Privacy Policy

Last Updated: June 25, 2026

Introduction

This Privacy Policy outlines our policies and procedures on the collection, use, and disclosure of your information when you use our business automation services ("Service"). It informs you of your privacy rights and how the law protects you. We use your personal data to provide and improve our services, which include streamlining follow-up tasks, repetitive tasks, inventory management, sales process automation, collection automation, and more. By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. Operated by Autopilotmybusiness, located at Ashok Bhawan 93, 4th Floor, 408, Nehru Place, New Delhi 110019. Compliance with Google API Services User Data Policy: Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Who this applies to (B2B Workplace Application)

Autopilot My Business is a business-to-business (B2B) workplace application made available only to employees and authorised users of organisations that subscribe to our service. It is not offered to the general public. When you use the App as part of your employer/organisation, that organisation is the data controller and decides what data is processed and why; we act as a data processor on their behalf.

Summary

  • We collect only the data needed to run the business features you use (call logging, call-recording sync, attendance/field tracking, CRM, etc.).
  • Sensitive device data (call log, recordings, location) is accessed only after you grant the relevant permission and is used to provide features to your own organisation’s CRM.
  • We do not sell your data or share it with advertisers or unrelated third parties.
  • You can revoke any permission at any time in your device settings.

Interpretation and Definitions

Interpretation

Words with an initial capital letter have meanings defined under the following conditions, and these definitions apply whether they appear in singular or plural form.

Definitions

Account

A unique account created for you to access our Service or parts of our Service.

Company

("We," "Us," or "Our") refers to Autopilotmybusiness, based in Nehru Place, New Delhi.

Cookies

Small files placed on your device by a website, containing information about your browsing history and other uses.

Country

India.

Device

Any device capable of accessing our Service, such as a computer, smartphone, or tablet.

Personal Data

Any information relating to an identified or identifiable individual.

Service

Refers to the website and any other services provided by the Company, specifically business process automation.

Service Provider

Any natural or legal person processing data on behalf of the Company.

Usage Data

Data automatically collected from the use of our Service or its infrastructure.

Website

The Company's website, accessible from www.autopilotmybusiness.com.

You

The individual or legal entity accessing or using the Service.

This policy has been crafted to reflect the operations of Autopilotmybusiness, under the management of Arun P Sharma.

Information We Collect

Account & profile

Name, email address, phone number, role/designation, employer (tenant) association, and authentication data needed to sign you in.

Call activity (with your permission)

For organisations using the call-tracking / telecalling features, after you grant phone and call-log permissions we process, for calls you make or receive on the device: phone number dialled or received, call duration and type (outgoing / incoming / missed / rejected), and call timestamp. This is uploaded to your organisation’s CRM to create call/follow-up records. We do not read or upload the contents of unrelated calls, SMS messages, or your personal communications.

Call recordings (with your permission)

Where your organisation enables it and your device/dialer creates call recordings, the App may read the recording file for a tracked call from your device storage and upload it to your organisation’s CRM. Only recordings relevant to tracked business calls are accessed. No other documents or media are accessed.

Location (with your permission)

For organisations using field-staff/attendance features, and only for users enrolled in tracking, we collect device location (including in the background where permitted) to record attendance and field activity for your employer.

Device & technical data

Device model, OS version, app version, push notification token (for notifications), IP address, and diagnostic/usage logs.

Android permissions we use and why

Each sensitive permission is requested with an in-app explanation, and is only used for the feature described below.

Permission Why we request it
READ_PHONE_STATE Detect when a call starts/ends to log it.
READ_CALL_LOG Read accurate call duration and type for CRM call records.
CALL_PHONE Place calls to contacts/leads from within the App.
RECORD_AUDIO / storage / media-audio Access call recordings to sync to your CRM.
ACCESS_FINE/COARSE/BACKGROUND_LOCATION Field-staff attendance & activity tracking (enrolled users only).
POST_NOTIFICATIONS Show caller-ID and business notifications.
Foreground service Keep call/location tracking reliable while the App is in the background.
RECEIVE_BOOT_COMPLETED Resume tracking after the device restarts.

Google User Data

To provide its powerful automation features, our Service requires extensive access to your Google account, specifically your Gmail data. This section transparently details what data we access, why we need it, and how we protect it, in full compliance with Google's requirements for sensitive and restricted scopes.

1. What Google User Data We Access and Why

Our application is a business automation tool that operates based on rules and workflows you create. To execute these user-defined tasks, we require access to various functions within your Gmail account. We are committed to data minimization, but the comprehensive nature of automation requires broad permissions. Access is never used for purposes other than executing the workflows you configure.

A. Full Email Management (Reading, Composing, Sending, Modifying, and Deleting)

Purpose: The core of our Service is automating your email communication. This allows you to create workflows that can, for example, automatically reply to customer inquiries, send follow-ups on invoices, process information from an email body, and then archive or delete the email to keep your inbox clean.

Data Accessed: Email body, headers, recipients, attachments. We can read, create, send, and even permanently delete emails on your behalf as directed by your automation rules.

B. Mailbox Organization

Purpose: To help you automatically manage and organize your inbox. Your workflows can apply labels (e.g., "Paid," "Urgent," "Follow-Up") to incoming or outgoing emails, and move emails between folders (e.g., move all receipts to a "Receipts" folder).

Data Accessed: Email messages and their labels.

C. Mailbox Integration and Insertion

Purpose: For advanced workflows that require importing emails into your mailbox. For example, you could create an automation that logs an activity from a CRM and then inserts a corresponding email record into your Gmail account.

Data Accessed: We can insert emails into your mailbox.

D. Gmail Settings Management

Purpose: To allow you to create and manage highly sophisticated automation rules. This functionality is used to programmatically create or modify Gmail filters and forwarding addresses based on your business needs. For example, you could create a workflow to temporarily forward all emails from a specific client to a project manager.

Data Accessed: Your Gmail filters, forwarding settings, and other general email settings. This access is highly sensitive and is used only to execute automation rules you explicitly create.

E. Metadata-Only Access

Purpose: For simpler, faster workflows that do not require reading the entire email. For example, an automation could be triggered just by checking the sender's email address or the subject line. This minimizes data access wherever possible.

Data Accessed: Email headers (From, To, Subject, Date) and labels, without accessing the email body.

F. Google Workspace Add-on Functionality

Purpose: To provide our Service's features directly within the Gmail interface for a seamless user experience. This access is contextual and only active when you are interacting with our add-on inside Gmail.

Data Accessed: Email content and compose windows, but only when the add-on is open and you are actively using it.

2. How We Use Your Google User Data

Your Google user data is used exclusively to provide and improve the automation services you have configured.

  • Execution of Rules: Data is used to execute the specific automation rules that you create, enable, and trigger in your Account. This includes all actions like sending emails, applying labels, creating filters, or deleting messages on your behalf.
  • Service Maintenance: To provide and maintain the Service.
  • Troubleshooting & Support: Human access to your data is strictly prohibited. The only exception is for security purposes (e.g., investigating a security incident) or to resolve a technical support request, and even then, only with your explicit, real-time consent.
  • No Advertising: Your data is never used for serving advertisements, and it is never sold, transferred, or disclosed to third parties for marketing or advertising purposes.

3. Sharing and Disclosure of Your Google User Data

We do not share, transfer, or disclose your Google user data with any third parties. The only exceptions to this rule are:

  • To Comply with Law: When necessary to comply with applicable laws or a valid legal process (e.g., a subpoena or court order).
  • For Service Provision: To a trusted Service Provider (such as a cloud hosting provider like AWS or Google Cloud) who processes data on our behalf. These providers are bound by strict confidentiality agreements and must comply with our privacy and security standards, as well as the Google API Services User Data Policy.

Requested OAuth Scopes

https://mail.google.com/ https://www.googleapis.com/auth/gmail.modify https://www.googleapis.com/auth/gmail.readonly https://www.googleapis.com/auth/gmail.compose https://www.googleapis.com/auth/gmail.send https://www.googleapis.com/auth/gmail.insert https://www.googleapis.com/auth/gmail.labels https://www.googleapis.com/auth/gmail.metadata https://www.googleapis.com/auth/gmail.settings.basic https://www.googleapis.com/auth/gmail.settings.sharing https://www.googleapis.com/auth/gmail.addons.current.message.readonly https://www.googleapis.com/auth/gmail.addons.current.action.compose https://www.googleapis.com/auth/gmail.addons.current.message.action

Zoom User Data

To provide meeting attendance insights and automation features, our Service requires access to certain data from your Zoom account. We adhere to the Zoom App Marketplace Developer Agreement and Privacy Policy.

1. What Zoom User Data We Access and Why

Our application accesses data only when you explicitly connect your Zoom account to execute workflows or view insights.

  • User Profile Information: We access your Zoom name, email, and User ID to identify your account and link it to your Service profile.
  • Meeting Information: We access lists of your scheduled and past meetings (titles, dates, times) so you can select them for reporting within our Service.
  • Meeting Reports & Attendance: We access participant lists, registration logs, and join/leave times. This allows us to calculate attendance rates and provide "Attendee Insights" within your CRM dashboard.

2. How We Use and Protect Your Zoom Data

Your Zoom user data is used exclusively to provide insight features within your dashboard.

  • Execution of Insights: We process your meeting registrant and participant data to show you who attended your sessions.
  • No AI Training or Advertising: We never use your Zoom data or meeting content to train AI models, and your data is never used for advertising purposes.
  • Secure Storage: Your Zoom OAuth tokens are stored in an encrypted format using industry-standard AES-256 encryption. We do not store the video or audio content of your meetings.
  • Data Deletion: You can disconnect your Zoom account at any time, which will result in the immediate deletion of your Zoom access tokens from our live database.

3. Sharing and Disclosure of Zoom Data

We do not share, transfer, or disclose your Zoom user data with any third parties, except where required by law.

How we use your information

  • To provide the business features your organisation has enabled.
  • To create and maintain CRM records (calls, follow-ups, attendance, leads).
  • To authenticate you and secure the service.
  • To send service-related and business notifications.
  • To diagnose problems, prevent abuse, and improve reliability.

Legal basis & consent

We process data on the basis of (a) your consent for device permissions, (b) the contract between us and your organisation, and (c) our and your organisation’s legitimate interests in operating the business. Where call recording is used, you and your organisation are responsible for obtaining any consent required by applicable law from call participants.

How we share information

  • With your organisation (your employer / the subscribing tenant) — the data controller.
  • Service providers who host and operate the platform (e.g. cloud hosting, push-notification delivery) under confidentiality obligations, only as needed to run the service.
  • Legal — where required by law or to protect rights and safety.

We do not sell your personal data and do not share it with advertisers.

Data Protection and Security

We implement robust technical and organizational security measures to safeguard your Google and Zoom user data against unauthorized access, alteration, disclosure, or destruction.

Encryption

All data is encrypted in transit using Transport Layer Security (TLS 1.2 or higher) and encrypted at rest using industry-standard AES-256 encryption.

Access Controls

We enforce strict internal access controls based on the Principle of Least Privilege, ensuring that only a minimal number of authorized personnel with a legitimate business need can access systems containing user data.

Secure Infrastructure

Our application is hosted on a secure cloud infrastructure (e.g., Google Cloud/AWS) that provides comprehensive security protections.

Regular Monitoring

We continuously monitor our systems for vulnerabilities and potential security threats.

Data Retention and Deletion

We retain your data only for as long as you maintain an active Account with our Service, or as needed to provide the Service to you. You have full control over your data and the right to delete it at any time.

Account Deletion

You can delete your Account from the application's dashboard at any time. Upon receiving a deletion request, all associated data will be permanently erased from our live systems within 30 days.

Revoking Access

You can revoke access at any time via your Google Account permissions or Zoom App Marketplace managed apps settings.

WhatsApp Web Integration

Feature-Specific Addendum
Effective Date: 17 June 2026 Applies To: WhatsApp Web feature only

This is a feature-specific privacy addendum to the Autopilot My Business Platform Privacy Policy. It governs the collection, storage, processing, and deletion of data associated exclusively with the WhatsApp Web integration. This feature allows registered business tenants ("Tenants") to link their WhatsApp accounts, send and receive messages, manage contacts, run broadcast campaigns, and access a shared CRM inbox — all within the platform.

Important: The WhatsApp Web integration uses an unofficial WhatsApp Web client. It is not affiliated with, endorsed by, or officially supported by Meta Platforms, Inc. or WhatsApp LLC. Use of this feature is at the Tenant's own risk with respect to WhatsApp's Terms of Service.

2. Who We Are

Autopilot My Business is a multi-tenant B2B SaaS platform providing CRM, HR, Inventory, and Marketing automation. For data protection purposes, Autopilot My Business acts as the Data Processor on behalf of its Tenants. Each Tenant is the Data Controller for end-user data processed through the WhatsApp integration.

3. Data We Collect and Store

The following categories of data are collected specifically by the WhatsApp Web integration:

3.1 WhatsApp Session Credentials

To maintain a persistent WhatsApp Web connection, the integration generates authentication credentials equivalent to those stored in a WhatsApp Web browser session. These include cryptographic keys, signal protocol state, and registration identifiers. Data is stored encrypted in our database, isolated per Tenant and per registered device. Deleting a device from the platform revokes and purges all associated session data.

3.2 Messages (Inbox Data)

All messages sent or received through a connected WhatsApp device are stored in our database. Each message record may contain:

FieldDescriptionExample
jidWhatsApp contact or group identifier[email protected]
contentText body of the message"Hi, following up on your order"
messageTypeType: text, image, video, audio, document, location, contact, sticker, reactionimage
mediaUrlURL of uploaded media (stored in cloud storage)Google Drive link
senderNameWhatsApp Push Name of the sender"John Doe"
isFromMeWhether the message was sent by the connected devicetrue
statusDelivery status: PENDING, SENT, DELIVERED, READ, ERRORDELIVERED
timestampUTC timestamp of the messageISO-8601 datetime
sourceOrigin: app, phone, or automationautomation
connectedPhoneNumberPhone number of the linked WhatsApp account+91XXXXXXXXXX

3.3 Contact Identity Cache

When contacts interact with a connected device, the system caches their identity data to resolve display names. This includes:

  • • WhatsApp JID (unique contact identifier)
  • • Phone number (where available)
  • • WhatsApp Push Name (self-set display name)
  • • Business Verified Name (if the contact is a WhatsApp Business account)
  • • Profile picture URL (cached; refreshed periodically)
  • • WhatsApp registration status

3.4 Groups and Participants

For WhatsApp group messaging, the platform stores group metadata including:

  • • WhatsApp Group ID
  • • Group name and description
  • • List of participant phone numbers and their admin status
  • • Group type (business or personal)
  • • Message count and last activity timestamp

3.5 Message Logs (Delivery Audit)

Every outgoing message action is logged for audit and deliverability tracking:

  • • Sender phone number and device ID
  • • Recipient phone number
  • • Delivery outcome: SUCCESS or FAILURE
  • • WhatsApp message ID (on success)
  • • Error description (on failure)
  • • Request type: manual or automation
  • • Timestamps (created, updated)

3.6 Bulk Campaign Data

When a Tenant runs a broadcast campaign, the following is stored:

  • • Campaign name, target audience, message template used
  • • Scheduled send time
  • • Per-recipient delivery status
  • • Campaign performance metrics (sent count, failure count)

3.7 Outbound Message Queue

Messages awaiting delivery (due to rate limiting, offline devices, or scheduled sends) are stored in a durable message queue containing the full message payload, recipient identity, scheduled time, retry count, and processing status.

3.8 Account Health Metrics

To protect connected WhatsApp numbers from being banned, the platform tracks per-device messaging statistics:

  • • Total messages sent and received over the account's lifetime
  • • Daily outbound message count (rolling 24-hour window)
  • • Sent-to-received interaction ratio (account reputation indicator)
  • • Account age in days (from first message seen)
  • • Assigned safety tier: New (up to 50/day), Warming (up to 250/day), Established (up to 800/day)

3.9 Device Connection Events

Connection lifecycle events (device connected, disconnected, QR scanned) are logged for operational monitoring. On a manual disconnection or ban, the platform sends an email alert to the Tenant's administrator. The email contains the device name and business display name — no message content is included.

4. How We Use the Data

PurposeData UsedLegal Basis
Maintaining an active WhatsApp Web session for the TenantSession credentialsContract (service provision)
Displaying the CRM inbox (received and sent messages)Message content, JID, sender name, timestampsContract (service provision)
Sending messages on behalf of the TenantRecipient JID, message content, media, delivery statusContract + Tenant's instruction
Resolving contact display names across the CRMContact identity cache (push name, JID, phone)Legitimate interest (UX consistency)
Rate limiting / preventing WhatsApp account bansDaily message counts, interaction ratio, account ageLegitimate interest (platform stability)
Running broadcast campaignsRecipient list, message template, delivery outcomesContract + Tenant's instruction
Delivering notifications when a device disconnectsDevice ID, admin email, business nameLegitimate interest (operational alert)
Audit logging for support and dispute resolutionMessage logs (from/to numbers, status)Legitimate interest (accountability)

No advertising use: Data processed through the WhatsApp integration is never used for advertising, sold to third parties, or combined with external datasets for profiling end users.

5. Data Retention Policy

Data CategoryMinimum RetentionMaximum RetentionDeletion Method
WhatsApp session credentialsUntil device is removedUntil device is removedPurged on device disconnection/logout
Message content (inbox)6 months12 monthsAutomated batch deletion nightly at 03:30 UTC
Contact identity cacheDuration of Tenant subscriptionSubscription + 30 daysPurged on account termination
Group metadata & participant listsDuration of Tenant subscriptionSubscription + 30 daysPurged on account termination
Message delivery logs12 months12 monthsAutomated deletion
Campaign dataDuration of Tenant subscriptionSubscription + 90 daysPurged on account termination
Message queue entriesUntil processed or failed90 days (stuck entries)Automated reaper job
Account health metrics (aggregated)Derived from message dataDeleted with messagesComputed on demand; no separate store

The default retention thresholds (6-month keep floor and 12-month delete ceiling) are configurable by platform administrators. These values can only be lowered (more aggressive deletion), never raised beyond the limits stated above.

6. Security Measures

6.1 Authentication & Authorisation

  • • All API requests require a valid JWT delivered as an HttpOnly cookie — never exposed to JavaScript.
  • • Socket connections are authenticated at handshake time; unauthenticated sockets are rejected before any data is transmitted.
  • • Tenant rooms on the real-time layer are enforced by server-side boundary checks — a socket belonging to Tenant A cannot read Tenant B's data.

6.2 Tenant Isolation

  • • Every database record carries a unique Tenant ID as the primary discriminator. Queries always include the Tenant ID as the leading index field — no cross-tenant data leakage is architecturally possible.
  • • All database operations enforce isolation at the model layer.

6.3 Transport Security

  • • All traffic is served over HTTPS/TLS. HTTP is not permitted in production.
  • • CORS is restricted to an explicit whitelist of authorised origins.
  • • Cross-origin preflight requests are validated server-side and rejected if the origin is not on the whitelist.

6.4 Rate Limiting & Anti-Abuse

  • • Outbound messages are subject to per-device daily quotas (50 / 250 / 800 depending on account reputation tier) to prevent spam and reduce ban risk.
  • • Messages are queued when the quota is reached and released after the rolling 24-hour window resets.
  • • Anti-spam throttling and human-like send delays are applied to bulk campaigns.

6.5 Session & Credential Protection

  • • WhatsApp Web authentication state is stored in the database with tenant-scoped access only. No credentials are exposed through any API response.
  • • A lock mechanism prevents multiple concurrent server instances from simultaneously claiming the same WhatsApp session.

6.6 Stack Trace Suppression

  • • In production, error responses never include stack traces or internal error details — only a generic message is returned to the client.

6.7 Message Retention Enforcement

  • • Automated nightly jobs delete messages older than the configured threshold in bounded batches to prevent database load spikes. No operator action is required for routine deletion.

7. Data Sharing and Third Parties

7.1 WhatsApp / Meta Platforms

By using this feature, messages are transmitted over WhatsApp's infrastructure. Meta Platforms, Inc. processes these messages in accordance with WhatsApp's own Privacy Policy. Autopilot My Business has no control over Meta's data practices. Tenants and their end-users are also subject to WhatsApp's Terms of Service.

7.2 Cloud Infrastructure

The platform's servers, databases, and media storage are hosted on cloud infrastructure. Infrastructure providers operate under their own data processing agreements and do not have independent access to Tenant message data.

7.3 Media Storage

Media files received or sent via WhatsApp may be uploaded to Google Drive with the resulting link stored in the message record. Access to these files is controlled by the Tenant's Google Drive account permissions.

7.4 No Sale of Data

Autopilot My Business does not sell, rent, or share personal data processed through the WhatsApp integration with any advertising networks, data brokers, or marketing analytics providers.

7.5 Sub-Processors

Where sub-processors are engaged, appropriate Data Processing Agreements (DPAs) are in place. Tenants may request a list of current sub-processors by emailing [email protected].

8. Tenant Responsibilities

As Data Controllers for their end-user data, Tenants who enable the WhatsApp Web integration accept the following obligations:

  • • Lawful basis for messaging: Tenants must ensure they have a valid legal basis (consent, legitimate interest, contractual necessity, etc.) to message each contact via WhatsApp.
  • • WhatsApp Terms compliance: Tenants must comply with WhatsApp's Terms of Service, Business Policy, and Acceptable Use Policy. Sending unsolicited bulk messages is strictly prohibited.
  • • Contact opt-out: Tenants are responsible for honouring opt-out requests and removing contacts from future campaigns.
  • • Transparency to end-users: Tenants must inform their contacts that their WhatsApp data is being processed by the Tenant's CRM system.
  • • Device security: Tenants are responsible for securing the physical devices whose WhatsApp accounts are linked to the platform.

9. Rights of End-Users (Data Subjects)

End-users whose personal data is processed through a Tenant's WhatsApp integration may exercise the following rights under applicable data protection law (GDPR, PDPB, or equivalent):

  • • Right of access — request a copy of their data held by the Tenant.
  • • Right to erasure — request deletion of their data from the Tenant's CRM.
  • • Right to rectification — request correction of inaccurate data.
  • • Right to restrict processing — request that processing be paused.
  • • Right to object — object to processing based on legitimate interest.
  • • Right to data portability — receive their data in a structured, machine-readable format.

These requests should be directed to the Tenant (the business that messaged the end-user). If a Tenant fails to respond, end-users may contact Autopilot My Business at [email protected].

10. Children's Data

The WhatsApp Web integration and the Autopilot My Business platform are intended exclusively for B2B use. We do not knowingly collect or process data relating to individuals under the age of 13. Tenants must not use the integration to contact minors without appropriate legal basis and parental consent.

11. International Data Transfers

Data may be stored on servers located outside the Tenant's jurisdiction depending on the cloud infrastructure region selected. Where data is transferred across borders, appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms). Tenants requiring data residency in a specific region should contact [email protected] before enabling the feature.

12. Data Breach Notification

In the event of a personal data breach affecting the WhatsApp integration, Autopilot My Business will:

  1. 1. Contain the breach and assess its scope within 24 hours of detection.
  2. 2. Notify affected Tenants within 72 hours of becoming aware of the breach, in accordance with applicable law.
  3. 3. Provide details of the categories and approximate volume of data affected, likely consequences, and remedial measures taken.

Tenants are responsible for notifying their own end-users and relevant supervisory authorities where required by applicable law.

13. Cookies and Local Storage

The WhatsApp Web feature uses the following browser-side storage:

  • • HttpOnly JWT Cookie: Used to authenticate WebSocket connections to the WhatsApp server. Set as HttpOnly and Secure; inaccessible to JavaScript.
  • • No third-party cookies are set by this feature.

14. Limitations and Disclaimers

  • • Unofficial API: The WhatsApp Web integration is not an official WhatsApp product. Autopilot My Business provides this feature as-is and cannot guarantee continued operation if WhatsApp modifies its protocol or takes enforcement action.
  • • Message delivery: Delivery of messages via WhatsApp is subject to WhatsApp's infrastructure, recipient settings, and device connectivity. Autopilot My Business is not liable for undelivered messages.
  • • End-to-end encryption: WhatsApp messages are end-to-end encrypted in transit between WhatsApp clients. However, once a message is received by the connected device and stored in the platform's database, it is stored as plain text and subject to the database security measures described in Section 6.
  • • Account ban risk: Use of the WhatsApp Web integration carries an inherent risk that WhatsApp may ban the connected number. The platform's safety service mitigates but cannot eliminate this risk.

15. Changes to This Policy

We may update this policy as we add new capabilities to the WhatsApp integration or in response to changes in applicable law. Material changes will be communicated to Tenant administrators via in-platform notification and/or email at least 14 days before they take effect. Continued use of the WhatsApp integration after the effective date constitutes acceptance of the revised policy.

16. Contact and Complaints

For questions, data requests, or complaints related to this policy, contact us at [email protected]. If you are an end-user and believe your data has been processed unlawfully, you also have the right to lodge a complaint with your local data protection supervisory authority.

Your Rights

Subject to applicable law (including India’s DPDP Act and, where relevant, the GDPR), you may request to access, correct, or delete your personal data, or object to/restrict certain processing. Because your organisation is the data controller, please direct such requests to your organisation; we will assist them as processor. You can also revoke device permissions at any time in your device settings.

Children

The App is a workplace tool and is not directed to, or intended for use by, children under 16. We do not knowingly collect data from children.

Contact Us

If you have any questions about this Privacy Policy, you can contact us:

[email protected]
Contact Person: Arun P Sharma