Data Processing Agreement

AI-Powered Recruitment Platform Services

Effective Date: November 2, 2025

NetConnect Private Limited — Operating as Welocity™

CIN: U32202KA1997PTC021881

INTRODUCTION

This Data Processing Agreement ("DPA" or "Agreement") forms an integral part of the Terms of Service and governs the Processing of Personal Data by NetConnect Private Limited, operating as Welocity™ ("Processor", "Service Provider", "Welocity", "we", "us", "our") on behalf of any entity using the Welocity platform ("Controller", "Customer", "Client", "you", "your").

By accessing or using the Welocity platform, you acknowledge and agree to be bound by the terms of this Agreement. This Agreement applies automatically to all Customers without requiring separate execution.

ARTICLE 1: DEFINITIONS AND INTERPRETATION

• Applicable Law: Any applicable law, statute, regulation, rule, order, or judgment in the relevant jurisdiction.
• Data Protection Laws: All applicable laws relating to privacy, data protection, and data security.
• Data Subject: Identified or identifiable natural person to whom Personal Data relates.
• Personal Data: Any information relating to an identified or identifiable person.
• Platform: The Welocity AI-powered recruitment platform and associated services.
• Processing: Any operation performed on Personal Data, automated or otherwise.
• Security Incident: Any confirmed unauthorized access, alteration, or disclosure of Personal Data compromising confidentiality or integrity.
• Services: AI-powered recruitment and talent assessment provided by the Platform.
• Sub-processor: Any third party engaged by Welocity to Process Personal Data.

ARTICLE 2: SCOPE AND PURPOSE OF PROCESSING

The subject matter of Processing is the provision of AI-powered recruitment services through the Platform. Processing continues as long as the Controller uses the Services.

• Collection via API integration and web interfaces
• Storage in encrypted cloud infrastructure
• Analysis using proprietary machine learning algorithms
• Duplicate detection within job requisitions
• Transmission to authorized recipients
• Retention for platform optimization with candidate consent
• Deletion upon Controller instruction or retention expiry

ARTICLE 3: DATA RIGHTS AND PLATFORM OPERATIONS

3.1 Welocity's Data Rights

Controller's right to use identifiable data lasts a maximum of sixty (60) days (“Controller Usage Window”). After that, identifiable data must be securely deleted. Welocity may retain anonymized data indefinitely for AI model improvement.

Welocity may process anonymized Platform Data, develop predictive models, and retain identifiable data only where explicit candidate consent has been obtained.

3.2 Proprietary Rights

Welocity retains ownership of all algorithms, models, anonymized data, and improvements to the Platform. Controllers retain ownership of identifiable Personal Data but grant Welocity rights to process per consent and law.

3.3 Controller's Rights

• Access candidate data for specific job requisitions (max 60 days)
• Request export or deletion of candidate data
• Receive assessment reports and make hiring decisions

ARTICLE 4: PROCESSING OBLIGATIONS

• Process data per Controller instructions
• Ensure confidentiality of personnel
• Maintain appropriate security measures
• Notify Controller of confirmed Security Incidents
• Provide assistance with Data Subject requests

ARTICLE 5: SUB-PROCESSORS

Welocity is authorized to engage Sub-processors. Notice of material changes will be given 15 days in advance. Controllers may raise reasonable objections. Sub-processors include:

• Cloud infrastructure providers (AWS)
• AI/ML processing services (OpenAI)
• Communication service providers
• Analytics and monitoring services

ARTICLE 6: SECURITY MEASURES

Welocity implements commercially reasonable security controls including:

• Encryption of data at rest and in transit
• Access control and authentication
• Regular security assessments
• Network security and monitoring
• Incident response procedures

THE PLATFORM IS PROVIDED ON AN “AS AVAILABLE” BASIS. WELOCITY DOES NOT GUARANTEE UNINTERRUPTED OR ERROR-FREE SERVICE.

ARTICLE 7: DATA SUBJECT RIGHTS

Controllers remain responsible for responding to Data Subject requests. Welocity will assist where feasible. Requests must be submitted through the Platform.

ARTICLE 8: SECURITY INCIDENTS

Welocity will notify affected Controllers of confirmed Security Incidents within seventy-two (72) hours of discovery and cooperate on mitigation.

ARTICLE 9: LIABILITY AND INDEMNIFICATION

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• Welocity’s total liability shall not exceed fees paid in the prior 3 months.
• Welocity is not liable for indirect, incidental, or consequential damages.
• Controller shall indemnify Welocity against third-party claims arising from misuse.

ARTICLE 10: AUDIT AND COMPLIANCE

Welocity may provide documentation or third-party certifications (e.g., SOC 2, ISO 27001) under confidentiality. On-site audits are not permitted.

ARTICLE 11: DATA RETENTION AND DELETION

• Active recruitment data: retained during process.
• Identifiable data retained only with explicit consent.
• Anonymized data may be retained indefinitely.
• Audit logs retained for at least 24 months.

Upon termination, identifiable data shall be returned or deleted per Controller instructions.

ARTICLE 12: CROSS-BORDER TRANSFERS

Controller acknowledges global data transfers may occur for service provision. Welocity applies contractual safeguards and ensures compliance.

ARTICLE 13: GENERAL PROVISIONS

• Governing Law: India; exclusive jurisdiction of Bangalore courts.
• Amendments: Notice provided 15 days prior to material changes.
• Severability: Invalid provisions do not affect the remainder.
• Entire Agreement: Includes Terms of Service and Privacy Policy.
• No Third-Party Beneficiaries
• Force Majeure: No liability for causes beyond reasonable control.
• Survival: Key obligations survive termination.

ARTICLE 14: CONTACT INFORMATION

Data Protection Inquiries: privacy@welocity.ai
Legal Notices: legal@welocity.ai
Address: NetConnect Private Limited, Bangalore, Karnataka, India

ACCEPTANCE OF TERMS

By using the Welocity platform, you acknowledge that you have read, understood, and agree to be bound by this Data Processing Agreement.

SCHEDULE A: TECHNICAL MEASURES

• Encryption: AES-256 at rest, TLS 1.3 in transit
• Access Management: MFA, role-based access
• Network Security: Firewalls, intrusion detection
• Monitoring: 24/7 automated threat detection
• Physical Security: Restricted data centers
• Backup: Automated redundant backups
• Incident Response: Documented procedures

SCHEDULE B: DATA PROCESSING DETAILS

• Collection via web forms, APIs, uploads
• Storage in cloud infrastructure
• AI-powered analysis and scoring
• Duplicate detection per job requisition
• Video interview processing
• Cross-client talent matching (post 60-day)
• Analytics and platform improvement

Last Updated: November 2, 2025 | © 2025 NetConnect Private Limited | Welocity™