytics, no Meta Pixel, no Mixpanel) and we do not embed advertising trackers. See section 9 for the full statement.

4. Why we use your data — the lawful purpose

Under DPDPA, we can only use your data for the specific purpose you agreed to. Here are the only purposes we use it for:

  1. Run your account. Sign-up, sign-in, password reset, account recovery.
  2. Show your profile to employers (professionals only). Only after our admin team has marked your profile Verified does it appear in employer searches.
  3. Connect you with employers (professionals only). When an employer reveals your mobile, the platform displays it to that employer so they can phone or WhatsApp you about a role.
  4. Run searches (employers only). Filter the verified-professional pool by location, skill, service branch and availability.
  5. Stop abuse. We rate-limit how many candidates an employer can reveal per day (50) and we keep audit logs so we can spot harvesters and suspend them.
  6. Operate and secure the platform. Encryption keys, audit logs, error tracing, security monitoring.

We do not use your data for:

  • Advertising
  • Selling or licensing to any third party
  • Training third-party AI models
  • Marketing campaigns from companies you have not approached

If we ever want to use your data for a new purpose, we will ask you again — fresh, specific consent — before doing so.

5. How long we keep it

| Data | Retention | |---|---| | Your professional or employer profile | Until you ask us to delete it, or you delete your account | | Your photo, audio, video | Same as your profile (deleted when account is deleted) | | Audit log entries (e.g. contact-reveal events) | 90 days, then automatically deleted by the database (DynamoDB TTL) | | CloudWatch service logs | At least 90 days | | Consent records (proof you agreed to this policy and the terms) | Lifetime of the account, plus a period after deletion for evidence purposes — see the separate consent-record.md document | | Backups (point-in-time recovery on production database) | Up to 35 days, encrypted, automatically expired |

When you delete your account, we delete your profile, your media files in S3, and your DynamoDB rows. Backups containing your data will roll off naturally within 35 days. Audit-log rows that reference your user ID continue to expire on the standard 90-day TTL.

6. Who we share your data with

Short version: only the employer who clicks "Contact" on your profile, and only after they have agreed to our terms.

Long version:

  1. Employers (professionals → employers). When an employer clicks the Contact button on your verified profile, the platform shows them your mobile number (and starts a WhatsApp wa.me link). The employer must be logged in. Every reveal is logged. We do not bulk-export contact details to anyone.
  2. AWS, our infrastructure provider. AWS hosts the service in ap-south-1 (Mumbai). They process data on our behalf as a Data Processor and cannot use it for any other purpose.
  3. Our admin team. WaterApps staff who verify profiles and respond to grievances can see your profile to do that job. They are bound by confidentiality.
  4. Law enforcement, but only when legally required. If we receive a valid order from an Indian court or authorised authority, we will comply with it. We will tell you unless we are prohibited from doing so.

We do not:

  • Sell your data
  • License it to recruiters or third-party job boards
  • Pass it to advertising networks
  • Share it with any company in the WaterApps group for purposes other than running FaujiLink

7. Where your data lives — data residency

All FaujiLink personal data is stored and processed inside India.

Specifically:

  • The database (DynamoDB) is in AWS ap-south-1 (Mumbai).
  • The media bucket (S3) is in AWS ap-south-1 and has a bucket policy that explicitly denies cross-region replication so the data physically cannot leave India through normal misconfiguration.
  • Authentication (Cognito) is regional and runs in ap-south-1.
  • Backups are in ap-south-1.

The owning company (Water Apps Pty Ltd) is registered in Australia, but no operational personal data is transferred to Australia. Our staff access the system through identity controls, not through bulk data export.

If we ever need to change this — for example, to enable disaster-recovery in another country — we will update this policy first and notify you.

8. How we keep your data safe

Concrete measures we have in place today:

  • Encryption at rest. Every database table and the media bucket is encrypted with a customer-managed AWS KMS key. Key rotation is enabled.
  • Encryption in transit. Every connection uses TLS 1.2 or higher. The S3 bucket policy explicitly denies any non-TLS access.
  • Authentication. Passwords must be at least 12 characters with mixed case, numbers and symbols. Two-factor authentication (using an authenticator app) is supported and recommended.
  • No public access. The media bucket has all four S3 public-access blocks turned on. Candidate phone numbers are only returned to authenticated employer accounts.
  • Least-privilege access. Each backend Lambda function has its own IAM role with only the permissions it needs. We don't use wildcard IAM policies.
  • Audit logging. Cognito audit mode, API Gateway access logs and a dedicated audit table together record every contact reveal, every admin action and every authentication event for at least 90 days.
  • Rate limiting. API Gateway and a usage plan cap how many actions a single IP or employer account can perform.
  • Software supply chain. Code is scanned for vulnerabilities before deployment. Container images use minimal base images.

We are not perfect. If we ever discover a personal-data breach that meets the DPDPA threshold, we will notify both the Data Protection Board of India and affected users without undue delay, in line with the DPDPA's reporting requirements.

9. Cookies and analytics

We currently run no third-party analytics SDKs on FaujiLink. We do not embed Google Analytics, Meta Pixel, Mixpanel, or any advertising tracker.

Cookies we use today:

  • A Cognito session cookie so you stay logged in.
  • A CSRF token cookie.
  • An optional remember-me refresh-token cookie.

If we ever add product analytics, we commit to:

  1. Self-hosted analytics, or a vendor that processes data inside India.
  2. No personal identifiers in the analytics stream — events will be tied to a randomised, rotating device ID, not your account.
  3. Updating this policy and asking for fresh consent before turning analytics on.

10. Your rights, and how to use them

Under the DPDPA you have the following rights:

| Right | What it means | How to exercise it | |---|---|---| | Access | Get a copy of the personal data we hold about you | Email the Grievance Officer with the subject "Data access request" | | Correction | Fix data that is wrong | Edit it inside the app, or email the Grievance Officer | | Erasure (deletion) | Delete your account and your data | Use the Delete account button in your profile, or email the Grievance Officer | | Withdraw consent | Take back consent for a specific purpose | Email the Grievance Officer; effect is identical to deletion if you withdraw the core profile consent | | Grievance redressal | Complain about how we handled your data | Email the Grievance Officer first. If you are not satisfied, you can escalate to the Data Protection Board of India | | Nominate | Nominate someone to act on your behalf if you die or become incapacitated | Email the Grievance Officer with the nominee's contact details |

We will respond to each request as quickly as we reasonably can. We have not yet committed to a specific maximum response time (e.g. 30 days) — we will publish one here once we are confident we can meet it consistently. Until then we will respond on a best-effort basis and you can hold us accountable through the Grievance Officer channel.

You do not need to give a reason to withdraw consent or delete your account.

11. Children

FaujiLink is not for users under 18. We do not knowingly collect personal data from children. If you believe a child has registered, write to the Grievance Officer and we will delete the account.

12. Changes to this policy

If we change this policy, we will:

  1. Update the Effective date and Version at the top.
  2. Show an in-app notice the next time you log in.
  3. For changes that materially affect what we do with your data, we will ask you to re-accept the policy. You will not be able to use the service without doing so. (We will not pre-tick boxes and we will not bury the change in fine print.)

The previous version of the policy will remain available on request.

13. How to contact us

| Reason | Contact | |---|---| | Privacy questions, data requests, complaints | Grievance Officer (details in section 1) | | General support | _[support email — to be filled in]_ | | Security vulnerability disclosure | _[security email — to be filled in]_ |

_End of policy._