Privacy Policy

Privacy Policy — InternBoard.com

Issued by: Master Trading Class Private Limited

Designation: Owner and Operator of InternBoard.com

Global Office: 12 Woodlands Square, #13-79 Woods Square Tower One, Singapore 737715

Corporate Office: #G-3, South West Avenue, Street No. 2, Lalamma Gardens, PuppalGuda, Hyderabad, Telangana, India – 500089

Support and Enquiries: support@internboard.com

Last Reviewed and Updated: April 21, 2026

Effective Date: April 21, 2026

This Privacy Policy is a legally binding instrument that governs the collection, use, storage, processing, disclosure, transfer, and protection of personal data by InternBoard.com, operated by Master Trading Class Private Limited (“the Company”). All persons accessing or using this Platform are advised to read this Policy carefully and in its entirety before providing any personal information. Continued access to or use of the Platform, following the publication of this Policy or any subsequent amendment thereto, shall constitute unconditional acceptance of its terms.

1. Preliminary Statement and Scope

1.1 About InternBoard.com

InternBoard.com (“InternBoard,” “the Platform,” “we,” “us,” or “our”) is a global digital opportunity marketplace developed, owned, and maintained by Master Trading Class Private Limited, a company incorporated in accordance with applicable law, with its global office at 12 Woodlands Square, #13-79 Woods Square Tower One, Singapore 737715, and operational presence in Hyderabad, Telangana, India.

The Platform functions as a technology-driven intermediary connecting students, fresh graduates, and early-career professionals—referred to throughout this Policy as “Career Starters”—with organizations, businesses, and individuals offering internships, apprenticeships, part-time roles, full-time employment, remote opportunities, freelance gigs, and career development resources, collectively referred to as “Employers.”

1.2 Nature and Limitations of the Platform

InternBoard operates exclusively as a technology platform and opportunity discovery service. In this capacity, the Company expressly:

1. does not act as an employer, staffing agency, recruitment consultancy, labour hire agency, or placement bureau;
2. does not participate in, influence, direct, or make any determination in respect of the hiring, shortlisting, or rejection of any Career Starter by any Employer;
3. does not enter into, or purport to enter into, any employment, internship, apprenticeship, contractor, or labour or service agreement on behalf of any party;
4. does not warrant, guarantee, or represent the accuracy, authenticity, completeness, or currency of any information published by Employers or Career Starters on the Platform;
5. does not assume liability for any outcome arising from interactions between Career Starters and Employers facilitated through the Platform; and
6. does not verify the identity or qualifications of all users, except as outlined under the Company’s Employer Verification and Trust Program.

1.3 Jurisdictional Scope

This Privacy Policy applies to all users of the Platform, irrespective of geographic location, and governs the processing of personal data:

1. collected within or from the territories of India, Singapore, the European Union (“EU”), the United Kingdom (“UK”), the United Arab Emirates (“UAE”), the United States of America (“USA”), and all other jurisdictions in which the Platform operates or in which its users are located;
2. collected online or collected offline and subsequently digitised; and
3. processed by the Company, its affiliated entities, authorized service providers, or data processors acting under the Company’s documented instruction.

1.4 Users Covered by this Policy

This Policy applies to all of the following categories of persons:

1. Career Starters — individuals who register on the Platform to discover and apply for opportunities, including students, graduates, and early-career professionals;
2. Employers—individuals or organisations that register on the Platform to post opportunities or access Career Starter profiles;
3. Visitors—individuals who access or browse the Platform without creating a registered account; and
4. Other Data Subjects—any other persons whose personal data is submitted to or otherwise processed by the Platform, including contact persons at Employer organisations.

2. Definitions and Interpretation

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below. Where a term is not defined herein, it shall be interpreted in accordance with applicable data protection law.

2.1 Personal Data

“Personal Data” means any information relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. This definition is consistent with Article 4(1) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Section 2(t) of India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), and equivalent definitions under the Singapore Personal Data Protection Act 2012 (“PDPA”) and the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection.

2.2 Sensitive Personal Data

“Sensitive Personal Data” means any category of Personal Data that is afforded heightened protection under applicable law, including but not limited to: financial account information, biometric data, health or medical data, racial or ethnic origin, religious or philosophical beliefs, political opinions, sexual orientation, criminal history, and immigration or citizenship status.

2.3 Data Fiduciary and Data Controller

“Data Fiduciary” and “Data Controller” are used interchangeably and refer to the company—Master Trading Class Private Limited—which, alone or jointly with others, determines the purposes and means of processing Personal Data, consistent with the terminology used under the DPDP Act and the GDPR, respectively.

2.4 Data Principal and Data Subject

“Data Principal” and “Data Subject” are used interchangeably and refer to the natural person to whom Personal Data relates, consistent with the terminology used under the DPDP Act and the GDPR, respectively.

2.5 Data Processor

“Data Processor” means any natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of, and under the written instruction of, the Company.

2.6 Processing

“Processing” means any operation or set of operations performed upon Personal Data, whether by automated or manual means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.

2.7 Consent

“Consent” means a freely given, specific, informed, and unambiguous indication of the Data Principal’s agreement to the processing of their Personal Data for a stated purpose, expressed through a clear affirmative act. Consent shall not be inferred from silence, inactivity, pre-ticked boxes, or any other form of passive conduct.

2.8 Data Breach

“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed by the Company.

2.9 Platform

“Platform” refers collectively to the InternBoard.com website; any associated mobile applications; application programming interfaces (“APIs”); tools; widgets; and any other digital products or services operated by the Company under the InternBoard brand.

2.10 Career Starter

“Career Starter” refers to any individual who registers on the Platform as a job seeker, intern applicant, apprenticeship seeker, gig worker, or early-career professional, regardless of the label used at the time of registration. The terms “Career Starter” and “Candidate” are used interchangeably throughout this Policy and all related Company documents and shall have identical legal meaning.

2.11 Employer

“Employer” means any individual, organization, company, startup, institution, or entity that registers on the Platform for the purpose of posting opportunities, accessing Career Starter profiles, or otherwise utilizing the Platform’s employer-facing services.

2.12 Third Party

“Third Party” means any natural or legal person, public authority, agency, or body other than the Data Principal, the Company, and persons who, under the direct authority of the Company, are authorized to process Personal Data.

3. Eligibility and Age Restrictions

3.1 Minimum Age Requirement

The Platform is intended exclusively for use by individuals who are at least eighteen (18) years of age. By creating an account or otherwise using the Platform, a user represents and warrants that they satisfy this age requirement. In jurisdictions where applicable law imposes a higher minimum age for participation in online services, such higher age threshold shall govern.

3.2 Prohibition on Minors

The Company does not knowingly solicit, collect, or process the Personal Data of individuals under the age of eighteen (18). In accordance with its obligations under the DPDP Act 2023 (India), the PDPA (Singapore), the GDPR (EU/UK), the Children’s Online Privacy Protection Act (“COPPA”) (USA), and other applicable instruments, the Company will, upon becoming aware that a minor has submitted Personal Data through the Platform, promptly delete such data and disable the associated account without further notice.

3.3 Parental and Guardian Responsibility

Parents and legal guardians who become aware that a minor has accessed or registered on the Platform are requested to notify the Company immediately at support@internboard.com so that appropriate remedial action may be taken.

4. Categories of Personal Data Collected

The Company collects the following categories of Personal Data, the scope of which varies depending upon the nature of the user’s interaction with the Platform and the user type:

4.1 Account Registration and Identity Data

1. Full legal name;
2. Email address;
3. Password (maintained in encrypted and hashed form; never stored in plain text);
4. Country or region of residence;
5. Profile photograph, where voluntarily uploaded;
6. Mobile telephone number, where provided; and
7. Date of birth, collected for the purpose of age verification only.

4.2 Career Starter Professional and Career Data

1. Educational qualifications, academic institutions attended, fields of study, and graduation dates;
2. Work experience, internship history, employment background, and professional achievements;
3. Technical and non-technical skills, competencies, and areas of career interest;
4. Certifications, awards, professional licenses, and accreditations;
5. Curriculum vitae or resume in any digital format, uploaded voluntarily by the Career Starter;
6. Portfolio links, GitHub or GitLab profiles, personal websites, LinkedIn profiles, or other professional references, where voluntarily shared;
7. Salary, stipend, or compensation expectations, where voluntarily disclosed;
8. Availability, preferred work arrangements (on-site, remote, hybrid), and preferred geographic location; and
9. Demographic information, such as gender or veteran status, is voluntarily provided for diversity and inclusion purposes, subject to applicable law.

4.3 Employer and Organisation Data

1. Company name, legal entity type, industry sector, and registration or incorporation details, where applicable;
2. Business address, country of operation, and contact details;
3. Name and professional designation of the authorised representative creating the account;
4. Opportunity listings, including job titles, descriptions, requirements, duration, compensation details, and application instructions; and
5. Documents and information submitted in connection with the Company’s Employer Verification and Trust Program.

4.4 Technical and Device Data

1. Internet Protocol (“IP”) address;
2. Device type, model, and operating system version;
3. Browser type, version, and language preferences;
4. Unique device identifiers and, where applicable, advertising identifiers;
5. Time zone settings and approximate geographic location derived from IP address;
6. Login session timestamps, session duration, and logout records; and
7. Referring URL, entry pages, exit pages, and navigation paths within the Platform.

4.5 Behavioural and Usage Data

1. Pages, features, and sections accessed within the Platform;
2. Search queries entered and filters applied;
3. Opportunities viewed, saved, or applied to, and the status of such applications;
4. Time spent on specific pages or sections;
5. Click-through data and interaction events; and
6. Platform preferences, saved searches, and notification settings.

4.6 Communications and Support Data

1. Correspondence submitted through the Platform’s customer support channels, including email and any in-Platform messaging tools;
2. Feedback, ratings, reviews, and survey responses submitted by users;
3. Fraud, scam, or misconduct reports submitted by users; and
4. Records of all interactions with the Company’s support team, maintained for quality assurance and dispute resolution purposes.

4.7 Transactional and Membership Data

1. Membership plan type, subscription commencement and expiry dates, and renewal records;
2. Transaction dates, amounts, and reference numbers; and
3. Billing name and address.

The Company does not store, process, or have access to complete card numbers, bank account numbers, card verification values (CVVs), or any other sensitive payment authentication credentials. All payment transactions are processed exclusively by PCI-DSS-certified third-party payment gateway providers. The Company receives only tokenized, reference-level transactional data from such providers.

4.8 Data Obtained from Third-Party Sources

With the Data Principal’s consent, or where otherwise permitted by applicable law, the Company may also collect:

1. Profile information from social or professional networking platforms, including Google and LinkedIn, where a user elects to register or log in via such platforms using single sign-on functionality;
2. Publicly available professional information from professional directories or public websites; and
3. Aggregate or anonymized data from analytics providers, search engines, or business intelligence tools, subject to the terms of this Policy.

5. Purposes of Processing and Legal Bases

The Company processes Personal Data only for specified, explicit, and legitimate purposes. Processing is carried out on one or more of the following lawful bases: (i) consent of the Data Principal; (ii) performance of a contract to which the Data Principal is a party; (iii) compliance with a legal obligation; or (iv) the legitimate interests of the Company, provided such interests are not overridden by the fundamental rights and freedoms of the Data Principal.

5.1 Account Creation and Platform Access

Purpose: To create and authenticate user accounts and to enable Career Starters and Employers to access and use the Platform’s core features.

Legal Basis: Performance of contract; consent.

5.2 Opportunity Discovery and Application Facilitation

Purpose: To enable Career Starters to search for, discover, and apply to opportunities; to enable Employers to post opportunities and review applications; and to algorithmically match Career Starters to relevant opportunities based on profile data, stated preferences, and Platform activity.

Legal Basis: Performance of contract; legitimate interests of the Company in providing an effective and commercially viable matching service.

5.3 Transactional and Membership Communications

Purpose: To send account confirmation emails, application status notifications, membership and billing communications, platform alerts, and security notifications.

Legal Basis: Performance of contract; legal obligation.

5.4 Marketing and Promotional Communications

Purpose: To send promotional emails, newsletters, career resources, platform updates, and related communications to users who have opted in to receive them.

Legal Basis: Consent. Users may withdraw consent for marketing communications at any time through the unsubscribe mechanism included in each marketing communication or by writing to support@internboard.com.

5.5 Platform Analytics and Product Improvement

Purpose: To analyze user interaction patterns, engagement metrics, and platform performance data for the purpose of improving Platform features, content, and user experience, and for conducting internal audits.

Legal Basis: Legitimate interests of the Company.

5.6 Safety, Fraud Prevention, and Platform Integrity

Purpose: To detect, investigate, and prevent fraudulent accounts, identity misrepresentation, scam postings, phishing attempts, spam, and any other activity that violates the Platform’s Terms and Conditions or applicable law.

Legal Basis: Legitimate interests; legal obligation.

5.7 Legal Compliance, Claims, and Regulatory Obligations

Purpose: To comply with applicable laws, regulations, court orders, and regulatory directives; to enforce the Company’s legal rights; and to exercise or defend against legal claims.

Legal Basis: Legal obligation; legitimate interests.

6. Data Sharing and Disclosure

The Company does not sell, rent, trade, auction, or otherwise transfer Personal Data to any third party for their independent commercial purposes. Disclosure of Personal Data occurs only in the following defined circumstances:

6.1 Disclosure of Career Starter Data to Employers

When a Career Starter submits an application to an opportunity listed on the Platform, the Career Starter’s relevant profile information—which may include their name, contact information (as provided), resume, skills, work experience, educational background, and other career data—will be disclosed to the Employer who posted that opportunity, for the sole purpose of evaluating the application. By submitting an application, the Career Starter expressly consents to such disclosure for that specific recruitment purpose.

Career Starters are advised that profile and application data shared with an Employer through the Platform becomes part of that Employer’s recruitment process. The Company does not control how an Employer stores, uses, or retains Career Starter data following its receipt, and Career Starters are encouraged to review the privacy practices of any Employer with whom they share their information. Career Starters are further advised that data submitted as part of an application cannot be retroactively recalled by the Company once it has been accessed by the Employer.

6.2 Disclosure of Employer Data to Career Starters

Employer profile information, including company name, registered address, industry, opportunity descriptions, and verification status under the Employer Verification and Trust Program, is displayed to Career Starters to enable informed application decisions.

6.3 Authorised Data Processors and Service Providers

The Company engages third-party service providers to process Personal Data on its behalf for specified operational purposes, which may include:

1. cloud hosting, infrastructure, and data storage services;
2. email delivery and communication platforms;
3. payment processing and billing management;
4. web analytics, performance monitoring, and A/B testing tools;
5. cybersecurity, fraud detection, and threat intelligence platforms;
6. customer relationship management and support ticketing systems; and
7. legal, accounting, and professional advisory services.

All such service providers are engaged under written Data Processing Agreements that require them to: process Personal Data only in accordance with documented instructions from the Company; implement appropriate technical and organizational security measures; prohibit sub-processing without prior written consent from the Company; and comply with applicable data protection law. The Company does not permit service providers to use Personal Data for their own independent purposes.

6.4 Corporate Restructuring and Business Transfers

In the event of a merger, acquisition, restructuring, divestiture, sale of assets, or insolvency proceedings involving the Company, Personal Data may be disclosed to and transferred to the acquiring, successor, or reorganized entity as part of the transaction. Affected users will be notified of any such transfer and the privacy protections that will apply prior to such transfer taking effect. Any successor entity shall be bound to honor the protections set out in this Policy or to provide protections of equivalent standard.

6.5 Legal, Regulatory, and Law Enforcement Disclosure

The Company may disclose Personal Data to courts, law enforcement agencies, governmental bodies, or regulatory authorities where:

1. such disclosure is required by a valid and enforceable legal process, including a court order, statutory obligation, subpoena, or regulatory directive;
2. disclosure is necessary to protect the legal rights, property, or safety of the Company, its directors, employees, users, or any member of the public;
3. disclosure is required to detect, investigate, or prosecute fraud, cybercrime, or platform abuse; or
4. disclosure is required in response to a lawful national security or law enforcement request.

Where the Company is legally permitted to do so, it will endeavor to notify the affected Data Principal prior to making any such disclosure.

6.6 Aggregated and De-identified Data

The Company may share aggregated, de-identified, or anonymised data — which does not identify any individual—with partners, researchers, or the public, or for business development purposes. Such data falls outside the definition of Personal Data and is not subject to the restrictions in this Policy.

7. International and Cross-Border Data Transfers

7.1 Nature of International Transfers

In view of the global nature of the Platform and the Company’s operations across multiple jurisdictions, Personal Data may be transferred to, stored in, and processed in countries other than the user’s country of residence. Such countries may include India, Singapore, member states of the European Economic Area, the United Kingdom, the United States of America, and other jurisdictions in which the Company or its authorized service providers operate.

7.2 Transfer Safeguards

The Company implements the following safeguards to ensure that cross-border transfers of Personal Data are conducted lawfully and with appropriate protection:

1. Standard Contractual Clauses: For transfers of Personal Data from the EU or EEA to third countries that have not received an EU adequacy decision, the Company employs the European Commission’s Standard Contractual Clauses as approved under Article 46 of the GDPR, or such equivalent mechanisms as are recognised under applicable UK law following the UK’s departure from the EU;
2. Adequacy Decisions: Where the European Commission or a competent UK authority has issued an adequacy decision in respect of the destination country, the Company relies on such decision as a valid transfer mechanism;
3. DPDP Act and Rules, 2025 Compliance: For transfers from India, the Company complies with the cross-border transfer obligations stipulated under the Digital Personal Data Protection Act, 2023, and the Digital Personal Data Protection Rules, 2025, notified by the Ministry of Electronics and Information Technology (MeitY) on 13 November 2025, as implemented in a phased manner with full compliance expected by 13 May 2027;
4. Singapore PDPA Transfer Limitation Obligations: For data involving individuals in Singapore, the Company complies with the transfer limitation obligations under the Third Schedule of the Personal Data Protection Act 2012 (as amended), including by ensuring that recipient organisations provide a comparable standard of protection; and
5. Contractual Protections: For all international transfers involving service providers or affiliated entities, the Company ensures that recipient entities are bound by contractual terms requiring data protection standards no less protective than those specified in this Policy.

8. Data Security and Technical Safeguards

8.1 Security Framework

The Company maintains a comprehensive and layered information security programme designed to protect Personal Data against unauthorised access, accidental loss, alteration, disclosure, or destruction. The programme includes, without limitation:

1. Encryption in Transit and at Rest: All data transmitted between users and the Platform is protected using Transport Layer Security (TLS/HTTPS). Sensitive Personal Data at rest is protected using industry-standard encryption protocols.
2. Access Control and Authentication: Access to Personal Data systems is restricted on a role-based, need-to-know basis. Access is authenticated through secure protocols, including password hashing, and, where available, multi-factor authentication. All administrative access is logged and subject to periodic review;
3. Vulnerability and Patch Management: The Company conducts periodic security assessments, including vulnerability scanning and penetration testing, to identify and remediate security weaknesses in a timely manner;
4. Data Minimisation in Systems: Internal systems are designed to collect, display, and retain only the minimum Personal Data necessary for each function;
5. Incident Detection and Response: The Company maintains a documented security incident response plan that enables timely detection, containment, assessment, notification, and remediation of data security incidents;
6. Employee Training and Confidentiality Obligations: All personnel with access to Personal Data are subject to confidentiality obligations and receive periodic training on data protection and information security practices; and
7. Vendor Security Assessment: Third-party service providers are assessed for their security practices and controls prior to engagement and are contractually required to maintain standards consistent with this Policy.

8.2 Limitation of Security Guarantees

Notwithstanding the safeguards maintained by the Company, no data transmission over the internet and no electronic storage system can be guaranteed to be entirely impervious to compromise. The Company cannot, therefore, represent or warrant absolute data security. Users are responsible for: maintaining the strict confidentiality of their account credentials, logging out of their accounts after each session, and notifying the Company promptly at support@internboard.com upon becoming aware of any suspected unauthorised access to their account.

8.3 Data Breach Notification

In the event of a Data Breach that is likely to result in a risk to the rights and freedoms of Data Principals, the Company shall:

1. notify the relevant supervisory or regulatory authority within the timeframe required by applicable law—including within seventy-two (72) hours under Article 33 of the GDPR and within such periods as are prescribed under the DPDP Act and DPDP Rules 2025 and the Singapore PDPA;
2. notify affected Data Principals without undue delay where the breach is likely to result in a high risk to their rights, providing sufficient information to enable them to take protective action; and
3. maintain an internal data breach register documenting the nature of the breach, its effects, and the remedial action taken, regardless of whether external notification is required.

9. Data Retention and Lifecycle Management

9.1 Retention Principles

The Company retains Personal Data for no longer than is necessary to fulfill the specific purpose for which it was collected or as required by applicable law. The Company’s data retention practices are further governed by its Data Retention, Deletion, and Data Lifecycle Policy, published on the Platform and incorporated into this Policy by reference.

9.2 Standard Retention Periods

As a general guide, the following retention periods apply:

1. Active Account Data: Retained throughout the period of active account registration and for up to three (3) years following account deactivation, closure, or deletion, unless a longer period is required by law or is necessary for the resolution of ongoing disputes;
2. Career Starter Application Data: Retained for up to two (2) years from the date of the relevant application or the closure of the corresponding opportunity, whichever is later;
3. Transaction and Billing Records: Retained for a minimum of seven (7) years in compliance with applicable financial, tax, and accounting record-keeping obligations;
4. Security and Fraud Prevention Logs: Retained for up to five (5) years for the purposes of fraud investigation, platform security, and legal proceedings;
5. Customer Support and Communications Records: Retained for up to three (3) years from the date of the most recent interaction; and
6. Marketing Consent Records: Retained for the duration of the applicable consent and for five (5) years thereafter, to demonstrate compliance in the event of a regulatory inquiry.

9.3 Deletion and Anonymisation

Upon expiry of the applicable retention period, or upon receipt of a valid and verified deletion request where no overriding legal basis for continued retention exists, the Company will securely delete, anonymize, or pseudonymize the relevant Personal Data. Where such Personal Data has been shared with third-party processors, the Company will take commercially reasonable steps to ensure corresponding deletion or anonymization by those processors.

10. Cookies and Tracking Technologies

10.1 Use of Cookies

The Platform uses cookies, web beacons, pixel tags, local storage, and similar tracking technologies (“Cookies”) to enable core platform functionality, maintain user session continuity, personalize the user experience, and analyse Platform performance.

10.2 Categories of Cookies

1. Strictly Necessary Cookies: Essential to the operation of the Platform. These Cookies enable core functions such as user authentication, session management, and security features. The Platform cannot function correctly without them, and they cannot be disabled.
2. Performance and Analytics Cookies: Used to collect anonymised or aggregated information about how users interact with the Platform, including which pages are visited most frequently and whether error messages are received. This information is used solely to improve how the Platform works.
3. Functional Cookies: Used to remember user-specific preferences and settings, such as language selections, login details, and display configurations, to provide a more personalised experience; and
4. Marketing and Targeting Cookies: Used, with the prior consent of the user, to deliver content that is relevant to the user’s interests and, where applicable, to measure the effectiveness of promotional campaigns. These Cookies may be placed by the Company or by third-party advertising partners.

10.3 Cookie Consent and User Control

Where required by applicable law—including the EU ePrivacy Directive, the GDPR, the UK Privacy and Electronic Communications Regulations, and equivalent national law—the Company obtains the user’s prior and freely given consent before placing any non-essential Cookies. Users may manage or withdraw Cookie consent at any time through the following:

1. the Cookie consent management tool available on the Platform; or
2. their browser settings, which typically allow users to block, restrict, or delete Cookies.

Users are advised that disabling certain categories of Cookies may affect the functionality, personalization, and performance of the Platform. The Company’s comprehensive Cookie Policy is published separately on the Platform and is incorporated herein by reference.

11. Rights of Data Principals

Subject to applicable law and the satisfaction of identity verification requirements, users may exercise the following data protection rights in relation to their Personal Data. The Company endeavours to honor these rights consistently with its obligations under the GDPR (EU/UK), the DPDP Act 2023 and DPDP Rules 2025 (India), the PDPA (Singapore), the CCPA/CPRA (California, USA), the UAE Federal Decree-Law No. 45 of 2021, and other applicable instruments.

11.1 Right of Access and Confirmation

Data Principals have the right to request confirmation of whether the Company processes their Personal Data, and to obtain a copy of such data, along with information about the purposes of processing, the categories of data processed, the recipients or categories of recipients to whom data is or may be disclosed, and the applicable retention periods.

11.2 Right to Correction and Rectification

Data Principals have the right to request the correction of inaccurate Personal Data and the completion of any incomplete Personal Data held about them, without undue delay.

11.3 Right to Erasure

Subject to applicable legal limitations, Data Principals may request the erasure of their Personal Data where:

1. the data is no longer necessary for the purposes for which it was collected or processed;
2. consent has been withdrawn and no alternative legal basis for processing subsists;
3. the processing was unlawful; or
4. erasure is required to comply with a legal obligation binding on the Company.

The Company will not erase Personal Data where continued retention is required by law, is necessary for the establishment, exercise, or defence of legal claims, or is otherwise protected by a lawful basis.

11.4 Right to Restrict Processing

Data Principals may request a restriction on the processing of their Personal Data in circumstances including where: the accuracy of the data is being contested; the processing is unlawful but the Data Principal opposes erasure; the Company no longer requires the data but the Data Principal requires it for legal claims; or the Data Principal has objected to processing pending verification of the Company’s legitimate grounds.

11.5 Right to Data Portability

Where processing is based on consent or the performance of a contract and is carried out by automated means, Data Principals have the right to receive their Personal Data in a structured, commonly used, and machine-readable format and to request that it be transmitted to another controller where technically feasible.

11.6 Right to Object

Data Principals may object, on grounds relating to their particular situation, to the processing of their Personal Data where such processing is based on the Company’s legitimate interests. The Company will cease such processing unless it demonstrates compelling legitimate grounds that override the Data Principal’s interests or unless the processing is necessary for the establishment, exercise, or defence of legal claims.

Data Principals may object at any time to the processing of their Personal Data for direct marketing purposes, including profiling to the extent it relates to direct marketing, without the need to provide grounds.

11.7 Rights in Relation to Automated Decision-Making and Profiling

Data Principals have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects or similarly significant effects concerning them. Where such processing occurs, Data Principals are entitled to request human review of the automated decision, to express their point of view, and to contest the outcome.

11.8 Right to Withdraw Consent

Where processing is based on consent, Data Principals may withdraw consent at any time, without prejudice to the lawfulness of processing carried out prior to the withdrawal. Withdrawal of consent does not affect the Company’s right to process Personal Data on other lawful bases.

11.9 Right to Nominate (India)

Under Section 14 of the DPDP Act, 2023, Data Principals who are Indian residents may nominate another individual to exercise their data protection rights on their behalf in the event of the Data Principal’s death or incapacity.

11.10 Right to Opt Out of Data Sale or Sharing (California, USA)

California residents who use the Platform are advised that the Company does not sell or share Personal Data as those terms are defined under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) for purposes of cross-context behavioral advertising.

11.11 Right to Lodge a Complaint

Data Principals have the right to lodge a complaint with the relevant supervisory or regulatory authority in their jurisdiction, including:

1. India: The Data Protection Board of India, constituted under the DPDP Act, 2023;
2. European Union: The data protection supervisory authority of the relevant EU Member State in which the Data Principal resides or works, or in which the alleged infringement occurred;
3. United Kingdom: The Information Commissioner’s Office (ICO);
4. Singapore: The Personal Data Protection Commission (PDPC); and
5. UAE: The UAE Data Office established under Federal Decree-Law No. 45 of 2021.

11.12 How to Exercise Your Rights

All requests relating to the exercise of data protection rights should be submitted in writing to:

Email: support@internboard.com

Correspondence Address: Master Trading Class Private Limited, #G-3, South West Avenue, Street No. 2, Lalamma Gardens, PuppalGuda, Hyderabad, Telangana, India – 500089

The Company will acknowledge receipt of all valid rights requests within five (5) business days. The Company will respond substantively within the period required by applicable law and, in any event, within thirty (30) calendar days of receipt of a complete and valid request. The Company reserves the right to verify the identity of the requesting party before processing any request and may request additional information for this purpose. Where the Company is unable to fully comply with a request, it will provide a written explanation of the grounds for refusal.

12. Consent Management

12.1 How Consent is Obtained

Where consent is the applicable legal basis for processing, the Company obtains consent through clear, specific, affirmative, and documented mechanisms at the point of data collection. Consent forms are drafted in plain language and clearly identify the processing purpose, the categories of data involved, and the right to withdraw. The Company does not rely on pre-ticked boxes, bundled consent, or implied consent.

12.2 Withdrawal of Consent

Data Principals may withdraw consent at any time and without detriment by:

1. accessing notification and communication preferences within their account settings;
2. clicking the unsubscribe or opt-out link included in any marketing communication; or
3. submitting a written request to support@internboard.com.

Withdrawal of consent does not affect the lawfulness of any processing carried out prior to such withdrawal.

12.3 Records of Consent

The Company maintains records of all consents obtained, including the date, method, and scope of consent, to demonstrate compliance in the event of a regulatory audit or inquiry.

13. Fraud Prevention and Platform Integrity

13.1 Active Monitoring

The Company employs automated and manual monitoring measures to detect and prevent the following conduct, without limitation:

1. creation of fraudulent, impersonated, or fictitious accounts;
2. submission of false, misleading, or misrepresented Employer or Career Starter information;
3. posting of scam, fraudulent, or deceptive opportunity listings;
4. identity theft or unauthorised use of another person’s credentials or personal information;
5. phishing attempts, spam, or unsolicited mass communications directed at users;
6. any other conduct that violates the Platform’s Terms and Conditions, Community Guidelines, or applicable law.

13.2 Consequences of Violations

Where a user is found to be engaged in fraudulent or prohibited activities, the Company may, in its sole discretion and without prior notice:

1. immediately suspend or permanently terminate the user’s account;
2. remove all content published by the user from the Platform;
3. report the user’s conduct to relevant law enforcement or regulatory authorities; and
4. initiate civil or criminal legal proceedings as appropriate.

13.3 User Reporting

Users are encouraged to report suspected fraud, scam postings, identity misuse, or other misconduct through the Platform’s designated reporting tools or by writing to support@internboard.com. The Company investigates all credible reports and maintains the confidentiality of reporting persons to the fullest extent permitted by law.

14. Third-Party Links, Integrations, and External Services

14.1 External Links

The Platform may contain hyperlinks to third-party websites, platforms, or digital services that are not owned, operated, or controlled by the Company. The inclusion of any such link does not constitute an endorsement, recommendation, or warranty by the Company of the third-party site or its content, products, or data practices.

14.2 No Responsibility for Third-Party Data Practices

The Company assumes no responsibility or liability for the privacy practices, data collection activities, security measures, or content of any third-party website or service. Users who navigate to third-party platforms through links available on the InternBoard Platform do so at their own risk. Users are strongly advised to review the applicable privacy policies and terms of service of any third-party platform before providing their Personal Data.

14.3 Social Login and Third-Party Account Integration

Where Career Starters or Employers elect to register or sign in to the Platform using a third-party authentication service (such as Google or LinkedIn), the Company receives only the profile information that the user has expressly authorized the third-party platform to share in accordance with that platform’s data-sharing settings. The Company’s use of such information is limited to account creation, authentication, and pre-population of user profile fields. Users are advised to review and manage their privacy and sharing settings on such third-party platforms independently.

15. Artificial Intelligence, Automated Matching, and Profiling

15.1 Automated Systems

The Platform uses algorithmic systems and automated tools to: rank and match Career Starters to relevant opportunities based on profile completeness, skills, experience, and Platform activity; personalize content and recommendations; detect anomalous or fraudulent activity; and generate performance analytics. These systems are designed to improve the relevance and quality of the opportunity discovery experience.

15.2 Human Oversight

The Company does not rely exclusively on automated processing to make decisions that produce legal or similarly significant effects on individual Data Principals. Where automated processing plays a material role in a platform-level outcome that affects a user’s access to opportunities, appropriate human oversight is applied.

15.3 Career Starter Rights in Relation to Automated Processing

Career Starters who believe they have been adversely or significantly affected by automated decision-making on the Platform may:

1. request that a human review the relevant automated output;
2. provide additional information or context that was not captured by the automated system; and
3. contest any outcome that they believe to be inaccurate or unfair.

Such requests should be submitted in writing to support@internboard.com.

15.4 AI Governance Principles

Any application of artificial intelligence or machine learning models to Personal Data by the Company shall be subject to the principles of data minimization, purpose limitation, fairness, transparency, and accountability, in accordance with the GDPR, the DPDP Act, and emerging AI governance frameworks applicable to the jurisdictions in which the Company operates. The Company does not use Personal Data to train third-party AI models without the express consent of affected Data Principals.

16. Data Protection Officer

16.1 Designation

In compliance with the requirements of the GDPR (EU/UK) and the Singapore Personal Data Protection Act (as amended, with the DPO notification requirement effective 1 June 2025), and consistent with global best practices in data governance, the Company has designated a Data Protection Officer (“DPO”) responsible for overseeing the Company’s compliance with applicable data protection law and this Privacy Policy.

16.2 Contact Details

All data protection inquiries, rights requests, consent withdrawal requests, complaints, and policy-related communications may be directed to the DPO at:

Email: support@internboard.com

Postal Address: Data Protection Officer, #G-3, South West Avenue, Street No. 2, Lalamma Gardens, PuppalGuda, Hyderabad, Telangana, India – 500089

17. Platform Role, Disclaimers, and Limitation of Liability

17.1 Scope of Service

InternBoard provides a platform for opportunity discovery and career facilitation only. Nothing on the Platform constitutes a guarantee or representation of employment, placement, income, or career outcome. The Company:

1. does not guarantee that any Career Starter will secure employment, an internship, a gig, or any other opportunity through the Platform;
2. does not represent or warrant the legitimacy, accuracy, or completeness of all opportunity listings or Employer representations on the Platform; and
3. is not responsible for the conduct, representations, promises, or omissions of any Employer or Career Starter.

17.2 Limitation of Liability

To the fullest extent permitted by applicable law, the Company, Master Trading Class Private Limited, and its respective directors, officers, shareholders, employees, agents, and affiliated entities shall not be liable for the following:

1. any indirect, incidental, special, consequential, exemplary, or punitive damages arising from or related to the use of, or inability to use, the Platform;
2. loss of data, revenue, profits, business opportunities, goodwill, or reputation;
3. damages arising from any unauthorised access to or alteration of a user’s account or data where such access results from circumstances beyond the Company’s reasonable control, including force majeure events, cyberattacks by third parties, or failures of third-party infrastructure; or
4. the actions, misrepresentations, or defaults of any Employer or Career Starter.

Where liability cannot be excluded by applicable law, the Company’s maximum aggregate liability to any user arising from or in connection with this Policy, or the user’s use of the Platform, shall not exceed the total amount of membership or subscription fees, if any, paid by that user to the Company in the twelve (12) calendar months immediately preceding the event giving rise to the claim.

18. Indemnification

Each user of the Platform agrees to defend, indemnify, and hold harmless the Company, Master Trading Class Private Limited, and its directors, officers, shareholders, employees, agents, licensors, successors, and assigns from and against any and all claims, actions, proceedings, liabilities, damages, losses, fines, costs, and expenses — including reasonable legal fees — arising out of or in connection with:

1. the user’s misuse of the Platform or violation of this Privacy Policy or the Company’s Terms and Conditions;
2. any false, inaccurate, or misleading information submitted by the user to the Platform or to any other user;
3. the user’s violation of any applicable law, regulation, or third-party right; or
4. any infringement of the intellectual property, privacy, or other rights of any third party by the user.

19. Governing Law

This Privacy Policy, and all matters arising out of or relating to it, shall be governed by and construed in accordance with the laws of the Republic of India, without reference to its conflict of laws rules or principles. The Company acknowledges that users located in other jurisdictions may also be entitled to the protections afforded by applicable local law, including the GDPR, the UK GDPR, the PDPA (Singapore), and equivalent instruments, which shall apply to data processed in respect of such users to the extent required by law.

20. Dispute Resolution and Jurisdiction

20.1 Good-Faith Negotiation

Before initiating any formal legal proceedings, a party wishing to raise a dispute arising from or in connection with this Privacy Policy must first notify the Company in writing at support@internboard.com, setting out the nature of the dispute and the outcome sought. The parties agree to engage in good-faith negotiations for a period of thirty (30) calendar days from the date of such written notification, with a view to resolving the matter amicably, before either party may commence formal proceedings.

20.2 Exclusive Jurisdiction

Subject to Clause 20.1, all disputes, claims, or controversies arising out of or in connection with this Privacy Policy — including questions regarding its existence, validity, breach, or termination — that cannot be resolved by negotiation shall be subject to the exclusive jurisdiction of the courts located in Hyderabad, Telangana, India.

20.3 Regulatory Complaints

Nothing in this clause limits or restricts the right of any Data Principal to lodge a complaint with the relevant data protection supervisory authority in their jurisdiction, as set out in Clause 11.11, at any time and without prior notice to the Company.

21. Amendments to this Policy

21.1 Right to Amend

The Company reserves the right to amend, update, or revise this Privacy Policy at any time to reflect changes in applicable law, regulatory guidance, judicial decisions, Platform features, or data processing practices. All amendments will be reflected in the version number and the “Last Reviewed and Updated” date published at the head of this Policy.

21.2 Notice of Material Changes

Where any amendment is material—including amendments that significantly alter the scope of data collected, the purposes of processing, or the rights of Data Principals—the Company will:

1. notify registered users by email to the address held on their account at least thirty (30) days prior to the amended Policy taking effect; and
2. display a prominent notice on the Platform for the same period.

Where required by applicable law, the Company will seek fresh consent from affected users before implementing material changes.

21.3 Continued Use as Acceptance

Continued use of the Platform following the publication or notification of an updated Privacy Policy shall constitute acceptance of the amended terms. Users who do not accept any amendment are advised to discontinue use of the Platform and may submit an account deletion request in accordance with Clause 11.3 of this Policy.

22. Severability

If any provision of this Privacy Policy is found by a court or competent authority to be invalid, unlawful, or unenforceable in whole or in part, such provision shall be modified to the minimum extent necessary to render it valid, lawful, and enforceable. If modification is not possible, the invalid or unenforceable provision shall be severed from this Policy, and the remaining provisions shall continue in full force and effect as if the severed provision had not formed part of this Policy.

23. Entire Agreement

This Privacy Policy, together with the Company’s Terms and Conditions, Cookie Policy, Community Guidelines, Data Retention, Deletion, and Data Lifecycle Policy, Fraud and Scam Prevention Policy, Trust and Safety Transparency Policy, and any other policies, notices, or addenda published on the Platform—including any jurisdiction-specific addenda such as the UAE Data Protection Notice—constitutes the entire agreement between the Company and its users with respect to the privacy and data protection matters addressed herein. It supersedes all prior agreements, understandings, representations, and communications—whether written or oral—on that subject matter.

24. Language

This Privacy Policy is drafted in the English language, which shall be the governing and controlling version. In the event of any inconsistency between the English version and any translated or localized version, the English version shall prevail to the fullest extent permitted by applicable law.

25. Contact Information

For all privacy-related inquiries, data subject rights requests, consent withdrawals, complaints, or other communications regarding this Privacy Policy, users may contact the Company through the following channels:

Company Name: Master Trading Class Private Limited

Platform: InternBoard.com

Email: support@internboard.com

Global Office: 12 Woodlands Square #13-79 Woods Square Tower One Singapore 737715

Corporate Office: #G-3, South West Avenue, Street No. 2, Lalamma Gardens, PuppalGuda, Hyderabad, Telangana, India – 500089

The Company is committed to acknowledging all privacy-related communications within five (5) business days and to providing a substantive response within thirty (30) calendar days of receipt, or within such a shorter period as may be required by applicable law.

This Privacy Policy was reviewed and updated on April 21, 2026, and it supersedes all the prior versions. Users are encouraged to review this Policy periodically. The current version is always available at internboard.com/privacy-policy/