Skip to main content
Legal

Privacy Policy

Last updated: 27 June 2026

Aakasa Digital (Pvt) Ltd ("Aakasa Digital", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit aakasa.dev or use our SaaS products, including BillCraft AI and SupportCraft AI (collectively, the "Services"). Please read this policy carefully. By using our Services, you consent to the practices described herein.

1. Information We Collect

We collect information you provide directly, information generated automatically, and information from third-party services.

1.1 Information You Provide

  • Account registration: Name, email address, and password.
  • Profile information: Business name, phone number, and billing address.
  • Business data: Invoice details, customer records, support tickets, and any other content you create or upload within our products.
  • Payment information: Billing details (card number, expiry, CVV) submitted via our payment processors. We do not store raw card data on our servers.
  • Communications: Messages sent via our contact form, support email, or in-app chat.

1.2 Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URLs, and pages visited.
  • Usage data: Features accessed, actions taken, session duration, and error reports.
  • Device data: Device identifiers, screen resolution, and language settings.
  • Cookies and similar technologies: See Section 6 for details.

1.3 Information from Third Parties

We may receive information about you from payment processors (Stripe, PayPal), authentication providers, and AI model providers where relevant to delivering the Services.

2. How We Use Your Information

  • To create and manage your account and deliver the Services you subscribe to.
  • To process payments and manage billing and subscriptions.
  • To power AI features within our products (e.g., natural-language invoice generation, AI-assisted support responses).
  • To send transactional emails such as invoices, receipts, and password resets.
  • To send product updates and announcements (you may opt out at any time).
  • To respond to your enquiries, feedback, and support requests.
  • To monitor and improve the performance, security, and reliability of our Services.
  • To detect and prevent fraud, abuse, and other harmful activity.
  • To comply with applicable legal obligations and enforce our Terms of Service.

3. Legal Basis for Processing

Where applicable law requires a legal basis, we process your personal data on the following grounds:

  • Contract performance: Processing necessary to deliver the Services you have subscribed to.
  • Legitimate interests: Improving our products, preventing fraud, and ensuring security — balanced against your rights.
  • Legal obligation: Compliance with applicable laws and regulations.
  • Consent: Marketing communications and non-essential cookies, where consent is required.

4. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

  • Service providers: Trusted third-party vendors who help us operate the Services (e.g., cloud hosting, payment processing, email delivery, AI inference). These providers are contractually bound to protect your data and use it only on our behalf.
  • AI model providers: Content you submit to AI-powered features may be processed by third-party AI providers (such as OpenAI or Anthropic) to generate responses. We do not share data beyond what is necessary for inference, and we do not permit providers to use your data to train their models.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with notice provided where required by law.
  • Legal compliance: Where required by law, court order, or governmental authority.
  • With your consent: Any other sharing with your explicit prior consent.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Services. After account closure, we retain data for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements. Business data (invoices, tickets, etc.) may be retained for up to 7 years for accounting and regulatory purposes. You may request early deletion of your data — see Section 8.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Services:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Functional cookies: Remember your preferences such as language and layout settings.
  • Analytics cookies: Help us understand how users interact with our Services (e.g., page views, feature usage). Collected in aggregate or pseudonymous form.

You can control non-essential cookies through your browser settings. Disabling cookies may affect the functionality of some features.

7. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, disclosure, alteration, or destruction. These include TLS encryption for data in transit, encryption at rest for sensitive fields, role-based access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorised access to your account.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

Aakasa Digital is based in Sri Lanka. Our cloud infrastructure and third-party service providers may process your data in countries outside your own. Where transfers occur, we ensure appropriate safeguards are in place (such as standard contractual clauses or equivalent protections) to maintain the same level of protection as required in your jurisdiction.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting a notice on our website or sending an email to your registered address at least 14 days before the changes take effect. Your continued use of our Services after the effective date constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our privacy team at:

Aakasa Digital (Pvt) Ltd
Sri Lanka
[email protected]