Introduction
EasyGTM Software Pvt Ltd, a company incorporated under the Companies Act, 2013, with its registered office in Chennai, Tamil Nadu, India ("Company", "we", "us", or "our"), operates the Barters.fyi platform at https://www.barters.fyi ("Platform").
We are committed to protecting the personal data of everyone who uses the Platform. This Privacy Policy explains:
- What personal data we collect and why
- The legal basis on which we process it
- How we use, store, and share it
- How long we keep it
- Your rights and how to exercise them
- How to contact us or lodge a complaint
This Policy applies to all Users of the Platform, including visitors, registered account holders, and individuals whose data is submitted to the Platform by others (such as job referral candidates).
This Policy should be read alongside our Terms of Use (https://www.barters.fyi/terms).
1. Who We Are and How to Contact Us
Data Controller: EasyGTM Software Pvt Ltd Chennai, Tamil Nadu, India Email: contactus@easygtm.com Website: https://www.barters.fyi
For all privacy-related queries, requests to exercise your data rights, or complaints, please contact us at contactus@easygtm.com. We aim to respond to all requests within 30 days.
Data Protection Officer: EasyGTM Software Pvt Ltd has not appointed a formal Data Protection Officer at this stage. Privacy governance is managed directly by the Company. This will be reviewed as the Platform grows and as applicable legal requirements evolve.
2. The Personal Data We Collect
We collect the following categories of personal data:
2.1 Account and Registration Data
- Full name
- Business email address
- Company name and role/title
- Password (stored in hashed form - we cannot read your password)
Source: Provided directly by you during registration.
2.2 Profile and Workspace Data
- Professional bio and title
- Company description, industry, funding stage, team size, and location
- LinkedIn company profile URL
- Company website URL
- Profile photo (if uploaded)
Source: Provided directly by you during onboarding and profile setup.
2.3 Barter Listing and Activity Data
- Barter listing content (services offered, services needed, tags, location preferences)
- Bids submitted and received
- Community memberships and posts
- Messages or notes associated with barter activity
- Timestamps and status of listings and bids
Source: Generated by your use of the Platform.
2.4 Job Referral Data
- Job posting content (role, description, compensation, location)
- Referral submissions including: the referred candidate's name, LinkedIn profile URL, resume or CV, and any notes provided by the referring user
Important note about candidate data: When you submit a job referral, you are providing personal data about a third party who has not directly interacted with our Platform. See Section 6 for how we handle this data and your obligations as the submitting user.
Source: Provided directly by you when submitting a referral or posting a job.
2.5 Payment and Billing Data
- Subscription plan type and billing history
- Transaction identifiers and timestamps
Note: We do not collect or store your raw payment card details. All payment card processing is handled directly and exclusively by our payment processor, Dodo Payments. We receive only transaction confirmation records.
Source: Generated when you purchase or manage a Subscription.
2.6 Technical and Usage Data
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and features used on the Platform
- Login timestamps and session duration
- Error logs
Source: Automatically collected by our infrastructure when you access the Platform.
2.7 Communications Data
- Support enquiries and correspondence sent to contactus@easygtm.com
- Content of any feedback or reports you submit
Source: Provided directly by you.
3. Legal Basis for Processing
We process your personal data only where we have a valid legal basis to do so. The table below sets out the legal basis for each processing activity.
For Users in the European Union or European Economic Area, the legal bases are those defined under the GDPR. For Users in India, processing is conducted in accordance with the Digital Personal Data Protection Act (DPDPA) 2023 and DPDP Rules 2025. For Users in Singapore, processing is conducted in accordance with the Personal Data Protection Act (PDPA) 2012 (as amended). For Users in other jurisdictions, equivalent applicable laws apply.
| Processing Activity | Legal Basis (GDPR) | Legal Basis (India DPDPA) |
|---|---|---|
| Creating and managing your account | Contractual necessity (Art. 6(1)(b)) | Performance of contract |
| Providing Platform features (listings, bids, communities, referrals) | Contractual necessity (Art. 6(1)(b)) | Performance of contract |
| Processing subscription payments | Contractual necessity (Art. 6(1)(b)) | Performance of contract |
| Sending transactional emails (receipts, account notices) | Contractual necessity (Art. 6(1)(b)) | Performance of contract |
| Ensuring platform security and preventing fraud | Legitimate interests (Art. 6(1)(f)) | Legitimate uses |
| Monitoring and improving platform performance | Legitimate interests (Art. 6(1)(f)) | Legitimate uses |
| Displaying your profile and listings to other Users | Contractual necessity / Legitimate interests (Art. 6(1)(b)/(f)) | Performance of contract |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) | Legal obligation |
| Responding to your support enquiries | Legitimate interests (Art. 6(1)(f)) | Legitimate uses |
| Sending product updates or announcements (where applicable) | Legitimate interests (Art. 6(1)(f)) or Consent (Art. 6(1)(a)) | Consent |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may request information about these assessments by contacting us at contactus@easygtm.com.
Where we rely on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
4. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- To provide and operate the Platform - creating your account, displaying your listings, enabling bids, facilitating community memberships, and operating the Job Referral feature
- To process payments - managing your Subscription, generating receipts, and communicating about billing
- To communicate with you - sending account-related notices, responding to support queries, and where applicable, sending product updates
- To moderate the Platform - reviewing flagged content, enforcing the Terms of Use, and removing prohibited listings or accounts
- To ensure security - detecting unauthorised access, monitoring for fraudulent activity, and maintaining the integrity of user data
- To improve the Platform - analysing usage patterns to identify bugs, improve features, and enhance user experience
- To comply with legal obligations - responding to lawful requests from courts, regulators, or government authorities
We will not use your personal data for purposes that are incompatible with those described above without first informing you and, where required, obtaining your consent.
5. Data Minimisation and Purpose Limitation
We collect only the personal data that is necessary for the purposes described in this Policy. We do not collect personal data speculatively or in excess of what is required to operate the Platform.
Your personal data will only be used for the purpose for which it was collected. If we need to use your data for a new or different purpose, we will inform you and, where required by applicable law, obtain your consent before doing so.
6. Job Referral Candidate Data
The Job Referral feature enables registered Users to submit referrals for open roles posted by other companies on the Platform. In doing so, the referring User provides personal data about a third-party individual (the "Candidate") who has not directly registered with or consented to the Platform.
6.1 What candidate data we receive
- Name
- LinkedIn profile URL
- Resume or CV (uploaded document)
- Notes provided by the referring User
6.2 How we use candidate data
Candidate data is used solely to transmit the referral from the referring User to the company that posted the role. It is shared only with that specific hiring company and is not displayed publicly, used for any other purpose, or retained beyond the period described in Section 9.
6.3 Referring User obligations
By submitting a referral, the referring User represents and warrants that they have obtained the Candidate's prior, informed, and explicit consent to share their personal data with the Platform and with the hiring company. This obligation is set out in the Terms of Use.
6.4 Candidate rights
Candidates whose data has been submitted to the Platform may contact us at contactus@easygtm.com to:
- Request access to the data held about them
- Request deletion of their data
- Object to further processing of their data
We will respond to verified Candidate requests within 30 days.
6.5 Legal basis for processing candidate data
We process candidate data on the basis of legitimate interests - specifically, the legitimate interests of the referring User and the hiring company in facilitating a professional referral. We rely on the referring User's representation that the Candidate has consented to the referral. Where this representation is false, liability rests with the referring User as set out in the Terms of Use.
7. How We Share Your Personal Data
We do not sell, rent, or trade your personal data to third parties. We share your data only in the following circumstances:
7.1 With other Platform Users
When you post a Barter Listing, Job Referral, or community post, relevant profile information is made visible to other registered Users according to your visibility settings. Public listings are visible to all Users; community-restricted listings are visible only to members of the relevant Community.
7.2 With our data processors
We use the following third-party service providers to operate the Platform. Each processes data only on our instructions and under data processing agreements that require them to protect your data:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Supabase, Inc. | Database hosting, file storage, authentication | United States (AWS us-east-1) | Standard Contractual Clauses (SCCs) |
| Dodo Payments | Payment processing and billing | United States | Data Processing Agreement |
| Vercel, Inc. | Platform hosting and global content delivery | United States / Global CDN | Standard Contractual Clauses (SCCs) |
We will update this table if we engage additional processors. Where a new processor involves the processing of personal data from EU users or involves cross-border transfers, we will ensure appropriate safeguards are in place before engaging them.
7.3 For legal compliance
We may disclose your personal data if required to do so by law, court order, regulatory obligation, or in response to a valid request by a public authority (such as a court, law enforcement agency, or tax authority). Where we are legally permitted to do so, we will notify you before making such a disclosure.
7.4 In a business transfer
If EasyGTM Software Pvt Ltd undergoes a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
7.5 With your consent
We may share your data with third parties for purposes not described above if you have given us your prior explicit consent. You may withdraw that consent at any time.
8. Cross-Border Data Transfers
EasyGTM Software Pvt Ltd is incorporated in India. Our Platform is built on infrastructure operated by Supabase, Inc. (United States) and Vercel, Inc. (United States), which means your personal data is transferred to and stored in the United States.
8.1 For EU/EEA Users
The United States does not have an adequacy decision from the European Commission for general GDPR purposes. We rely on Standard Contractual Clauses (SCCs), as adopted by the European Commission, as the lawful mechanism for transferring your personal data from the EU/EEA to our processors in the United States. You may request a copy of the relevant SCCs by contacting us at contactus@easygtm.com.
8.2 For Singapore Users
In accordance with Section 26 of the Singapore Personal Data Protection Act (PDPA), we take reasonable steps to ensure that our data processors in the United States provide a standard of protection for your personal data that is comparable to the protection under the PDPA, including through contractual obligations in our data processing agreements.
8.3 For Indian Users
Cross-border transfers of personal data are conducted in accordance with the applicable provisions of the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025. We will comply with any cross-border transfer restrictions or requirements notified by the Data Protection Board of India as they come into effect.
8.4 For all Users
Regardless of where your data is processed, we apply the same security standards and contractual protections described in this Policy. If you have concerns about how your data is handled outside your home jurisdiction, please contact us at contactus@easygtm.com.
9. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes described in this Policy or as required by applicable law.
| Data Category | Retention Period |
|---|---|
| Account and profile data | Duration of active account, plus 12 months after account closure or last login |
| Barter listing and bid data | 24 months from the date of posting or last activity, whichever is later |
| Job posting data | 12 months from the date the role is marked as filled or closed |
| Job referral candidate data (resumes, LinkedIn URLs, notes) | 90 days from the date the referral was submitted, or until the role is filled or closed, whichever is earlier |
| Payment and billing records | 7 years from the date of transaction (for accounting and tax compliance) |
| Technical and usage logs | 12 months from collection |
| Support communications | 3 years from the date of the communication |
| Data subject rights requests and responses | 3 years from the date of the request |
When the retention period expires, data is deleted or anonymised so that it can no longer be associated with an individual. If you request deletion of your account before the retention period expires, we will delete your data as described in Section 11, subject to any legal obligation that requires us to retain it.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:
- Encryption in transit: All data transmitted between your browser and the Platform is encrypted using HTTPS/TLS
- Encryption at rest: Data stored in our Supabase database is encrypted at rest by Supabase's infrastructure (AES-256)
- Private storage: Files uploaded to the Platform (such as resumes submitted for job referrals) are stored in private Supabase storage buckets that are not publicly accessible or indexable. They are accessible only to the specific hiring company named in the referral
- Access controls: Access to personal data within our systems is restricted to personnel who require it to operate the Platform
- Authentication: User sessions are managed through secure, time-limited authentication tokens
No system is completely secure. If you believe your account has been compromised, please contact us immediately at contactus@easygtm.com.
10.1 Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority (for EU Users: the lead supervisory authority in the EU; for Indian Users: the Data Protection Board of India) within 72 hours of becoming aware of the breach, where required by applicable law
- Notify affected Users without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Maintain a record of all data breaches, including those not required to be reported
11. Your Data Rights
Depending on your jurisdiction, you have some or all of the following rights in respect of your personal data. We will respond to all verified requests within 30 days of receipt. Where a request is complex or numerous, we may extend this period by a further 30 days and will inform you accordingly.
11.1 Rights for all Users
| Right | What it means |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you |
| Right to rectification | You can ask us to correct inaccurate or incomplete data |
| Right to erasure | You can ask us to delete your personal data in certain circumstances |
| Right to withdraw consent | Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing |
11.2 Additional rights for EU/EEA Users (GDPR)
| Right | What it means |
|---|---|
| Right to restriction of processing | You can ask us to pause processing of your data in certain circumstances (e.g. while you contest its accuracy) |
| Right to data portability | Where processing is based on consent or contract and carried out by automated means, you can receive your data in a structured, machine-readable format |
| Right to object | You can object to processing based on legitimate interests; we must stop unless we can demonstrate compelling legitimate grounds that override your interests |
| Rights related to automated decision-making | We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects. If this changes, we will inform you and provide the rights required under GDPR Article 22 |
| Right to lodge a complaint | You have the right to lodge a complaint with the data protection supervisory authority in your EU member state. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en |
11.3 Additional rights for Indian Users (DPDPA)
| Right | What it means |
|---|---|
| Right to grievance redressal | You may submit a complaint to us at contactus@easygtm.com. If you are unsatisfied with our response, you may escalate to the Data Protection Board of India |
| Right to nominate | You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity |
Information about the Data Protection Board of India is available at: https://www.meity.gov.in
11.4 Additional rights for Singapore Users (PDPA)
| Right | What it means |
|---|---|
| Right of access | You may request access to personal data we hold about you and information about how it has been used or disclosed in the past 12 months |
| Right to correction | You may request correction of inaccurate personal data |
| Right to withdraw consent | You may withdraw consent at any time by giving reasonable notice, subject to any legal or contractual restrictions |
To exercise any of these rights, contact us at contactus@easygtm.com. Please include your name, registered email address, and a description of your request so we can verify your identity and respond appropriately.
We will not charge a fee for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act.
12. Cookies and Local Storage
The Platform uses cookies and browser storage technologies that are necessary to operate authentication, user preferences, flash messages, theme settings, and first-party product analytics.
| Name | Purpose | Type | Duration |
|---|---|---|---|
sb-*-auth-token | Session authentication - keeps you securely logged in to the Platform | Strictly necessary cookie | Session or Supabase-managed expiry |
baarterlist-directory-view-* | Stores your preferred card/list view for barter, jobs, and communities directories | Preference cookie | Persistent until changed or cleared |
curated-flash-toast | Temporarily displays one-time confirmation or error messages after actions | Strictly necessary cookie | Approximately 15 seconds |
ui-theme | Stores your light or dark mode preference | Local storage preference | Until changed or cleared |
barters.analytics.session-id | Supports first-party product analytics and session heartbeat events | Session storage analytics identifier | Current browser session |
barters.analytics.billing-return:* | Prevents duplicate billing-return analytics events | Session storage analytics flag | Current browser session |
We do not currently use advertising cookies or third-party behavioural advertising trackers.
12.1 Strictly necessary cookies
Authentication and flash-message cookies are necessary for the Platform to function. Without them, you cannot securely log in or receive important action confirmations. Because these cookies are strictly necessary, they do not require consent under GDPR or other applicable privacy laws.
12.2 Preferences and first-party analytics
Directory view, theme, and first-party analytics storage help us remember product preferences and understand aggregate usage of the Platform. First-party analytics events are stored in our Supabase database and are used for platform administration, reliability, billing-flow diagnostics, and product improvement.
12.3 Future changes to cookies
If we introduce non-essential cookies or third-party analytics tools, we will update this Policy before doing so, implement a cookie consent banner where required by applicable law, and obtain consent where required.
12.4 Managing cookies
You can instruct your browser to refuse cookies or clear local/session storage. If you block the session authentication cookie, you will not be able to log in to the Platform. Instructions for managing cookies in common browsers are available at https://www.allaboutcookies.org.
13. Children's Data
The Platform is intended for business use only and is not directed at or designed for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If you believe we have inadvertently collected data from a minor, please contact us immediately at contactus@easygtm.com and we will delete it promptly.
14. Data Minimisation and Accuracy
We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date. We encourage you to review and update your profile information through your account settings to ensure it remains accurate.
We collect only the personal data that is necessary for the purposes described in this Policy. If you believe we are collecting data that is not necessary for the Platform's operation, please let us know at contactus@easygtm.com.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or Platform features.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify registered Users by email to the address associated with their account at least 14 days before the changes take effect
- Where required by applicable law, seek your consent before implementing changes that affect how we process your data
Your continued use of the Platform after the effective date of any updated Policy constitutes your acknowledgement of the changes. If you do not accept the updated Policy, you must stop using the Platform and may close your account in accordance with the Terms of Use.
We maintain an archive of previous versions of this Policy. If you would like to review a previous version, please contact us at contactus@easygtm.com.
16. Third-Party Links
The Platform may contain links to third-party websites, including LinkedIn profiles and company websites submitted by Users. This Privacy Policy does not apply to those third-party websites. We are not responsible for the privacy practices of any third party and encourage you to review the privacy policies of any website you visit.
17. Complaints
17.1 Contact us first
If you have a concern about how we handle your personal data, please contact us first at contactus@easygtm.com. We will investigate and respond to all complaints within 30 days.
17.2 EU/EEA Users - Supervisory Authority
If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority in your member state. A directory of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
17.3 Indian Users - Data Protection Board
If you are located in India and are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India in accordance with the DPDPA 2023 and DPDP Rules 2025. Further information is available at: https://www.meity.gov.in
17.4 Singapore Users - PDPC
If you are located in Singapore and are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at: https://www.pdpc.gov.sg
17.5 Australian Users - OAIC
If you are located in Australia and are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at: https://www.oaic.gov.au
18. Governing Law
This Privacy Policy is governed by the laws of India. For matters relating to the processing of personal data of EU/EEA residents, we comply with the General Data Protection Regulation (GDPR). For matters relating to the processing of personal data of Singapore residents, we comply with the Personal Data Protection Act (PDPA) 2012. For matters relating to the processing of personal data of Australian residents, we comply with the Privacy Act 1988 (Cth). We will comply with applicable privacy laws in all jurisdictions where we operate.
19. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact:
EasyGTM Software Pvt Ltd Chennai, Tamil Nadu, India Email: contactus@easygtm.com Website: https://www.barters.fyi
We aim to respond to all privacy-related correspondence within 30 days.