Privacy and data protection

Your Data, Handled Responsibly.

This Privacy Policy explains how Mittix AlgoTech LLP, operating the OTOECOM brand, collects, uses, discloses, protects, retains and deletes personal data when you visit our website, contact us, purchase a course, join mentorship, participate in our communities or use our ecommerce account-management and seller-support services.

Applies to OTOECOM website, courses and services
Legal entity Mittix AlgoTech LLP
LLPIN ACY-0574
Operating brand OTOECOM
Operational office C-270, 2nd Floor, Office No. 5, C Block, Sector 63, Noida, Uttar Pradesh 201309
01

No sale of personal data

We do not sell or rent personal data for money.

02

Purpose-limited collection

We collect data reasonably required for a stated service or lawful purpose.

03

Controlled marketplace access

We prefer official roles, scoped access and seller-controlled collaboration.

04

Practical privacy rights

You may contact us for access, correction, deletion or consent withdrawal.

Complete privacy notice

How OTOECOM handles personal data.

This policy is written to describe our actual service contexts in practical language. It should be read together with the service agreement, course terms, refund policy, marketplace instructions and any specific privacy notice shown when data is collected.

01

Entity and definitions

Mittix AlgoTech LLP is a limited liability partnership incorporated in India under the Limited Liability Partnership Act, 2008. Its LLP Identification Number is ACY-0574. Mittix AlgoTech LLP owns and operates the OTOECOM brand for ecommerce education, courses, mentorship, consulting, account management, cataloging, advertising support and other seller services.

In this policy, "OTOECOM", "we", "us" or "our" means Mittix AlgoTech LLP. "You" means a website visitor, prospect, learner, course participant, community member, seller, business client, authorized representative, marketplace customer whose data is processed for a seller service, or any other person whose personal data we handle.

"Personal data" means information relating to an identified or identifiable individual. "Processing" includes collection, recording, organization, storage, access, use, analysis, sharing, correction, restriction, deletion or destruction of personal data.

OTOECOM is an operating brand, not a separate legal person. Contracts, invoices, privacy obligations and legal accountability are undertaken by Mittix AlgoTech LLP unless a written agreement expressly states otherwise.

02

Scope of this policy

This policy applies when you:

  • visit, browse or interact with www.otoecom.com or an OTOECOM-operated landing page;

  • submit a contact form, request an audit, book a call, ask for a quotation or communicate through email, phone, WhatsApp or social media;
  • create an account, purchase or access an online course, digital resource, webinar, workshop, live session or learning platform;
  • receive one-to-one or group mentorship, consulting, training or seller-support services;
  • engage us for Amazon, Flipkart, Meesho or another ecommerce marketplace service, including account management, cataloging, ads, listing optimization, content, store management, reporting, operations or compliance assistance;
  • join an OTOECOM community, support group, event, survey, review program, case study or promotional activity; or
  • apply for employment, contract work, partnership, collaboration or vendor onboarding.

This policy does not control independent websites, apps, seller panels, payment gateways, learning platforms or social networks operated by third parties. Their privacy policies govern their own processing.

03

Our privacy roles

For our website, enquiries, course enrollments, direct mentorship, billing, communities and our own business administration, Mittix AlgoTech LLP generally determines why and how personal data is processed. In this context, we act as the Data Fiduciary under applicable Indian law and, where relevant, the controller under other privacy laws.

When a seller or business client gives us data solely to perform account management, order support, advertising, cataloging, reporting or another contracted marketplace service, we may process that data on the client's documented instructions. In that context, the client may remain the primary Data Fiduciary/controller and we act as its service provider or processor.

A marketplace, payment gateway, learning platform, communication provider or analytics provider may independently determine parts of its processing. Such provider acts under its own policy and legal role.

If a marketplace customer asks us to exercise rights over data controlled by a seller or marketplace, we may verify the request and direct it to the relevant seller or platform while providing reasonable assistance.

04

Personal data we collect

We collect only the categories reasonably connected to the relevant interaction or service. Depending on context, these may include:

Identity and contact data Name, business name, email address, phone number, city, state, country, job role, authorized contact and communication preference.
Account and profile data Login identifier, account status, profile details, course access, learning progress, preferences, certificates, support history and authentication records. We do not need your plain-text password.
Course and mentorship data Enrollment, purchased product, attendance, quiz or assignment responses, learning progress, questions, call notes, goals, feedback, session participation and support-group messages.
Seller and business data Marketplace name, seller ID, store name, GST or tax details, product catalog, SKUs, ASINs or listing IDs, inventory, prices, sales, advertising reports, returns, settlements, account-health information and business performance data.
Marketplace customer data Order, shipment, return, refund, buyer-message or delivery information that may contain a customer's name, address, phone number or other PII, but only when required for an approved seller service.
Transaction and billing data Purchased service, amount, currency, payment status, transaction reference, invoice details, GST information and refund or chargeback records. Full card, UPI PIN and net-banking credentials are handled by the payment provider, not stored by us.
Communications and content Emails, contact forms, WhatsApp messages, call notes, support tickets, reviews, testimonials, comments, survey responses, uploaded documents, images, screenshots, recordings and files you choose to share.
Technical and usage data IP address, browser, device type, operating system, approximate location derived from IP, referrer, pages viewed, session events, cookie identifiers, error logs, security events and campaign attribution data.

We do not intentionally request health data, biometric data, passwords, OTPs, UPI PINs or full payment-card credentials. Please do not include unnecessary personal or confidential information in free-text forms, screenshots, course assignments or community messages.

05

Where data comes from

We may receive personal data:

  • directly from you through forms, checkout, account registration, calls, messages, files, surveys, course activity or support requests;

  • from your organization or seller account owner when you are an employee, contractor, team member or authorized representative;

  • from marketplace panels and reports when official access or exports are provided for an approved service;

  • from service providers such as payment gateways, learning platforms, scheduling tools, analytics services and communication providers;

  • automatically from your device through server logs, security systems, cookies and similar technologies; and

  • from public or lawfully available sources, including business websites, public seller listings, public social profiles and government or marketplace records, where relevant to due diligence or service delivery.

If you provide another person's data, you represent that you are authorized to do so and that the person has received any notice required by applicable law.

06

Purposes and lawful grounds

We process personal data for one or more of the following purposes:

  • responding to enquiries, assessing requirements, preparing proposals and onboarding clients;
  • creating accounts, delivering courses, issuing access, tracking progress, conducting mentorship and providing learner support;
  • performing account management, cataloging, advertising, reporting, operational support and other contracted ecommerce services;
  • processing payments, refunds, invoices, taxes, accounting, reconciliation and fraud checks;
  • sending service messages, class schedules, account alerts, policy notices and support responses;
  • sending newsletters, offers, event invitations or remarketing communications where consent or another lawful basis applies;
  • improving website usability, course quality, service workflows, content relevance and customer support;
  • protecting accounts, detecting abuse, maintaining logs, investigating incidents and enforcing agreements;
  • establishing, exercising or defending legal claims and resolving complaints; and
  • meeting tax, accounting, law-enforcement, court, regulatory and marketplace obligations.

Under Indian data-protection law, processing may rely on your consent or a permitted legitimate use. Where another privacy law applies, processing may also rely on performance of a contract, compliance with legal obligations, protection of vital interests, public-interest grounds or our legitimate interests, provided those interests are not overridden by applicable rights.

Where consent is the basis, you may withdraw it through the method described in this policy. Withdrawal does not affect processing already lawfully completed and may prevent us from continuing a service that requires the relevant data.

07

Courses, mentorship and learning services

Course enrollment may require contact details, account credentials, transaction information and learning activity. We use this information to provide access, prevent unauthorized sharing, maintain progress, deliver resources, answer questions, manage certificates and provide technical or academic support.

Live classes, webinars, mentorship sessions and support calls may use video-conferencing, webinar, calendar or messaging providers. If a session will be recorded, participants will be informed through the invitation, session interface or an announcement. Recordings may capture a participant's display name, image, voice, screen, chat or questions.

Course platforms may record login activity, device information, content progress and access history to maintain security, enforce licensing restrictions and troubleshoot account issues. We do not use learner performance to make a solely automated decision producing a legal or similarly significant effect.

Assignments, store screenshots and seller examples should be redacted before submission wherever possible. Do not upload customer addresses, phone numbers, passwords, OTPs, financial credentials or unrelated personal data for a course exercise.

Course access, recordings, downloadable materials and community participation are also governed by our Terms and applicable course conditions.

08

Marketplace and account-management services

When a seller hires OTOECOM for Amazon, Flipkart, Meesho or another ecommerce platform, we may process catalog, listing, advertising, inventory, order, return, settlement, account-health and performance data necessary for the written service scope.

Marketplace customer PII is accessed only when a permitted business task genuinely requires it, such as order support, shipment investigation, return, refund, tax documentation, customer communication or fraud review. It is not used for unrelated advertising, sold, rented, or added to independent marketing databases.

We follow the applicable marketplace's access, acceptable-use, security and retention requirements. Where a marketplace rule is stricter than our general policy, the stricter rule applies unless law requires a longer period.

The seller remains responsible for the lawfulness and accuracy of data supplied to us, its own privacy notice, customer instructions, account permissions, marketplace compliance and decisions that remain under the seller's control.

For detailed marketplace retention periods and PII controls, read our Data Retention & PII Policy.

09

Account access and credentials

We use a least-privilege approach. Direct marketplace access is requested only where the approved service requires it. When possible, work is completed through seller-provided exports, shared files, official sub-user permissions or a seller-controlled screen-sharing session.

  • We do not request a seller's master password, personal email password, OTP, UPI PIN or payment authentication code.
  • Official user roles should be restricted to permissions needed for the written scope.
  • The seller may review or revoke access through the marketplace's own permission controls.
  • Tokens, keys or integration credentials, where required, must be protected, access-controlled and revoked or rotated when no longer required.
  • Screenshots, exports and reports should exclude customer PII unless the relevant task requires it.

You are responsible for protecting your own login credentials and notifying us promptly if you believe an OTOECOM account, shared folder or collaboration channel has been compromised.

10

Cookies, analytics and online tracking

Our website may use cookies, pixels, local storage, tags and similar technologies. Some are placed by us and others by service providers. The technologies actually used may change as our website and marketing tools change.

Strictly necessary Support security, forms, session continuity, login, load balancing, fraud prevention and other core website or course functions. These cannot always be disabled through a consent tool.
Functional Remember preferences such as language, display choices, course state or previously selected options.
Analytics and performance Help us understand page views, traffic sources, navigation, errors, course engagement and website performance. Providers may include Google Analytics or comparable tools.
Advertising and attribution Measure campaign results, limit repeated ads and support relevant advertising. Providers may include Meta Pixel, Google advertising tools or comparable services where configured.

Where required, non-essential technologies are used after obtaining an appropriate choice or consent. You can manage cookies through available website controls and browser settings. Blocking cookies may affect login, checkout, course progress or other functionality.

Browser "Do Not Track" signals are not interpreted uniformly across the industry. We honor legally required opt-out mechanisms where they apply and may update this policy as technical standards develop.

11

Marketing communications

We may send course updates, newsletters, service offers, event invitations, marketplace alerts and educational content through email, phone, SMS, WhatsApp or social platforms where you requested them, consented, or another lawful basis applies.

You can opt out through an unsubscribe link, by replying "STOP" where supported, changing platform settings or contacting us. Opting out of marketing does not stop transactional or service communications such as payment confirmation, class schedules, security alerts, account updates, support responses and policy notices.

We may retain a minimal suppression record, such as your email address or phone number and opt-out date, to respect the preference and prevent accidental re-enrollment.

If you interact with an OTOECOM advertisement on another platform, that platform may provide campaign, lead or attribution information according to your settings and its privacy policy.

12

Payments, refunds and billing

Payments may be processed through independent payment gateways, banks, UPI applications or course-commerce platforms. The payment provider receives and processes the credentials needed to authorize the transaction under its own privacy and security terms.

OTOECOM generally receives transaction status, amount, currency, reference number, payment method category, payer name or contact, invoice data and fraud or chargeback information. We do not intentionally store full card numbers, CVV, UPI PINs, internet-banking passwords or OTPs.

Billing records may contain name, business name, address, GSTIN, PAN or other tax information when required for invoices, contracts, compliance, refunds or accounting. Such records are restricted to personnel and professional advisers who need them.

Payment disputes, refunds and chargebacks are also governed by our Refund Policy and the payment provider's terms.

13

When we share personal data

We do not sell or rent personal data for money. We may disclose limited data to recipients who need it for a lawful purpose:

Hosting and technology Website hosting, cloud storage, security, backup, email, CRM, helpdesk, file-sharing, authentication and IT-support providers.
Learning and communication Course platforms, webinar providers, video-conferencing tools, scheduling services, email, SMS, WhatsApp and community platforms.
Payments and business operations Payment gateways, banks, accounting providers, invoicing systems, auditors, insurers and professional advisers.
Marketplace and client teams Relevant marketplace systems, the seller account owner, authorized team members and service collaborators for the approved scope.
Analytics and advertising Analytics, attribution and advertising providers where configured and permitted by your choices and applicable law.
Government and legal recipients Courts, regulators, law-enforcement agencies, tax authorities or other persons where disclosure is legally required or necessary to protect rights, safety or security.
Business transfer A potential or completed merger, reorganization, financing, acquisition, sale of business or transfer of assets, subject to appropriate confidentiality and legal safeguards.

Service providers are expected to process data for authorized purposes, use suitable safeguards and comply with contractual or legal restrictions appropriate to their role. We do not authorize them to use seller or customer data for unrelated purposes.

14

International data transfers

OTOECOM operates primarily from India, but some hosting, learning, communication, analytics, security and marketplace providers may process or store data in other countries. Remote team members or clients may also access information from another country where authorized.

When cross-border processing occurs, we use measures appropriate to the circumstances, which may include contractual restrictions, access controls, provider due diligence, recognized transfer mechanisms and compliance with restrictions notified under Indian law.

Laws and government-access standards in another country may differ from those in your location. By using a service that depends on an international provider, your data may be processed in the provider's operating locations as described in its policy.

15

Security safeguards

We use administrative, technical and organizational safeguards designed for the nature of our services and data. Controls may include:

  • HTTPS/TLS for supported website communications and secure configurations for hosting and cloud services;
  • role-based and least-privilege access for seller panels, shared folders, reports and internal systems;
  • multi-factor authentication where supported and appropriate;
  • device protection, malware prevention, firewall or network controls and software updates;
  • logging, monitoring, access review, backup and recovery practices appropriate to the system;
  • confidentiality obligations and privacy/security instructions for personnel and contractors;
  • data minimization, redaction, restricted sharing and secure deletion practices; and
  • incident identification, containment, investigation, documentation and notification procedures.

No website, storage system or transmission method can be guaranteed completely secure. We therefore do not promise absolute security. You should use strong unique passwords, enable multi-factor authentication, restrict team permissions and avoid sending sensitive credentials through ordinary messages.

16

Data retention and deletion

We keep personal data only while reasonably needed for the stated service, consented purpose, security requirement, dispute, marketplace rule or legal obligation. Default guidelines are below; a contract, law or stricter marketplace rule may require a different period.

Enquiries and leads Up to 24 months Measured from the last meaningful interaction, unless you opt out earlier or the record is needed for a dispute.
Course accounts and progress Service term + up to 3 years Supports access, learner history, support, certificates, disputes and fraud prevention. Contractual lifetime access does not mean all activity logs are retained forever.
Mentorship and support records Up to 3 years after closure May include notes, tickets, agreed actions and service history. Unnecessary PII is removed earlier where practical.
Seller business data Service term + limited transition period Working files are reviewed after service closure and deleted, returned, anonymized or restricted according to the contract and marketplace requirements.
Marketplace customer PII Shortest applicable period Amazon customer PII is generally not retained beyond 30 days after order delivery unless a permitted purpose or law requires otherwise. Other marketplace PII follows the platform's rule or the same conservative approach where practical.
Marketplace non-PII data Normally no more than 18 months Unless a shorter platform rule applies or a longer period is required for law, contract, dispute or an approved service purpose.
Session recordings Normally up to 12 months Unless the course or mentorship terms state another period, participants request earlier deletion, or the recording forms part of purchased course content.
Invoices, tax and accounting Legally required period Commonly up to eight financial years or longer where tax, GST, LLP, accounting, audit, litigation or government requirements apply.
Security and access logs Normally up to 12 months Longer retention may apply where an incident, investigation, marketplace obligation or legal hold requires it.
Marketing preferences Until opt-out or purpose ends A minimal suppression record may remain so that we can continue honoring an opt-out request.

When retention ends, data is deleted, anonymized, redacted, returned or archived with restricted access. Residual copies may remain temporarily in protected backups until the normal backup cycle overwrites them. A legal hold pauses deletion for the affected records.

17

Your rights and choices

Subject to applicable law, the nature of our role and available exemptions, you may request:

  • confirmation and a summary of personal data we process about you;
  • correction, completion or updating of inaccurate or incomplete personal data;
  • erasure of personal data that is no longer necessary or legally required;
  • withdrawal of consent where processing depends on consent;
  • opt-out from direct marketing and management of non-essential cookies;
  • grievance redressal and information about relevant service providers or recipients where required;
  • nomination of another individual to exercise rights in the event of death or incapacity when the applicable Indian provisions take effect; and
  • additional rights such as restriction, objection, portability or appeal where another applicable law grants them.

We may ask for information reasonably necessary to verify identity, authority, account ownership and request scope. An authorized representative must provide evidence of authority. We may refuse or limit a request where law permits, including where it would disclose another person's data, conflict with legal obligations, impair security, affect legal claims or concern data controlled by a client or marketplace.

Send requests to legal@otoecom.com. We normally acknowledge a valid request within seven business days and aim to complete it within 30 days, although verification, complexity, marketplace dependency or law may require additional time.

Rights under the Digital Personal Data Protection Act, 2023 are subject to the Government's phased commencement notifications. We provide practical request channels now and will update procedures as further provisions become enforceable.

18

Children's privacy

OTOECOM's paid courses, mentorship and professional seller services are intended for adults and business users. We do not knowingly create course or service accounts for persons under 18 without appropriate parent or lawful guardian involvement.

If we learn that a child's personal data was collected without required authorization, we will review the circumstances and delete or restrict the data as required. A parent or guardian may contact our Privacy & Grievance Officer.

Community members and course participants must not upload customer information, school records or other personal data relating to children unless the processing is lawful, necessary and expressly approved.

19

Communities, recordings, reviews and case studies

OTOECOM may operate WhatsApp, Telegram, Discord, social-media or learning communities. Information you post in a shared group can be seen, copied or responded to by other members according to that platform's features. Do not post passwords, customer PII, confidential seller reports or information you do not have authority to share.

Calls, classes or events may be recorded after notice. Recordings can be used for replay, internal quality, support, evidence of agreed instructions or, with appropriate permission, course content.

We publish a testimonial, photograph, video, identifiable success story or detailed case study only with permission or another lawful basis. Consent for promotional use can be withdrawn for future use, but withdrawal may not require us to recall material already lawfully distributed or printed.

Public reviews submitted to independent platforms remain subject to those platforms' policies. We may quote or link to a public review while respecting applicable law and the context in which it was published.

20

Third-party websites and services

Our website, courses and services may link to or integrate with marketplaces, payment gateways, YouTube, social networks, maps, video-conferencing tools, messaging services, analytics providers and other third parties.

We are not responsible for an independent third party's privacy practices, security, availability, content or decisions. Review its privacy policy and account settings before providing data. A link or integration does not mean that the third party is owned by OTOECOM or that it endorses us.

OTOECOM is an independent ecommerce education and service provider. Marketplace names are used to identify the platforms for which training or seller support is offered; they do not imply ownership, agency or endorsement unless expressly stated in writing.

21

Security incidents and legal requests

A suspected personal-data incident is assessed, contained, investigated, documented and remediated according to its nature and risk. We may preserve evidence, reset access, suspend affected integrations, coordinate with service providers and notify clients, marketplaces, authorities or affected individuals where required.

If you suspect unauthorized access, disclosure, loss or misuse involving OTOECOM, contact legal@otoecom.com promptly with the date, affected account, description and safe contact details. Do not email passwords, OTPs or unnecessary customer PII.

We may disclose or preserve information when required by a valid court order, subpoena, tax request, government notice, law-enforcement request, marketplace investigation or other legal process. Where permitted, we assess the request's authority, scope and necessity and disclose only information reasonably required.

22

Legal framework, jurisdiction and policy updates

This policy is designed for OTOECOM's India-based operations and is intended to align, as applicable, with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 during their applicable period, the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025 and their phased commencement notifications.

The core processing obligations and individual-rights provisions of the DPDP framework are subject to phased commencement. We will update this policy and operational procedures as relevant provisions, rules, directions and enforcement requirements become applicable.

Where the EU GDPR, UK GDPR, California privacy law or another regional law applies to a particular interaction, we will provide the rights and safeguards required by that law. This statement does not mean every foreign privacy statute applies to every OTOECOM interaction.

You may review the official Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025 and the Limited Liability Partnership Act, 2008.

We may amend this policy to reflect changes in law, services, technology, providers or risk. The revised policy will be posted on this page with a new "Last updated" date. A prominent notice or direct communication may be used where a material change requires it.

This public notice describes our general privacy practices. A signed service agreement, data-processing term or legally mandatory rule controls if it imposes a stricter or more specific requirement.

Privacy requests and grievances

Contact the accountable legal entity.

Submit enough information to identify your relationship with OTOECOM and the data concerned. Never send passwords, OTPs, payment credentials or unnecessary marketplace customer PII.

01

Submit the request

State your name, contact, relationship with OTOECOM, request type and relevant account, invoice, course or service reference.

02

Verify identity and authority

We may ask for proportionate evidence before disclosing, correcting or deleting data. Authorized representatives must establish authority.

03

Investigate and respond

We normally acknowledge a valid request within seven business days and aim to resolve it within 30 days, subject to applicable law and dependencies.

04

Escalate a grievance

If the response does not resolve the concern, reply with "Privacy Grievance Escalation". Statutory complaint rights remain available where applicable.

Related policies and assistance

Privacy questions should have a clear route to resolution.

Contact Mittix AlgoTech LLP for access, correction, deletion, consent withdrawal, account-access review, cookie questions or a suspected security incident involving OTOECOM.