Privacy Policy
Last updated: July 17, 2026. How Pankesh collects, uses, shares, stores, and protects personal data.
1. Who is responsible and who this policy covers
Pankesh is the customer-facing brand for pankesh.in, Pankesh.Tech, Pankesh.School, related portals, forms, dashboards, APIs, support, billing, and communications. The legal person or entity identified in the applicable customer order or invoice is responsible for the Pankesh service covered by that document.
- For privacy questions, rights requests, or complaints, contact contact@pankesh.in and identify the relevant Pankesh product or customer account.
- It covers visitors, leads, customers, school administrators, teachers, staff, parents, students, vendors, and people who interact with our websites or support channels.
- For Pankesh.School customer data, the school or institute is usually the data controller and Pankesh acts as a processor/service provider under the DPA.
- For our own website, billing, marketing, support, analytics, and account administration, Pankesh may act as the controller of personal data.
- This policy does not replace a signed school, enterprise, or project agreement that contains stronger privacy commitments.
2. Personal data we collect
We collect information you provide directly, information generated while using our services, and information received from connected services or authorized school/business administrators.
- Identity and contact data: name, email, phone number, organization, school name, address, role, and contact preferences.
- Account and login data: username, password hash, OTP or session information, admin role, permissions, activity logs, and security events.
- Project and service data: requirements, messages, uploaded files, brand assets, website content, business details, invoices, support tickets, and approvals.
- School data: student, parent, teacher, staff, class, fee, attendance, exam, transport, communication, admission, and academic records that a school chooses to upload or manage.
- Payment data: plan, invoices, transaction IDs, billing address, GST or tax details, payment status, and payment gateway responses. Full card, UPI, or bank credentials are handled by payment providers where applicable.
- Device and usage data: IP address, browser, device type, pages viewed, time zone, referring page, clicks, logs, error reports, and cookie identifiers.
- AI feature data: prompts, uploaded files, instructions, chat inputs, generated outputs, automation logs, and review feedback when you use or request AI-enabled services.
3. How we use personal data
We use personal data to provide services, operate platforms, secure accounts, communicate with you, process payments, improve products, and meet legal duties.
- Respond to inquiries, book calls, prepare proposals, deliver projects, provide support, and manage customer relationships.
- Operate Pankesh.School features such as admissions, attendance, fees, reports, communication, dashboards, and role-based access.
- Operate Pankesh.Tech services such as websites, dashboards, marketing systems, automation, security monitoring, and integrations.
- Process payments, invoices, renewals, refunds, tax records, subscription status, and account notices.
- Detect, prevent, and investigate fraud, spam, abuse, unauthorized access, data incidents, policy violations, and security threats.
- Improve reliability, usability, product planning, analytics, training, documentation, and support quality.
- Comply with contracts, laws, court orders, tax duties, regulatory requirements, and lawful requests.
4. AI processing
If you request or enable AI features, Pankesh may process inputs, outputs, files, and instructions through AI tools or third-party AI providers such as OpenAI, Anthropic, or similar providers.
- Use AI features only with data you are authorized to submit.
- Do not submit sensitive, confidential, student, health, financial, biometric, or regulated data into AI features unless your organization has approved that use and the required safeguards are in place.
- AI providers may process inputs and outputs to provide the requested feature, maintain security, enforce policies, and improve services according to the applicable provider terms and our agreement with them.
- AI outputs may be inaccurate or incomplete and should be reviewed by a human before use, publication, communication, or decisions about any person.
- Where possible, we limit AI processing to the data needed for the requested task.
5. Legal bases and consent
Where privacy law requires a legal basis, we rely on contract performance, legitimate interests, consent, legal obligations, and, for some school or customer records, the documented instructions of the customer controller.
- Contract: to deliver the service, account, subscription, support, or project you requested.
- Legitimate interests: to secure services, prevent fraud, improve products, communicate with customers, and run our business.
- Consent: for optional marketing, certain cookies, optional uploads, and specific permissions where required.
- Legal obligation: for tax, accounting, law enforcement, compliance, and dispute handling.
- Controller instructions: for school/customer data processed under a DPA or written customer agreement.
6. Sharing and subprocessors
We do not sell personal data. We share personal data only when needed for service delivery, security, legal compliance, business operations, or with your instruction.
- Hosting, database, storage, CDN, backup, and cloud infrastructure providers.
- Payment gateways, banks, accounting, invoicing, tax, and fraud-prevention providers.
- Email, SMS, WhatsApp, call, CRM, ticketing, analytics, and notification providers.
- Domain, DNS, map, social, advertising, marketing, and integration providers when used in your project or account.
- AI providers and automation tools when you request or enable AI-assisted services.
- Professional advisors, auditors, insurers, legal authorities, or government agencies where legally required.
- A buyer, successor, or adviser in a merger, acquisition, financing, restructuring, or transfer of business assets.
7. School, student, and child data
Pankesh.School is designed for schools and institutes. The school is responsible for deciding what data is collected, who can access it, and what notices or consents are required from students, parents, guardians, teachers, and staff.
- Schools must collect and use student or child data lawfully and with appropriate parent, guardian, or institutional authorization where required.
- Pankesh processes school records only to provide the service, support the school, secure the platform, comply with law, or follow the school's documented instructions.
- Public Pankesh websites and marketing pages are not intended for children to create accounts without school, parent, or guardian involvement.
- Schools should not upload unnecessary sensitive data unless it is required for their lawful education workflow.
8. Retention and deletion
We keep personal data only for as long as needed for the purposes described in this policy, the customer agreement, legal duties, dispute handling, security, backups, and accounting records.
- Lead and inquiry data is kept while we communicate with you and for reasonable business follow-up unless deletion is requested.
- Project, support, invoice, and contract records may be retained for legal, tax, warranty, audit, and dispute purposes.
- School/customer data is retained according to the customer plan, DPA, export/deletion request, backups, and legal requirements.
- Backups and logs may take additional time to expire from secure backup systems.
- When data is no longer needed, we delete, anonymize, or archive it according to applicable requirements.
9. Security
We use reasonable technical and organizational safeguards to protect personal data, but no internet service can be guaranteed to be completely secure.
- Access controls, role-based permissions, least-privilege access, password hashing, and admin restrictions.
- Encryption in transit where supported, secure hosting configurations, backups, monitoring, and logging.
- Staff or contractor confidentiality duties and access limited to people who need it for service delivery.
- Security review for sensitive workflows and incident response procedures for suspected breaches.
- You are responsible for securing your devices, users, passwords, domains, connected accounts, and admin permissions.
10. Your rights and choices
Depending on where you live and the relationship you have with Pankesh, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain personal data.
- You can request a copy, correction, deletion, or export of your personal data where applicable.
- You can opt out of non-essential marketing communications.
- You can manage cookies through browser settings and our cookie choices where available.
- For school/student data, requests should usually be sent to the relevant school first because the school controls that data.
- We may verify your identity before acting on a request and may refuse or limit a request where law allows or requires.
11. International transfers
Pankesh and its providers may process data in India and other countries where our infrastructure, subprocessors, or support providers operate.
- Where required, we use contractual, technical, and organizational safeguards for cross-border processing.
- Third-party provider locations may depend on the selected hosting, payment, communication, analytics, AI, or integration service.
- By using the services or asking us to connect third-party providers, you understand that data may be processed outside your state or country.
12. Changes and contact
We may update this Privacy Policy as our products, legal requirements, or processing practices change.
- The latest version will be posted on this page with the last updated date.
- Material changes may also be communicated through the website, dashboard, email, or customer notice.
- For privacy questions, data requests, or school data concerns, contact contact@pankesh.in.
- For urgent security concerns, include clear details and mark the message as security-related.
Privacy or data request?
Send us the account, school, project, or domain details so we can locate the right records.