DPDP Act 2023 Compliant

Legyt App Privacy Policy

Privacy Policy Addendum for the Legyt mobile app. This addendum supplements — and must be read together with — the KonnectNXT Website Privacy Policy.

Last Updated:

This Privacy Policy Addendum is issued by Sustenance's Growth Cultivation Private Limited (KonnectNXT), a company incorporated under the Companies Act, 2013, bearing CIN U93090TG2018PTC129124 and having its registered office at 4th Floor, Myscape Weave, Financial District, Hyderabad, Telangana, India, 500032 (the "Data Principal").

Background

A. KonnectNXT operates a background verification service and has published a privacy policy dated 18 November 2025 at konnectnxt.com/privacy-policy (the "Website Privacy Policy").

B. KonnectNXT makes available a mobile application branded "Legyt" (the "App"), through which candidate background verifications are initiated and completed on Android and iOS devices.

C. This Privacy Policy Addendum (this "Addendum") supplements, and must be read together with, the Website Privacy Policy in respect of Personal Data processed through the App. It does not replace the Website Privacy Policy. In the event of any inconsistency in relation to the App, Clause 23 governs.

1. Interpretation and Definitions

1.1 In this Addendum, unless the context otherwise requires, the following expressions have the following meanings:

  • "Addendum" means this Privacy Policy Addendum, together with any schedule to it and any amendment made in accordance with Clause 20;
  • "App" or "Legyt" means the KonnectNXT candidate verification mobile application made available through the Google Play Store and the Apple App Store;
  • "DPDP Act" means the Digital Personal Data Protection Act, 2023, together with the rules and regulations made under it, each as amended from time to time;
  • "Data Principal", "Data Fiduciary", "Personal Data" and "processing" have the respective meanings given to them under the DPDP Act;
  • "Grievance Officer" means the officer designated by KonnectNXT under Clause 19;
  • "Requester" means a User who initiates and pays for a verification through the App;
  • "User", "you" or "your" means the individual who installs, accesses or operates the App;
  • "Verified Individual" means the individual whose identity and background are the subject of a Verification Case; and
  • "Verification Case" means a single background verification engagement created through the App and identified by a case reference.

1.2 In this Addendum, unless the context otherwise requires: (a) the headings are for convenience only and do not affect its interpretation; (b) words importing the singular include the plural and vice versa; (c) the words "including", "includes" and "in particular" are illustrative and do not limit the generality of the words preceding them; (d) a reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time and includes any subordinate legislation made under it; (e) a reference to a Clause is a reference to a clause of this Addendum; and (f) a reference to writing includes electronic communication.

2. Status, Scope and Application

2.1 This Addendum applies to all Personal Data collected, used, shared, stored, transferred or otherwise processed by KonnectNXT through the App.

2.2 The Website Privacy Policy continues to apply in full. This Addendum supplements the Website Privacy Policy and, where expressly stated, narrows it in respect of the App.

2.3 KonnectNXT is the Data Fiduciary in respect of Personal Data processed through the App and processes such Personal Data in accordance with the DPDP Act and other applicable law.

2.4 By creating an account in the App, or by using the App to initiate or complete a verification, the User confirms that the User has read and understood this Addendum. Where processing requires the consent of a Data Principal, such consent is obtained separately in accordance with Clause 17.

3. Relationship to the Website Privacy Policy

3.1 This Addendum supplements the Website Privacy Policy and does not replace it. The following table records, for each provision of this Addendum, whether it constitutes a new disclosure or an amendment that extends or narrows an existing section of the Website Privacy Policy, so that the two documents may be read together without conflict:

  • Clause 5 (Categories of Personal Data) amends and extends the section titled "Please Read the Following Terms of This Privacy Policy";
  • Clause 6 (Purposes and Legal Bases) amends and extends the section titled "Use of Information Collected";
  • Clause 7 (DigiLocker Aadhaar Verification) is a new disclosure with no existing equivalent;
  • Clause 8 (Device Permissions) is a new disclosure;
  • Clause 9 (Recipients and Service Providers) amends and extends the section titled "Use of Information Collected";
  • Clause 10 (Disclosure and No Sale) amends and extends the sections titled "Use of Information Collected" and "Business Transfer";
  • Clause 11 (Cross-Border Transfers) is a new disclosure;
  • Clause 12 (Retention) narrows the general five-year retention statement of the Website Privacy Policy for a specified category of data;
  • Clause 13 (Security) amends and extends the section titled "Security of Information: Safeguarding Your Data";
  • Clause 14 (Personal Data Breach) is a new disclosure;
  • Clause 15 (Deletion) and Clause 16 (Rights of the Data Principal) amend and extend the section titled "Your Choice"; and
  • Clauses 17 to 23 are new provisions specific to the App.

4. Eligibility and Children's Data

4.1 The App is intended solely for individuals who are 18 years of age or older. By using the App, the User represents and warrants that the User is at least 18 years of age.

4.2 KonnectNXT does not knowingly collect the Personal Data of children (being individuals below 18 years of age) through the App, and the App must not be used to conduct a verification in respect of a child. Consistent with Section 9 of the DPDP Act, KonnectNXT does not undertake any processing that is likely to cause a detrimental effect on the well-being of a child, and does not undertake tracking, behavioural monitoring or targeted advertising directed at children.

4.3 Where KonnectNXT becomes aware that it has collected the Personal Data of a child through the App without the verifiable consent of a parent or lawful guardian, KonnectNXT shall erase such data without undue delay. Such instances may be reported to the Grievance Officer under Clause 19.

5. Categories of Personal Data Collected

5.1 Account data. Upon registration, KonnectNXT collects the User's mobile telephone number (verified by one-time password) and full name, for the purpose of creating and securing the User's account and associating Verification Cases with the User.

5.2 Identity documents and government identifiers. In the course of a verification, the App captures, using the device camera, photographs of the front and reverse of the Verified Individual's Aadhaar card. From such images, KonnectNXT extracts, by automated optical character recognition, the following fields: name, date of birth, gender, residential address and Aadhaar number. Such fields are displayed to the User for review and correction prior to submission.

5.3 Photograph of the Verified Individual. The App captures, using the device camera, a photograph of the face of the Verified Individual, which is submitted with the Verification Case. The App does not perform facial recognition or biometric matching on the device.

5.4 DigiLocker consent record. Where Aadhaar verification is completed through DigiLocker in accordance with Clause 7, KonnectNXT receives and records whether consent was granted, the document types shared, and the date and time at which such consent was recorded. Aadhaar data retrieved through DigiLocker is delivered to and processed on KonnectNXT's servers and is not delivered to the App.

5.5 Payment and transaction data. Where the User makes payment for a verification, the User's name, telephone number, the order amount and an order reference are shared with the payment processor referred to in Clause 9. KonnectNXT receives and records payment reference identifiers and the outcome of the transaction. KonnectNXT does not receive or store any card number, UPI identifier, card verification value or banking credential, each of which is entered by the User directly with the payment processor.

5.6 Device and technical data. KonnectNXT collects basic device information (namely device model and operating system version) and, where the User grants notification permission, a push notification token, in order to deliver status updates in respect of the User's verification.

5.7 Data not collected. The App does not collect the User's location, contacts, call logs, SMS messages, browsing history or advertising identifiers. The App contains no advertising and incorporates no third-party analytics, behavioural tracking or profiling technology.

5.8 The Aadhaar number and the identity document images are sensitive in nature and are afforded the heightened protections set out in Clauses 12 and 13.

6.1 KonnectNXT processes Personal Data collected through the App only for the following purposes: (a) to create and secure the User's account; (b) to perform the verification requested and to prepare and deliver the verification report; (c) to collect payment and process refunds; (d) to communicate with the User in respect of a Verification Case; (e) to comply with legal, regulatory and audit obligations; and (f) to detect, prevent and address fraud, misuse and security incidents.

6.2 Legal bases. KonnectNXT processes Personal Data collected through the App on the basis of the consent of the relevant Data Principal, obtained through the App in accordance with Clause 17, and, where applicable, on the basis of such legitimate uses as are permitted under the DPDP Act, including where processing is necessary for compliance with law or for the establishment, exercise or defence of a legal claim.

6.3 Purpose limitation. KonnectNXT shall not process Personal Data collected through the App for any purpose incompatible with those set out in Clause 6.1. KonnectNXT does not sell such Personal Data and does not use it for advertising or for the training of any third-party advertising or profiling system.

7. DigiLocker Aadhaar Verification

7.1 DigiLocker is a digital document wallet operated by the Government of India under the Ministry of Electronics and Information Technology. KonnectNXT uses DigiLocker as the government-sanctioned channel for Aadhaar verification. The process, from the perspective of the Verified Individual, is as follows:

  • upon capture and review of the Aadhaar card images, the App requests the Verified Individual to verify their Aadhaar through DigiLocker and explains that DigiLocker is a secure, government-backed service;
  • upon the User selecting "Open DigiLocker", the App opens the official DigiLocker consent page within a secure in-app browser; the App does not at any time receive or store the DigiLocker username, password, personal identification number or one-time password;
  • on the DigiLocker page, the Verified Individual authenticates to their own DigiLocker account and elects whether to grant KonnectNXT access to their Aadhaar document, such consent being given to DigiLocker directly on a Government of India domain;
  • upon the Verified Individual returning to the App, the App verifies the status of such consent with KonnectNXT's servers and displays whether Aadhaar verification is complete, together with the date and time at which consent was recorded; and
  • the Verification Case may be submitted only after DigiLocker consent has been confirmed, and submission requires a further express confirmation within the App.

7.2 Aadhaar data shared through DigiLocker is delivered by DigiLocker to KonnectNXT's servers and is used solely to perform the verification requested and paid for. Such data is retained in accordance with Clause 12.

8. Device Permissions

8.1 The App requests device permissions only where required and in context, as follows: (a) camera access is used to photograph identity documents and the face of the Verified Individual, is requested at the point of capture, and may be declined, in which case the verification cannot be completed; and (b) notification permission is used to deliver verification status updates, is optional, and may be declined.

8.2 The App does not request access to location, contacts, SMS, call logs or the microphone. The User may review and revoke any permission granted at any time through the settings of the User's device. Revocation of camera access will prevent further captures.

9. Recipients and Service Providers

9.1 KonnectNXT shares Personal Data collected through the App only with the categories of recipient set out below, only for the purposes stated, and only under written contracts requiring each recipient to protect such data and to process it solely on KonnectNXT's documented instructions, consistent with the section of the Website Privacy Policy titled "Use of Information Collected":

  • a payment processor licensed and regulated in India, which collects payment for the verification service and processes refunds, and which receives the User's name, telephone number, order amount and order reference (payment instrument details being entered by the User directly with such processor and not being visible to KonnectNXT);
  • a verification partner for identity document authentication, which performs automated reading and authentication of identity document images and which receives the Aadhaar card images and the fields extracted from them;
  • DigiLocker, a Government of India service, which provides government-sanctioned retrieval of the Aadhaar document upon the consent of the Verified Individual;
  • a cloud infrastructure and storage provider, which securely hosts KonnectNXT's servers and stores documents and case records on KonnectNXT's behalf; and
  • a push notification delivery service, which delivers verification status notifications to the User's device where the User has permitted notifications.

9.2 Each recipient referred to in Clause 9.1 acts as a service provider processing Personal Data on KonnectNXT's documented instructions, save for DigiLocker, which is an independent government service acting on the consent of the Verified Individual.

10. Disclosure and No Sale of Personal Data

10.1 KonnectNXT does not sell Personal Data and does not share it for advertising or marketing by any third party.

10.2 KonnectNXT may disclose Personal Data where required to do so by law, by a court or by a competent authority, or where disclosure is necessary to establish, exercise or defend a legal claim, to prevent fraud or a security threat, or to protect the rights or safety of any person.

10.3 In the event that KonnectNXT is involved in a merger, acquisition, financing or sale of assets, Personal Data may be transferred as part of that transaction, consistent with the section of the Website Privacy Policy titled "Business Transfer", and any recipient shall remain bound by protections no less protective than those in this Addendum.

11. Cross-Border Transfers

11.1 KonnectNXT stores and processes Personal Data collected through the App on infrastructure located Mumbai, India. Where such Personal Data is transferred to, or accessed from, a location outside India, KonnectNXT effects such transfer only in a manner permitted by Section 16 of the DPDP Act and subject to any restriction notified by the Central Government, and under contractual safeguards maintaining a comparable standard of protection.

12. Retention of Aadhaar and Identity Document Data

12.1 The Website Privacy Policy provides for a general retention period of five years or such longer period as is necessary. This Clause 12 narrows that general rule in respect of Aadhaar and identity document data. Aadhaar card images, Aadhaar numbers, data received through DigiLocker, and the photograph of the Verified Individual are retained for a shorter, purpose-limited period and are not subject to the general five-year period.

12.2 The data referred to in Clause 12.1 is retained only for so long as is necessary to complete the Verification Case and to deliver the verification report, together with a short buffer for the handling of disputes, following which it is deleted or irreversibly redacted. The applicable period is 365 days.

12.3 The verification outcome and the Verification Case record are retained in accordance with the general retention rule of the Website Privacy Policy, for the reason that an Employer or a Verified Individual may require the verification result for the duration of an employment relationship, and that KonnectNXT may be required to demonstrate the basis on which a result was reached.

12.4 Aadhaar numbers are stored in a protected form, and where a persistent reference is required, KonnectNXT retains only a masked form disclosing the last four digits.

12.5 Payment and transaction records are retained for the periods required by applicable tax, accounting and company law, notwithstanding the prior deletion of the related identity data.

13. Security of Personal Data

13.1 In addition to the measures set out in the section of the Website Privacy Policy titled "Security of Information", KonnectNXT: (a) encrypts all data transmitted between the App and its servers using industry-standard transport layer security; (b) retains document images on the device only for the duration of the verification session; (c) restricts access to verification data on its systems to authorised personnel on a need-to-know basis; and (d) ensures that payment card data does not pass through its systems.

13.2 The App is designed to exclude sensitive screens from device screenshots and screen recordings.

13.3 No method of transmission or storage is entirely secure. While KonnectNXT employs reasonable safeguards, it does not warrant absolute security, and, to the extent permitted by law, the User shares information at the User's own risk.

14. Personal Data Breach

14.1 In the event of a personal data breach affecting data processed through the App, KonnectNXT shall assess and respond to such breach and shall notify the Data Protection Board of India and the affected Data Principals in the manner and within the timelines prescribed by the DPDP Act and the rules made under it.

15. Deletion of Account and Personal Data

15.1 The section of the Website Privacy Policy titled "Your Choice" confers upon the User the right to request deletion of the User's account or of specified Personal Data. In respect of the App, such deletion is available by the following means:

  • from within the App, by requesting deletion of the User's account and associated Personal Data;
  • through the web, by means of a deletion request page, such that a request may be made notwithstanding the uninstallation of the App; and
  • by written request to the Grievance Officer under Clause 19, from the User's registered contact details.

15.2 Upon deletion of the User's account, identity document images and extracted identity fields are deleted or irreversibly redacted; completed verification reports and payment records are retained only for the periods required by applicable law; and KonnectNXT retains a minimal record of the deletion request as evidence of compliance. A category-by-category record of such treatment is maintained in KonnectNXT's internal data retention and deletion matrix.

16. Rights of the Data Principal

16.1 In addition to the rights conferred by the section of the Website Privacy Policy titled "Your Choice", a Data Principal has, under the DPDP Act, the right: (a) to obtain a summary of the Personal Data processed and of the processing activities undertaken; (b) to the correction, completion or updating of inaccurate or incomplete Personal Data, the App permitting review and correction of extracted identity fields prior to submission; (c) to the erasure of Personal Data no longer necessary for the purpose for which it was collected, subject to retention required by law; (d) to a readily available means of grievance redressal under Clause 19; and (e) to nominate another individual to exercise the Data Principal's rights in the event of death or incapacity.

16.2 A Data Principal may exercise any such right by contacting the Grievance Officer under Clause 19. KonnectNXT shall verify the identity of the Data Principal and respond within the timelines prescribed by law. Where a Data Principal is not satisfied with KonnectNXT's response, the Data Principal may complain to the Data Protection Board of India in the manner prescribed under the DPDP Act.

17.1 KonnectNXT collects identity documents and government identifiers only following an express, affirmative act of consent. The consent screens of the App state the categories of data collected, the purposes of collection and the categories of recipient, and require the User to take an express consent action. Consent is not sought by means of a pre-selected option, and continued use of the App alone shall not constitute consent in respect of such categories.

17.2 Where the User initiates a verification in respect of another individual, the User shall confirm within the App that the User has obtained the express consent of that individual to the verification. The Verified Individual additionally provides consent directly to DigiLocker for the retrieval of Aadhaar data in accordance with Clause 7.

17.3 A Data Principal may withdraw consent at any time, with prospective effect, by cancelling a Verification Case prior to submission, by declining the DigiLocker consent request, by requesting deletion under Clause 15, or by written request to the Grievance Officer. The withdrawal of consent shall be as straightforward as the giving of it. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. Where consent is withdrawn prior to completion of a verification, the verification cannot be completed and the refund provisions of the Terms of Service Addendum apply.

18. Automated Processing and Verification Decisions

18.1 A verification result may be produced with the assistance of automated analysis carried out on KonnectNXT's servers. As provided in the section of the Terms titled "AI-Powered Decision Making", automated insights may not always be error-free and must be independently reviewed before any critical decision, including any employment decision, is taken. The App does not take employment decisions and does not perform on-device profiling or facial matching.

19. Grievance Officer and Escalation

19.1 In accordance with the DPDP Act and the Information Technology Act, 2000, the particulars of KonnectNXT's Grievance Officer in respect of the App are as follows:

  • Name: Santosh Kumar Namala;
  • Designation: CTO, KonnectNXT;
  • Email: santosh@konnectnxt.com
  • Response times: acknowledgement within 48 hours and resolution within the timelines prescribed by applicable law.

19.2 Where a grievance is not resolved to the Data Principal's satisfaction, the Data Principal may escalate the matter to the Data Protection Board of India in accordance with the DPDP Act.

20. Amendments to this Addendum

20.1 KonnectNXT may amend this Addendum from time to time. Where an amendment is material, KonnectNXT shall update the version and effective date and shall notify the User through the App or by other reasonable means prior to the amendment taking effect. The User's continued use of the App after an amendment takes effect shall constitute acceptance of the amended Addendum, save where fresh consent is required by law, in which case such consent shall be sought.

21. Governing Law and Jurisdiction

21.1 This Addendum is governed by and construed in accordance with the laws of India. Any dispute arising out of or in connection with it is subject to the exclusive jurisdiction of the courts of Telangana, consistent with the governing law provisions of the Website Privacy Policy and the Terms.

22. Publication and Contact

22.1 This Addendum is published on the KonnectNXT domain at konnectnxt.com/legyt/privacy-policy and is linked from within the App and from the App's store listings.

22.2 Any query or request in respect of privacy may be addressed to the Grievance Officer under Clause 19 or to KonnectNXT at contact@konnectnxt.com.

23. Effect and Precedence

23.1 This Addendum supplements, and does not supersede, replace or limit, the Website Privacy Policy dated 18 November 2025. In the event of any inconsistency between this Addendum and the Website Privacy Policy in relation to Personal Data processed through the App, the provision affording the greater protection to the Data Principal shall prevail. All other provisions of the Website Privacy Policy, including its general retention statement, its NDNC communication authorisation and its business transfer provisions, remain in full force and effect.

23.2 By accepting this Addendum, the User acknowledges that the User has read and understood it and agrees to be bound by it.

Support

Have Questions?

Our team is here to help. If you have any questions or concerns, we're just an email away.

Send us an Email
24/7
Quick Response
100%
Secure & Private