Privacy

Privacy Policy

Last updated: May 2025  ·  Applies to all Akaai ERP users and institutes

Data Security

TLS encryption in transit · AES-256 at rest · bcrypt passwords · HTTP-only cookies

No Data Selling

We never sell, rent, or trade your data or your students' data to any third party.

You Own Your Data

All data you input belongs to you. We process it only to provide the Service.

India-First Hosting

Data stored on servers in India, compliant with Indian data protection regulations.

1. Introduction

Akaai ERP ("we", "us", "our") is committed to protecting the privacy and security of your personal data and the data of students, staff, and other individuals managed through our platform. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the Service.

This policy applies to institute administrators, staff, counsellors, faculty, and students who access the platform. By using the Service, you agree to the practices described here. We comply with the Information Technology Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011.

2. Information We Collect

Information you provide directly:

  • Institute details: name, address, contact information, registration code
  • User accounts: name, email address, phone number, role
  • Student records: personal details, enrollment data, attendance, academic performance, fee records
  • Financial data: payment amounts, transaction IDs, payment method type (no raw card numbers stored)
  • Program and curriculum content: courses, subjects, assignments, quiz questions
  • Communication data: messages via team chat, announcement content

Information collected automatically:

  • Log data: IP address, browser type, OS, pages visited, timestamps
  • Session data: session tokens, authentication cookies (HTTP-only, secure, SameSite)
  • Usage analytics: features used and pages visited — anonymised, no personal identifiers

From third parties: Razorpay provides payment confirmation status and transaction reference IDs only. We do not receive raw card data.

3. How We Use Your Information

  • Provide, operate, and maintain the Akaai ERP platform
  • Process subscriptions and payments securely
  • Send transactional emails (invoices, payment confirmations, subscription alerts)
  • Send service-related communications (maintenance notices, security alerts, policy updates)
  • Enable role-based access control within your institute
  • Generate analytics and reports for institute administrators
  • Improve platform features based on anonymised usage data
  • Respond to support requests and disputes
  • Detect and prevent fraud, unauthorised access, and security incidents
  • Comply with legal obligations and enforce our Terms & Conditions

We do not use your data for advertising, profiling for marketing, or any purpose unrelated to operating the Service.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share data only in limited circumstances:

  • Razorpay (payment processing): processed under their own privacy policy. We receive only transaction confirmation data.
  • Cloud infrastructure providers: process data on our behalf under strict data processing agreements.
  • Email service providers: for transactional emails only. No right to use your data for their own purposes.
  • Legal requirements: if required by law, court order, or to protect the safety of our users.

5. Student Data — Special Protections

  • Student data is accessible only to authorised users within the same institute (enforced server-side)
  • One institute's student data is never visible to another institute
  • We do not use student personal data for any commercial purpose
  • Student data is deleted within 30 days of institute account termination
  • Institute administrators are responsible for obtaining appropriate consents for minors' data

6. Data Security

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • bcrypt hashing for all user passwords — never stored in plain text
  • HTTP-only, secure, SameSite session cookies (prevents XSS and CSRF attacks)
  • Role-based access control enforced at the API level for every request
  • Regular security audits and code reviews
  • MongoDB restricted to application servers only — no public internet access
  • Automated backups with secure off-site storage

Despite our best efforts, no transmission over the internet is 100% secure. Report any security concerns immediately to security@akaai.in.

7. Data Retention

  • Active accounts: data retained for as long as subscription is active
  • After cancellation: data retained 30 days for export, then permanently deleted
  • Billing records: retained 7 years (Indian tax and accounting regulations)
  • Support communications: retained 2 years
  • Server logs: automatically purged after 90 days

Export your data at any time using the built-in CSV export feature in each module.

8. Cookies & Tracking

  • Essential cookies: required for authentication and session management — cannot be disabled
  • Preference cookies: remember your settings (theme, selected institute)
  • Analytics cookies: anonymised usage data to improve the platform — can be opted out in Settings

We do not use third-party advertising cookies or cross-site tracking technologies. Disabling essential cookies will prevent you from logging in.

9. Your Rights

  • Right to access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data (subject to legal retention requirements)
  • Right to portability: receive your data in a machine-readable format (CSV export available in-platform)
  • Right to restriction: request limited processing in certain circumstances
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: where processing is consent-based, withdraw at any time

To exercise any right, contact us at privacy@akaai.in. We respond within 30 days. Identity verification may be required.

10. Children's Privacy

Our platform is not directed at children under 13. Institute administrators are responsible for ensuring that student accounts for minors are created with appropriate parental or guardian consent as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy periodically. Registered users will be notified via email or in-app notification at least 14 days before material changes take effect.

12. Contact Us

Privacy & Data Protection

Privacy: privacy@akaai.in

Security: security@akaai.in

Support: support@akaai.in