SSambhavTech AI← Back to home

Legal

Privacy Policy

Last updated: 17 April 2026

SambhavTech Solutions Pvt Ltd ("SambhavTech", "we", "us") operates the SambhavTech AI WhatsApp Business platform at whatsapp.sambhavtech.in (the "Platform"). This policy explains what data we collect, why we collect it, and the choices you have. If you have questions, email hello@sambhavtech.in.

1. Who we are

SambhavTech Solutions Pvt Ltd is the data controller for the Platform. We are an Indian company headquartered in India and we operate the Platform as a Meta Tech Provider for the WhatsApp Business Platform.

2. Data we collect

From dashboard users (you, our customer)

  • Account: name, business name, work email, password hash.
  • Billing: company GSTIN, billing address, payment-method metadata (we do not store card numbers — payments are processed by our PCI-DSS certified payment partner).
  • Usage: pages visited, broadcasts sent, templates created, login timestamps, IP addresses, user-agent strings. Used for product analytics, abuse prevention, and audit.
  • Support communications: emails, in-app messages, screenshare recordings (only when explicitly recorded with your consent).

From your WhatsApp Business Account (WABA)

  • WABA ID, phone number ID, business display name, profile assets.
  • A long-lived System User access token issued by Meta that lets us send messages and manage templates on your behalf. Stored encrypted at rest.
  • Message templates (text, media headers, button URLs) and their approval status.
  • Messages sent and received via the WhatsApp Business API, including: phone numbers of your end-recipients, message content, delivery and read status.

From your end-customers (recipients of WhatsApp messages)

  • WhatsApp phone numbers, profile names if shared by WhatsApp.
  • Inbound and outbound message content and timestamps, retained for the conversation lifetime + the retention period you configure (default 90 days).
  • Opt-out status. We honour opt-outs immediately and propagate them across all your campaigns.

3. How we use data

  • To deliver the Platform: send messages, store templates, route inbound replies, render dashboards.
  • To honour your contractual instructions to Meta on your behalf as a Tech Provider.
  • To detect abuse, fraud, spam, and violations of Meta's Business Messaging Policy.
  • To bill you and provide support.
  • To improve the Platform — aggregated, non-identifying analytics only.

4. Sharing

We share data only with:

  • Meta Platforms Inc. — message content and metadata, as required to deliver messages over the WhatsApp Business API.
  • Sub-processors we have engaged to operate the Platform: Supabase (database hosting), Vercel (application hosting), Chatwoot (helpdesk inbox, optional). Each is bound by a Data Processing Agreement.
  • Indian law enforcement when compelled by a valid legal order. We will notify you unless legally prohibited.

We do not sell personal data and do not share it with advertising networks.

5. International transfers

Primary infrastructure is hosted in the AWS Mumbai (ap-south-1) region where available. Some sub-processors (such as Vercel) operate from global edge locations; in those cases data may be processed outside India under appropriate contractual safeguards (Standard Contractual Clauses).

6. Retention

  • Account data: kept while the account is active and for 12 months after closure for audit and tax requirements.
  • Message logs: 90 days by default, configurable up to 12 months on Scale and Enterprise plans.
  • Billing records: 8 years (Indian tax law).
  • Backups: rolling 35 days.

7. Your rights

Under India's Digital Personal Data Protection Act 2023 and applicable foreign laws, you can:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (see Data Deletion).
  • Withdraw consent at any time. Withdrawal does not affect lawful processing already done.
  • Lodge a grievance with our Grievance Officer (below) or with the Data Protection Board of India.

8. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via Supabase). Access tokens issued by Meta are stored in a separate encrypted column and accessible only to server-side processes using a service-role credential. We follow OWASP guidelines, run quarterly access reviews, and operate in least-privilege mode.

9. Children

The Platform is not directed to anyone under 18. We do not knowingly collect data from minors.

10. Changes

We update this policy when our practices change. Material changes will be notified by email to the registered account contact at least 14 days before they take effect.

11. Contact

Grievance Officer: SambhavTech Solutions Pvt Ltd — hello@sambhavtech.in. We will acknowledge complaints within 7 business days and resolve them within 30 days.