Privacy Policy

1. Introduction

Thoughtwave Software and Solutions Inc. ("Thoughtwave," "we," "us," or "our") is a certified minority-owned IT consulting company headquartered in Aurora, Illinois, with global offices in the United States, India, Singapore, Mexico, and Canada. We are committed to protecting the privacy of individuals who visit our website (thoughtwavesoft.com), use our services, or otherwise interact with us.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information. It applies to all users worldwide and addresses compliance with applicable laws including the California Consumer Privacy Act (CCPA/CPRA), the EU General Data Protection Regulation (GDPR), and India's Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Information We Collect

2.1 Information You Provide

• Contact details: name, email address, phone number, company name, job title
• Communication data: messages submitted via forms, email, or phone
• Employment data: resumes, cover letters, and application materials submitted through our careers portal
• Account data: login credentials if you use our platforms (e.g., SwarmHR)

2.2 Information Collected Automatically

• Device and browser information: IP address, browser type and version, operating system
• Usage data: pages visited, time spent, referring URLs, click patterns
• Cookies and similar technologies: session cookies, analytics cookies, and preference cookies (see Section 8)
• Location data: approximate geographic location inferred from IP address

2.3 Information from Third Parties

We may receive information from business partners, recruitment platforms, publicly available sources, and analytics providers to supplement the data you provide.

3. How We Use Your Information

We use personal information for the following purposes:

• Responding to your inquiries and providing requested services
• Processing job applications and managing recruitment
• Delivering and improving our IT consulting services and products
• Sending service updates, newsletters, and marketing communications (only with your explicit consent)
• Analyzing website usage to improve user experience and performance
• Maintaining the security and integrity of our systems
• Complying with legal obligations and enforcing our terms

We will not send you marketing messages without your explicit opt-in consent. You may withdraw consent at any time.

4. Legal Bases for Processing (GDPR & DPDP Act)

Where applicable, we process your personal data based on:

• Consent: Where you have given clear, affirmative consent for specific purposes
• Contractual necessity: To perform a contract with you or take pre-contractual steps at your request
• Legitimate interests: For our business operations, provided these do not override your fundamental rights
• Legal obligation: To comply with applicable laws, regulations, or court orders

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service providers: Hosting, analytics, email delivery, SMS gateways, and cloud infrastructure vendors who process data on our behalf under strict contractual obligations
• Affiliated companies: Within the Thoughtwave Group (including QuantumWave Technologies and SwarmHR) for operational purposes
• Legal authorities: When required by law, regulation, legal process, or governmental request
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections

6. International Data Transfers

Thoughtwave operates globally with offices in the United States, India, Singapore, Mexico, and Canada. Your data may be transferred to and processed in countries outside your country of residence. When transferring data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Contractual commitments with affiliates and vendors requiring equivalent data protection standards

7. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy or as required by law. Retention periods depend on the nature of the data, the purpose of processing, and applicable legal requirements. When data is no longer needed, we securely delete or anonymize it.

8. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential cookies: Required for website functionality (no consent needed)
• Analytics cookies: Help us understand usage patterns and improve site performance
• Preference cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. For EU and applicable jurisdictions, we obtain consent before setting non-essential cookies.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including encryption in transit (TLS/SSL) and at rest, access controls, regular security assessments, and employee training. While no method of transmission or storage is 100% secure, we take all commercially reasonable steps to safeguard your data.

10. Your Rights

10.1 All Users

• Access, correct, or update your personal information
• Withdraw consent for marketing communications at any time
• Unsubscribe from SMS by replying "STOP" to any message
• Request deletion of your personal data (subject to legal obligations)

10.2 California Residents (CCPA/CPRA)

• Right to know what personal information is collected and how it is used
• Right to delete personal information held by us
• Right to opt out of the sale or sharing of personal information (we do not sell personal data)
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your rights

10.3 European Economic Area Residents (GDPR)

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

10.4 India Residents (DPDP Act, 2023)

• Right to access a summary of your personal data and processing activities
• Right to correction and erasure of personal data
• Right to grievance redressal
• Right to nominate another person to exercise your rights
• Right to withdraw consent at any time

11. SMS Text Messaging

If you provide your phone number, you may receive text messages including appointment confirmations, job updates, and service alerts. Message and data rates may apply. You can opt out at any time by replying "STOP" to any message. We do not share phone numbers with third parties for marketing purposes.

12. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete it.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. The "Effective Date" at the top indicates the last revision. We encourage you to review this page regularly. Continued use of our website after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to file a complaint, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority. For DPDP Act inquiries, you may contact the Data Protection Board of India.