Privacy & Policy
Privacy Policy
Effective date: 08 November 2025 — Last reviewed: 08 November 2025
A K SERVICES ("we", "our", "us") provides business-to-business (B2B) technology and communications services, including notification and verification services (OTP), API integrations, and related transaction processing. This Privacy Policy explains how we collect, use, disclose and protect information when we provide services to our business customers and their end users.
1. Scope
This policy applies to personal data that we collect in the course of providing services to our customers and to individuals who interact with those services (for example, employees, agents or end customers of our business customers). It does not govern data held by our customers in their own systems.
2. Information we collect
Contact and identity information: company name, business contact name, email, phone, job title, billing address.
Transactional information: transaction identifiers, payment status, invoices and receipts (we do not store raw card numbers; payment tokens may be retained by our payment processor).
Communication data: messages and notifications sent for verification and transactional purposes (metadata, templates, delivery status).
Usage and technical data: IP address, device/browser information, log files, timestamps and API usage metrics.
Optional KYC documents: where required by a customer for compliance (e.g., PAN, GST details) — only with explicit customer instruction.
3. Purposes and legal bases
We process personal data to:
Provide and operate our services and APIs (performance of contract).
Process transactions, send OTPs and business notifications (performance of contract, legitimate interest).
Communicate with customers and respond to support requests (performance of contract / legitimate interest).
Detect, prevent and investigate fraud or misuse (legitimate interest, legal compliance).
Comply with legal obligations (e.g., financial retention laws).
4. Sharing and processors
We may share personal data with third-party service providers acting as processors to perform services on our behalf, such as:
Messaging providers (e.g., WhatsApp Cloud API operator), SMTP/Email providers.
Payment processors and gateways (for invoicing and payment handling).
Hosting, monitoring and analytics providers.
Legal and audit advisors and other professional service providers where required.
We require vendors to maintain appropriate technical and organisational safeguards and process data only on our documented instructions.
5. Jurisdiction and transfers
We operate from India and provide services for domestic use only. Our platform and services are intended to process transactions and communications within India and we do not facilitate international transactions between parties. We do not transfer personal data outside India in the normal course of providing our services. If circumstances change and cross-border transfers become necessary, we will only do so with appropriate legal safeguards and will update this Policy accordingly.
6. Retention
We retain personal data only as long as necessary for the purposes described and to meet legal, tax and accounting obligations. Typical retention periods are:
Transactional records, invoices: 7 years (or as required by law).
Audit logs and system logs: 12 months.
OTP codes: stored hashed and retained for a maximum of 15 minutes.
Account information: until account deletion or as required for contractual obligations.
7. Security
We maintain administrative, technical and physical controls designed to protect personal data against accidental or unlawful loss, access or disclosure. Controls include access restrictions, encrypted communication (TLS), hashing of OTPs, and secure credentials management. No system is completely secure; we monitor and respond to incidents according to our incident response procedures.
8. Your rights
Depending on applicable law, individuals may have rights to access, correct, delete or restrict processing of their personal data, or to object to processing. Requests should be submitted to our privacy contact below; we will respond in accordance with applicable law and contractual obligations with our customers.
9. Data subject requests and responsibilities
Business customers are primarily responsible for responding to requests from their own customers (data subjects). If you are an individual who needs assistance, contact the business that engaged us; we will cooperate with our customer or respond where we are the controller as required by law.
10. Changes to this policy
We may update this Policy to reflect changes in our services or legal requirements. We will publish the updated policy and update the "Last reviewed" date.
Contact
Business name: A K SERVICES
Address: Paikaramau, Kursi Road, Lucknow, UP, India 226026
Email: info@akservices.co.in
Phone: +91 95060 13443