Privacy Policy

Think Future Technologies Pvt. Ltd. (“TFT”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal data when you visit our websites www.tftus.com, use our mobile applications or client portals, engage our IT services, or otherwise interact with us. We are a global technology solutions provider headquartered at 1st Floor, AIHP Tower, 249G, Udyog Vihar Phase IV, Gurugram, Haryana 122015, India, and we process personal data in full compliance with applicable laws, including the Digital Personal Data Protection Act, 2023 (DPDP – India), General Data Protection Regulation (GDPR – EU/UK), California Consumer Privacy Act (CCPA/CPRA – USA), UAE Federal Decree-Law No. 45/2021,
Israeli Protection of Privacy Law, 1981, and other relevant frameworks. We act as a data controller when processing data for marketing, website operations, or recruitment, and as a data processor when handling client project data under a Statement of Work (SOW). This Policy applies globally and is designed to ensure transparency,
accountability, and lawful processing at all times.

1. Scope and Applicability

This Privacy Policy applies to all personal data processed by Think Future Technologies Pvt. Ltd. (“TFT”) through its websites, client portals, mobile applications, communication channels, and in connection with the delivery of IT, consulting, and related services. It applies to clients, job applicants, vendors, website visitors, and any individual whose data we process. It does not apply to third-party websites or services linked from our platform, which are governed by their own privacy policies.

2. Personal Data We Collect

We collect personal data directly from you when you fill out contact forms, subscribe to updates, submit job applications, or engage our services. This may include your full name, job title, company name, email address, phone number, professional background, resume, and communication history. We also receive data automatically through your use of our Sites, such as your IP address, browser type, device information, operating system, and browsing behavior (e.g., pages visited, time spent, referral source). These technical details are captured via cookies, server logs, and analytics tools to improve user experience and site performance. In the course of delivering services such as software development, QA testing, AI solutions, or cloud consulting we may process project-related data provided by clients, including business contact details or system logs. We do not collect (e.g., racial origin, religious beliefs, health, or biometric data) unless strictly necessary for legal compliance, security verification, or with your explicit consent.

3. How We Use Your Personal Data

TFT collects and processes your personal data only for lawful, specific, and clearly defined purposes. Your information is used to respond to your inquiries, provide and manage contracted services, maintain client relationships, send marketing communications (only with your consent), conduct recruitment activities, improve our website and service offerings, enhance security, perform analytics, and meet legal or regulatory requirements such as tax reporting or audits. We ensure that your personal data is processed fairly, transparently, and only for the purposes communicated to you at the time of collection. Under the General Data Protection Regulation (GDPR), the legal bases for processing include contractual necessity (to deliver services or perform a contract), legitimate interests (for analytics, business operations, and security measures, provided they do not override your rights), consent (for marketing communications or promotional activities), and compliance with legal obligations. Similarly, under the Digital Personal Data Protection Act, 2023 (DPDP Act), we rely on contractual necessity, legitimate use, consent, or compliance with applicable laws as the lawful grounds for processing. You may withdraw your consent for marketing or other optional processing at any time by contacting us at info@tftus.com, without affecting the lawfulness of any processing carried out prior to such withdrawal.

4. Cookies and Tracking Technologies

Our websites use cookies and similar technologies to provide essential site functions, enhance user experience, analyze traffic, and personalize content. Essential cookies are necessary for the proper operation, navigation, and security of the site, while analytics cookies (such as those provided by Google Analytics) help us understand how visitors interact with our website and improve its performance. With your consent, marketing cookies may be used for personalized promotions or retargeting on third-party platforms such as LinkedIn or Meta. You have complete control over your cookie preferences and can choose to accept or reject non-essential cookies at any time through the Cookie Settings banner displayed on our website or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality or performance of some website features. We also respect “Do Not Track” (DNT) signals where technically possible and comply with applicable privacy laws, including the EU ePrivacy Directive and the California Consumer Privacy Act (CCPA). TFT does not sell, rent, or share your personal data for cross-context behavioral advertising or any form of third-party data monetization.

5. Data Sharing and Disclosure

TFT does not sell, rent, or trade your personal data. We share it only with trusted third parties who support our operations, such as cloud providers (AWS, Azure), analytics vendors (Google), payment gateways (Razorpay, Stripe), or professional advisors. All such parties are bound by Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs), or equivalent safeguards to ensure protection equivalent to this Policy.

We may disclose data when required by law, court order, or regulatory authority, or to protect our legal rights, users, or property. In the event of a merger, acquisition, or business transfer, your data may be transferred to the successor entity under the same privacy standards.

6.Cross-Border Data Transfers

As a global organization, TFT may transfer and process personal data in countries outside your jurisdiction, including to India, the United States, the European Union, and other regions where we or our service providers operate. All cross-border transfers are carried out in compliance with applicable data protection laws and international transfer mechanisms, such as Standard Contractual Clauses (SCCs) under GDPR or contractual safeguards approved under the DPDP Act. We ensure that all recipients provide a level of protection equivalent to this Policy and applicable legal standards.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required under applicable laws and regulations, in accordance with Section 8(7) of the Digital Personal Data Protection Act, 2023. Client project data is retained for the duration of the engagement and for an additional period of seven (7) years thereafter to comply with legal, contractual, and audit obligations. Marketing contact information and related data are retained for up to three (3) years from the date of the last interaction, unless consent is withdrawn earlier. Job application data is stored for one (1) year unless you are selected for employment, in which case it becomes part of your employee record. Technical system logs and operational data are automatically deleted after ninety (90) days, unless required for security or troubleshooting purposes. Financial and accounting records are retained for eight (8) years in accordance with the Companies Act, 2013 and the Income Tax Act, 1961. Upon expiry of the applicable retention period, personal data is securely deleted, irreversibly anonymized, or archived in a restricted-access environment where further processing is not permitted. The Company ensures appropriate technical and organizational measures are implemented to comply with the principles of data minimization and storage limitation.

8. Your Data Protection Rights

You have comprehensive rights over your personal data, and we are committed to honoring them promptly and transparently, regardless of your location. These rights vary slightly by jurisdiction but generally include the ability to access your data, rectify inaccuracies, request deletion (erasure), restrict or object to processing, receive your data in a portable format, and opt out of automated decision-making where applicable.
Specifically, under GDPR/UK GDPR, you may exercise the right to be informed, access, rectification, erasure (including the “right to be forgotten”), restriction of processing, data portability, objection to processing (especially for direct marketing), and rights related to automated decision-making and profiling. For DPDP Act (India), you are entitled to access, correction, erasure, completion, updating, and nomination of a representative in case of incapacity. CCPA/CPRA (California) residents can request disclosure of categories and specific pieces of personal information collected, delete their data, opt out of any sale or sharing (though we do not sell data), and receive equal service without discrimination.

To exercise any right, send a verifiable request to info@tftus.com along with sufficient information to identify you (e.g., full name, email used, and reference number if applicable). We will verify your identity through reasonable means such as confirming details from prior interactions or requesting government-issued ID if needed to prevent fraud. Once verified, we will respond within 30 calendar days for GDPR and DPDP requests, or 45 days for CCPA requests (with a possible 45-day extension for complex cases, of which you will be notified). All responses are provided free of charge unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or refuse to act (with justification).
You may appoint an authorized agent to submit requests on your behalf under CCPA or DPDP by providing written permission. We do not discriminate against individuals exercising their rights and will never deny services, charge different prices, or provide lower quality due to such actions.

9. Children’s Privacy

TFT does not target or knowingly collect personal data from children. Our websites, applications, and services are intended solely for professional and business use by individuals aged 18 and above. We do not design content or features to attract minors, nor do we solicit data from them. If you are a parent or guardian and believe your child under 18 has provided us with personal data without your consent, please contact us immediately at info@tftus.com Upon verification, we will delete the information from our systems as quickly as possible and terminate any associated account. We comply with COPPA (USA – under 13), GDPR (EU – under 16), and DPDP (India – under 18) age thresholds and will never process children’s data without verifiable parental consent where required by law.

10. Data Security

Protecting your personal information is very important to us. At TFT, we use several layers of protection to keep your data safe from unauthorized access, misuse, or loss. We store your information on secure systems and use trusted service providers to host our data. We regularly check our systems to find and fix any possible security risks. Access to your personal data is limited only to authorized team members who need it to do their job. They must follow strict security rules and sign in securely to access any information. We also use automatic safety measures such as signing out inactive sessions to prevent any misuse. Organizational measures include mandatory annual data protection and cybersecurity training for all employees and contractors, signed confidentiality agreements, background checks for
personnel handling sensitive data, and a dedicated Security Operations Centre (SOC) monitoring systems 24/7. We maintain detailed audit logs, conduct quarterly risk assessments, and have a formal Incident Response Plan tested through tabletop exercises and live drills.
In the rare event of a data breach, we follow a structured protocol: immediate containment, forensic investigation, root cause analysis, and mandatory reporting. Affected individuals and supervisory authorities are notified without undue delay within 72 hours under DPDP, GDPR and as soon as practicable under CCPA. Notifications include a description of the breach, likely consequences, and mitigation steps taken. We also maintain cyber insurance to support recovery efforts.

11. Grievance Redressal

TFT has appointed a dedicated Grievance Officer to address all privacy-related concerns under the DPDP Act. If you are dissatisfied with our handling of your personal data or have any complaint, please contact:

Data Protection Officer: Mr. Vinod Sharma
Email: info@tftus.com

Your grievance will be acknowledged within 24 hours of receipt, and we commit to resolving it through investigation, remediation, and direct communication within 30 days. You will receive a written response detailing the outcome and any corrective actions taken. If you remain unsatisfied, you have the right to escalate the matter to the Data Protection Board of India (once constituted) or approach a competent court as per the DPDP Act. We maintain
records of all grievances and resolutions for audit and continuous improvement.

12. Updates to This Policy

We may revise or update this Privacy Policy from time to time to reflect changes in applicable laws, technological developments, or our internal practices. Any updated version of this Policy will be published on our website with a revised “Last Updated” date to indicate

the effective date of the changes. In the event of any material or significant modifications that affect your rights or how we handle your personal data, we will provide additional notice through email or a clear notification on our website. Your continued use of our websites or services after such updates will be deemed as your acknowledgment and acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data protection practices, you may contact us through the following channels:
Data Protection Officer (DPO): info@tftus.com

Contact us

We are always looking for innovation and new partnerships

    For free consultation connect with us and transform your ideas into awesome solutions.

    Email: info@stg.tftus.com

    Call (Sales): +91 72919 88071

    Our Global Presence
    India
    India
    Israel
    Israel
    USA
    USA
    UAE
    UAE
    Mexico
    Mexico
    Netherlands
    Netherlands
    Germany
    Germany

    Get In Touch