Privacy Policy
This Privacy Policy explains what information is collected when you use aknigam.com, how it’s used, who it’s shared with, and what rights you have. It is written to be readable. If you prefer a one-line summary: I collect only what’s needed to do the work, store it with named processors, never sell it, and you can ask for it back or delete it at any time.
// Contents
- 1. Who we are
- 2. What this Policy covers
- 3. Information we collect
- 4. How we use your information
- 5. Legal bases (GDPR / DPDPA)
- 6. Sharing & subprocessors
- 7. International data transfers
- 8. Data retention
- 9. Your rights
- 10. Cookies & tracking
- 11. Children’s privacy
- 12. Security
- 13. Changes to this Policy
- 14. Grievance Officer
- 15. Contact
1. Who we are
This website — aknigam.com — is operated by Akshay Nigam, a digital growth consultant operating as a sole proprietor based in India. References in this Policy to “I,” “we,” “us,” or “the operator” mean Akshay Nigam in that capacity. References to “you” mean any individual who visits this website, books a paid call, submits a contact form, or otherwise interacts with the operator’s services through this site.
For all purposes under the Digital Personal Data Protection Act, 2023 (India), Akshay Nigam is the Data Fiduciary in respect of personal data collected through this website. For all purposes under the EU / UK General Data Protection Regulation, Akshay Nigam is the Data Controller for the same data.
2. What this Policy covers
This Policy covers personal data collected when you:
- Visit any page on aknigam.com.
- Book a paid strategy call through the booking page.
- Submit a message through the contact form on the home page.
- Email, WhatsApp, or message the operator using the contact details listed on the site.
- Interact with the operator’s emails, LinkedIn, YouTube channel, or newsletter once published.
- Engage as a client under a separate consulting agreement — in which case the consulting agreement governs the engagement-specific data processing, and this Policy continues to govern routine website data.
This Policy does not cover third-party websites linked from this site (LinkedIn, YouTube, Razorpay’s checkout, etc.). When you leave this site, the destination site’s privacy policy applies.
3. Information we collect
3.1 Information you provide directly
When you fill out a form on this site, you provide:
- Identity: full name, role/title (where applicable).
- Contact: email address, phone number (including country code), company name.
- Engagement context: primary market, your stated goal for the call, budget band, engagement type, source page.
- Payment-related (when applicable): billing details processed by Razorpay; we do not see or store your card number, CVV, UPI PIN, or net-banking credentials. We receive a transaction reference, the amount, and the success/failure status.
3.2 Information collected automatically
When you visit aknigam.com, our infrastructure and analytics tools collect:
- Technical data: IP address (anonymized via GA4), browser type, device type, operating system, screen resolution, language preferences.
- Usage data: pages visited, time on page, click events, referral source, UTM parameters, scroll depth, form interactions.
- Cookies and similar technologies: see Section 10.
- Consent state: your cookie consent choices are stored in your browser’s localStorage so you don’t see the banner on every visit.
3.3 Information from third parties
If you connect to the site via a link in a marketing email, LinkedIn post, or partner referral, we may receive limited information from that source — typically just the campaign name and click reference — sufficient to attribute the visit.
3.4 Information we do not collect
We do not collect — and have no legitimate use for — the following: government IDs (Aadhaar, passport, social security), biometric data, health information, religious or political beliefs, sexual orientation, or other sensitive special-category data. If you voluntarily include such information in the “goal” free-text field, please reconsider: the field is intended for business context only.
4. How we use your information
Personal data is used only for the purposes listed below.
- Service delivery — To respond to your inquiry, prepare for a booked call, deliver the deliverable that the call format includes (1-pager or strategy memo), and follow up after the call.
- Scheduling — To send calendar slot options, confirmations, reminders, and follow-up communications related to your booked call.
- Payment processing — To complete your booking via Razorpay and issue a receipt.
- Communication — To reply to emails, WhatsApp messages, or form submissions.
- Website operation & security — To keep the site running, prevent abuse, debug issues, and protect against fraudulent activity.
- Analytics & improvement — To understand how the site is used so I can improve content, performance, and the buyer experience. This uses GA4 with IP anonymization, only after you consent (see Section 10).
- Legal compliance — To comply with applicable laws, court orders, and regulatory requirements.
- Marketing (only with consent) — If you opt in, occasional email updates about new insights articles or relevant services. You can unsubscribe at any time.
We do not sell, rent, or trade personal data. We do not use your data to train large-language models or third-party AI services.
5. Legal bases for processing (GDPR / DPDPA)
We process your personal data only when one of the following legal bases applies.
| Purpose | Legal basis |
|---|---|
| Responding to your inquiry / delivering a booked call | Performance of a contract (GDPR Art. 6(1)(b)) / Specified-purpose consent (DPDPA §5) |
| Processing payment | Performance of a contract; legal obligation (tax records) |
| Site operation, security, fraud prevention | Legitimate interest (GDPR Art. 6(1)(f)); legal obligation |
| Analytics (GA4) | Consent (GDPR Art. 6(1)(a) and EU ePrivacy; DPDPA §7) |
| Marketing emails (when introduced) | Consent — opt-in only, withdrawal at any time |
| Complying with court orders, regulator requests | Legal obligation |
6. Sharing & subprocessors
We share data with a small set of named subprocessors who provide the infrastructure this business runs on. Each subprocessor is bound by their own privacy commitments and contractual data-protection agreements.
| Subprocessor | Purpose | Data category |
|---|---|---|
| Hostinger | Website hosting + email | Site logs, contact form submissions |
| Google (GA4, Workspace, Consent Mode) | Analytics + transactional email | Pseudonymous usage data, email content |
| Razorpay | Payment processing | Name, email, phone, billing details |
| HubSpot | Lead / CRM management (when activated) | Name, contact details, engagement context |
| Brevo | Transactional + marketing email (when activated) | Email, name |
| WhatsApp / Meta (WhatsApp Business) | Customer messaging | Phone number, message content |
| Cloudinary | Image / media delivery | IP, browser data (during media fetch) |
We may also disclose personal data in the following limited circumstances:
- Legal obligation — In response to a valid court order, subpoena, regulator demand, or law-enforcement request.
- Defending claims — To establish, exercise, or defend a legal claim involving our services.
- Business transfer — In the unlikely event of a sale or transfer of this business, data may transfer to the successor under equivalent protections; we will notify affected individuals in advance.
- With your explicit consent — For any disclosure not covered above, we will ask first.
7. International data transfers
The operator is based in India. Several subprocessors (Google, HubSpot, Brevo, Meta, Cloudinary) are headquartered outside India and may process data in the United States, the European Union, or other jurisdictions.
For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework adequacy decisions for U.S.-hosted processors. For transfers from India under DPDPA, we restrict transfers to jurisdictions not blacklisted by the Government of India under §16 of the DPDPA. If you have a question about a specific cross-border transfer, contact the Grievance Officer (Section 14).
8. Data retention
Personal data is retained only for as long as needed for the purposes it was collected for, or as legally required.
- Contact / inquiry submissions — up to 24 months from last contact, then deleted or anonymized, unless an active engagement is in progress.
- Booked-call records — up to 36 months from the call date, for engagement-history reference, before deletion.
- Payment records — up to 8 years, as required by Indian income-tax and accounting record-keeping laws.
- Analytics data (GA4) — retained at the platform default (typically 14 months) and then aggregated.
- Marketing list (if you opt in) — until you unsubscribe, then deleted from active lists within 30 days.
- Engagement deliverables — retained per the consulting agreement governing that engagement; default 7 years for audit traceability.
9. Your rights
Depending on where you live, you have some or all of the following rights regarding your personal data. We honour these rights for all users, regardless of jurisdiction, unless prevented by law.
- Right to access — to receive a copy of the personal data we hold about you.
- Right to correction — to ask us to fix inaccurate or out-of-date personal data.
- Right to erasure / deletion — to ask us to delete your personal data, subject to legal-retention obligations.
- Right to restrict / object to processing — for legitimate-interest based processing.
- Right to data portability — to receive your data in a structured, machine-readable format.
- Right to withdraw consent — for consent-based processing; withdrawal doesn’t affect processing already done lawfully.
- Right to nominate (DPDPA §14) — to nominate another individual to exercise your rights in case of incapacity or death.
- Right to lodge a complaint — with a data protection regulator (e.g., the Data Protection Board of India under DPDPA; your local supervisory authority under GDPR).
To exercise any of these rights, email the Grievance Officer (Section 14). We’ll respond within 30 days, unless the request is complex, in which case we’ll explain the delay.
10. Cookies & tracking technologies
aknigam.com uses cookies and similar technologies. The first time you visit, a consent banner asks you to accept or reject non-essential cookies. You can change your choice at any time via the link in the footer (when implemented) or by clearing your browser’s storage.
10.1 Cookie categories
Cookies fall into four categories on this site, matching the consent banner.
| Category | Purpose | Examples |
|---|---|---|
| Strictly necessary | Site functionality, security, and the consent banner itself. Cannot be disabled. | gx-consent, gx-consent-categories |
| Functional | Remembers preferences like Proof Mode and your most recent booking. | gx-bookings, gx-proof-mode, gx-live-reach-bump |
| Analytics | Pseudonymous usage data via Google Analytics 4 with IP anonymization. Loaded only with consent. | _ga, _ga_* |
| Marketing | Conversion tracking for ad platforms (Meta CAPI, Google Ads). Loaded only with consent. Not currently in use; reserved for future campaigns. | Various third-party cookies set by Google / Meta when active. |
10.2 Consent Mode v2
The site uses Google Consent Mode v2. Until you accept, Google services run in “denied” mode and collect only modeled (non-identifiable) signals required for site functionality. After acceptance, full analytics signals are sent.
11. Children’s privacy
aknigam.com is intended for users 18 years and older. Services offered through this site are commercial and not directed at children. We do not knowingly collect personal data from individuals under 18. If you believe a child has provided personal data to us, contact the Grievance Officer (Section 14) and we will delete it.
12. Security
We use reasonable technical and organizational measures to protect personal data, including:
- HTTPS (TLS) on all pages.
- Hosting on infrastructure with industry-standard physical and network security.
- Access controls on administrative accounts (strong passwords, two-factor authentication where supported).
- Use of vetted subprocessors with their own security certifications (SOC 2, ISO 27001) where applicable.
- Periodic review of access and access removal when no longer required.
No system is fully secure. If a personal-data breach occurs that is likely to result in significant harm to affected users, we will notify the Data Protection Board of India (DPDPA §8(6)), affected supervisory authorities (GDPR Art. 33), and you, in accordance with applicable law.
13. Changes to this Policy
We may update this Policy from time to time. When we do, we’ll change the “Effective” date at the top and the version number. For material changes, we’ll provide additional notice — typically by email to users on the marketing list, by a banner on the site, or by a similar reasonable method.
14. Grievance Officer (India)
In accordance with the Information Technology Act 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, and the Digital Personal Data Protection Act 2023, the contact for grievances regarding personal data or content on this site is:
Name: Akshay Nigam
Role: Grievance Officer · Data Protection Officer
Email: aknigam448@gmail.com
Address: India (specific address available on request for legal proceedings)
Response SLA: Acknowledgement within 48 hours; substantive response within 30 days, in accordance with DPDPA §13.
15. Contact
For any privacy or data-protection question:
- Email: aknigam448@gmail.com
- WhatsApp: +91 9565 275 739
- Postal: written communications can be sent to the operator’s registered address — please request the address by email if needed for service of legal process.