Privacy policy

Last updated:

1. What laws apply to this policy

Because we serve clients and website visitors across multiple geographies, this policy is designed to comply with:

India: The Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025 (DPDP Rules), which came into partial effect on 13 November 2025 and will be fully effective by 13 May 2027.

European Union and United Kingdom: The General Data Protection Regulation (GDPR) and UK GDPR, which apply to any personal data we process relating to individuals in the EU or UK.

United States: While there is no single federal data privacy law, we follow privacy-by-design principles and honour applicable state-level rights where they apply, including those under the California Consumer Privacy Act (CCPA).

Other jurisdictions: We apply the most protective standard across all regions as a baseline.


2. What personal data we collect

We collect personal data in the following ways and contexts. We collect only what is necessary for the stated purpose.

2a. Data you provide directly

Through our contact form and book-a-call form:

  • Your name

  • Your work email address

  • Your company name and role

  • Your website URL

  • Information about your business, SaaS category, and pipeline challenges

  • Your preferred time slot for a call

Through email and direct communications:

  • Your name and email address

  • The content of your message or enquiry

  • Any additional information you choose to share

Through client onboarding:

  • Your name, company details, and billing address

  • Payment information processed securely through our payment partners (we do not store credit card numbers directly)

  • Project briefs, business context, and strategic information you share with us for the purpose of delivering your engagement

Through our blog or newsletter (if and when applicable):

  • Your email address if you subscribe to receive content from us

2b. Data we collect automatically

Website analytics: When you visit aiakshara.com, we collect standard analytics data including pages visited, time spent on pages, device type, browser type, and approximate location (country or city level). This is collected through Framer's built-in analytics and, where enabled, Google Analytics. This data is aggregated and is not linked to your identity unless you have also submitted a form.

Cookies: We use cookies to understand how visitors use our website, keep session data, and improve the experience. See Section 8 for details.

IP address: Your IP address is collected automatically when you visit our website. We use this for security purposes and to understand approximate geographic reach. We do not use it to identify you personally.

2c. Data we do not collect

We do not collect sensitive personal data such as health information, racial or ethnic origin, political opinions, religious beliefs, biometric data, or financial account details beyond what is necessary for billing.

We do not knowingly collect data from children under 13 (or under 16 where applicable). If we discover we have inadvertently done so, we will delete it immediately.


3. Why we collect your data and our legal basis for doing so

We process personal data only for specific, legitimate purposes. For each purpose, we identify the legal basis under applicable law.


Purpose

Data used

Legal basis (GDPR)

Legal basis (DPDP Act)

Responding to your contact form or enquiry

Name, email, message content

Legitimate interests / Contract

Consent

Booking and conducting a discovery or audit call

Name, email, company info, time slot

Contract

Consent

Delivering services to clients

All data provided during engagement

Contract

Consent / Contractual necessity

Sending invoices and processing payments

Billing name, address, payment details

Contract / Legal obligation

Contractual necessity

Improving our website and user experience

Analytics, cookies

Legitimate interests

Legitimate use

Sending service updates or relevant content

Email address

Legitimate interests / Consent

Consent

Complying with legal obligations

As required

Legal obligation

Legal obligation

Protecting against fraud or misuse

IP address, usage data

Legitimate interests

Legitimate use

On consent: Where we rely on consent as our legal basis, you may withdraw that consent at any time by contacting us at info@aiakshara.com. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.


4. How we use your data in service delivery

As a content and narrative strategy studio, we receive confidential business information from clients in the course of delivering our services. This includes GTM strategy documents, ICP data, sales metrics, messaging briefs, and internal business context.

We use this information exclusively to deliver the services you have engaged us for. We do not use client data for any purpose outside the specific engagement. We do not reference, share, or publish client data, even anonymised, without explicit written permission.


5. AI tools disclosure

We use artificial intelligence tools in the production of content strategy, copywriting, and related deliverables. These tools may include Claude (by Anthropic), and may include other AI writing or research tools from time to time.

What this means for your data:

  • We do not input personally identifiable client information into AI tools without your knowledge.

  • We use AI tools for drafting, research, and ideation, not as a substitute for the strategic thinking and editorial judgement applied to every deliverable.

  • Where AI tools are used, the output is reviewed, edited, and approved by a human before delivery.

  • We ensure that any AI tools we use have data processing terms consistent with our confidentiality obligations to clients.

If you have specific requirements about AI tool usage in your engagement, please raise this during onboarding and we will accommodate your preferences in writing.


6. How we share your data

We do not sell your personal data. We do not rent it. We do not trade it.

We share data only in the following limited circumstances:

Service providers: We work with a small number of trusted third-party providers who help us operate our business. These include:


Provider

Purpose

Data shared

Payment processor (e.g. Paypal, Razorpay)

Processing client payments

Billing name, amount, payment details

Email service provider

Sending transactional emails

Name, email address

Framer

Website hosting and analytics

Aggregated website usage data

Google Analytics

Website performance analysis

Anonymised usage data

Calendar tool (e.g. Calendly)

Booking discovery calls

Name, email, time preference

Cloud storage (e.g. Google Drive, Notion)

Storing and sharing client deliverables

Client project data

All third-party providers are required to process your data only for the specified purpose and to maintain appropriate security standards. Where required by law (e.g., GDPR Article 28), we have or will put in place Data Processing Agreements with relevant providers.

Legal compliance: We may disclose personal data if required to do so by law, regulation, court order, or government authority. We will notify you of such a disclosure where legally permitted to do so.

Business transfers: In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the successor entity. You will be notified of any such change and of your rights in that context.

With your explicit consent: We will share your data in any other circumstances only with your prior written consent.


7. International data transfers

AI Akshara Labs is based in India. Some of our service providers (listed in Section 6) are based outside India, including in the United States and the European Union.

When we transfer personal data outside India, we ensure the transfer complies with the DPDP Act and, where applicable, GDPR. We rely on the following safeguards:

  • Standard Contractual Clauses (SCCs) with EU-based processors where applicable

  • Adequacy decisions where they exist

  • Our service providers' own compliance with applicable international data transfer frameworks

If you are located in the EU or UK and have concerns about international data transfers, please contact us at info@aiakshara.com.


8. Cookies and tracking technologies

What are cookies? Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit.

What cookies do we use?


Cookie type

Purpose

Can you opt out?

Essential cookies

Required for the website to function, keeping sessions active, remembering form state

No, these are necessary

Analytics cookies

Understanding how visitors use the site, pages viewed, time on page, device type

Yes, via cookie settings or browser settings

Preference cookies

Remembering settings like currency preference on the calculator

Yes, via browser settings

We do not use advertising cookies or retargeting pixels.

How to manage cookies: You can manage or disable non-essential cookies through your browser settings. Most browsers allow you to refuse all cookies or to alert you when cookies are being set. Note that disabling cookies may affect some features of our website.

We will implement a cookie consent banner on our website to allow you to make an informed choice before non-essential cookies are placed on your device.


9. Data retention

We retain your personal data only for as long as necessary for the purpose it was collected.


Data type

Retention period

Enquiry and contact form data

2 years from last contact, or until you request deletion

Client project data and deliverables

3 years from end of engagement, unless otherwise agreed

Billing and invoice records

7 years (required by Indian tax and accounting law)

Email communications

2 years from last contact

Website analytics data

14 months (Google Analytics default)

Cookies

Per cookie type — session cookies expire when you close your browser; persistent cookies expire within 12 months

After the retention period, data is securely deleted or anonymised. Billing records are retained for the legally required period even if you request deletion of other data.


10. Data security

We take the security of your personal data seriously and implement the following measures:

  • All data transmitted to and from our website is encrypted using HTTPS/TLS.

  • Client deliverables and project data are stored in password-protected cloud storage with access restricted to the people who need it.

  • We use strong, unique passwords and two-factor authentication on all tools and platforms that store personal data.

  • We regularly review which third-party tools have access to client data and revoke access when no longer required.

  • We do not share client login credentials or account access with unauthorised parties.

No security system is perfect. While we work hard to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal data, we will notify you and, where required by law, the relevant data protection authority, within the timeframes required by applicable law (72 hours under GDPR; promptly under the DPDP Act).


11. Your rights

Depending on your location, you have the following rights over your personal data. We will respond to all requests within a reasonable timeframe and in any case within 30 days.

Rights for all individuals (India DPDP Act)

Under the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access: Obtain a summary of the personal data we hold about you and how we are processing it.

  • Correction: Request correction of any inaccurate or incomplete personal data.

  • Erasure: Request deletion of your personal data, subject to our legal obligations to retain certain data.

  • Grievance redressal: Raise a complaint with us directly, and if unsatisfied, with the Data Protection Board of India once established.

  • Nominate a representative: Nominate another individual to exercise your rights on your behalf in the event of death or incapacity.

Additional rights for EU and UK individuals (GDPR)

If you are located in the EU or UK, you additionally have the right to:

  • Data portability: Receive your personal data in a structured, machine-readable format.

  • Object: Object to processing based on legitimate interests.

  • Restrict processing: Request that we limit how we use your data in certain circumstances.

  • Withdraw consent: Where processing is based on consent, withdraw it at any time.

  • Lodge a complaint: With your national data protection authority (e.g., the ICO in the UK, or your EU member state's supervisory authority).

How to exercise your rights

Contact us at info@aiakshara.com with the subject line "Data Rights Request." Please include your name and sufficient information to allow us to identify your data. We will respond within 30 days and will not charge a fee for reasonable requests.


12. Children's privacy

Our website and services are directed at business professionals and are not intended for use by children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children.


13. Third-party links and services

Our website may contain links to third-party websites, tools, or resources. This Privacy Policy applies only to aiakshara.com. We are not responsible for the privacy practices of third-party sites and encourage you to read their privacy policies before sharing any personal data with them.


14. Marketing communications

We may send you relevant content, service updates, or information about our work if you have:

  • Requested it, or

  • Engaged with us as a client, or

  • Provided your details through our contact or book-a-call form with a reasonable expectation of hearing from us

We will always include an unsubscribe option in any email communication. You can opt out at any time by clicking the unsubscribe link or by emailing info@aiakshara.com.

We do not send unsolicited marketing emails (spam).


15. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our services, applicable law, or data practices. When we do:

  • The "Last Updated" date at the top of this page will be revised.

  • For material changes, we will notify active clients by email.

  • The most current version will always be available at https://aiakshara.com/privacy-policy.

We encourage you to review this policy periodically.


16. Contact us and grievance redressal

For any questions, concerns, or data rights requests:

AI Akshara Labs Pune, Maharashtra, India Email: info@aiakshara.com

We aim to respond to all privacy-related enquiries within 5 business days and to resolve all data rights requests within 30 days.

This Privacy Policy was last reviewed by AI Akshara Labs in June 2026.

© 2026 AI Akshara Labs. All rights reserved.