Privacy Policy

1. INTRODUCTION

Selixer is committed to protecting your privacy and the privacy of your customers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our email and messaging marketing platform (the "Platform" or "Services").

By using our Platform, you consent to the data practices described in this Privacy Policy.

Controller Information:

• Company Name: Akaame Export Private Limited
• Service Name: Selixer
• Website: www.selixer.com
• Email: info@akaame.com
• Address: A-356, Moneyplant Highstreet Jagatpur Road, Gota, Ahmedabad, Gujarat - 382470 India
• Data Protection Officer: dpo@akaame.com

2. SCOPE AND APPLICATION

2.1 Who This Policy Applies To

This Privacy Policy applies to:

• Platform Users: Businesses and individuals who register for and use our Platform
• Website Visitors: Anyone who visits our website
• End Recipients: Individuals who receive communications sent through our Platform (limited applicability - see Section 2.3)

2.2 Our Role in Data Processing

For Platform User Data:

• We are the Data Controller for information about our customers (account data, billing, usage)
• We determine how and why this data is processed

For End Recipient Data:

• We are a Data Processor for subscriber lists and contact data you upload
• You (our customer) are the Data Controller
• We process this data solely on your instructions

2.3 End Recipients' Privacy

If you received a marketing message from a Selixer customer:

• That business is responsible for how they handle your data
• Contact them directly to exercise privacy rights (access, deletion, opt-out)
• Their privacy policy (not ours) governs their relationship with you
• We process data on their behalf and don't control their marketing practices

To opt out of messages: Use the unsubscribe link in the message or contact the sending business directly.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account Registration Information:

• Full name and business name
• Email address and phone number
• Business address (physical postal address required)
• Company website URL
• Job title and role
• Account username and password

Business Verification Information:

• Business registration documents
• Tax identification numbers
• Identity verification documents
• Website ownership verification
• Additional documentation for compliance

Billing and Payment Information:

• Credit/debit card details (processed by payment processors)
• Billing address
• Purchase history and invoices
• Tax information and exemption certificates

Customer Data You Upload:

• Subscriber lists (names, email addresses, phone numbers)
• Custom contact fields and segments
• Customer preferences and attributes
• Tags and categories you create
• Notes and customer interaction history

Content You Create:

• Email campaigns (subject lines, body content, images)
• Message templates and drafts
• Landing pages and forms
• Automated workflows and sequences
• Personalization data and merge fields

Communications with Us:

• Support ticket correspondence
• Feedback and survey responses
• Chat transcripts
• Phone call recordings (with notice)
• Emails exchanged with our team

3.2 Information Collected Automatically

Usage and Activity Data:

• Features you use and how you use them
• Pages visited and time spent on each page
• Actions taken within the Platform
• Campaigns created, sent, and scheduled
• Frequency and patterns of Platform use
• Errors encountered and bugs reported

Device and Technical Information:

• IP address and geolocation data
• Browser type, version, and settings
• Operating system and device type
• Screen resolution and device identifiers
• Referring and exit URLs
• Date and time stamps of actions

Cookies and Tracking Technologies:

• Session cookies for authentication
• Preference cookies for settings
• Analytics cookies for usage patterns
• Performance cookies for optimization
• Advertising cookies (with consent)

Email Campaign Analytics:

• Open rates (when recipient enables images)
• Click-through rates on links
• Bounce notifications (hard and soft bounces)
• Spam complaints and unsubscribes
• Forwarding and sharing activity
• Device and location data of recipients (aggregate)

Message Campaign Analytics:

• Delivery status and timestamps
• Read receipts (when enabled by recipient)
• Response rates and engagement metrics
• Block and report notifications
• Quality ratings and feedback

3.3 Information from Third-Party Sources

Integrated Services: When you connect third-party platforms, we receive:

• Account authentication tokens
• Data synchronized from connected services (e.g., e-commerce orders, CRM contacts)
• API usage data and sync logs
• Integration health and error reports

Email and Messaging Infrastructure:

• Delivery status reports
• Bounce and complaint notifications
• Sender reputation metrics
• Spam filter feedback
• Blocklist status information

Payment Processors:

• Transaction confirmation
• Payment method updates
• Fraud prevention data
• Chargeback notifications

Public Sources:

• Business information from public registries
• Domain registration data
• Professional social media profiles (when you link them)

4. HOW WE USE YOUR INFORMATION

4.1 To Provide and Improve Services

Service Delivery:

• Create and manage your account
• Authenticate your identity and maintain security
• Process and deliver email and messaging campaigns
• Store and organize your subscriber data
• Generate analytics and performance reports
• Provide customer support and technical assistance
• Troubleshoot issues and resolve errors

Platform Improvement:

• Analyze usage patterns to identify improvements
• Develop new features and functionality
• Optimize platform performance and speed
• Conduct A/B testing of interface elements
• Fix bugs and address technical issues
• Enhance user experience based on feedback

Data Analytics:

• Generate anonymized usage statistics
• Create industry benchmarks and trends
• Produce aggregated insights (never identifying specific users)
• Train machine learning models for features like send-time optimization
• Measure campaign effectiveness and best practices

4.2 To Communicate With You

Transactional Communications (Cannot Opt Out):

• Account creation confirmation
• Login alerts and security notifications
• Password resets and account changes
• Billing statements and payment receipts
• Service updates affecting functionality
• Important policy changes
• Maintenance notifications
• Technical support responses

Marketing Communications (Optional):

• Product updates and new feature announcements
• Educational content and best practices
• Webinars, events, and training opportunities
• Industry news and trends
• Promotional offers and upgrades
• Surveys and feedback requests

4.3 To Ensure Security and Compliance

Security Monitoring:

• Detect and prevent fraud and abuse
• Identify suspicious activity and unauthorized access
• Monitor for spam and policy violations
• Investigate security incidents
• Conduct risk assessments
• Implement and test security controls

Compliance and Legal:

• Enforce our Terms of Service and policies
• Comply with legal obligations (subpoenas, court orders)
• Respond to law enforcement requests
• Fulfill tax and financial reporting requirements
• Maintain records for audits and regulatory inquiries
• Protect our rights and property

Platform Integrity:

• Monitor bounce and complaint rates
• Enforce sending limits and quality thresholds
• Prevent spam and unsolicited messaging
• Maintain sender reputation
• Protect infrastructure from abuse

4.4 For Billing and Financial Operations

• Process payments and subscriptions
• Generate invoices and receipts
• Calculate taxes and fees
• Manage credit limits and payment terms
• Handle refunds and disputes
• Conduct financial reporting and accounting
• Prevent payment fraud

4.5 For Business Operations

• Manage corporate transactions (mergers, acquisitions, sales)
• Conduct internal audits and compliance reviews
• Exercise and defend legal rights
• Fulfill insurance requirements
• Support corporate governance

5. LEGAL BASES FOR PROCESSING (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

5.1 Contractual Necessity

Processing necessary to provide the Services you requested and fulfill our contract with you:

• Account creation and management
• Campaign delivery and processing
• Customer support
• Billing and payment processing

Under Indian law, this processing is necessary for the performance of our contract with you as per the Information Technology Act, 2000 and Digital Personal Data Protection Act, 2023 (DPDP Act).

5.2 Legitimate Interests

Processing necessary for our legitimate business interests (balanced against your rights):

Our Interests:

• Improving and optimizing the Platform
• Detecting and preventing fraud, spam, and abuse
• Maintaining platform security and integrity
• Conducting analytics and research
• Direct marketing (where permitted)
• Exercising legal rights and defenses

Balancing Factors:

• We only process what's necessary for these interests
• We implement safeguards to protect your privacy
• You can object to processing based on legitimate interests

5.3 Legal Compliance

Processing necessary to comply with legal obligations:

• Tax and financial reporting requirements
• Law enforcement and regulatory requests
• Court orders and subpoenas
• Anti-money laundering regulations
• Data breach notification requirements

Under Indian law, we process data to comply with:

• Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Digital Personal Data Protection Act, 2023 (DPDP Act)
• Income Tax Act, 1961
• Goods and Services Tax Act, 2017
• Companies Act, 2013
• Foreign Exchange Management Act, 1999
• Any other applicable Indian laws and regulations

5.4 Consent

Processing based on your explicit consent:

• Optional marketing communications
• Non-essential cookies and tracking
• Special categories of data (if applicable)
• Transfers of data outside the EEA (where required)

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5.5 Vital Interests

Processing necessary to protect vital interests:

• Preventing serious physical harm
• Emergency situations requiring urgent action

6. HOW WE SHARE YOUR INFORMATION

6.1 We Do NOT Sell Your Personal Information

We do not sell, rent, or trade your personal information or your customer data to third parties for their marketing purposes.

6.2 Service Providers and Processors

We share information with trusted third-party service providers who process data on our behalf:

Infrastructure and Hosting:

• Cloud hosting providers (data storage, computing)
• Content delivery networks (CDN)
• Database management services

Email and Messaging Delivery:

• Email sending infrastructure providers
• Messaging platform providers
• SMS and notification gateways

Payment Processing:

• Payment gateways and processors
• Fraud prevention services
• Tax calculation services

Analytics and Performance:

• Web analytics platforms
• Application performance monitoring
• Error tracking and debugging tools

Customer Support:

• Help desk and ticketing systems
• Live chat platforms
• Customer feedback tools

Marketing and Sales:

• Marketing automation platforms
• CRM systems
• Advertising platforms (for our marketing)

All service providers must:

• Process data only as instructed by us
• Implement appropriate security measures
• Comply with applicable data protection laws
• Not use data for their own purposes
• Be contractually bound to protect your data

6.3 Business Transfers

If Selixer is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets:

• Your information may be transferred as part of that transaction
• We will notify you via email and/or prominent website notice before transfer
• The acquiring entity must honor this Privacy Policy for existing data
• You may have rights to object or withdraw consent depending on jurisdiction

6.4 Legal Requirements and Safety

We may disclose information when required by law or when necessary to:

Comply with legal processes:

• Subpoenas, court orders, or legal proceedings
• Regulatory or government agency requests
• Law enforcement investigations

Protect rights and safety:

• Enforce our Terms of Service and policies
• Investigate fraud, security incidents, or violations
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Prevent illegal activities or potential harm

Financial and regulatory compliance:

• Tax authorities and auditors
• Financial regulators
• Corporate governance requirements

6.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you:

• Industry statistics and benchmarks
• Usage trends and insights
• Research and academic studies
• Marketing and promotional materials
• Public reports and presentations

This data is not considered "personal information" and is not subject to this Privacy Policy.

6.6 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so:

• Integrations you authorize
• Third-party apps you connect
• Partners you choose to work with
• Public profiles you create

7. DATA RETENTION

7.1 Account and User Data

Active Accounts:

• Retained for the duration of your subscription plus any applicable grace period
• Continuously updated as you use the Platform

Deleted Accounts:

• Personal account data: Deleted within 30 days of account termination
• Backup copies: Deleted within 90 days
• Anonymized usage data: May be retained indefinitely for analytics

7.2 Financial and Tax Records

Required retention periods under Indian Law:

• Transaction records: Minimum 8 years (Income Tax Act, 1961, Section 92E)
• GST invoices and records: Minimum 6 years from end of financial year (CGST Act, Section 36)
• Accounting records: Minimum 8 years (Companies Act, 2013, Section 128)
• Tax documentation: As required by applicable tax authorities (typically 6-8 years)

7.3 Customer Data (Your Subscribers)

While account is active:

• Retained as long as you maintain your account
• Subject to your control - you can delete anytime

After account termination:

• Deleted within 30 days unless legal hold applies
• Backup copies deleted within 90 days

7.4 Communication Records

• Support tickets: Retained for 3 years after case closure
• Chat transcripts: Retained for 1 year
• Email correspondence: Retained for 3 years
• Phone recordings: Retained for 1 year (with notice)

7.5 Marketing and Analytics Data

• Campaign performance data: Retained for 2 years
• Website analytics: Retained for 2 years
• Marketing metrics: Anonymized after 2 years

7.6 Suppression Lists

• Email suppressions: Retained indefinitely to honor opt-outs
• Complaint records: Retained indefinitely to prevent re-sending
• Bounce data: Retained for 1 year (hard bounces retained longer)
• Block lists: Retained indefinitely to respect recipient choices

7.7 Legal Holds and Special Circumstances

We may retain data longer when:

• Required by law or regulation
• Necessary for ongoing litigation
• Subject to legal hold or preservation orders
• Needed to investigate security incidents or policy violations
• Required for exercising or defending legal rights

7.8 Your Deletion Rights

You may request deletion of your data at any time (subject to legal retention requirements). See Section 9 for how to exercise your rights.

8. DATA SECURITY

8.1 Security Measures We Implement

Technical Safeguards:

• Encryption:
  • In Transit: TLS 1.2+ encryption for all data transmission
  • At Rest: AES-256 encryption for stored data
  • Encrypted database backups
  • Secure key management practices
• Access Controls:
  • Multi-factor authentication (MFA) available for all users
  • Role-based access controls (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Automated access revocation upon account termination
• Network Security:
  • Firewall protection and network segmentation
  • Intrusion detection and prevention systems
  • DDoS mitigation and rate limiting
  • Virtual Private Cloud (VPC) isolation
  • Regular vulnerability scanning
• Application Security:
  • Secure coding practices and code reviews
  • Regular security audits and penetration testing
  • Web Application Firewall (WAF)
  • Input validation and output encoding
  • Protection against OWASP Top 10 vulnerabilities
  • Regular security patch management
• Database Security:
  • Database encryption at rest and in transit
  • Parameterized queries to prevent SQL injection
  • Database access logging and monitoring
  • Regular backup and disaster recovery testing
• API Security:
  • OAuth 2.0 and API key authentication
  • Rate limiting and throttling
  • API request logging and anomaly detection
  • Secure token storage and management
• Monitoring and Incident Response:
  • 24/7 security monitoring and alerting
  • Automated threat detection
  • Security information and event management (SIEM)
  • Incident response plan and procedures
  • Regular security drills and training

Organizational Safeguards:

• Personnel Security:
  • Background checks for employees with data access
  • Confidentiality and non-disclosure agreements
  • Regular security awareness training
  • Secure onboarding and offboarding procedures
  • Limited access based on job role and necessity
• Vendor Management:
  • Security assessments of third-party service providers
  • Contractual data protection obligations
  • Regular vendor security reviews
  • Sub-processor due diligence
• Compliance and Auditing:
  • SOC 2 Type II compliance (or in progress)
  • Regular internal and external security audits
  • Compliance with ISO 27001 standards (or in progress)
  • GDPR, CCPA, and other privacy law compliance
  • Regular policy and procedure reviews
• Physical Security:
  • Our infrastructure is hosted in tier-certified data centers
  • Physical access controls and monitoring
  • Environmental controls (fire suppression, climate control)
  • 24/7 security personnel at data center facilities

8.2 Your Security Responsibilities

You are responsible for:

• Protecting your credentials: Use strong, unique passwords
• Enabling MFA: Activate multi-factor authentication
• Monitoring account activity: Review login logs and access reports
• Reporting suspicious activity: Notify us immediately of any suspected breach
• Securing your devices: Use antivirus software and keep systems updated
• Training your team: Ensure team members follow security best practices
• Managing user permissions: Grant access only as needed
• Protecting API keys: Store API credentials securely

8.3 Data Breach Notification

In the event of a data breach that affects personal information:

• Investigation: We will promptly investigate the incident
• Notification: We will notify you and affected individuals as required by law
• Timeline: Notification within 72 hours of discovery (GDPR) or as required by applicable law
• Content: Notice will include nature of breach, data affected, mitigation steps
• Regulatory notification: We will notify relevant authorities as required
• Remediating: We will take steps to contain and remediate the breach

8.4 No Absolute Security

Important Disclaimer: While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of information transmitted through the internet or stored in our systems.

You acknowledge that:

• Internet transmission carries inherent risks
• Unauthorized access or data breaches may occur despite our safeguards
• You use the Platform at your own risk regarding security
• You should not transmit highly sensitive information unless necessary

9. YOUR PRIVACY RIGHTS

The privacy rights available to you depend on your location and applicable laws.

9.1 Rights Under GDPR (European Economic Area, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right to Access:

• Request a copy of your personal data we hold
• Receive information about how we process your data
• Obtain details about data recipients and retention periods

Right to Rectification:

• Correct inaccurate or incomplete personal data
• Update outdated information

Right to Erasure ("Right to be Forgotten"):

• Request deletion of your personal data
• Subject to legal retention requirements and legitimate grounds for retention

Right to Restriction of Processing:

• Limit how we use your personal data in certain circumstances
• For example, while we verify accuracy of data you dispute

Right to Data Portability:

• Receive your personal data in a structured, machine-readable format (e.g., CSV, JSON)
• Transmit your data to another service provider
• Applies to data you provided based on consent or contract

Right to Object:

• Object to processing based on legitimate interests (we must stop unless we have compelling grounds)
• Object to direct marketing at any time (we must stop immediately)
• Object to automated decision-making and profiling

Right to Withdraw Consent:

• Withdraw consent for processing based on consent at any time
• Does not affect lawfulness of processing before withdrawal
• You can withdraw via account settings or by contacting us

Right to Lodge a Complaint:

• File a complaint with your local data protection authority (DPA)
• Contact details for EU DPAs: https://edpb.europa.eu/about-edpb/board/members_en

9.2 Rights Under CCPA/CPRA (California)

California residents have the following rights:

Right to Know:

• What personal information we collect, use, disclose, and sell
• Categories of sources from which information was collected
• Business or commercial purposes for collection
• Categories of third parties with whom we share information

Right to Access:

• Request specific pieces of personal information we have collected about you
• Receive your data in a portable format

Right to Delete:

• Request deletion of your personal information
• Subject to exceptions for legal compliance, fraud prevention, and other permitted purposes

Right to Opt-Out:

• Opt out of the sale of personal information (we do not sell personal information)

Right to Correct:

• Request correction of inaccurate personal information (CPRA)

Right to Limit Use of Sensitive Personal Information:

• Limit use and disclosure of sensitive personal information (CPRA)
• We generally do not collect sensitive personal information

Right to Non-Discrimination:

• Exercise your privacy rights without discriminatory treatment
• We will not deny service, charge different prices, or provide a different quality of service

Shine the Light Law:

• Request information about disclosure of personal information to third parties for direct marketing purposes (we do not engage in such disclosure)

9.3 Rights Under CASL (Canada)

Canadian residents have rights including:

• Right to opt-out of commercial electronic messages
• Right to withdraw consent at any time
• Right to access personal information
• Right to correct inaccurate information
• Right to file complaints with the Canadian Radio-television and Telecommunications Commission (CRTC)

9.4 Rights Under Other Privacy Laws

Depending on your location, you may have additional rights under:

• Brazil (LGPD): Similar rights to GDPR
• Australia (Privacy Act): Access, correction, complaint rights
• Japan (APPI): Access, correction, disclosure of use rights
• Other jurisdictions: Rights may vary

9.5 Rights Under Indian Privacy Laws

Digital Personal Data Protection Act, 2023 (DPDP ACT) If you are a data principal under the DPDP Act, you have the following rights:

Right to Access:

• Obtain information about your personal data being processed.
• Request a summary of processing activities

Right to Correction:

• Request correction of inaccurate, incomplete, or outdated personal data.
• Update your information to ensure accuracy

Right to Erasure:

Request deletion of your personal data when:

• Consent is withdrawn
• The purpose of processing is fulfilled
• Processing is no longer necessary
• Subject to legal retention requirements

Right to Grievance Redressal:

• File complaints with our Grievance Officer.
• Receive response within prescribed timelines (typically 72 hours acknowledgment)

Right to Nominate:

• Nominate another individual to exercise your rights in case of death or incapacity.

Right to Withdraw Consent:

• Withdraw consent for processing at any time.
• Does not affect lawfulness of processing before withdrawal

Information Technology Act, 2000 Under IT Rules 2011, you have rights regarding:

• Prior consent for collection of sensitive personal data
• Opt-out of data sharing with third parties
• Review and correction of information
• Withdrawal of consent

Limitations on Rights: Your rights may be limited when:

• Processing is necessary for legal compliance
• Required for judicial proceedings
• Necessary for public health or safety
• Prescribed by law

Contact our Grievance Officer:

• Email: Grievance@akaame.com
• Address: Akaame Export Private Limited, A-356, Moneyplant Highstreet, Jagatpur Road, Gota, Ahmedabad, Gujarat - 382470, India
• Response Time: Acknowledgment within 72 hours, resolution within 30 days

9.6 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: dpo@akaame.com
• Subject Line: "Privacy Rights Request"
• Include:
  • Your full name
  • Account email address
  • Specific right you wish to exercise
  • Description of your request
  • Any relevant details or documentation

Verification:

• We may require verification of your identity to protect your privacy
• You may need to provide account credentials, government ID, or other verification
• For data deletion requests, we may ask for confirmation

Response Time:

• GDPR: Within 30 days (extendable by 60 days if complex)
• CCPA/CPRA: Within 45 days (extendable by 45 days with notice)
• Other laws: As required by applicable regulations

No Fees:

• We do not charge fees for rights requests
• We may charge a reasonable fee for manifestly unfounded or excessive requests

Authorized Agents:

• You may designate an authorized agent to make requests on your behalf
• We require proof of authorization before processing agent requests

10. INTERNATIONAL DATA TRANSFERS

10.1 Global Operations

Selixer operates globally, and your information may be transferred to, stored in, and processed in countries other than your country of residence, including:

• India (Primary)
• United States (cloud infrastructure providers)
• European Union member states (data centers and service providers)
• Other countries where our service providers operate (Australia, United Arab Emirates, etc.)

These countries may have data protection laws different from your country.

10.2 Adequacy and Safeguards (for EEA/UK Users)

When transferring personal data from the EEA, UK, or Switzerland to other countries, we ensure adequate protection through:

EU-US Data Privacy Framework (DPF):

• We comply with the EU-US DPF, UK Extension, and Swiss-US DPF (or work with providers who do)
• Provides adequate protection for transfers to the United States
• Certificate available at: [DPF Website]

Standard Contractual Clauses (SCCs):

• We use EU-approved Standard Contractual Clauses for transfers to countries without adequacy decisions
• SCCs impose contractual data protection obligations on data importers
• Copies available upon request

Binding Corporate Rules (BCRs):

• Internal rules governing data transfers within corporate groups (if applicable)

Your Explicit Consent:

• We may request your consent for certain transfers where appropriate

Additional Safeguards:

• Encryption in transit and at rest
• Contractual data protection obligations with all processors
• Regular security and privacy assessments
• Transfer impact assessments (TIAs) where required

10.3 Data Processing Locations

Your data may be processed in the following regions:

• Primary: India
• Backup: India
• Service Providers: Various global locations (with appropriate safeguards)
• CDN: Global edge locations for performance optimisation

10.4 Your Rights Regarding Transfers

If you are in the EEA, UK, or Switzerland, you may:

• Request information about the safeguards in place for your data transfers
• Object to transfers in certain circumstances
• Withdraw consent for transfers based on consent

Contact us at dpo@akaame.com for more information.

11. CHILDRENS PRIVACY

11.1 Age Restrictions

Our Platform is not intended for children under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children under 18.

If you are under 18:

• Do not use our Platform
• Do not create an account
• Do not provide any personal information to us

11.2 Special Rules for Children Under 16 (GDPR)

For users in jurisdictions with stricter age limits (such as the EEA, where the age of consent for data processing is 16):

• We do not knowingly process data of children under 16 without parental consent
• If parental consent is required, we will obtain verifiable parental consent

11.3 Parental Notice and Rights

If you are a parent or guardian and believe your child has provided us with personal information:

• Contact us immediately at dpo@akaame.com
• Provide proof of your relationship to the child
• Request deletion of the child's information

We will:

• Verify your identity and relationship to the child
• Promptly delete the child's information from our systems
• Terminate any account created by the child

11.4 End Recipients Under 18

Our Platform allows businesses to send communications to their customers. If your customers include minors:

• You are responsible for ensuring compliance with child privacy laws
• You must obtain parental consent where required (e.g., for children under 13 in the U.S. under COPPA)
• You must comply with all applicable laws regarding marketing to children
• We recommend excluding minors from marketing campaigns unless legally compliant

12. MARKETING AND COMMUNICATIONS COMPLIANCE

12.1 CAN-SPAM Act Compliance (United States)

All marketing emails sent through our Platform must comply with the U.S. CAN-SPAM Act:

Requirements:

• Accurate header information: "From," "To," and routing information must be accurate
• Non-deceptive subject lines: Subject lines must accurately reflect email content
• Identify as advertisement: Commercial messages must be clearly identified
• Physical address: Include a valid physical postal address
• Unsubscribe mechanism: Provide a clear and conspicuous way to opt out
• Honor opt-outs: Process opt-out requests within 10 business days
• No transfer of opted-out addresses: Don't sell or transfer addresses after opt-out

Penalties for non-compliance: Up to $51,744 per violation

12.2 GDPR Compliance (European Union)

Email and messaging communications to EEA residents must comply with GDPR:

Requirements:

• Explicit consent: Obtain clear, specific, and informed consent
• Lawful basis: Have a valid legal basis for processing (usually consent for marketing)
• Purpose limitation: Only use data for purposes disclosed at collection
• Easy opt-out: Provide simple withdrawal of consent
• Data minimization: Only collect necessary data
• Transparency: Clearly explain data practices in privacy notices

Special rules for electronic communications (ePrivacy Directive):

• Prior consent required for marketing messages (with limited exceptions)
• Soft opt-in allowed for existing customer relationships (with clear opt-out)

12.3 CASL Compliance (Canada)

Messages sent to Canadian residents must comply with Canada's Anti-Spam Legislation (CASL):

Requirements:

• Express or implied consent: Obtain valid consent before sending Commercial Electronic Messages (CEMs)
• Clear identification: Identify yourself and the business clearly
• Contact information: Provide mailing address, phone number, email, or website
• Unsubscribe mechanism: Include functional unsubscribe in every message
• Honor opt-outs: Process unsubscribe requests within 10 business days
• Consent records: Maintain records of consent

Implied consent rules:

• Existing business relationship: Consent expires 2 years after last transaction or inquiry
• Non-business relationship: Consent expires 6 months after last contact

Penalties for non-compliance: Up to $10 million CAD per violation

12.4 Other International Laws

Australia (Spam Act 2003):

• Consent required
• Clear unsubscribe mechanism
• Accurate sender information

UK (PECR - Privacy and Electronic Communications Regulations):

• Similar to ePrivacy Directive
• Consent required for marketing messages
• Soft opt-in for existing customers

12.5 Messaging Platform Policies

When using messaging services, you must also comply with platform-specific policies including:

• Explicit opt-in requirements
• Use of approved message templates
• Conversation window limitations
• Content and quality guidelines
• Recipient blocking and reporting respect

Non-compliance may result in:

• Message sending restrictions
• Account suspension or termination
• Platform-imposed fines or penalties

12.6 TRAI (Telecom Regulatory Authority of India) Regulations

Commercial Communication (Transactional/Promotional) Regulations, 2018:

• Prior consent required for promotional messages
• Registration with telecom operators required
• Header registration mandatory
• Template registration for transactional messages
• DND (Do Not Disturb) registry respect required
• Time restrictions: 9:00 AM to 9:00 PM only

Consumer Preference:

• Respect National Do Not Call (NDNC) Registry
• Honor customer preferences for communication channels
• Provide easy opt-out mechanisms

WhatsApp Business Requirements:

• Comply with TRAI regulations for commercial messaging
• Obtain explicit consent before sending business messages
• Respect opt-out requests immediately

Penalties for non-compliance:

• Up to ₹5 lakh per violation under TRAI regulations
• Blacklisting of sender IDs
• Suspension of messaging services

12.7 Your Responsibility

You are solely responsible for:

• Ensuring your communications comply with all applicable laws
• Obtaining proper consent from recipients
• Maintaining records of consent
• Honoring opt-out requests
• Providing required disclosures

We provide tools to help you comply, but compliance is ultimately your responsibility.

13. CHANGES TO THIS PRIVACY POLICY

13.1 Right to Modify

We reserve the right to update this Privacy Policy at any time to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• Industry best practices
• User feedback

13.2 Notice of Changes

For material changes that affect your rights:

• Email notification: Sent to your account email address at least 30 days before changes take effect
• In-app notification: Prominent notice displayed when you log in
• Website notice: Banner or announcement on our homepage

For non-material changes:

• Updated "Last Updated" date at the top of this policy
• No advance notice required

13.3 Your Options

Upon notification of material changes, you may:

• Accept changes: Continue using the Platform (constitutes acceptance)
• Review changes: Read the updated policy before deciding
• Reject changes: Terminate your account before changes take effect
• Exercise rights: Request data deletion or portability before termination

If you do not agree to changes, you must stop using the Platform and terminate your account before the changes take effect. Continued use after the effective date constitutes acceptance.

13.4 Version History

Previous versions of this Privacy Policy are available upon request. Contact dpo@akaame.com to request historical versions.

14. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us using the details below:

General Privacy Inquiries:

• Email: dpo@akaame.com
• Subject Line: "Privacy Inquiry"

Data Subject Rights Requests:

• Email: dpo@akaame.com
• Subject Line: "Privacy Rights Request"

Data Protection Officer (DPO):

• Email: dpo@akaame.com
• Subject Line: "DPO Inquiry"

Security Incidents:

• Email: dpo@akaame.com
• Subject Line: "Security Incident Report"

Grievance Officer (Required under IT Act, 2000)

• Name: Sarabjeet Singh Guliani
• Designation: Grievance Officer
• Email: ssguliani@akaame.com
• Phone: +91-9819165927
• Address:
  Akaame Export Private Limited
  A-356, Moneyplant Highstreet
  Jagatpur Road, Gota
  Ahmedabad, Gujarat – 382470, India

Response Time:

• Acknowledgment within 72 hours
• Resolution within 30 days

Postal Mail

Selixer – Privacy Department
Akaame Export Private Limited
A-356, Moneyplant Highstreet
Jagatpur Road, Gota
Ahmedabad, Gujarat – 382470, India

GSTIN: 24AAZCA2167L1Z4
Business Hours: 9:30 AM – 6:30 PM IST (Monday–Saturday)
Saturday, Sunday & Public Holidays: Closed

Response Timelines

• General inquiries: Within 5 business days
• Rights requests: As required by applicable law (typically 30–45 days)
• Security incidents: Immediate acknowledgment, investigation within 24 hours

15. SUPERVISORY AUTHORITIES AND COMPLAINTS

15.1 India – Primary Jurisdiction

If you are unsatisfied with our response to your privacy concern or grievance, you have the right to lodge a complaint with the relevant Indian regulatory authorities.

Data Protection Board of India (DPDP Act, 2023):

Under the Digital Personal Data Protection Act, 2023, the Data Protection Board of India has been established to address violations of data protection rights.

• Website: https://www.dataprotection.gov.in
• Function: Adjudicate complaints regarding violations of the DPDP Act, impose penalties, and provide remedies
• How to Complain: Through online portal (details to be published by the Board)
• Timeline: File complaint after exhausting grievance redressal with us

Note: As of February 2026, the Data Protection Board is in the process of being constituted. Please check the official website for updates and complaint filing procedures.

Ministry of Electronics and Information Technology (MeitY):

For complaints under the Information Technology Act, 2000 and related rules.

• Website: https://www.meity.gov.in
• Email: secretary@meity.gov.in
• Address: Electronics Niketan, 6 CGO Complex, Lodhi Road, New Delhi – 110003, India
• Phone: +91-11-2430-1315 / +91-11-2430-1316
• Jurisdiction: Violations of IT Act, 2000; Sensitive Personal Data breaches; Intermediary non-compliance
• How to Complain:
  • Write to the Secretary, MeitY at the address above
  • Email detailed complaint with supporting documents
  • Reference relevant sections of IT Act, 2000 or IT Rules, 2011

Cyber Crime Reporting Portal (Ministry of Home Affairs):

For reporting cybercrimes, data breaches, and online fraud.

• Website: https://cybercrime.gov.in
• National Helpline: 1930 (24x7 toll-free)
• Function: Report cybercrimes including:
  • Unauthorized access to personal data
  • Data breaches and leaks
  • Identity theft
  • Online harassment
  • Financial fraud involving data
• How to Report:
  • Visit https://cybercrime.gov.in
  • Click "Report Anonymous Complaint" or "File a Complaint"
  • Provide details of the incident
  • Upload supporting documents/screenshots
  • Receive complaint number for tracking
• Follow-up: Track complaint status online using complaint number

Telecom Regulatory Authority of India (TRAI):

For complaints regarding unsolicited commercial communications and telemarketing violations.

• Website: https://www.trai.gov.in
• Consumer Complaint Portal: https://consumercare.trai.gov.in
• Toll-Free Helpline: 1800-110-420 (for landline) / 1963 (for mobile)
• Jurisdiction:
  • Unsolicited marketing calls/SMS/messages
  • Violations of DND (Do Not Disturb) registry
  • Unregistered commercial communications
  • Violations of Commercial Communications Regulations, 2018
• How to Complain:
  • Register on TRAI Consumer Portal
  • File complaint with details (date, time, sender details)
  • Upload evidence (screenshots, call logs)
  • TRAI will investigate and take action against violators
• Timeline: Response typically within 30–60 days

National Consumer Helpline (Department of Consumer Affairs):

For consumer protection matters and unfair trade practices.

• Website: https://consumerhelpline.gov.in
• National Helpline: 1800-11-4000 (Toll-free) / 14404 (For MTNL/BSNL users)
• SMS: 8130009809
• WhatsApp: 8800001915
• Email: nch-ca@gov.in
• Function: Consumer complaints regarding:
  • Unfair trade practices
  • Deficiency in services
  • Misleading advertisements
  • Privacy violations affecting consumers
• How to Complain:
  • Call toll-free helpline or visit website
  • Register complaint with consumer details and transaction information
  • Upload supporting documents
  • Receive complaint ID for tracking
• Language Support: Available in 17 Indian languages
• Working Hours: Monday–Saturday, 9:30 AM – 5:30 PM IST

Consumer Court / District Consumer Disputes Redressal Commission:

For legal remedies under the Consumer Protection Act, 2019.

• Jurisdiction: Consumer disputes involving privacy violations, data misuse, or service deficiencies
• Website: National Consumer Disputes Redressal Commission – https://ncdrc.nic.in
• e-Daakhil Portal: https://edaakhil.nic.in (for online filing)
• How to File:
  • Determine appropriate forum based on claim value:
    • District Commission: Claims up to ₹1 crore
    • State Commission: Claims ₹1 crore to ₹10 crore
    • National Commission: Claims above ₹10 crore
  • File complaint online via e-Daakhil portal or in person
  • Pay prescribed court fees
  • Attend hearings and present evidence
• Local Consumer Court (Ahmedabad):
  • District Consumer Disputes Redressal Forum, Ahmedabad
  • Address: [Local Ahmedabad consumer court address]
  • Contact local consumer forum for specific procedures with any legitimate supervisory authority investigation and comply with applicable legal obligations.

Information Commissioner (Right to Information Act, 2005):

For accessing information about how your data is processed (if applicable to public authorities).

• Central Information Commission: https://cic.gov.in
• Gujarat State Information Commission: https://gic.gujarat.gov.in
• Function: Appeal against denial of information under RTI Act
• Note: This mechanism primarily applies to public authorities but may be relevant in certain contexts

15.2 Grievance Redressal Process (Required First Step)

Before approaching regulatory authorities, you must first exhaust our internal grievance redressal mechanism.

Step 1: Contact Our Grievance Officer

• Name: Sarabjeet Singh Guliani
• Email: ssguliani@akaame.com
• Phone: +91-9819165927
• Address: Akaame Export Private Limited, A-356, Moneyplant Highstreet, Jagatpur Road, Gota, Ahmedabad, Gujarat – 382470, India
• Timeline: Acknowledgment within 72 hours; resolution within 30 days

Step 2: Internal Escalation (if unsatisfied)

• Email: dpo@akaame.com
• Request escalation to senior management
• Timeline: Additional 15 days for review

Step 3: Regulatory Authority (if still unsatisfied)

• File complaint with appropriate authority listed above
• Provide documentation of prior grievance filed with us
• Include acknowledgment and response from our Grievance Officer
• Attach all supporting evidence

15.3 International Jurisdictions (For Non-Indian Users)

While our primary jurisdiction is India, we recognize privacy rights in other jurisdictions where our users may be located.

European Economic Area (EEA), United Kingdom, Switzerland

If you believe we have violated the General Data Protection Regulation (GDPR), you may contact:

• EU Data Protection Authorities:
  https://edpb.europa.eu/about-edpb/board/members_en
• UK Information Commissioner’s Office (ICO): https://ico.org.uk
  Helpline: +44 303 123 1113
• Swiss Federal Data Protection and Information Commissioner:
  https://www.edoeb.admin.ch

Examples of EU DPAs:

• Ireland – Data Protection Commission: https://dataprotection.ie (for EU-based tech companies)
• Germany – Federal Commissioner for Data Protection: https://www.bfdi.bund.de
• France – CNIL: https://www.cnil.fr

United States – California

If you are a California resident and believe we have violated the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA), you may contact:

• California Privacy Protection Agency (CPPA): https://cppa.ca.gov
• Phone: (916) 217-3114
• How to Complain: File complaint through online portal on CPPA website

California Attorney General (Consumer Protection):

• Website: https://oag.ca.gov/privacy
• Phone: (916) 210-7580

Canada

If you believe we have violated Canadian privacy laws (PIPEDA, CASL):

• Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca
• Toll-Free: 1-800-282-1376
• Email: info@priv.gc.ca
• How to Complain: Submit complaint form online or by mail

Canadian Radio-television and Telecommunications Commission (CRTC) – CASL Violations:

• Website: https://crtc.gc.ca/eng/casl-lcap.htm
• Toll-Free: 1-877-782-2384
• Function: Enforce Canada's Anti-Spam Legislation

Australia

If you believe we have violated the Australian Privacy Act:

• Office of the Australian Information Commissioner (OAIC): https://www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au
• How to Complain: Online complaint form available on OAIC website

Other Jurisdictions

For users in other countries:

• Contact your local data protection authority or consumer protection agency
• Check: https://www.privacyenforcement.net/public for global DPA directory
• We will cooperate with investigations from recognized authorities

15.4 Our Cooperation with Authorities

We are committed to cooperating with regulatory authorities in their investigations.

Indian Regulatory Authorities:

• We will respond promptly to official requests and inquiries
• Provide requested information and documentation within legal timelines
• Comply with directives, orders, and penalties issued by competent authorities
• Maintain transparency in our dealings with regulators

International Supervisory Authorities:

• Cooperate with cross-border investigations
• Respond to mutual legal assistance requests
• Comply with internationally recognized data protection principles
• Participate in dispute resolution mechanisms

Limitations:

• We may contest requests that are:
  • Not supported by applicable law
  • Contrary to Indian legal obligations
  • Protected by legal privilege or confidentiality
• We will seek legal guidance before complying with conflicting legal obligations

15.5 Your Right to Seek Legal Remedies

In addition to filing complaints with regulatory authorities, you have the right to:

Civil Remedies:

• File civil suit for damages in appropriate court
• Seek injunctive relief to prevent ongoing violations
• Claim compensation for harm suffered due to privacy violations

Criminal Remedies:

• File criminal complaint under IT Act, 2000 for:
  • Unauthorized access to computer systems (Section 43)
  • Data theft (Section 43)
  • Identity theft (Section 66C)
  • Privacy violations (Section 66E)
  • Disclosure of information in breach of contract (Section 72A)
• Maximum penalties include imprisonment up to 3 years and/or fines

Consumer Protection Remedies:

• File complaint in Consumer Court for deficiency in service
• Claim compensation for unfair trade practices
• Seek refund or service rectification

DPDP Act Remedies:

• File complaint with Data Protection Board
• Seek penalties against Data Fiduciary (up to ₹250 crores for serious violations)
• Claim compensation for harm suffered

Jurisdiction for Legal Proceedings:

• Primary jurisdiction: Courts of Ahmedabad, Gujarat, India
• Subject to arbitration clause in our Terms and Conditions
• Consumer disputes: Local consumer forum jurisdiction where you reside

15.6 Contact Information for Complaints

For complaints to Selixer:

Grievance Officer:

• Name: Sarabjeet Singh Guliani
• Email: ssguliani@akaame.com
• Phone: +91-9819165927
• Address:
  Akaame Export Private Limited
  A-356, Moneyplant Highstreet
  Jagatpur Road, Gota
  Ahmedabad, Gujarat – 382470, India

Data Protection Officer (if appointed):

• Email: dpo@akaame.com

Senior Management Escalation:

• Email: legal@akaame.com

Legal & Compliance Department:

• Email: compliance@akaame.com

15.7 Quarterly Transparency Reporting

In accordance with good governance practices, we publish quarterly transparency reports on our website that include:

• Number of grievances received and resolved
• Categories of complaints (privacy, security, spam, etc.)
• Average resolution time
• Regulatory inquiries and actions
• Data breach notifications (if any)
• Improvements implemented based on feedback

Access reports are available at www.selixer.com or upon request.

15.8 Emergency Contact (Data Breaches & Security Incidents)

For urgent security incidents or suspected data breaches:

• 24/7 Security Hotline: +91-9825744485
• Emergency Email: urgent@selixer.com
• Incident Reporting Portal: www.selixer.com/security/report

For Immediate Threats:

• Contact Cyber Crime Helpline: 1930
• Report to local police cybercrime cell
• Inform us simultaneously at legal@akaame.com

Note: This section may be updated as Indian data protection regulations evolve and as the Data Protection Board of India becomes fully operational. We recommend checking our website for the most current regulatory contact information.

16. SUMMARY OF KEY AUTHORITY CONTACTS

This section provides comprehensive information about supervisory authorities and complaint mechanisms specific to Indian jurisdiction while also maintaining information for international users. All placeholder contact information (marked with brackets) should be filled in with actual details before publication.

17. ADDITIONAL DISCLOSURES

17.1 California Shine the Light Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes.
We do not engage in such disclosure.

17.2 Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain covered information.
We do not sell covered information as defined by Nevada law.

17.3 Indian-Specific Disclosures

Information Technology Act, 2000:

As an intermediary under the IT Act, we:

• Have appointed a Grievance Officer to address user complaints
• Respond to grievances within 72 hours of acknowledgment
• Maintain reasonable security practices as per IT Rules 2011
• Notify data breaches as required by law

Digital Personal Data Protection Act, 2023:

As a Data Fiduciary under DPDP Act:

• Process data only for lawful purposes
• Implement reasonable security safeguards
• Notify Data Protection Board of breaches
• Respect data principal rights
• Maintain records of processing activities
• Appoint Data Protection Officer (if required based on volume/sensitivity)

Sensitive Personal Data (SPD):

Under IT Rules 2011, we collect the following Sensitive Personal Data:

• Passwords (hashed and encrypted)
• Financial information (credit/debit card details via payment processors)

We obtain prior consent before collecting SPD and implement reasonable security practices including:

• IS/ISO/IEC 27001 certification (or working towards it)
• Documented information security policies
• Regular security audits

17.4 Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities.
If you have difficulty accessing this policy, contact legal@akaame.com and we will provide it in an alternative format.