Privacy & Data Sovereignty Policy

As a Data Controller: we collect necessary administrative and financial information (e.g., administrator emails, billing details) to manage your subscription and authenticate access.

As a Data Processor: for all operational data you create within your workspace (marketing assets, AI prompts, enterprise ledgers), Ektasi acts strictly as a Data Processor. We mathematically isolate this data. We do not monetize it, we do not train shared AI models on it, and our engineers cannot read it without explicit, audited Just-In-Time (JIT) access grants.

2.1 Administrative & Financial Data: administrator emails, company names, and secure authentication metadata. Payment processing is handled via tokenized API handshakes; Ektasi never stores raw card numbers.

2.2 Tenant Payload Data: all content generated within the Creative & Campaign Desk or the Tech & Protocol Desk. This data belongs entirely to you.

2.3 Telemetry & Observability Data: automated error logs. Our telemetry pipelines are air-gapped from PII — edge middleware scrubs auth tokens, decryption keys, and payload variables from stack traces before transmission.

Row-Level Security (RLS): data is isolated at the PostgreSQL engine level; a query from one tenant cannot return another tenant’s data.

Encryption at Rest: all tenant payloads are encrypted with AES-256-GCM, secured with unique, per-tenant keys derived via HKDF.

Edge Processing: authentication and routing execute on a globally distributed edge network, processing signatures in memory without persisting sensitive session data to disk.

Financial Clearing: Stripe, Inc. and Razorpay Software Private Limited (tokenized billing/invoice routing).

Infrastructure & Compute: Vercel Inc. and Amazon Web Services (edge routing and database hosting).

Transactional Communications: Resend (secure, ephemeral authentication handshakes).

Observability: Sentry (strictly scrubbed, zero-PII infrastructure error monitoring).

Ektasi guarantees the Right to be Forgotten through mathematical destruction, not database deletion. On termination or verified administrative request, we execute a Cryptographic Shred: irreversibly overwriting your tenant’s HKDF salt. Your ciphertext across the live database and all historical WORM backups is instantly reduced to permanent mathematical noise. We retain only an anonymized metadata log of the destruction event for our SOC2 audit ledgers.

Ektasi operates a globally distributed architecture. Depending on tier and location, data may be routed or stored outside your home country; by using the Platform you consent to this routing. Enterprise clients requiring strict local data residency can provision custom AWS/Vercel deployment zones under an MSA.

Depending on your jurisdiction (e.g., GDPR in Europe, DPDP Act in India), you have rights regarding your personal administrative data: access, correction, and deletion (which triggers the Cryptographic Shred protocol).

Enterprise administrators can self-serve forensic database audits and manage their own RBAC directly through the Tech & Protocol Desk.

Ektasi Technology is headquartered in Varanasi, Uttar Pradesh, India. For privacy questions or to exercise your data rights, contact our Data Protection Officer at privacy@ektasi.io (Subject: Privacy / Compliance Inquiry).