No sale of personal data
We do not sell or rent personal data for money.
This Privacy Policy explains how Mittix AlgoTech LLP, operating the OTOECOM brand, collects, uses, discloses, protects, retains and deletes personal data when you visit our website, contact us, purchase a course, join mentorship, participate in our communities or use our ecommerce account-management and seller-support services.
We do not sell or rent personal data for money.
We collect data reasonably required for a stated service or lawful purpose.
We prefer official roles, scoped access and seller-controlled collaboration.
You may contact us for access, correction, deletion or consent withdrawal.
This is a detailed policy. Use the index to move directly to website data, course information, seller-service data, cookies, retention, security or your privacy rights.
This policy is written to describe our actual service contexts in practical language. It should be read together with the service agreement, course terms, refund policy, marketplace instructions and any specific privacy notice shown when data is collected.
Mittix AlgoTech LLP is a limited liability partnership incorporated in India under the Limited Liability Partnership Act, 2008. Its LLP Identification Number is ACY-0574. Mittix AlgoTech LLP owns and operates the OTOECOM brand for ecommerce education, courses, mentorship, consulting, account management, cataloging, advertising support and other seller services.
In this policy, "OTOECOM", "we", "us" or "our" means Mittix AlgoTech LLP. "You" means a website visitor, prospect, learner, course participant, community member, seller, business client, authorized representative, marketplace customer whose data is processed for a seller service, or any other person whose personal data we handle.
"Personal data" means information relating to an identified or identifiable individual. "Processing" includes collection, recording, organization, storage, access, use, analysis, sharing, correction, restriction, deletion or destruction of personal data.
OTOECOM is an operating brand, not a separate legal person. Contracts, invoices, privacy obligations and legal accountability are undertaken by Mittix AlgoTech LLP unless a written agreement expressly states otherwise.
This policy applies when you:
visit, browse or interact with www.otoecom.com or an OTOECOM-operated landing page;
This policy does not control independent websites, apps, seller panels, payment gateways, learning platforms or social networks operated by third parties. Their privacy policies govern their own processing.
For our website, enquiries, course enrollments, direct mentorship, billing, communities and our own business administration, Mittix AlgoTech LLP generally determines why and how personal data is processed. In this context, we act as the Data Fiduciary under applicable Indian law and, where relevant, the controller under other privacy laws.
When a seller or business client gives us data solely to perform account management, order support, advertising, cataloging, reporting or another contracted marketplace service, we may process that data on the client's documented instructions. In that context, the client may remain the primary Data Fiduciary/controller and we act as its service provider or processor.
A marketplace, payment gateway, learning platform, communication provider or analytics provider may independently determine parts of its processing. Such provider acts under its own policy and legal role.
If a marketplace customer asks us to exercise rights over data controlled by a seller or marketplace, we may verify the request and direct it to the relevant seller or platform while providing reasonable assistance.
We collect only the categories reasonably connected to the relevant interaction or service. Depending on context, these may include:
We do not intentionally request health data, biometric data, passwords, OTPs, UPI PINs or full payment-card credentials. Please do not include unnecessary personal or confidential information in free-text forms, screenshots, course assignments or community messages.
We may receive personal data:
directly from you through forms, checkout, account registration, calls, messages, files, surveys, course activity or support requests;
from your organization or seller account owner when you are an employee, contractor, team member or authorized representative;
from marketplace panels and reports when official access or exports are provided for an approved service;
from service providers such as payment gateways, learning platforms, scheduling tools, analytics services and communication providers;
automatically from your device through server logs, security systems, cookies and similar technologies; and
from public or lawfully available sources, including business websites, public seller listings, public social profiles and government or marketplace records, where relevant to due diligence or service delivery.
If you provide another person's data, you represent that you are authorized to do so and that the person has received any notice required by applicable law.
We process personal data for one or more of the following purposes:
Under Indian data-protection law, processing may rely on your consent or a permitted legitimate use. Where another privacy law applies, processing may also rely on performance of a contract, compliance with legal obligations, protection of vital interests, public-interest grounds or our legitimate interests, provided those interests are not overridden by applicable rights.
Where consent is the basis, you may withdraw it through the method described in this policy. Withdrawal does not affect processing already lawfully completed and may prevent us from continuing a service that requires the relevant data.
Course enrollment may require contact details, account credentials, transaction information and learning activity. We use this information to provide access, prevent unauthorized sharing, maintain progress, deliver resources, answer questions, manage certificates and provide technical or academic support.
Live classes, webinars, mentorship sessions and support calls may use video-conferencing, webinar, calendar or messaging providers. If a session will be recorded, participants will be informed through the invitation, session interface or an announcement. Recordings may capture a participant's display name, image, voice, screen, chat or questions.
Course platforms may record login activity, device information, content progress and access history to maintain security, enforce licensing restrictions and troubleshoot account issues. We do not use learner performance to make a solely automated decision producing a legal or similarly significant effect.
Assignments, store screenshots and seller examples should be redacted before submission wherever possible. Do not upload customer addresses, phone numbers, passwords, OTPs, financial credentials or unrelated personal data for a course exercise.
Course access, recordings, downloadable materials and community participation are also governed by our Terms and applicable course conditions.
When a seller hires OTOECOM for Amazon, Flipkart, Meesho or another ecommerce platform, we may process catalog, listing, advertising, inventory, order, return, settlement, account-health and performance data necessary for the written service scope.
Marketplace customer PII is accessed only when a permitted business task genuinely requires it, such as order support, shipment investigation, return, refund, tax documentation, customer communication or fraud review. It is not used for unrelated advertising, sold, rented, or added to independent marketing databases.
We follow the applicable marketplace's access, acceptable-use, security and retention requirements. Where a marketplace rule is stricter than our general policy, the stricter rule applies unless law requires a longer period.
The seller remains responsible for the lawfulness and accuracy of data supplied to us, its own privacy notice, customer instructions, account permissions, marketplace compliance and decisions that remain under the seller's control.
For detailed marketplace retention periods and PII controls, read our Data Retention & PII Policy.
We use a least-privilege approach. Direct marketplace access is requested only where the approved service requires it. When possible, work is completed through seller-provided exports, shared files, official sub-user permissions or a seller-controlled screen-sharing session.
You are responsible for protecting your own login credentials and notifying us promptly if you believe an OTOECOM account, shared folder or collaboration channel has been compromised.
Our website may use cookies, pixels, local storage, tags and similar technologies. Some are placed by us and others by service providers. The technologies actually used may change as our website and marketing tools change.
Where required, non-essential technologies are used after obtaining an appropriate choice or consent. You can manage cookies through available website controls and browser settings. Blocking cookies may affect login, checkout, course progress or other functionality.
Browser "Do Not Track" signals are not interpreted uniformly across the industry. We honor legally required opt-out mechanisms where they apply and may update this policy as technical standards develop.
We may send course updates, newsletters, service offers, event invitations, marketplace alerts and educational content through email, phone, SMS, WhatsApp or social platforms where you requested them, consented, or another lawful basis applies.
You can opt out through an unsubscribe link, by replying "STOP" where supported, changing platform settings or contacting us. Opting out of marketing does not stop transactional or service communications such as payment confirmation, class schedules, security alerts, account updates, support responses and policy notices.
We may retain a minimal suppression record, such as your email address or phone number and opt-out date, to respect the preference and prevent accidental re-enrollment.
If you interact with an OTOECOM advertisement on another platform, that platform may provide campaign, lead or attribution information according to your settings and its privacy policy.
Payments may be processed through independent payment gateways, banks, UPI applications or course-commerce platforms. The payment provider receives and processes the credentials needed to authorize the transaction under its own privacy and security terms.
OTOECOM generally receives transaction status, amount, currency, reference number, payment method category, payer name or contact, invoice data and fraud or chargeback information. We do not intentionally store full card numbers, CVV, UPI PINs, internet-banking passwords or OTPs.
Billing records may contain name, business name, address, GSTIN, PAN or other tax information when required for invoices, contracts, compliance, refunds or accounting. Such records are restricted to personnel and professional advisers who need them.
Payment disputes, refunds and chargebacks are also governed by our Refund Policy and the payment provider's terms.
We do not sell or rent personal data for money. We may disclose limited data to recipients who need it for a lawful purpose:
Service providers are expected to process data for authorized purposes, use suitable safeguards and comply with contractual or legal restrictions appropriate to their role. We do not authorize them to use seller or customer data for unrelated purposes.
OTOECOM operates primarily from India, but some hosting, learning, communication, analytics, security and marketplace providers may process or store data in other countries. Remote team members or clients may also access information from another country where authorized.
When cross-border processing occurs, we use measures appropriate to the circumstances, which may include contractual restrictions, access controls, provider due diligence, recognized transfer mechanisms and compliance with restrictions notified under Indian law.
Laws and government-access standards in another country may differ from those in your location. By using a service that depends on an international provider, your data may be processed in the provider's operating locations as described in its policy.
We use administrative, technical and organizational safeguards designed for the nature of our services and data. Controls may include:
No website, storage system or transmission method can be guaranteed completely secure. We therefore do not promise absolute security. You should use strong unique passwords, enable multi-factor authentication, restrict team permissions and avoid sending sensitive credentials through ordinary messages.
We keep personal data only while reasonably needed for the stated service, consented purpose, security requirement, dispute, marketplace rule or legal obligation. Default guidelines are below; a contract, law or stricter marketplace rule may require a different period.
When retention ends, data is deleted, anonymized, redacted, returned or archived with restricted access. Residual copies may remain temporarily in protected backups until the normal backup cycle overwrites them. A legal hold pauses deletion for the affected records.
Subject to applicable law, the nature of our role and available exemptions, you may request:
We may ask for information reasonably necessary to verify identity, authority, account ownership and request scope. An authorized representative must provide evidence of authority. We may refuse or limit a request where law permits, including where it would disclose another person's data, conflict with legal obligations, impair security, affect legal claims or concern data controlled by a client or marketplace.
Send requests to legal@otoecom.com. We normally acknowledge a valid request within seven business days and aim to complete it within 30 days, although verification, complexity, marketplace dependency or law may require additional time.
Rights under the Digital Personal Data Protection Act, 2023 are subject to the Government's phased commencement notifications. We provide practical request channels now and will update procedures as further provisions become enforceable.
OTOECOM's paid courses, mentorship and professional seller services are intended for adults and business users. We do not knowingly create course or service accounts for persons under 18 without appropriate parent or lawful guardian involvement.
If we learn that a child's personal data was collected without required authorization, we will review the circumstances and delete or restrict the data as required. A parent or guardian may contact our Privacy & Grievance Officer.
Community members and course participants must not upload customer information, school records or other personal data relating to children unless the processing is lawful, necessary and expressly approved.
OTOECOM may operate WhatsApp, Telegram, Discord, social-media or learning communities. Information you post in a shared group can be seen, copied or responded to by other members according to that platform's features. Do not post passwords, customer PII, confidential seller reports or information you do not have authority to share.
Calls, classes or events may be recorded after notice. Recordings can be used for replay, internal quality, support, evidence of agreed instructions or, with appropriate permission, course content.
We publish a testimonial, photograph, video, identifiable success story or detailed case study only with permission or another lawful basis. Consent for promotional use can be withdrawn for future use, but withdrawal may not require us to recall material already lawfully distributed or printed.
Public reviews submitted to independent platforms remain subject to those platforms' policies. We may quote or link to a public review while respecting applicable law and the context in which it was published.
Our website, courses and services may link to or integrate with marketplaces, payment gateways, YouTube, social networks, maps, video-conferencing tools, messaging services, analytics providers and other third parties.
We are not responsible for an independent third party's privacy practices, security, availability, content or decisions. Review its privacy policy and account settings before providing data. A link or integration does not mean that the third party is owned by OTOECOM or that it endorses us.
OTOECOM is an independent ecommerce education and service provider. Marketplace names are used to identify the platforms for which training or seller support is offered; they do not imply ownership, agency or endorsement unless expressly stated in writing.
A suspected personal-data incident is assessed, contained, investigated, documented and remediated according to its nature and risk. We may preserve evidence, reset access, suspend affected integrations, coordinate with service providers and notify clients, marketplaces, authorities or affected individuals where required.
If you suspect unauthorized access, disclosure, loss or misuse involving OTOECOM, contact legal@otoecom.com promptly with the date, affected account, description and safe contact details. Do not email passwords, OTPs or unnecessary customer PII.
We may disclose or preserve information when required by a valid court order, subpoena, tax request, government notice, law-enforcement request, marketplace investigation or other legal process. Where permitted, we assess the request's authority, scope and necessity and disclose only information reasonably required.
This policy is designed for OTOECOM's India-based operations and is intended to align, as applicable, with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 during their applicable period, the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025 and their phased commencement notifications.
The core processing obligations and individual-rights provisions of the DPDP framework are subject to phased commencement. We will update this policy and operational procedures as relevant provisions, rules, directions and enforcement requirements become applicable.
Where the EU GDPR, UK GDPR, California privacy law or another regional law applies to a particular interaction, we will provide the rights and safeguards required by that law. This statement does not mean every foreign privacy statute applies to every OTOECOM interaction.
You may review the official Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025 and the Limited Liability Partnership Act, 2008.
We may amend this policy to reflect changes in law, services, technology, providers or risk. The revised policy will be posted on this page with a new "Last updated" date. A prominent notice or direct communication may be used where a material change requires it.
This public notice describes our general privacy practices. A signed service agreement, data-processing term or legally mandatory rule controls if it imposes a stricter or more specific requirement.
Submit enough information to identify your relationship with OTOECOM and the data concerned. Never send passwords, OTPs, payment credentials or unnecessary marketplace customer PII.
State your name, contact, relationship with OTOECOM, request type and relevant account, invoice, course or service reference.
We may ask for proportionate evidence before disclosing, correcting or deleting data. Authorized representatives must establish authority.
We normally acknowledge a valid request within seven business days and aim to resolve it within 30 days, subject to applicable law and dependencies.
If the response does not resolve the concern, reply with "Privacy Grievance Escalation". Statutory complaint rights remain available where applicable.
Contact Mittix AlgoTech LLP for access, correction, deletion, consent withdrawal, account-access review, cookie questions or a suspected security incident involving OTOECOM.
This policy is a public privacy notice and does not replace case-specific legal advice. OTOECOM may obtain professional legal or security advice when an issue requires it.