Privacy Policy

1. INTRODUCTION

This Privacy Policy describes how Selixer collects, uses, processes, and protects personal data in connection with the operation of the Selixer platform, including the website, and related services (collectively referred to as the "Platform").

For the purposes of applicable data protection laws, Selixer acts as the Data Controller responsible for the processing of personal data carried out through the Platform.

Where Selixer processes personal data contained within Customer Data on behalf of a Customer (e.g., end-customer data imported from Shopify), Selixer acts as a data processor and the Customer is the data controller. In such cases, the terms of the Data Processing Agreement (DPA) apply.

Data Controller: Akaame Export Pvt. Ltd.

Registered Address: A-356, Moneyplant Highstreet Jagatpur Road, Gota Ahmedabad, Gujarat – 382470, India

Data Protection Officer: dpo@selixer.com

Website: www.selixer.com

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:

• All visitors to the Selixer Platform;
• All registered Users of the Platform;
• All personal data handled by Selixer in connection with the provision of the Services;
• Personal data of end-customers of our Users that is processed through the Platform via third-party integrations.

This Policy does not apply to third-party websites or services linked from the Platform. We encourage you to review the privacy policies of those third-party services.

Where Selixer processes personal data on behalf of a User, including end-customer data imported via integrations, Selixer acts solely as a data processor.

The User remains responsible for:

(a) determining the purposes and means of processing; (b) providing required notices to data subjects; (c) obtaining valid consent where required; (d) responding to data subject rights requests.

If you are an end-customer of one of our Users, please contact that User directly regarding your personal data.

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1 User Account Data

When a User registers for and uses Selixer, we collect the following data directly from the merchant or their authorised Users:

• Full name of the account owner and Users;
• Business email address;
• Phone number;
• Business/company name;
• Store name and store URL;
• Billing address and payment information (processed through our payment service provider);
• Account credentials (password stored in encrypted form only).

3.2 End-Customer Data (via Third-Party Integrations)

Through the Customer's authorised integration with third-party platforms such as Shopify, Selixer may receive and process personal data relating to the User's end-customers. This may include:

• Customer names;
• Email addresses;
• Phone numbers;
• Postal/shipping addresses;
• Location data;
• Order history and transaction data.

Selixer processes this data solely to provide analytics and intelligence services to the Customer. Selixer does not use this data for its own marketing, profiling, or other independent purposes.

3.3 Technical and Usage Data

Selixer automatically collects certain technical data when Users interact with the Platform:

• IP address;
• Browser type and version;
• Device type, operating system, and hardware information;
• Pages viewed, features used, session duration, and clickstream data;
• Date and time of access;
• Referring URLs.

3.4 Cookies and Tracking Technologies

Selixer uses cookies, web beacons, and similar tracking technologies to operate the Platform and analyse usage. Categories of cookies used include:

• Essential cookies: Required for the Platform to function correctly (e.g., session authentication);
• Analytics cookies: Used to understand how Users interact with the Platform (via PostHog and similar tools)
• Preference cookies: Used to remember User settings and preferences.

You may control cookie settings through your browser, but disabling essential cookies may affect Platform functionality. Our Cookie Policy is available at www.selixer.com/cookies.

4. HOW WE COLLECT PERSONAL DATA

• Directly from you when you register, complete onboarding, or contact us;
• From your connected Third-Party Integrations (e.g., Shopify API, Meta Ads, Google Ads);
• Automatically through your use of the Platform (technical and usage data);
• From cookies and tracking technologies placed on your device;
• From third-party service providers that assist us in operating the Platform.

5. LEGAL BASIS FOR PROCESSING PERSONAL DATA

We rely on the following legal bases for processing personal data, depending on the context and applicable law:

5.1 Under the GDPR (EU/UK Users)

• Contract Performance (Art. 6(1)(b)): Processing is necessary to provide the Platform and perform our contractual obligations;
• Legitimate Interests (Art. 6(1)(f)): For fraud prevention, security, product improvement, and analytics, where these are not overridden by your interests or rights;
• Compliance with Legal Obligations (Art. 6(1)(c)): Where processing is required by applicable law;
• Consent (Art. 6(1)(a)): For non-essential cookies and direct marketing communications, where we rely on your consent.

5.2 Under the CCPA (California Users)

We process personal information to provide and improve our Services, as disclosed in this Policy.

5.3 Under India's DPDP Act, 2023 (Indian Users)

We process personal data on the basis of: (a) consent of the Data Principal, where applicable; (b) for certain legitimate uses as permitted under Section 7 of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), including contractual necessity and compliance with law; and (c) as required or authorised by applicable Indian law.

6. HOW WE USE PERSONAL DATA

We use the personal data we collect for the following purposes:

• To register your account and verify your identity;
• To provide, operate, maintain, and improve the Platform and Services;
• To process subscriptions and payments;
• To provide customer support and respond to enquiries;
• To send transactional communications (e.g., receipts, service alerts, security notifications);
• To send marketing communications, where you have opted in to receive them;
• To personalise your experience on the Platform;
• To monitor Platform usage and analyse behavioural patterns to improve features (via analytics tools including PostHog);
• To detect, investigate, and prevent fraud, abuse, and security incidents;
• To comply with applicable legal obligations;
• To enforce our Terms and Conditions;
• To aggregate and anonymise data for product development and benchmarking purposes. We may use aggregated, anonymised, or de-identified data that does not identify any individual for analytics, benchmarking, research, and product improvement purposes.

7. DATA SHARING AND DISCLOSURE

We do not sell personal data. We may share personal data with the following categories of recipients:

7.1 Cloud Infrastructure Provider

Customer Data and personal data are stored on Google Cloud Platform (GCP) infrastructure in the US-Central region. Google acts as a sub-processor. Google's data processing terms apply.

7.2 Analytics and CRM Tools

We use PostHog to track User behaviour on the Platform for the purpose of product analytics and improving user experience. PostHog processes usage data and technical identifiers (such as IP addresses and session data) as a data processor. We have implemented a data processing agreement with PostHog. You may opt out of analytics tracking by contacting us at privacy@selixer.com.

7.3 Infrastructure and Hosting:

• Cloud hosting providers (data storage, computing)
• Content delivery networks (CDN)
• Database management services

7.4 Payment Processors

Payment information is processed by our third-party payment service provider(s). Selixer does not store card details on its systems.

7.5 Advertising Platforms and Analytics

We may share or make available certain personal data and usage data with third-party advertising, analytics, Error tracking and debugging tools, Application performance monitoring and marketing platforms where you have enabled such integrations or where such sharing is necessary to provide the Services. These may include analytic platforms such as Google Ads, Google Analytics, Meta Ads, and similar service providers. These platforms may process data as independent controllers or as processors, depending on the nature of the integration and applicable law. Such data sharing may include identifiers, technical data, usage data, and transaction-related information necessary to enable campaign tracking, performance analytics, attribution, and optimisation. Any sharing of personal data with such platforms is carried out in accordance with applicable data protection laws and, where required, based on your consent or instructions.

7.6 Email and Messaging Delivery:

• Email sending infrastructure providers
• Messaging platform providers
• SMS and notification gateways

7.7 Customer Support:

• Help desk and ticketing systems
• Live chat platforms
• Customer feedback tools

7.8 Marketing and Sales:

• Marketing automation platforms
• CRM systems
• Advertising platforms (for our marketing)

7.9 Business Partners

We may share limited data with authorised business partners who assist in the delivery of the Services, subject to confidentiality and data protection obligations. We do not share personal data with advertising networks or data brokers.

7.10 Legal and Regulatory Authorities

We may disclose personal data to law enforcement, courts, regulators, or other governmental authorities where required by applicable law or where necessary to protect the rights, property, or safety of Selixer, our Customers, or others.

7.11 Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of our business, personal data may be transferred to the successor entity, subject to the same or equivalent privacy protections as set out in this Policy.

7.12 All service providers must:

• Process data only as instructed by us
• Implement appropriate security measures
• Comply with applicable data protection laws
• Not use data for their own purposes
• Be contractually bound to protect your data
• Service Providers: Selixer uses third-party service providers and subprocessors to operate the Platform, which may include providers of cloud hosting, database infrastructure, payment processing, customer support, analytics, communications delivery, security monitoring, and product functionality.
• Examples: Depending on the services used, these providers may include, for example, Amazon Web Services or other hosting providers for infrastructure, Stripe or other payment processors for billing, and email or messaging delivery vendors for transactional communications.
• Authorization: These service providers are authorized to access personal data only to the extent necessary to provide services to Selixer and are contractually required to implement appropriate confidentiality and security measures.
• Transparency: Selixer may maintain and update a list of current subprocessors (if any) from time to time. Where required by applicable law or contract, such list will be made available on our website or upon written request. A current list of Selixer’s subprocessors is available at: www.selixer.com/subprocessors

8. DATA RETENTION

8.1 Account and User Data

Active Accounts:

• Retained for the duration of your subscription plus any applicable grace period
• Continuously updated as you use the Platform

Deleted Accounts:

• Personal account data: Deleted within 30 days of account termination
• Backup copies: Deleted within 90 days
• Anonymized usage data: May be retained as necessary to comply with legal obligations and to ensure suppression of further communications for analytics

8.2 Financial and Tax Records

Required retention periods:

• Transaction records: Minimum 8 years
• GST invoices and records: Minimum 6 years from end of financial year (CGST Act, Section 36)
• Accounting records: retained for approximately 8 years as required under applicable law
• Tax documentation: retained for such period as required under applicable tax laws, including reassessment and audit requirements.

In general, such records are retained for a period typically ranging from 5 to 10 years, depending on jurisdiction.

8.3 Customer Data (Your Subscribers)

While account is active:

• Retained as long as you maintain your account
• Subject to your control - you can delete anytime

After account termination:

• Deleted within 30 days unless legal hold applies
• Backup copies deleted within 90 days

8.4 Communication Records

• Support tickets: Retained for 3 years after case closure
• Chat transcripts: Retained for 1 year
• Email correspondence: Retained for 3 years
• Phone recordings: Retained for 1 year (with notice)

8.5 Marketing and Analytics Data

• Campaign performance data: Retained for 2 years
• Website analytics: Retained for 2 years
• Marketing metrics: Anonymized after 2 years

8.6 Suppression Lists

• Email suppressions: Retained to honor opt-outs
• Complaint records: Retained to prevent re-sending
• Bounce data: Retained for 1 year (hard bounces retained longer)
• Block lists: Retained to respect recipient choices

retained as necessary to comply with legal obligations and to ensure suppression of further communications

8.7 Legal Holds and Special Circumstances

We may retain data longer when:

• Required by law or regulation
• Necessary for ongoing litigation
• Subject to legal hold or preservation orders
• Needed to investigate security incidents or policy violations
• Required for exercising or defending legal rights

8.8 Store Disconnection, Subscription Cancellation, and Deletion

• Cancellation & Retention: If a merchant disconnects a store, removes an integration, or cancels a subscription, Selixer may retain account-level records, billing records, audit logs, support history, and limited backup data as necessary for legal compliance, fraud prevention, dispute resolution, security, and legitimate business purposes.
• Data Purge: Unless a longer retention period is required by law or justified for security or dispute-related purposes, raw personal data contained in Customer Data will be deleted or irreversibly anonymized within 30 to 90 days after account termination or integration disconnection, subject to ordinary backup deletion cycles.
• Restricted Access: During any post-termination retention period, access to Customer Data will be restricted and processing will be limited to permitted retention purposes such as legal compliance, enforcement of contractual rights, security, recordkeeping, and deletion operations.
• Statistical Data: Aggregated or de-identified information that does not identify any merchant or natural person may be retained for analytics, benchmarking, product improvement, research, and lawful business purposes.

Retention periods may vary depending on applicable data protection laws, including GDPR, CCPA/CPRA, DPDP Act, and other regional regulations.

8.9 Your Deletion Rights

You may request deletion of your data at any time (subject to legal retention requirements).

9. DATA SECURITY

Selixer implements industry-standard technical and organisational security measures to protect personal data from unauthorised access, disclosure, alteration, and destruction. These measures include:

• Encryption of personal data in transit using TLS (Transport Layer Security);
• Encryption of personal data at rest using AES-256 or equivalent encryption;
• OAuth 2.0 authentication for third-party integrations;
• Access controls and role-based permissions for internal access to data;
• Regular security assessments and penetration testing;
• Incident response and data breach notification procedures;
• Vendor security management for sub-processors.

No system is completely secure. While we strive to protect your data, we cannot guarantee the absolute security of information transmitted over the internet and of personal data.

In the event of a personal data breach that poses a risk to individuals, we will notify affected parties and relevant supervisory authorities in accordance with applicable law.

Breach notifications may include, to the extent available:
(a) the nature of the incident;
(b) categories of data affected;
(c) likely consequences;
(d) measures taken or proposed;
(e) recommended mitigation steps.

10. CROSS-BORDER DATA TRANSFERS

Selixer operates globally, and your information may be transferred to, stored in, and processed in countries other than your country of residence, including:

• India (Primary)
• United States (cloud infrastructure providers)
• European Union member states (data centers and service providers)
• Other countries where our service providers operate (Australia, United Arab Emirates, etc.)

Selixer stores and processes data on Google Cloud infrastructure located in the United States. If you access the Platform from a jurisdiction outside the United States, your data will be transferred internationally. Selixer operates globally and may process personal data in jurisdictions where its infrastructure or Sub-Processors are located, subject to appropriate safeguards under applicable data protection law.

10.1 Transfers from the European Economic Area (EEA) and United Kingdom

Where we transfer personal data from the EEA or UK to a country that does not benefit from an adequacy decision, we rely on appropriate safeguards including the Standard Contractual Clauses (SCCs) approved by the European Commission (for EEA transfers) and the International Data Transfer Agreement (IDTA) (for UK transfers), or such successor transfer mechanisms as may be applicable.

EU-US Data Privacy Framework (DPF):

• We comply with the EU-US DPF, UK Extension, and Swiss-US DPF (or work with providers who do)
• Provides adequate protection for transfers to the United States
• Certificate available at: https://www.dataprivacyframework.gov

Standard Contractual Clauses (SCCs):

• We use EU-approved Standard Contractual Clauses for transfers to countries without adequacy decisions
• SCCs impose contractual data protection obligations on data importers
• Copies available upon request

10.2 Transfers under India's DPDP Act, 2023

As required by the DPDP Act, 2023, and the rules thereunder (when notified), we shall ensure that cross-border transfers of personal data of Indian residents are conducted in accordance with applicable transfer restrictions. We will implement appropriate safeguards including contractual protections with recipient organisations. We will update this Policy as the Government of India issues specific guidance on cross-border transfer mechanisms.

10.3 Transfers under the CCPA (California)

California residents' personal information is processed in accordance with the CCPA and applicable US federal law. Cross-border transfers of California residents' data are subject to the protections described in this Policy.

10.4 Data Localisation

We acknowledge that certain jurisdictions have mandatory data localisation laws. We are currently working on a multi-region data storage architecture to enable jurisdiction-specific storage where legally required. Customers in jurisdictions with mandatory localisation requirements should contact us at privacy@selixer.com for more information on our compliance roadmap.

10.5 Your Rights Regarding Transfers

If you are in the EEA, UK, or Switzerland, you may:

• Request information about the safeguards in place for your data transfers
• Object to transfers in certain circumstances
• Withdraw consent for transfers based on consent

10.6 Data Processing Locations

Your data may be processed in the following regions:

• Primary: India
• Backup: India
• Service Providers: Various global locations (with appropriate safeguards)
• CDN: Global edge locations for performance optimisation

10.7 Binding Corporate Rules (BCRs):

• Internal rules governing data transfers within corporate groups (if applicable)

Your Explicit Consent:

• We may request your consent for certain transfers where appropriate

10.8 Additional Safeguards:

• Encryption in transit and at rest
• Contractual data protection obligations with all processors
• Regular security and privacy assessments
• Transfer impact assessments (TIAs) where required

11. YOUR PRIVACY RIGHTS

11.1 Rights under the GDPR (EU/UK Data Subjects)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

• Right of Access: You have the right to obtain confirmation of whether we process your personal data and to receive a copy of it.
• Right to Rectification: You have the right to have inaccurate personal data corrected or incomplete data completed.
• Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to applicable legal exceptions.
• Right to Restriction of Processing: You may request that we limit how we use your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your EU national data protection authority).

11.2 Rights under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the CPRA):

• Right to Know: The right to request disclosure of the categories and specific pieces of personal information collected, the purposes for collection, and the categories of third parties with whom it is shared.
• Right to Delete: The right to request deletion of personal information we hold about you, subject to certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: Selixer does not sell or share personal information for cross-context behavioural advertising. If this changes, we will provide an opt-out mechanism.
• Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.
• Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information, you may request we limit its use.

To exercise your CCPA rights, submit a verifiable request to privacy@selixer.com. We will respond within forty-five (45) days as required by the CCPA.

11.3 Rights under India's DPDP Act, 2023 (Indian Data Principals)

Selixer, as a Data Fiduciary, complies with obligations under the DPDP Act including purpose limitation, data minimisation, and security safeguards. If you are an individual ("Data Principal") located in India, the Digital Personal Data Protection Act, 2023 grants you the following rights, which Selixer will honour as the Act and its implementing rules come into full force, subject to any restrictions notified by the Government of India:

• Right to Access Information: The right to obtain information about the personal data we hold about you and the purposes for which it is processed.
• Right to Correction and Erasure: The right to request correction of inaccurate or incomplete personal data and erasure of personal data that is no longer necessary for the purpose for which it was collected.
• Right to Grievance Redressal: The right to have your grievances addressed by our Grievance Officer in a timely manner.
• Right to Nominate: The right to nominate another individual to exercise your rights in the event of your death or incapacity.
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent, though withdrawal will not affect prior processing and may result in discontinuation of Services.
• Right to be Informed: Right to be informed about processing through clear notice

Grievances may be submitted to our Grievance Officer at privacy@selixer.com. We will respond within the timelines prescribed by the DPDP Act and its rules.

11.4 Rights under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

If you are located in Canada, you have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Right to Access. You have the right to request access to the personal information we hold about you and to receive information about how it is used and disclosed.
• Right to Correction. You have the right to request correction of inaccurate or incomplete personal information, and we will amend such information where appropriate.
• Right to Withdraw Consent. Where we rely on your consent to process personal information, you may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice.
• Right to Challenge Compliance. You have the right to challenge our compliance with PIPEDA by contacting us using the details provided in this Privacy Policy.
• Right to Know Third-Party Disclosures. You may request information about the categories of third parties to whom your personal information has been disclosed.
• Right to Complain. If you believe your personal information has been handled in violation of PIPEDA, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

To exercise your rights, you may contact us at: privacy@selixer.com
We may require verification of your identity before processing your request. We will respond within a reasonable timeframe in accordance with applicable law.

12. COOKIES AND TRACKING

We use cookies and similar technologies on the Platform. Our Cookie Policy (available at www.selixer.com/cookies) provides detailed information on the cookies used, their purpose, and how to manage them.

For analytics purposes, we use PostHog, which collects usage data, event tracking, and behavioural analytics. PostHog acts as a data processor under our instructions. Data collected by PostHog is subject to PostHog's privacy policy and our DPA with PostHog.

You may opt out of PostHog analytics tracking by contacting us at privacy@selixer.com or via the cookie preference centre (where available).

13. CHILDREN'S DATA

The Platform is intended exclusively for businesses and is not directed at children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete it promptly. If you believe a child's data has been provided to us, please contact privacy@selixer.com.

End Recipients Under 18

Our Platform allows businesses to send communications to their customers. If your customers include minors:

• You are responsible for ensuring compliance with child privacy laws
• You must obtain parental consent where required (e.g., for children under 13 in the U.S. under COPPA)
• You must comply with all applicable laws regarding marketing to children
• We recommend excluding minors from marketing campaigns unless legally compliant

14. MARKETING AND COMMUNICATIONS COMPLIANCE

14.1 CAN-SPAM Act Compliance (United States)

All marketing emails sent through our Platform must comply with the U.S. CAN-SPAM Act:

Requirements:

• Accurate header information: "From," "To," and routing information must be accurate
• Non-deceptive subject lines: Subject lines must accurately reflect email content
• Identify as advertisement: Commercial messages must be clearly identified
• Physical address: Include a valid physical postal address
• Unsubscribe mechanism: Provide a clear and conspicuous way to opt out
• Honor opt-outs: Process opt-out requests within 10 business days
• No transfer of opted-out addresses: Don't sell or transfer addresses after opt-out

Penalties for non-compliance: Up to $51,744 per violation

14.2 GDPR Compliance (European Union)

Email and messaging communications to EEA residents must comply with GDPR:

Requirements:

• Explicit consent: Obtain clear, specific, and informed consent
• Lawful basis: Have a valid legal basis for processing (usually consent for marketing)
• Purpose limitation: Only use data for purposes disclosed at collection
• Easy opt-out: Provide simple withdrawal of consent
• Data minimization: Only collect necessary data
• Transparency: Clearly explain data practices in privacy notices

Special rules for electronic communications (ePrivacy Directive):

• Prior consent required for marketing messages (with limited exceptions)
• Soft opt-in allowed for existing customer relationships (with clear opt-out)

14.3 CASL Compliance (Canada)

Messages sent to Canadian residents must comply with Canada's Anti-Spam Legislation (CASL):

Requirements:

• Express or implied consent: Obtain valid consent before sending Commercial Electronic Messages (CEMs)
• Clear identification: Identify yourself and the business clearly
• Contact information: Provide mailing address, phone number, email, or website
• Unsubscribe mechanism: Include functional unsubscribe in every message
• Honor opt-outs: Process unsubscribe requests within 10 business days
• Consent records: Maintain records of consent

Implied consent rules:

• Existing business relationship: Consent expires 2 years after last transaction or inquiry
• Non-business relationship: Consent expires 6 months after last contact

Penalties for non-compliance: Up to $10 million CAD per violation

14.4 Other International Laws

Australia (Spam Act 2003):

• Consent required
• Clear unsubscribe mechanism
• Accurate sender information

UK (PECR - Privacy and Electronic Communications Regulations):

• Similar to ePrivacy Directive
• Consent required for marketing messages
• Soft opt-in for existing customers

14.5 Messaging Platform Policies

When using messaging services, you must also comply with platform-specific policies including:

• Explicit opt-in requirements
• Use of approved message templates
• Conversation window limitations
• Content and quality guidelines
• Recipient blocking and reporting respect

Non-compliance may result in:

• Message sending restrictions
• Account suspension or termination
• Platform-imposed fines or penalties

14.6 TRAI (Telecom Regulatory Authority of India) Regulations

Commercial Communication (Transactional/Promotional) Regulations, 2018:

• Prior consent required for promotional messages
• Registration with telecom operators required
• Header registration mandatory
• Template registration for transactional messages
• DND (Do Not Disturb) registry respect required
• Time restrictions: 9:00 AM to 9:00 PM only

Consumer Preference:

• Respect National Do Not Call (NDNC) Registry
• Honor customer preferences for communication channels
• Provide easy opt-out mechanisms

WhatsApp Business Requirements:

• Comply with TRAI regulations for commercial messaging
• Obtain explicit consent before sending business messages
• Respect opt-out requests immediately

Penalties for non-compliance:

• Up to ₹5 lakh per violation under TRAI regulations
• Blacklisting of sender IDs
• Suspension of messaging services

14.7 Your Responsibility

You are solely responsible for:

• Ensuring your communications comply with all applicable laws
• Obtaining proper consent from recipients
• Maintaining records of consent
• Honoring opt-out requests
• Providing required disclosures

We provide tools to help you comply, but compliance is ultimately your responsibility.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our data practices, the Services, or applicable law. We will notify you of material changes via email to your registered address or by posting a prominent notice on the Platform at least thirty (30) days before the effective date of the revised Policy. We encourage you to review this Policy periodically.

16. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us using the details below:

General Privacy Inquiries:

• Email: dpo@akaame.com
• Subject Line: "Privacy Inquiry"

Data Subject Rights Requests:

• Email: dpo@akaame.com
• Subject Line: "Privacy Rights Request"

Data Protection Officer (DPO):

• Email: dpo@akaame.com
• Subject Line: "DPO Inquiry"

Security Incidents:

• Email: dpo@akaame.com
• Subject Line: "Security Incident Report"

Grievance Officer (Required under IT Act, 2000)

• Name: Sarabjeet Singh Guliani
• Designation: Grievance Officer
• Email: ssguliani@akaame.com
• Phone: +91-9819165927
• Address:
  Akaame Export Private Limited
  A-356, Moneyplant Highstreet
  Jagatpur Road, Gota
  Ahmedabad, Gujarat – 382470, India

Response Time:

• Acknowledgment within 72 hours
• Resolution within 30 days

Postal Mail

Selixer – Privacy Department
Akaame Export Private Limited
A-356, Moneyplant Highstreet
Jagatpur Road, Gota
Ahmedabad, Gujarat – 382470, India

GSTIN: 24AAZCA2167L1Z4
Business Hours: 9:30 AM – 6:30 PM IST (Monday–Saturday)
Saturday, Sunday & Public Holidays: Closed

Response Timelines

• General inquiries: Within 5 business days
• Rights requests: As required by applicable law (typically 30–45 days)
• Security incidents: Immediate acknowledgment, investigation within 24 hours