Privacy Policy

Last updated: May 20, 2025

This policy applies to Karyagrah, a product of Karyagrah.

Summary: Karyagrah ("Karyagrah") is committed to protecting your privacy. We collect only what we need to provide our services, we never sell your data, and we give you control over your information. Please read this policy carefully.

1. Who We Are

Karyagrah is a WhatsApp Business SaaS platform operated by Karyagrah, a company registered in India.

Registered Address:
Delhi

Contact Email: support@karyagrah.com

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company name when you register.
  • Billing Information: Payment details processed securely through Razorpay. We do not store card numbers on our servers.
  • WhatsApp Business Account Details: Meta/Facebook Business account ID, WhatsApp Business Account (WABA) ID, and phone number IDs you connect.
  • Contact Data: Customer names, phone numbers, and conversation history you import or receive via WhatsApp.
  • Profile & Settings: Any configuration, templates, bot flows, or preferences you set up in the platform.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, button clicks, and navigation paths within the platform.
  • Log Data: IP address, browser type, operating system, referring URL, and timestamps of requests.
  • Cookies & Sessions: We use session cookies to keep you logged in. We use no third-party advertising cookies.
  • Device Information: Browser version and screen resolution for compatibility purposes.

2.3 Information from Third Parties

  • Meta / WhatsApp: Message metadata and delivery statuses received via the WhatsApp Business API.
  • Razorpay: Payment confirmation and transaction IDs for subscription billing.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and provide platform services.
  • Process payments and manage your subscription plan.
  • Send WhatsApp messages on your behalf through the Meta API.
  • Store and display conversation history in your team inbox.
  • Send transactional emails (account activation, password reset, billing alerts).
  • Respond to your support queries.
  • Monitor platform health, performance, and prevent abuse.
  • Comply with legal obligations.

We do not use your data for advertising, and we do not sell your personal information or your customers' data to any third party.

4. Legal Basis for Processing (GDPR)

Where applicable, we process your data under the following legal bases:

  • Contract: Processing necessary to deliver the services you subscribed to.
  • Legitimate Interests: Security monitoring, fraud prevention, and improving the platform.
  • Legal Obligation: Compliance with applicable laws and regulations.
  • Consent: Marketing communications, where you have opted in.

5. Data Sharing & Disclosure

We share your data only in the following limited circumstances:

  • Service Providers: Trusted third parties who help us operate the platform — cloud hosting (AWS), database services, email delivery (SMTP), and payment processing (Razorpay). These parties are bound by confidentiality obligations.
  • Meta Platforms: To send and receive WhatsApp messages, we transmit necessary data to Meta via the official WhatsApp Business API.
  • Legal Requirements: If required by law, court order, or governmental authority, we may disclose information as legally required.
  • Business Transfer: In the event of a merger, acquisition or asset sale, your data may be transferred. We will notify you before your data is transferred.

We do not share data with advertisers or data brokers.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

  • Account data: Retained while your account exists and for 90 days after deletion.
  • Conversation & message data: Retained for the duration of your subscription and up to 30 days after termination.
  • Billing records: Retained for 7 years as required by Indian financial regulations.
  • Log data: Automatically deleted after 90 days.

7. Cookies

We use the following types of cookies:

  • Session Cookies: Required to keep you logged in. These expire when you close your browser or after 24 hours of inactivity.
  • Preference Cookies: Remember your UI preferences (theme, language, etc.).

We do not use advertising cookies, tracking pixels, or any third-party analytics cookies. You can disable cookies in your browser settings, though this may affect platform functionality.

8. Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over HTTPS with TLS encryption.
  • Passwords are hashed using bcrypt and are never stored in plain text.
  • Database access is restricted to authenticated services only.
  • API keys and secrets are stored as environment variables, never in code.
  • Regular security reviews and dependency audits.

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it immediately to support@karyagrah.com.

9. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your account and associated data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain types of processing.
  • Restriction: Request that we restrict processing of your data.

To exercise any of these rights, email us at support@karyagrah.com. We will respond within 30 days.

10. Children's Privacy

Karyagrah is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. Third-Party Links

Our platform may contain links to third-party websites (e.g., Meta Developer documentation, Razorpay). We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make significant changes, we will notify you via email or a prominent notice on the platform. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of Karyagrah after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Karyagrah

Delhi

Email: support@karyagrah.com