Privacy Policy
Last updated: 3 July 2026
Ankeshan ("Ankeshan", "we", "us" or "our") is a product of [Registered Business Name], having its registered office at [Registered Address], [City], [State], India. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it.
We have written this policy to comply with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the Digital Personal Data Protection Rules, 2025 made under it, read together with the Information Technology Act, 2000 and, to the extent still applicable, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the "SPDI Rules"). Under the DPDP Act, you are a "Data Principal" and Ankeshan is the "Data Fiduciary" that decides why and how your personal data is processed.
We have tried to keep this policy in plain English. Where the law uses specific terms, we name the law rather than paraphrasing what it requires.
Privacy is built into how Ankeshan works
Ankeshan is a Windows Excel add-in that turns Excel into an offline mini-ERP for Indian small businesses. Our design principle is simple: your business data belongs on your own computer.
- Your business and accounting data — sales, purchases, invoices, ledgers, stock, customer records, salaries and tax working — is stored locally on your own PC. It is not uploaded to Ankeshan's servers.
- The software connects to our servers only to (a) validate your software licence and (b) download updated GST and compliance rules so your filings stay accurate. These connections do not send us your books.
- We do not sell your personal data. We never have, and this is a commitment, not just a legal position. We also do not share your personal data with third parties for their own advertising or marketing.
This policy therefore covers two very different things: the small amount of personal data we collect through this website, and the limited data the software exchanges with us for licensing and rule updates.
What personal data we collect
On the website (right now, before launch)
Ankeshan is currently pre-launch. Today, the only personal data we actively collect from you is what you choose to give us through our waitlist form:
- your name;
- your email address;
- your phone / WhatsApp number (optional);
- your city; and
- your business type.
You provide this voluntarily when you ask to be notified about our launch.
The software (at and after launch)
When the product launches and you install and use Ankeshan, the software will exchange limited data with us only for:
- Licence validation — verifying that your copy of the software is licensed; and
- Compliance rule updates — delivering the latest GST and statutory rules to your PC.
Your actual business, accounting and customer data remains on your own machine and is not transmitted to us as part of these functions.
Automatically collected technical data
Our website is hosted on Cloudflare Pages, and web fonts are loaded from Google Fonts. As with most websites, our hosting provider may process limited technical information (such as IP address and basic request logs) for security, performance and abuse prevention. We do not use third-party advertising or cross-site tracking cookies, and we currently use minimal or no cookies of our own.
Why we collect it, and our legal basis
Under the DPDP Act, we may process your personal data only for a lawful purpose and, in most cases, on the basis of your consent or, where permitted, for certain legitimate uses recognised by the Act.
| What we collect | Why (purpose) | Legal basis under the DPDP Act |
|---|---|---|
| Waitlist details (name, email, phone/WhatsApp, city, business type) | To notify you about our launch, share early-access information, and understand who is interested | Your consent, given when you submit the form |
| Licence data (at launch) | To validate your software licence and prevent misuse | Performance of our service to you / legitimate use |
| Payment details (at launch) | To process payments for the product | Your consent and performance of our contract with you |
| Technical/hosting logs | Security, performance and abuse prevention | Legitimate use as permitted by law |
We collect only what we need for these purposes and do not use your waitlist details for unrelated purposes without asking you first.
Consent, and how to withdraw it
Where we rely on your consent, that consent is free, specific, informed, unconditional and unambiguous, and is given by a clear affirmative action — for example, submitting the waitlist form. Before or at the point of collection, we tell you what we are collecting and why.
You may withdraw your consent at any time, and it will be as easy to withdraw as it was to give. To withdraw consent or to be removed from our waitlist, email us at privacy@ankeshan.com. Withdrawing consent will not affect the lawfulness of processing carried out before you withdrew it. Once you withdraw, we will stop the relevant processing and delete or de-identify your data unless we are required by law to retain it.
How we share your data
We do not sell your personal data and do not share it for third-party advertising.
We share personal data only with service providers ("Data Processors") that help us run our service, and only to the extent necessary. These currently include, or are expected to include:
- Cloudflare — website hosting (Cloudflare Pages) and storage of waitlist submissions (Cloudflare D1 database);
- Google Fonts — serving web fonts on our website;
- Razorpay (at launch) — processing payments in India; and
- a transactional email provider (for example, Postmark) (at launch) — sending you service and account emails.
Where we engage a processor, we do so under a contract that requires them to protect your data and to process it only on our instructions, as required by the DPDP Act. We may also disclose personal data where required to do so by law, or to protect our legal rights.
Cross-border processing
Some of the service providers we use may process or store data on servers located outside India. Where this happens, we do so in accordance with the DPDP Act, including any restrictions the Central Government may notify on transfers to specified countries. We remain responsible for personal data handled on our behalf by our processors, wherever it is processed.
How long we keep it (retention)
We keep personal data only for as long as it is needed for the purpose we collected it, or for as long as the law requires.
- Waitlist data is retained until our launch communications are complete, until you ask us to delete it, or until you withdraw consent — whichever is earliest — after which we delete or de-identify it.
- Licence and payment records (at launch) may be retained for the periods required under applicable tax, accounting and other laws.
When personal data is no longer needed and we are not legally required to keep it, we delete or anonymise it.
How we protect your data (security)
We take reasonable security safeguards to protect personal data against unauthorised access, disclosure, alteration and loss, as required by the DPDP Act and by the reasonable-security-practices standard under the Information Technology Act, 2000 and the SPDI Rules. These measures include use of reputable, security-hardened infrastructure providers, access controls, and encryption in transit.
By design, the most sensitive information — your actual business and accounting records — never leaves your own PC through normal use of the software, which materially reduces the data at risk. In the event of a personal data breach affecting your data, we will act in accordance with our obligations under the DPDP Act, including notifying the Data Protection Board of India and affected Data Principals as required.
Your rights as a Data Principal
The DPDP Act gives you rights over your personal data. You have the right to:
- Access — request a summary of the personal data we hold about you and how we process it;
- Correction and updating — ask us to correct or complete inaccurate or incomplete data;
- Erasure — ask us to delete your personal data where it is no longer needed and we are not required to keep it;
- Withdraw consent — as described above;
- Grievance redressal — raise a complaint with us about how your data is handled; and
- Nominate — nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the Act.
To exercise any of these rights, email us at privacy@ankeshan.com. We may need to verify your identity before acting on your request, and we will respond within the timelines required by law.
Children's data
Ankeshan is a business tool intended for adults and is not directed at children. Under the DPDP Act, a "child" is a person under 18 years of age. We do not knowingly collect personal data of children. Where processing of a child's data is required, the Act mandates verifiable consent of a parent or lawful guardian and prohibits certain uses, such as tracking, behavioural monitoring and targeted advertising directed at children. If you believe a child has provided us personal data, please contact us and we will delete it.
Grievance redressal and contact
If you have any questions, requests or complaints about your personal data or this policy, please contact us:
- Email: privacy@ankeshan.com
A Grievance Officer for Ankeshan will be named here (with contact details) as required under the DPDP Act and the Information Technology Act, 2000. Until then, complaints sent to the address above will be handled by our privacy team. We will acknowledge your complaint promptly and aim to resolve it within the timelines required under the DPDP Act and the Digital Personal Data Protection Rules, 2025.
If you are not satisfied with our response, you have the right to raise your complaint with the Data Protection Board of India, after first using our grievance mechanism, as provided under the DPDP Act.
Changes to this policy
We may update this Privacy Policy from time to time — for example, as we move from pre-launch to launch, add new features, or to reflect changes in law such as the phased coming-into-force of the DPDP Act and the Digital Personal Data Protection Rules, 2025. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Please review this page periodically.
This policy is part of our Terms and Disclaimer.