Privacy Policy

Accordink Solutions LLP ("Accordink", "we", "us", or "our") operates the website at www.accordink.com and provides contract operations, legal resources, and related services. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have in relation to it.

By using our website or purchasing our products, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use of our website and services.

Accordink Solutions LLP is a limited liability partnership registered under the Limited Liability Partnership Act, 2008 of India.

For purposes of data protection law, Accordink Solutions LLP is the data fiduciary and data controller in respect of personal information processed through this website.

You may contact us regarding privacy matters at: privacy@accordink.com

We collect information in the following ways:

Information you provide directly:

• Name, email address, and phone number when you submit our contact form or download a free resource
• Name, email address, phone number, and payment details when you purchase a product
• Any message or enquiry you submit through our contact form
• Name, email address, and phone number when you take our Contract Awareness Assessment or detailed assessment. We also collect your quiz answers, your score, and your result level.

Information collected automatically:

• Your approximate country, inferred from your IP address, to personalise your experience on our website. We do not store your IP address beyond what is required for rate limiting (see below).
• Your IP address, processed transiently for rate limiting purposes on our assessment and contact forms. IP addresses are not stored in our database or linked to your personal record.
• Your preferred colour scheme (light or dark mode), stored only in your browser's local storage. This never leaves your device.
• Session tokens used to maintain login state within our admin dashboard (Microsoft 365 authentication). These are stored as secure HTTP-only cookies and are not accessible to JavaScript.
• Quiz and assessment progress, stored temporarily in your browser's session storage while you are taking an assessment. This includes your current answers and question position. This data is held only in your browser and is cleared when you close the tab.
• Browser settings such as timezone, read client-side to personalise pricing display on our website. This information is not stored on our servers.
• A referral code if you arrive via a referral link, stored in a browser cookie. If you make a purchase, this code is used to attribute the transaction to the relevant referral partner.
• Marketing attribution data stored against your contact record when you submit a form, used only to understand which channels bring users to our website. This data is not shared with third parties.

Assessment and quiz data:

When you take our Contract Awareness Assessment or Contract Negotiation Assessment, we collect your answers, score, result level, and any identified areas for improvement. This data is linked to your email address once you submit your contact details at the end of the assessment. Before you submit your details, a temporary session identifier is stored in your browser's session storage to track your progress. This identifier is not linked to any personal information until you choose to submit your contact details.

If you submit an email address that is already associated with a previous assessment submission, we will not create a duplicate record. Instead, your original results may be reused or resent to you.

We also generate a secure access token linked to your email address, which is used to deliver your results and provide access to your certificate. This token expires after one year.

Certificates:

On completing an assessment, we generate a certificate containing your name and result level. This certificate is accessible via a unique, unlisted URL that you may share at your discretion. The certificate is intended to be shareable and is not access-controlled. You may request deletion of your certificate at any time by contacting us at privacy@accordink.com.

Payment information:

Payments are processed by Razorpay. We do not store your card number, CVV, or full payment credentials on our servers. We receive a payment confirmation reference, order ID, and payment ID from Razorpay after a successful transaction. Razorpay's own privacy policy governs how they handle your payment data.

We use your personal information for the following purposes:

• To deliver the products or services you have purchased or requested
• To send you documents you have downloaded or purchased, via email
• To deliver your assessment results, certificate, and related follow-up communications
• To issue invoices and maintain transaction records as required by law
• To respond to your enquiries and provide support
• To send occasional updates and insights about Accordink and contract-related topics, including information about relevant products or events based on your assessment result. You may opt out at any time using the unsubscribe link in any such email.
• To maintain internal records of leads and clients within our CRM system, used only by authorised Accordink personnel. Where you have completed an assessment, your result level may be used to classify your record internally and personalise any follow-up communications we send.
• To understand which channels drive traffic to our website, using marketing attribution data stored against your contact record
• To detect fraud, prevent abuse of our services, and verify payment authenticity

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects. We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

We process your personal information on the following legal grounds under applicable data protection law. This includes India's Digital Personal Data Protection Act 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), and equivalent frameworks in other jurisdictions where our users are located:

• Consent: where you voluntarily submit your contact details through our assessment or contact form, we rely on your consent to process and store that information and to send you follow-up communications.
• Contract performance: processing necessary to deliver products you have purchased or services you have requested
• Legitimate interests: maintaining business records, preventing fraud and abuse, understanding acquisition channels via UTM data, improving our services, and sending relevant updates to existing contacts. Where we send marketing communications, we do so on the basis of legitimate interests arising from an existing relationship with you (for example, a download, purchase, or completed assessment). These communications are limited to contract-related insights, updates, and relevant products. They are distinct from transactional emails (such as document delivery or assessment results), which are sent on the basis of contract performance. You may opt out of marketing communications at any time using the unsubscribe link in any email we send.
• Legal obligation: retaining transaction and invoice records as required by applicable accounting and tax law

• Assessment and quiz results: retained for up to 3 years from the date of submission, for as long as necessary to support follow-up communications and service improvement
• Assessment access tokens: expire automatically after 1 year from the date of issue
• Certificates: retained until you request deletion. If you request deletion of your personal data, associated certificates will also be deleted. To request deletion, contact privacy@accordink.com with the subject line "Certificate deletion request" and your name and email address.
• CRM contact records (non-purchasing): retained for up to 3 years from the date of your last interaction with us, for the purpose of managing our business relationship
• Contact enquiries: retained for up to 3 years from the date of your last interaction with us
• Purchase and invoice records: retained for 7 years from the date of transaction, as required under applicable accounting and tax law
• Download records: retained for up to 3 years, to support delivery and follow-up communications
• Marketing opt-out records: retained indefinitely to ensure we honour your unsubscribe request and do not contact you again

You may request deletion of your personal information at any time, subject to our legal obligations to retain certain records.

We share your information only where necessary, and only with the following categories of recipients:

• Razorpay Financial Solutions Pvt. Ltd.: to process payments. They operate as an independent data controller.
• Vercel Inc.: our hosting and infrastructure provider. Your data may be processed on servers in the United States or other regions. We also use Vercel Analytics, a cookieless analytics tool that collects anonymised usage data (page views, referrer, device type, and approximate country). No cookies are set and no personal data is stored. Vercel is bound by appropriate data protection obligations.
• Neon Inc.: our database provider. Data is stored in encrypted form.
• Upstash Inc.: our Redis provider, used for rate limiting on public-facing forms. No personal data is stored.
• Microsoft Corporation: we use Microsoft 365 and Azure Active Directory for internal authentication and email delivery. Microsoft processes data under its own privacy terms.
• Legal and regulatory authorities: where required by law, court order, or to protect our legal rights.

We do not transfer your personal data to any other third parties.

Some of the processors listed above are located outside your jurisdiction, including in the United States. Where your personal data is transferred internationally, we ensure that appropriate contractual safeguards are in place to protect it in accordance with applicable data protection law.

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you
• Correction: request correction of inaccurate or incomplete information
• Deletion: request deletion of your personal information, subject to our legal retention obligations
• Opt out of marketing: unsubscribe from marketing emails at any time using the link in any email, or by contacting us directly
• Withdraw consent: where we rely on consent to process your data, you may withdraw it at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Grievance redressal: under the DPDP Act 2023, you have the right to raise a grievance with us. We will acknowledge within 72 hours and resolve it within 30 days. Under GDPR, you also have the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, write to us at privacy@accordink.com. We will respond within 30 days.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure. These include encrypted database storage, HTTPS encryption in transit, access controls on all internal systems, role-based permissions for our team, and rate limiting on public-facing forms and assessments.

No method of transmission over the internet is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

Our website uses a small number of cookies and browser storage mechanisms. For full details, please read our Cookie Policy.

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Where changes are material, we will take reasonable steps to notify affected users. Continued use of our website after any change constitutes acceptance of the updated policy.

For any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal information, please contact: