Back to Home

    Privacy Policy

    Last updated 6/15/2026

    1. Purpose of Policy

    The purpose of this Data Privacy Policy is to formally state the explicit commitment of TYN Ecosystem Private Limited ("TYN" or the "Company") to protecting the privacy, security, and integrity of internal corporate data, employee records, and sensitive commercial, financial, and product lifecycle data shared by our clients. As a provider of state-of-the-art Artificial Intelligence (AI) solutions and technical innovation services consulting for global enterprises, TYN is built on absolute trust. This policy outlines our processing structures, establishes technical safeguards aligned with SOC 2 Type 1 compliance guidelines, and enforces accountability across all operating regions including India, the United States (US), and the European Union (EU).

    2. Scope of Policy

    This policy applies strictly to all data that is either completely owned, managed, stored, or processed by TYN Ecosystem Private Limited. The scope encompasses:

    • All personal records, financial profiles, and identity documentation concerning TYN employees, contractors, and internal stakeholders.
    • All client-provided enterprise data, algorithmic raw assets, use-case definitions, and context-specific proprietary files shared under strict mutual Non-Disclosure Agreements (NDAs).
    • All underlying environments within TYN's infrastructure, including corporate Google Workspace tenants, cloud hosting footprints (AWS), and local operating end-user units under the Company's operational mandate.

    3. Supporting Documents

    This document forms a critical component of TYN's operational compliance suite. It must be read, understood, and implemented in strict conjunction with the following internal reference frameworks:

    • TYN Comprehensive Information Security Policy
    • TYN Bring Your Device (BYOD) Governance Framework
    • Mutual Corporate Non-Disclosure Agreements (NDAs) signed with individual enterprise clients

    4. Responsibilities

    Operational ownership and accountability for this policy are distributed as follows:

    • Chief Technology Officer (CTO) & Technical Lead: Jointly responsible for the overarching development, continuous optimization, technical implementation, and architectural enforcement of all data privacy and security controls.
    • Internal Audit & Compliance Team: Responsible for executing periodic, rigorous internal audits to verify systemic compliance with this policy, evaluate control performance against SOC 2 Type 1 metrics, and report variances directly to the executive tier.
    • Employees and Authorized Non-Employees: All full-time personnel, consultants, and external contractors of TYN are bound by individual responsibility and collective accountability to maintain complete compliance with this policy in the day-to-day execution of their professional duties.

    5. Policy Statements & Operational Mandates

    5.1 Data Lifecycle and Fairness Principles

    • All categories of personal, proprietary, and commercial sensitive data managed or handled by TYN must be:
    • Processed fairly, lawfully, transparently, and securely in explicit conformance with international data guidelines.
    • Processed exclusively in relation to the specific enterprise AI solutions or innovation consulting use cases for which it was originally collected or shared under client-approved NDAs.
    • Maintained in an accurate, highly updated, and logically coherent state as operationally required.
    • Retained for clear periods matching legal, corporate, or financial necessity, avoiding indefinite storage of unneeded assets.

    5.2 Minimum Privacy Disclosures & Rights Management

    While TYN operates as an enterprise-facing B2B organization and does not currently maintain an active consumer-facing website cookie tracker, the Company strictly ensures that any data collection mechanism explicitly discloses:

    • The precise objective behind gathering personal or corporate operational details.
    • The exact pathways, software utilities, and pipelines through which data is securely processed.
    • The clear technical and logical controls deployed to ensure complete perimeter protection.
    • The complete absence of hidden browser-based user tracking technologies (such as background cookies, tracking pixels, single-pixel GIFs, browser configurations, or IP capturing mechanisms on public company touchpoints).
    • The strict parameters under which data is securely partitioned, moved cross-border for international clients (US/EU), or shared with trusted SaaS accounting/infrastructure processors.
    • The designated operational contact channel (gg@theyellow.network) to process formal queries concerning data management workflows.

    5.3 Concrete Technical, Access, & Security Safeguards

    To assure alignment with the SOC 2 Type 1 security framework, TYN institutes immutable technical controls over all corporate and client data repositories:

    • Cloud Isolation & SaaS Whitelisting: Core corporate files, development workflows, and operational balances are strictly confined to enterprise Google Workspace, Amazon Web Services (AWS) infrastructure, Zoho Books, and Zoho Payroll. No external, unvetted storage applications are permitted.
    • Multi-Factor Authentication (MFA): Mandatory enforcement of strict Multi-Factor Authentication across all corporate identity profiles, SaaS portals, and administrative backends without exception.
    • Strict Access Controls & Audit Logs: Access to code bases, operational environments, and client records is governed on a strict Need-to-Know basis. Access configurations are tracked continuously via automated immutable platform audit logs.
    • Secure Remote Work & Bring Your Own Device (BYOD) Policy: Remote work is natively supported. However, because employees access TYN assets via personal devices under a strict BYOD setup, all devices must comply with mandatory baseline configurations including password complexity, local drive encryption, and active anti-malware tracking.
    • Explicit External Data Prohibitions: TYN strictly forbids the tracking, collection, or aggregation of user Internet activities, nor will it ever attempt to combine baseline operational telemetry with identifying personal parameters like email addresses or real names without explicit, written user consent.

    5.4 Cross-Border Data Transfers & Third-Party Vendor Management

    TYN regularly processes data originating from enterprise clients across diverse global legal systems (primarily India, the US, and the EU). International cross-border data routing is permitted strictly to deliver contracted AI solutions and consulting deliverables. Furthermore, data is shared exclusively with core platforms essential for corporate operations (Google Workspace, AWS, Zoho Books, Zoho Payroll). All such vendors must be tightly bound by comprehensive, legally enforceable Non-Disclosure Agreements (NDAs) guaranteeing equal or greater levels of data confidentiality and perimeter security.

    5.5 Controlled Retention Windows

    TYN implements strict data destruction and retention timelines to guarantee structural compliance with international financial and corporate frameworks:

    • Employee Records & Lifecycle Data: Maintained securely for a period of not less than seven (7) years post-separation to satisfy statutory payroll, tax, and employment mandates.
    • Corporate Financial & Accounting Records: Retained securely within Zoho Books and associated backups for a period of not less than seven (7) years to align with fiscal auditing protocols.
    • Client-Provided Data & Solution Contexts: Maintained strictly for the duration specified by legal compliance requirements, active corporate contracts, or as necessary to address foundational product integrity queries.
    • Infrastructure System Logs & Core Backups: A formal, programmatic retention and cycling strategy for systemic audit trails and cloud backups is currently marked as a targeted implementation goal for upcoming operational cycles.

    5.6 Data Access & Rectification Rights

    TYN honors legitimate requests to view, evaluate, or rectify data assets handled internally:

    • Internal Employees: Possess full rights to request formal access to review their local personnel files, corporate profiles, and identification documents. Any proven inaccuracy will be corrected swiftly upon formal validation.
    • Enterprise Clients: Hold absolute access rights to all raw data and use-case parameters originally shared by them in trust, as well as the explicit AI solutions and strategic advisory briefs prepared by TYN based directly on that client-provided framework.
    • Inquiries and Rectifications: All validation requests, data updates, or correction audits must be formally addressed to the official privacy channel at gg@theyellow.network.

    6. Incident Management & Policy Violations

    TYN operates an active security incident reporting structure. Every employee and vendor is obligated to immediately report any suspected data leak, unauthorized access, or policy variance. Reports must be escalated directly to HR, the Chief Technology Officer (CTO), or the Chief Executive Officer (CEO) via official corporate email or through direct, in-person communication.

    While TYN maintains a pristine operational track record with zero historical data breaches or privacy policy violations to date, any identified future breach or intentional policy evasion will result in immediate corrective disciplinary actions by Top Management. Disciplinary outcomes will be determined via formal corporate investigation and will scale with the severity of the infraction. Actions may include, but are not limited to:

    • Total and permanent revocation of system access privileges across all corporate data environments and SaaS assets.
    • Immediate termination of employment or individual consulting contracts for cause, with zero liability to the Company.
    • Referral to relevant external law enforcement authorities and execution of legal actions dictated by HR and Legal division policies.

    7. Policy Exceptions & Approval Matrix

    Any temporary deviation, procedural exception, or operational bypass of the privacy rules detailed in this document must be formally requested, documented in writing, and explicitly authorized. Casual verbal or ad-hoc exceptions are strictly prohibited.

    All operational exception requests must flow through a structured multi-level review and authorization matrix prior to execution by the relevant technical teams:

    Review / Approval Hierarchy

    Designated Responsible Role

    First-Level Review & Clearance

    Tech - Lead

    Second-Level Final Sign-Off

    Chief Technology Officer (CTO)

    Following definitive executive authorization by the Chief Technology Officer, the standard IT exception trail shall be securely archived, and the formal implementation directive will be routed to the appropriate IT operational unit for execution.