Comprehensive Privacy Policy
Effective Date: June 2026 | Platform: YB Connect
1. Introduction and Scope
At YB Connect, serving as the digital infrastructure for the BacktoBase mentorship community, we view data privacy not merely as a regulatory requirement, but as a foundational engineering principle. This Comprehensive Privacy Policy formally dictates the exact parameters, mechanisms, and architectural decisions governing how we collect, process, encrypt, and ultimately anonymize your Personally Identifiable Information (PII).
This document applies to all interactions within the YB Connect ecosystem, encompassing our cross-platform mobile application, our backend Node.js API infrastructure, and our integrations with third-party service providers. Our data architecture is built strictly on the principle of data minimization—meaning we only request, process, and retain the absolute minimum digital footprint required to facilitate secure, high-quality professional interactions.
By registering an account, authenticating your external profiles, or scheduling a consultation through YB Connect, you enter into a legally binding agreement confirming your consent to these data processing practices. If our data handling methodologies do not align with your personal privacy standards, we respectfully ask that you terminate your use of the platform.
2. Exhaustive Breakdown of Collected Information
To operate a functional, secure, and automated mentorship marketplace, we must collect specific categories of data. We categorize this into Direct Identifiers, Professional Metadata, and Third-Party API Telemetry.
2.1 Direct Account Identifiers
Upon registration, we collect your primary contact parameters: Full Legal Name, verified Email Address, and Phone Number. To secure your account, we utilize bcrypt cryptographic algorithms to hash and salt your password locally before it ever enters our database. We do not store, nor can we retrieve, your plaintext password.
2.2 Professional Profile & Mentorship Data
Industry experts and mentors may voluntarily construct a public-facing digital portfolio. This dataset includes your current city of residence, corporate affiliation (Company Name), job designation, a custom biographical summary, an array of technical and soft skills, spoken languages, total years of verified experience, notable achievements, and your requested hourly consultation rate. Furthermore, you may optionally link external social verifiers such as LinkedIn, X (Twitter), or personal portfolio URLs.
2.3 Third-Party Integrations (Zoom & Razorpay)
- Zoom API Telemetry: To automate the creation of your virtual consultation rooms, we initiate a secure 3-legged OAuth 2.0 handshake with the Zoom App Marketplace. We explicitly collect and securely store your Zoom Access Tokens, Refresh Tokens, and Account IDs. During active consultations, we listen to inbound Zoom Webhooks to capture transient metadata: dynamically generated Meeting IDs, Join/Start URLs, and precise timestamp triggers (`meeting.participant_joined` and `meeting.ended`).
- Financial Integration: To process escrow payments and mentor payouts, we interact securely with Razorpay. We collect and store your internal Razorpay Account ID, customized payout routing numbers, and IFSC codes. Under no circumstances does YB Connect collect, process, or store your raw credit card numbers, CVV codes, or direct banking passwords. All raw financial data is handled exclusively by Razorpay's PCI-DSS compliant infrastructure.
2.4 Automated System Data & Device Telemetry
When utilizing the mobile client, we automatically collect basic operational telemetry to ensure application stability. This includes your device's operating system version, network status, and Expo Push Tokens (utilized strictly to deliver critical, time-sensitive application alerts regarding your scheduled appointments).
3. Execution and Utilization of Data
We operate under a strict doctrine: data is solely an operational tool. We emphatically guarantee that YB Connect does not sell, rent, lease, or algorithmically trade your personal data to external marketing agencies, data brokers, or advertising networks. Your data is used exclusively to power the following internal logic engines:
- Automated Mentorship Routing: Executing logic to dynamically generate secure 1-on-1 virtual meeting rooms the exact moment an expert accepts a student's request, and routing those specific cryptographic URLs to the appropriate user dashboards.
- Escrow and Session Verification: We utilize Zoom's webhook data as an automated session stopwatch. By monitoring when participants join and leave a designated room, our backend calculates the precise duration of the consultation. This mathematical verification is required to authorize the release of financial escrow payments to the mentor, ensuring fraud prevention for both parties.
- Identity Verification & Access Control: Deploying time-sensitive One-Time Passwords (OTPs) to your verified email address to confirm identity before allowing critical account mutations, such as password resets or contact email modifications.
4. Enterprise Security Protocols & Data Storage
The YB Connect ecosystem is fortified by modern, enterprise-grade security protocols designed to prevent unauthorized data exfiltration or interception.
- Database Isolation: Our primary data layer is hosted on managed cloud clusters (MongoDB Atlas), protected by strict Network Access Control Lists (IP Whitelisting) and Virtual Private Cloud (VPC) peering limitations.
- Cryptographic Encryption: All sensitive external credentials, most notably Zoom OAuth keys, are encrypted at rest using advanced AES-256 cipher algorithms. Data in transit between your mobile application and our server endpoints is strictly funneled through enforced HTTPS/TLS 1.3 cryptographic tunnels.
- Stateless Authentication: User sessions are managed via stateless JSON Web Tokens (JWT) equipped with automated expiration limits, mitigating the risk of hijacked, long-standing connections.
5. Account Deletion and Cryptographic Anonymization (Soft Delete)
We respect your ultimate authority over your digital presence. However, to maintain the structural integrity of historical financial transactions and consultation ledgers, we deploy a sophisticated "Soft Delete" data anonymization protocol when you request account termination.
Upon initiating the "Delete Account" sequence within your application settings, the following irreversible actions are immediately executed by our servers:
- Identity Erasure: Your exact Name, Email Address, and Phone Number are permanently overwritten in our database with randomized, cryptographic hexadecimal strings (e.g., "Deleted User").
- Credential Destruction: Your hashed password is overwritten with a randomized string, permanently severing any future ability to authenticate. All active JWT session tokens are instantly invalidated.
- Profile Purge: All custom profile data—including your biography, professional skills, hourly rates, social media hyperlinks, and profile imagery—is entirely wiped from the `Profile` collection schema.
- Third-Party Disconnection: All stored Zoom OAuth credentials (access and refresh tokens) are deleted, severing our application's access to your Zoom account.
The only data that remains is an anonymous, disconnected ledger record of the consultation (e.g., "A meeting occurred on this date for this amount"), which is legally required for financial auditing and fraud prevention.
6. Strict Video Session Privacy Protocol
YB Connect leverages the enterprise infrastructure of Zoom to facilitate high-fidelity video consultations. We operate under an absolute policy of non-interference regarding the content of your meetings. Our integration is strictly structural. We do NOT record, capture, intercept, transcribe, or store any video streams, audio feeds, shared screens, or chat transcripts originating from your Zoom meetings. The intellectual property and private conversations exchanged during a mentorship session remain entirely confidential between the student and the industry expert.
7. Data Retention and Information Lifecycle Management
YB Connect follows a structured data retention framework designed to balance operational efficiency, user privacy, legal obligations, fraud prevention, and financial compliance requirements. We retain personal information only for as long as reasonably necessary to provide platform services, comply with applicable laws, resolve disputes, enforce agreements, and maintain system integrity.
User account information, including names, email addresses, contact information, and profile data, remains active while the account is operational. Once an account is deleted through the platform, personally identifiable information is anonymized or removed according to our deletion protocol.
Certain transaction records, payment references, consultation metadata, audit logs, and dispute-resolution records may be retained when required by applicable taxation laws, financial regulations, anti-fraud requirements, or contractual obligations. Such retained records are stored in a manner that minimizes direct user identification wherever possible.
8. User Rights, Access Controls, and Data Ownership
We believe users should maintain meaningful control over their personal information. Subject to applicable laws and platform requirements, users may exercise the following rights:
- Request access to information associated with their account.
- Correct inaccurate or outdated profile information.
- Update professional credentials and public-facing details.
- Withdraw previously granted permissions.
- Disconnect third-party integrations.
- Request account deletion.
- Request clarification regarding how information is processed.
YB Connect recognizes that users remain the owners of the information they submit. Our role is limited to processing such information solely for platform functionality, security, payment operations, mentorship matching, and service delivery.
9. Third-Party Services and External Providers
To provide a reliable mentorship experience, YB Connect relies upon selected third-party service providers that perform specialized operational functions.
- Zoom for virtual meeting infrastructure.
- Razorpay for payment processing and payouts.
- MongoDB Atlas for database hosting and management.
- Email providers for transactional communications.
- Push notification services for reminders and alerts.
- Cloud infrastructure providers for backend operations.
Each third-party provider operates under its own privacy practices and security standards. While YB Connect carefully evaluates service providers before integration, we do not control the independent privacy policies of external organizations.
10. Cookies, Analytics, and Similar Technologies
When accessing YB Connect through supported web interfaces, we may utilize cookies, local storage technologies, session identifiers, and similar mechanisms to improve security, authentication, performance, and user experience.
- Maintaining secure login sessions.
- Preventing fraudulent activities.
- Remembering user preferences.
- Improving application performance.
- Monitoring platform reliability.
- Supporting security investigations.
We do not use cookies for selling user profiles to advertising networks or third-party data brokers.
11. Children's Privacy and Age Restrictions
YB Connect is intended for students, professionals, mentors, and industry experts who meet the minimum legal age requirements applicable within their jurisdiction.
We do not knowingly collect personal information from children under the age of 13 years or any higher minimum age required by local law. If we become aware that such information has been submitted, we will take reasonable steps to remove it from our systems.
12. Security Monitoring and Incident Response
Maintaining the confidentiality, integrity, and availability of user data remains a core operational objective.
- Continuous infrastructure monitoring.
- Automated anomaly detection systems.
- Access control enforcement.
- Credential rotation policies.
- Security audits and logging.
- Vulnerability management processes.
In the event of a verified security incident affecting user information, we will investigate, implement remediation measures, and provide notification where required by law.
13. Artificial Intelligence and Automated Processing
YB Connect may utilize recommendation systems, matching algorithms, fraud detection mechanisms, and AI-assisted technologies to improve mentorship discovery, profile recommendations, scheduling workflows, and operational efficiency.
These systems are designed to support platform functionality and do not independently make legally binding decisions regarding users.
14. International Data Transfers
As a cloud-based platform, YB Connect may process, store, or transfer information across multiple geographic regions through trusted infrastructure providers. Appropriate safeguards are implemented to ensure data receives an appropriate level of protection consistent with applicable privacy standards.
15. Compliance with Applicable Laws
YB Connect strives to operate in accordance with applicable privacy, cybersecurity, consumer protection, and electronic communications regulations.
- Digital Personal Data Protection Act (DPDP), India.
- Information Technology Act, India.
- Industry-standard security frameworks.
- Payment and financial compliance requirements.
- Relevant international privacy principles.
16. Updates to This Privacy Policy
We reserve the right to modify, update, or revise this Privacy Policy to reflect changes in technology, legal requirements, platform features, security enhancements, or operational improvements. Continued use of YB Connect after such updates constitutes acceptance of the revised policy.
17. Contact Information and Privacy Requests
Questions, concerns, privacy requests, security reports, or data-related inquiries may be directed to our compliance team.
Organization: Yb Connect
Platform: YB Connect
Email: yashwanthbondapalli@ybconnect.in
Support: yashwanthbondapalli@ybconnect.in
Data Inquiry & Support
Our backend engineering and security compliance teams are available to provide further architectural clarity regarding our encryption standards, webhook tracking, or data retention policies.