Privacy policy
Last updated:
1. What laws apply to this policy
Because we serve clients and website visitors across multiple geographies, this policy is designed to comply with:
India: The Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025 (DPDP Rules), which came into partial effect on 13 November 2025 and will be fully effective by 13 May 2027.
European Union and United Kingdom: The General Data Protection Regulation (GDPR) and UK GDPR, which apply to any personal data we process relating to individuals in the EU or UK.
United States: While there is no single federal data privacy law, we follow privacy-by-design principles and honour applicable state-level rights where they apply, including those under the California Consumer Privacy Act (CCPA).
Other jurisdictions: We apply the most protective standard across all regions as a baseline.
2. What personal data we collect
We collect personal data in the following ways and contexts. We collect only what is necessary for the stated purpose.
2a. Data you provide directly
Through our contact form and book-a-call form:
Your name
Your work email address
Your company name and role
Your website URL
Information about your business, SaaS category, and pipeline challenges
Your preferred time slot for a call
Through email and direct communications:
Your name and email address
The content of your message or enquiry
Any additional information you choose to share
Through client onboarding:
Your name, company details, and billing address
Payment information processed securely through our payment partners (we do not store credit card numbers directly)
Project briefs, business context, and strategic information you share with us for the purpose of delivering your engagement
Through our blog or newsletter (if and when applicable):
Your email address if you subscribe to receive content from us
2b. Data we collect automatically
Website analytics: When you visit aiakshara.com, we collect standard analytics data including pages visited, time spent on pages, device type, browser type, and approximate location (country or city level). This is collected through Framer's built-in analytics and, where enabled, Google Analytics. This data is aggregated and is not linked to your identity unless you have also submitted a form.
Cookies: We use cookies to understand how visitors use our website, keep session data, and improve the experience. See Section 8 for details.
IP address: Your IP address is collected automatically when you visit our website. We use this for security purposes and to understand approximate geographic reach. We do not use it to identify you personally.
2c. Data we do not collect
We do not collect sensitive personal data such as health information, racial or ethnic origin, political opinions, religious beliefs, biometric data, or financial account details beyond what is necessary for billing.
We do not knowingly collect data from children under 13 (or under 16 where applicable). If we discover we have inadvertently done so, we will delete it immediately.
3. Why we collect your data and our legal basis for doing so
We process personal data only for specific, legitimate purposes. For each purpose, we identify the legal basis under applicable law.
Purpose | Data used | Legal basis (GDPR) | Legal basis (DPDP Act) |
|---|---|---|---|
Responding to your contact form or enquiry | Name, email, message content | Legitimate interests / Contract | Consent |
Booking and conducting a discovery or audit call | Name, email, company info, time slot | Contract | Consent |
Delivering services to clients | All data provided during engagement | Contract | Consent / Contractual necessity |
Sending invoices and processing payments | Billing name, address, payment details | Contract / Legal obligation | Contractual necessity |
Improving our website and user experience | Analytics, cookies | Legitimate interests | Legitimate use |
Sending service updates or relevant content | Email address | Legitimate interests / Consent | Consent |
Complying with legal obligations | As required | Legal obligation | Legal obligation |
Protecting against fraud or misuse | IP address, usage data | Legitimate interests | Legitimate use |
On consent: Where we rely on consent as our legal basis, you may withdraw that consent at any time by contacting us at info@aiakshara.com. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
4. How we use your data in service delivery
As a content and narrative strategy studio, we receive confidential business information from clients in the course of delivering our services. This includes GTM strategy documents, ICP data, sales metrics, messaging briefs, and internal business context.
We use this information exclusively to deliver the services you have engaged us for. We do not use client data for any purpose outside the specific engagement. We do not reference, share, or publish client data, even anonymised, without explicit written permission.
5. AI tools disclosure
We use artificial intelligence tools in the production of content strategy, copywriting, and related deliverables. These tools may include Claude (by Anthropic), and may include other AI writing or research tools from time to time.
What this means for your data:
We do not input personally identifiable client information into AI tools without your knowledge.
We use AI tools for drafting, research, and ideation, not as a substitute for the strategic thinking and editorial judgement applied to every deliverable.
Where AI tools are used, the output is reviewed, edited, and approved by a human before delivery.
We ensure that any AI tools we use have data processing terms consistent with our confidentiality obligations to clients.
If you have specific requirements about AI tool usage in your engagement, please raise this during onboarding and we will accommodate your preferences in writing.
6. How we share your data
We do not sell your personal data. We do not rent it. We do not trade it.
We share data only in the following limited circumstances:
Service providers: We work with a small number of trusted third-party providers who help us operate our business. These include:
Provider | Purpose | Data shared |
|---|---|---|
Payment processor (e.g. Paypal, Razorpay) | Processing client payments | Billing name, amount, payment details |
Email service provider | Sending transactional emails | Name, email address |
Framer | Website hosting and analytics | Aggregated website usage data |
Google Analytics | Website performance analysis | Anonymised usage data |
Calendar tool (e.g. Calendly) | Booking discovery calls | Name, email, time preference |
Cloud storage (e.g. Google Drive, Notion) | Storing and sharing client deliverables | Client project data |
All third-party providers are required to process your data only for the specified purpose and to maintain appropriate security standards. Where required by law (e.g., GDPR Article 28), we have or will put in place Data Processing Agreements with relevant providers.
Legal compliance: We may disclose personal data if required to do so by law, regulation, court order, or government authority. We will notify you of such a disclosure where legally permitted to do so.
Business transfers: In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the successor entity. You will be notified of any such change and of your rights in that context.
With your explicit consent: We will share your data in any other circumstances only with your prior written consent.
7. International data transfers
AI Akshara Labs is based in India. Some of our service providers (listed in Section 6) are based outside India, including in the United States and the European Union.
When we transfer personal data outside India, we ensure the transfer complies with the DPDP Act and, where applicable, GDPR. We rely on the following safeguards:
Standard Contractual Clauses (SCCs) with EU-based processors where applicable
Adequacy decisions where they exist
Our service providers' own compliance with applicable international data transfer frameworks
If you are located in the EU or UK and have concerns about international data transfers, please contact us at info@aiakshara.com.
8. Cookies and tracking technologies
What are cookies? Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit.
What cookies do we use?
Cookie type | Purpose | Can you opt out? |
|---|---|---|
Essential cookies | Required for the website to function, keeping sessions active, remembering form state | No, these are necessary |
Analytics cookies | Understanding how visitors use the site, pages viewed, time on page, device type | Yes, via cookie settings or browser settings |
Preference cookies | Remembering settings like currency preference on the calculator | Yes, via browser settings |
We do not use advertising cookies or retargeting pixels.
How to manage cookies: You can manage or disable non-essential cookies through your browser settings. Most browsers allow you to refuse all cookies or to alert you when cookies are being set. Note that disabling cookies may affect some features of our website.
We will implement a cookie consent banner on our website to allow you to make an informed choice before non-essential cookies are placed on your device.
9. Data retention
We retain your personal data only for as long as necessary for the purpose it was collected.
Data type | Retention period |
|---|---|
Enquiry and contact form data | 2 years from last contact, or until you request deletion |
Client project data and deliverables | 3 years from end of engagement, unless otherwise agreed |
Billing and invoice records | 7 years (required by Indian tax and accounting law) |
Email communications | 2 years from last contact |
Website analytics data | 14 months (Google Analytics default) |
Cookies | Per cookie type — session cookies expire when you close your browser; persistent cookies expire within 12 months |
After the retention period, data is securely deleted or anonymised. Billing records are retained for the legally required period even if you request deletion of other data.
10. Data security
We take the security of your personal data seriously and implement the following measures:
All data transmitted to and from our website is encrypted using HTTPS/TLS.
Client deliverables and project data are stored in password-protected cloud storage with access restricted to the people who need it.
We use strong, unique passwords and two-factor authentication on all tools and platforms that store personal data.
We regularly review which third-party tools have access to client data and revoke access when no longer required.
We do not share client login credentials or account access with unauthorised parties.
No security system is perfect. While we work hard to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal data, we will notify you and, where required by law, the relevant data protection authority, within the timeframes required by applicable law (72 hours under GDPR; promptly under the DPDP Act).
11. Your rights
Depending on your location, you have the following rights over your personal data. We will respond to all requests within a reasonable timeframe and in any case within 30 days.
Rights for all individuals (India DPDP Act)
Under the Digital Personal Data Protection Act, 2023, you have the right to:
Access: Obtain a summary of the personal data we hold about you and how we are processing it.
Correction: Request correction of any inaccurate or incomplete personal data.
Erasure: Request deletion of your personal data, subject to our legal obligations to retain certain data.
Grievance redressal: Raise a complaint with us directly, and if unsatisfied, with the Data Protection Board of India once established.
Nominate a representative: Nominate another individual to exercise your rights on your behalf in the event of death or incapacity.
Additional rights for EU and UK individuals (GDPR)
If you are located in the EU or UK, you additionally have the right to:
Data portability: Receive your personal data in a structured, machine-readable format.
Object: Object to processing based on legitimate interests.
Restrict processing: Request that we limit how we use your data in certain circumstances.
Withdraw consent: Where processing is based on consent, withdraw it at any time.
Lodge a complaint: With your national data protection authority (e.g., the ICO in the UK, or your EU member state's supervisory authority).
How to exercise your rights
Contact us at info@aiakshara.com with the subject line "Data Rights Request." Please include your name and sufficient information to allow us to identify your data. We will respond within 30 days and will not charge a fee for reasonable requests.
12. Children's privacy
Our website and services are directed at business professionals and are not intended for use by children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children.
13. Third-party links and services
Our website may contain links to third-party websites, tools, or resources. This Privacy Policy applies only to aiakshara.com. We are not responsible for the privacy practices of third-party sites and encourage you to read their privacy policies before sharing any personal data with them.
14. Marketing communications
We may send you relevant content, service updates, or information about our work if you have:
Requested it, or
Engaged with us as a client, or
Provided your details through our contact or book-a-call form with a reasonable expectation of hearing from us
We will always include an unsubscribe option in any email communication. You can opt out at any time by clicking the unsubscribe link or by emailing info@aiakshara.com.
We do not send unsolicited marketing emails (spam).
15. Changes to this privacy policy
We may update this Privacy Policy from time to time to reflect changes in our services, applicable law, or data practices. When we do:
The "Last Updated" date at the top of this page will be revised.
For material changes, we will notify active clients by email.
The most current version will always be available at https://aiakshara.com/privacy-policy.
We encourage you to review this policy periodically.
16. Contact us and grievance redressal
For any questions, concerns, or data rights requests:
AI Akshara Labs Pune, Maharashtra, India Email: info@aiakshara.com
We aim to respond to all privacy-related enquiries within 5 business days and to resolve all data rights requests within 30 days.
This Privacy Policy was last reviewed by AI Akshara Labs in June 2026.
© 2026 AI Akshara Labs. All rights reserved.