amnoyTechnology

Home / Privacy Policy

Legal

Privacy Policy

Last updated: 16 June 2026  ·  Applies to: amnoy.in and the Amnoy API

Amnoy Technology ("Amnoy", "we", "us" or "our") is committed to protecting the privacy of everyone who visits our website, uses our Digital Signature API, or engages our security and compliance services. This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it.

We process personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

1. Who we are

Amnoy Technology is the data fiduciary responsible for the personal data described in this policy. For any privacy question or request, contact us using the details in the Grievance Officer section below.

2. Information we collect

Information you provide

  • Contact & account details — name, work email, phone number, company name and role when you request a demo, open an account or contact us.
  • Billing details — billing entity, GSTIN and payment information needed to invoice for API usage and services. Card and bank details are handled by our payment processors and are not stored on our servers.
  • Support & correspondence — the content of emails, tickets and messages you send us.

Information from your use of the API

  • Signing metadata & audit logs — timestamps, document format, request and response status, certificate identifiers, hash values and RFC 3161 timestamp tokens generated when you sign a document. These records exist to make every signature independently verifiable and audit-ready.
  • Technical data — API keys, IP address, request headers, device and browser information, and diagnostic logs used to operate, secure and troubleshoot the service.

What we deliberately do not handle

For Digital Signature Certificate (DSC) signing, the private key never leaves your USB token or your environment. Amnoy does not receive, store or have access to your signing private keys. Where signing is performed against documents you submit, we process them only to apply the signature you requested and do not retain document contents longer than needed to complete and log the operation, unless you have explicitly chosen a feature that requires storage.

3. How we use your data

  • To provide, operate and maintain the Digital Signature API and our security and compliance services.
  • To create and apply legally valid signatures and to produce verifiable audit trails.
  • To authenticate requests, prevent abuse, and secure our infrastructure.
  • To bill for usage, manage accounts and provide support.
  • To send service, security and transactional communications, and — only with your consent — relevant product updates.
  • To meet legal, regulatory and audit obligations.

4. Legal basis for processing

We process personal data on the basis of your consent, the performance of a contract with you, our legitimate interest in operating and securing the service, and compliance with applicable law. Where we rely on consent, you may withdraw it at any time as described below.

5. Sharing and disclosure

We do not sell personal data. We share it only with:

  • Service providers and sub-processors (for example hosting, payment processing and licensed Certifying Authorities) who are bound by confidentiality and data-protection obligations and may process data only on our instructions.
  • Authorities, where disclosure is required by law, regulation, or valid legal process.
  • A successor entity in the event of a merger, acquisition or reorganisation, subject to this policy.

6. Data retention

We keep personal data only for as long as necessary for the purposes set out here, or for longer where retention is required by law. Signing audit records are retained for the period needed to support legal validity and verification, and to meet statutory and contractual audit requirements. When data is no longer needed, we securely delete or anonymise it.

7. Security

We apply reasonable security practices appropriate to the sensitivity of the data, including encryption in transit, access controls and least-privilege, hardware-held signing keys, network and server hardening, logging and monitoring. No system is perfectly secure, but we work continuously to protect your data and to meet the standards expected under CERT-In, PCI-DSS and ISO frameworks.

8. Cookies

Our website uses only the cookies needed for it to function and to understand aggregate usage. We do not use cookies to build advertising profiles. You can control cookies through your browser settings; disabling some cookies may affect site functionality.

9. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you and request a summary of its processing.
  • Request correction or updating of inaccurate or incomplete data.
  • Request erasure of your data where it is no longer required.
  • Withdraw consent where processing is based on consent.
  • Nominate another person to exercise your rights in the event of death or incapacity.
  • Raise a grievance with us, and escalate to the Data Protection Board of India.

To exercise any of these rights, contact our Grievance Officer below. We may need to verify your identity before acting on a request.

10. Children

Our services are intended for businesses and are not directed at children. We do not knowingly collect personal data of children except as permitted by law and with verifiable parental consent where required.

11. International transfers

Where data is processed or stored outside India, we do so only as permitted by applicable law and with appropriate safeguards in place.

12. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with a revised "Last updated" date. Continued use of our services after a change indicates acceptance of the updated policy.

13. Grievance Officer & contact

In line with the IT Act, 2000 and the DPDP Act, 2023, you can reach our Grievance Officer for any privacy concern or data-rights request:

  • Grievance Officer: [Name of Grievance Officer]
  • Email: info@amnoy.in
  • Address: Amnoy Technology, 113, Golden City,Bhopal,MP, India

We aim to acknowledge grievances promptly and resolve them within the timelines required by law.

Questions about your data?

We're happy to explain exactly what we collect and why. Reach out and we'll walk you through it.

Contact us