QuickReach AI ("we", "our", "us") is committed to protecting the privacy and personal data of our users. This Privacy Policy outlines how we collect, use, store, and protect your information in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and other applicable data protection laws.
1Information We Collect
We collect information that you provide directly to us, information collected automatically when you use our platform, and information from third-party sources. The categories of personal data we collect include:
1.1 Information You Provide
- Account Information: Name, email address, phone number, company name, and designation when you sign up for an account or request a demo.
- Business Information: Industry type, business size, and WhatsApp Business API details required to configure your chatbot.
- Communication Data: Messages, chat logs, and conversation transcripts processed through our WhatsApp AI chatbot platform.
- Payment Information: Billing address, GST number, and payment transaction details. We do not store credit card or UPI PIN data directly — payments are processed through certified payment gateways (Razorpay).
- Support Data: Information provided when you contact our support team, including screenshots and bug reports.
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, session duration, click patterns, and interaction logs within our platform.
- Device Information: Browser type, operating system, IP address, and device identifiers.
- Cookies and Tracking: We use cookies and similar technologies as described in our Cookie Policy.
1.3 Information from Third Parties
- WhatsApp/Meta APIs: Contact lists, message delivery statuses, and phone number verification data from the WhatsApp Business API.
- Payment Processors: Transaction confirmation and payment status updates from Razorpay.
- Analytics Providers: Aggregated usage statistics from Google Analytics or similar services.
2Purpose and Legal Basis for Processing
Under the DPDP Act 2023, we process your personal data only for lawful purposes and with your consent (or as otherwise permitted under the Act). The specific purposes include:
- Provision, maintenance, and improvement of the QuickReach AI platform and services.
- Processing and routing WhatsApp messages through the AI chatbot as configured by your business.
- Account management, authentication, and security of user accounts.
- Processing payments, issuing invoices, and managing subscriptions (including GST compliance).
- Sending service-related notifications, updates, and security alerts.
- Providing customer support and responding to your queries.
- Analyzing usage patterns to improve product features and user experience.
- Complying with legal obligations under Indian law, including tax and regulatory requirements.
- Detecting, preventing, and addressing fraud, security breaches, and other illegal activities.
3Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Indian law:
- Account Data: Retained for the duration of your active subscription and for 30 days after account deletion to allow for reactivation.
- Chat Transcripts: Retained for 90 days by default. Enterprise customers may configure custom retention periods.
- Payment Records: Retained for 7 years as required under the Income Tax Act, 1961 and GST laws.
- Usage Analytics: Aggregated and anonymized within 30 days; raw data deleted within 90 days.
- Support Tickets: Retained for 2 years from resolution date.
4Data Sharing and Disclosure
We do not sell your personal data. We may share your data only in the following circumstances:
- Service Providers: Third-party vendors who assist in operating our platform (cloud hosting, payment processing, email delivery), subject to contractual data protection obligations.
- WhatsApp/Meta: Data shared as required by the WhatsApp Business API terms of service for message delivery and platform functionality.
- Legal Requirements: When required by Indian law, court orders, or government directives under the IT Act, 2000 or DPDP Act, 2023.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity with the same level of protection.
- With Your Consent: When you have explicitly consented to sharing your data with a specific third party.
5Your Rights Under the DPDP Act 2023
As a Data Principal under the DPDP Act, 2023, you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.
- Right to Withdraw Consent: Withdraw consent for data processing at any time. Withdrawal of consent will not affect the lawfulness of processing prior to withdrawal.
- Right to Grievance Redressal: File a complaint with our Grievance Officer or the Data Protection Board of India.
To exercise any of these rights, please contact our Grievance Officer at privacy@quickreach.ai or write to us at: QuickReach AI, Brand Spirit Labs Pvt. Ltd., Bangalore, Karnataka 560001, India.
6Data Security
We implement industry-standard security measures to protect your personal data:
- Encryption: All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.
- Access Controls: Role-based access control (RBAC) with multi-factor authentication (MFA) for all internal systems.
- Infrastructure: Hosted on ISO 27001 and SOC 2 Type II certified cloud infrastructure (AWS, India region).
- Regular Audits: Quarterly security audits and annual penetration testing by certified third-party firms.
- Incident Response: A documented incident response plan with a 72-hour notification window for data breaches as required under the DPDP Act.
- Data Minimization: We collect only the minimum data necessary for the stated purposes.
7Cross-Border Data Transfer
Your data is primarily stored and processed within India (AWS Mumbai region). In cases where data may be transferred outside India:
- We will ensure the destination country provides an adequate level of data protection as notified by the Central Government under the DPDP Act.
- We will obtain your explicit consent before transferring your personal data outside India, unless the transfer is necessary for the performance of the contract.
- WhatsApp message data is processed by Meta's infrastructure, which may involve transfers to servers outside India. This is governed by Meta's data processing terms and the WhatsApp Business API agreement.
8Children's Data
QuickReach AI is a B2B platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data of children. If we become aware that we have inadvertently collected personal data of a child, we will take immediate steps to delete such data in accordance with the DPDP Act, 2023.
9Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes via email or through a prominent notice on our platform at least 15 days before the changes take effect. Your continued use of our platform after such notice constitutes acceptance of the updated policy.
10Contact Information
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Grievance Officer — QuickReach AI
Brand Spirit Labs Pvt. Ltd.
Email: privacy@quickreach.ai
Address: Bangalore, Karnataka 560001, India
Response Time: Within 30 days of receipt of complaint