Botalio respects your privacy and is committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and other applicable Indian data protection laws. This Privacy Policy describes how we collect, use, disclose, and protect personal data when you use botalio.com or our Service. By using the Service, you consent to the practices described here.
Under the DPDP Act, Botalio acts as the Data Fiduciary for personal data of our Customers (subscribers and account holders). For personal data processed through the Service on behalf of our Customers — such as data of end users interacting with Customer chatbots — Botalio acts as a Data Processor, and the Customer is the Data Fiduciary. Contact: hello@botalio.com. A Data Protection Officer will be designated and details updated here upon LLP incorporation.
We collect the following categories of personal data:
We do not knowingly collect sensitive personal data or data from children under eighteen (18) years of age. If you believe we have collected data from a child, contact us immediately at hello@botalio.com.
We use personal data to: provide, operate, maintain, and improve the Service; manage your account and authenticate access; process payments and send invoices; generate AI output by sending relevant data to our AI providers; send transactional and promotional communications; understand usage patterns and develop new features; detect and prevent fraud, abuse, and security incidents; comply with applicable laws and enforce our agreements; and conduct internal record-keeping and audits.
We do not sell personal data. We share personal data with service providers who process data on our behalf, including: Vercel and Supabase (cloud hosting, Mumbai region for primary data residency); Google Gemini and other AI providers; Razorpay (payment processing); Resend (email delivery); Vercel Analytics; and WhatsApp Business API for notifications you opt into. These providers are bound by data protection obligations.
We may also disclose personal data to comply with applicable laws or legal processes; to enforce our Terms or protect our rights; to investigate fraud or security issues; or in connection with a merger, acquisition, or sale of assets.
We primarily store data in India (Supabase Mumbai region). Certain service providers such as AI providers and analytics tools may process data outside India. By using the Service, you consent to such transfers. We will comply with any government notifications restricting cross-border data transfers under the DPDP Act.
We retain personal data only as long as necessary: account data for the duration of your subscription plus up to one year; billing data for at least eight (8) years to comply with Indian tax laws; communication records for up to three (3) years; log data for six (6) to twelve (12) months; and end-user conversation data subject to your retention preferences, deleted within thirty (30) days of account termination. We may retain data longer if required by law or for dispute resolution.
Under the DPDP Act, you have the right to: access information about personal data we hold; correction of inaccurate or incomplete data; erasure of personal data subject to legal retention requirements; grievance redressal through our grievance officer; nominate another individual to exercise your rights in case of death or incapacity; and withdraw consent at any time. To exercise these rights, contact us at hello@botalio.com. We may require identity verification before processing requests.
For concerns about our data practices, contact our Grievance Officer at hello@botalio.com. The Grievance Officer's name and direct contact details will be updated here upon LLP incorporation. We will acknowledge grievances within forty-eight (48) hours and aim to resolve them within thirty (30) days. If unsatisfied, you may approach the Data Protection Board of India.
We implement reasonable security practices including encryption of data in transit (TLS/HTTPS), encryption of sensitive data at rest, access controls, regular security reviews, and use of reputable cloud providers with industry-standard certifications. No system is completely secure. We cannot guarantee absolute security and disclaim liability for unauthorized access or breach resulting from causes beyond our reasonable control.
When you deploy Botalio chatbots and collect data from your end users, you are the Data Fiduciary for that data under the DPDP Act. You are responsible for providing privacy notices and obtaining consents from your end users, and for honoring end-user rights requests. Botalio acts as the Data Processor and processes such data only as necessary to provide the Service. You indemnify Botalio for any claims arising from your failure to comply with applicable data protection laws regarding end-user data.
We use cookies and similar technologies. See our Cookie Policy for details.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-Service notice at least fifteen (15) days before taking effect. Your continued use of the Service after such notice constitutes acceptance.
For questions or to exercise your rights: hello@botalio.com. Botalio is currently being incorporated. Our registered office address will be updated here upon incorporation.