The summary
- We never collect the content of the document, image, or file you process. The salary figures, employer name, PAN, GSTIN, signatures, photos, and any embedded fields stay on your device.
- We never collect your name, email, phone number, or address as a condition of using a tool. Pay-per-use is anonymous.
- We never share, sell, license, or syndicate any user data to advertisers, data brokers, or AI training pipelines. There is nothing to share.
- We do process the minimum data needed for payment (transaction identifier, payer-supplied billing email and phone where required by the payment processor) and for the corporate-code feature (the code itself plus a counter of credits used).
Payment data
Payments are processed by Razorpay (for tools billed in INR) and by equivalent regulated processors for tools billed in other currencies. To complete a payment, you may be asked to provide an email and phone number; this is required by the processor and by statute (PMLA in India, equivalent UK regulations) for transaction traceability and fraud screening, and is not used by Shikra for marketing.
We retain the transaction identifier, the amount, and the issuance timestamp for the document for the period required by Indian and UK tax law (currently up to 8 years for GST records, 6 years for HMRC records). We do not retain the contents of the document.
Cookies and tracking
Shikra tools use only the cookies strictly necessary to keep you logged into a corporate-code session, to remember a chosen language, and to complete a payment flow. These cookies are first-party and expire on session end or after a short corporate-code window.
We do not use Google Analytics, Meta Pixel, Hotjar, session-replay tools, retargeting cookies, email-capture pop-ups, or any third-party advertising network. There is no behavioural profile of you on Shikra servers because no behavioural data is collected.
Shikra Verified QR
Documents you generate may carry a Shikra Verified QR. The QR encodes a tamper-check token derived from the document at generation time. When a recipient scans the QR, the verifier confirms whether the document is unchanged since issue. The verifier never logs the recipient's identity, location, scan count, or scan history. Free for the recipient. No signup. No PII shared back to the issuer.
Old QRs verify forever. We do not invalidate QR tokens issued under prior cryptographic versions; new versions ship new endpoints, the old endpoints continue to serve.
Your rights
Under the Digital Personal Data Protection Act 2023 (India), the UK GDPR, and equivalent laws in other jurisdictions, you have the right to access, correct, and delete personal data we hold about you. Because the only personal data we typically hold is the payment transaction record, the access and deletion request reduces to providing your transaction identifier or the email used at payment.
To exercise these rights, write to privacy@shikra.org. We respond within 30 days.
Changes and contact
We update this policy when the underlying practice changes. The effective date is shown below. For questions, write to privacy@shikra.org.
Effective 2026-07-13 · Operated by Shikra LLP
See also: Terms · The thesis