Privacy Policy
Last updated: 21 June 2026 · Effective: 21 June 2026
This Privacy Policy explains how Anchor Fastener Mfg Corporation ("we", "us", "AutomationXpert", "AX") collects, uses, stores and protects information when you use the AutomationXpert toolkit, our website at ax.quitlosing.in, the evergreen demo at webinar.quitlosing.in, and related WhatsApp services on +91 88502 91643.
We comply with India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 with allied rules.
1 · Who we are
Data Fiduciary: Anchor Fastener Mfg Corporation, GSTIN 27ACAPM7018E1ZV, Mumbai, India.
Grievance Officer: Manoj Maheshwari · email rohstar@gmail.com · WhatsApp +91 98200 27850.
Replies within 72 hours during Indian working days.
2 · What we collect
2.1 · Information you provide directly
- Account / registration data: name, business name, email address, WhatsApp number, city.
- Tenant configuration: staff member names + WhatsApp numbers, tool preferences, opening/closing hours.
- Payment data: processed by our payment partner (Razorpay / Stripe). We retain the transaction ID, amount, date — never your card number.
- Communications: messages you send us on WhatsApp, email, demo registrations.
2.2 · Information generated through use
- WhatsApp message content sent through our system (text, voice notes, photos, documents).
- Command payloads for tools you use (e.g., AX:DT, AX:R, AX:PC).
- Service logs: timestamps, command type, processing result. Retained 90 days.
2.3 · Website + analytics data
- Standard web logs: IP address, user agent, pages visited, referrer URL, click identifiers (fbclid, gclid).
- Cookies + similar: Meta Pixel, Google Analytics 4, Google Ads tag — only after you accept the cookie banner. See our Cookie Policy.
3 · Your data stays in YOUR Google account (the BYOD promise)
This is the central design choice of AutomationXpert. When you connect your Google Drive at onboarding, all photos, bills, PDFs, and evidence files attached to AX commands are stored in your own Google Drive — not on our servers. We only hold a read-only audit pointer (the file ID + an SHA hash) so we can verify the file exists and hasn't been tampered with. Revoke our access from Google at any time and our audit pointer becomes permanently dead.
4 · How we use your information
- To provide the AX toolkit — routing WhatsApp messages, classifying intent, writing rows to your Google Sheet, storing files in your Google Drive.
- To process payments and issue GST-compliant invoices.
- To send transactional WhatsApp messages and emails about your account.
- To send promotional messages on WhatsApp only if you opted in. Reply STOP to opt out at any time.
- To detect abuse, prevent fraud, comply with legal obligations.
- To improve the service — using aggregate, de-identified data only.
5 · Legal bases for processing
- Consent: for marketing communications and non-essential cookies.
- Performance of contract: to provide the toolkit you purchased.
- Legal obligation: for GST records, anti-fraud, court orders.
- Legitimate interest: for service security, fraud prevention, and aggregated analytics.
6 · Sharing your information
We do not sell your personal data. Limited sharing with:
- Meta (WhatsApp Cloud API) — to deliver and receive your WhatsApp messages.
- Google (Workspace + Drive + Sheets API) — to write to your account.
- Supabase + Cloudflare — hosting and infrastructure.
- Razorpay / Stripe — payment processing.
- OpenAI Whisper + Anthropic Claude / Google Gemini — transcription and intent classification of voice notes. We send only the audio file or text command, never identifying metadata.
- Law enforcement — only when legally compelled.
7 · Data retention
| Data category | Retention |
|---|
| Account profile | Until account closure + 90 days |
| WhatsApp message content | 365 days (or until you delete) |
| Voice transcripts | 90 days |
| Payment records | 8 years (Companies Act / GST) |
| Web server logs | 90 days |
| Drive evidence files | Stored in your account — under your control |
8 · Your rights under the DPDP Act
As a Data Principal, you have the right to:
- Access the personal data we hold about you.
- Correct or update inaccurate data.
- Erase data (subject to legal retention rules above).
- Withdraw consent for any specific processing.
- Nominate another individual to exercise rights on your behalf in case of death or incapacity.
- Grievance redressal — contact our Grievance Officer (see Section 1). Unsatisfied? Escalate to the Data Protection Board of India.
9 · Security
- All data in transit is TLS 1.2 / 1.3 encrypted.
- Database encryption at rest (Supabase managed encryption).
- Service-role keys stored in encrypted secret managers, never logged.
- Google OAuth refresh tokens encrypted per-tenant.
- Breach notification: within 72 hours to the Data Protection Board and affected individuals.
10 · International transfers
Our primary infrastructure is in Singapore (Supabase ap-southeast-1) and global Cloudflare edge. Some processors (Anthropic, OpenAI) operate from the United States. We rely on standard contractual safeguards for these transfers.
11 · Children
AutomationXpert is not intended for individuals under 18. We do not knowingly collect data from minors.
12 · Changes
We may update this policy. Material changes are notified via WhatsApp or email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.
13 · Contact
Questions or complaints? Email rohstar@gmail.com or message +91 98200 27850 on WhatsApp. We aim to reply within 72 hours.