Privacy Policy

Last updated: 23 May 2026

Thejands ("we", "us", "our") is committed to protecting the personal data of everyone who visits our website or contacts us about our services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you hold over it. It applies to all visitors to thejands.in and to individuals who submit enquiries or job applications to us.

This policy is written to meet the requirements of India's Digital Personal Data Protection Act 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), and the UK GDPR, as applicable to our international client base.

1. Who We Are (Data Controller)

The data controller for personal data processed through this website is:

Thejands
Madurai, Tamil Nadu, India
Email: hello@thejands.in

"Data controller" means the entity that determines the purposes and means of processing personal data. Where we act as a data processor on behalf of our clients (for example, when building software systems), that relationship is governed by the relevant client engagement agreement and a separate data processing addendum.

2. Personal Data We Collect

We collect personal data only through the following specific interactions — we do not collect data passively through tracking technologies, advertising pixels, or third-party analytics cookies.

2a. Contact and Enquiry Form

When you submit a project or consulting enquiry via our contact form, we collect:

• Full name (required)
• Business email address (required)
• Company or organisation name (required)
• Message describing your project or enquiry (required)
• Phone number (optional)

2b. Career Applications

When you apply for a role through our Careers page, we collect:

• Full name
• Email address
• Phone number
• LinkedIn profile URL (optional)
• CV / résumé (uploaded document)
• Any additional information you choose to include in a cover message

2c. Website Usage Data

We use Vercel Analytics, which operates entirely at the network edge and does not set any cookies or collect any personally identifiable information. It measures aggregate traffic patterns (page views, referral sources, country-level geography) using anonymised request data. No individual visitor is tracked, fingerprinted, or profiled. No personal data is retained from website visits.

3. Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so. Under GDPR Article 6 and the DPDP Act, our bases are:

• Legitimate interests (GDPR Art. 6(1)(f)): Responding to project enquiries, assessing commercial fit, and communicating with prospective clients. Our legitimate interest is to run our business by engaging with people who proactively contact us. We have assessed that this interest is not overridden by your privacy rights, because you initiate contact voluntarily and with a clear expectation of a response.
• Contractual necessity (GDPR Art. 6(1)(b)): Where an enquiry progresses to a scoping discussion or active engagement, processing your contact data is necessary to fulfil our contractual obligations.
• Consent (GDPR Art. 6(1)(a)) / DPDP consent: For career applicants, by submitting your application you consent to us processing your data for recruitment purposes. You may withdraw this consent at any time by emailing us.
• No marketing processing: We do not use your data for unsolicited marketing, email campaigns, or advertising. We do not sell, rent, or share your data with marketing platforms.

4. How We Use Your Data

• To respond to your project or service enquiry, typically within one business day
• To assess whether our capabilities are a good fit for your requirements
• To prepare scoping proposals, engagement letters, or statements of work where discussions progress
• To review job applications and contact shortlisted candidates for further stages
• To comply with legal obligations if required by applicable law

We do not use automated decision-making or profiling that produces legal or significant effects on individuals.

5. Data Sharing and Processors

We share your data only with the following sub-processors, strictly for the purpose of operating our contact and recruitment systems. None of these parties are permitted to use your data for their own marketing or commercial purposes.

• Supabase, Inc. — our database and backend infrastructure provider, where contact form submissions and career applications are securely stored. Privacy policy: supabase.com/privacy
• Resend, Inc. — our transactional email delivery provider, used to send you a confirmation and to notify our team of new enquiries. Privacy policy: resend.com/legal/privacy-policy
• Vercel, Inc. — our website hosting and deployment platform. Vercel processes request data at the network edge for infrastructure purposes and powers our anonymised analytics. Privacy policy: vercel.com/legal/privacy-policy

We do not sell, license, or share your personal data with any other third party. We do not use data brokers or advertising networks.

6. International Data Transfers

Thejands is based in India. Our sub-processors — Supabase, Resend, and Vercel — are US-incorporated companies and may process data on servers located outside India, including in the United States and the European Economic Area. These transfers are governed by appropriate safeguards, including Standard Contractual Clauses (SCCs) where required under GDPR, and applicable data transfer mechanisms under the DPDP Act once the cross-border transfer rules come into force.

If you are located in the UK or EU and wish to understand the specific safeguards in place for transfers of your data, please contact us at hello@thejands.in.

7. Data Retention

• Enquiry and contact form data: Retained for up to 3 years from the date of enquiry, or until the associated engagement is formally concluded — whichever is later. This period allows us to reference prior context if you return to us for a future project.
• Career applications: Retained for 12 months from the date of submission, whether or not the application was successful. After this period, application data is deleted unless you have given specific consent to be considered for future roles.
• Website usage data: Vercel Edge Analytics data is anonymised at collection and is not attributable to any individual. We do not retain any personally identifiable website usage data.

8. Your Rights

Depending on your jurisdiction, you hold the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): You may request deletion of your personal data where we no longer have a lawful basis to retain it.
• Right to restriction of processing: You may ask us to limit how we use your data in certain circumstances.
• Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may request a machine-readable copy of your data.
• Right to object: You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
• Right to withdraw consent: Where processing is based on consent (e.g. career applications), you may withdraw it at any time without affecting the lawfulness of prior processing.
• DPDP rights (India): Under the Digital Personal Data Protection Act 2023, you have the right to obtain information about processing, correct and erase your data, and nominate a representative. These rights are enforceable once the relevant provisions come into force.

To exercise any of these rights, email us at hello@thejands.in with the subject line "Data Rights Request". We will respond within 30 days. If you are in the UK or EU and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (for example, the UK ICO at ico.org.uk).

9. Cookies

This website uses minimal cookies. Vercel Analytics does not set any cookies. We store your cookie consent preference in your browser's localStorage (not a cookie). For full details of what is and is not stored in your browser, please read our Cookie Policy.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These include encrypted data storage (Supabase enforces encryption at rest and in transit), HTTPS-only communication, and access controls limiting who within our team can view submitted data. We review our security practices regularly.

11. Children's Privacy

Our services are directed at businesses and professional individuals. We do not knowingly collect personal data from children under the age of 18. If you believe a child has submitted data to us, please contact us immediately and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes your acknowledgement of the updated policy.

13. Contact and Data Protection Enquiries

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we have handled your personal data, please contact us:

Thejands — Data Protection
Madurai, Tamil Nadu, India
Email: hello@thejands.in

We aim to respond to all privacy-related enquiries within 5 business days, and to resolve data rights requests within 30 days.