Privacy Policy

Last Updated: May 27, 2026. Effective Date: May 27, 2026.

1. Introduction

Botalio respects your privacy and is committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and other applicable Indian data protection laws. This Privacy Policy describes how we collect, use, disclose, and protect personal data when you use botalio.com or our Service. By using the Service, you consent to the practices described here.

2. Data Fiduciary Information

Under the DPDP Act, Botalio acts as the Data Fiduciary for personal data of our Customers (subscribers and account holders). For personal data processed through the Service on behalf of our Customers — such as data of end users interacting with Customer chatbots — Botalio acts as a Data Processor, and the Customer is the Data Fiduciary. Contact: hello@botalio.com. A Data Protection Officer will be designated and details updated here upon LLP incorporation.

3. Personal Data We Collect

We collect the following categories of personal data:

  • Account information: name, email address, password (hashed), phone number, business name, business type, industry, role, country, state, city
  • Billing information: billing name, address, GST number if applicable — payment instrument details are processed and stored by Razorpay, not by us
  • Communications: content of emails, support tickets, and other correspondence with us
  • Chatbot configuration data: knowledge base content, training data, chatbot names, welcome messages, and branding you upload
  • End-user data: lead information collected by your chatbot from your end users, including names, emails, phone numbers, and conversation transcripts
  • Usage data: features accessed, pages visited, conversation counts, API calls, and timestamps
  • Device and technical data: IP address, browser type, operating system, device identifiers, language preferences, and referring URLs

We do not knowingly collect sensitive personal data or data from children under eighteen (18) years of age. If you believe we have collected data from a child, contact us immediately at hello@botalio.com.

4. How We Use Personal Data

We use personal data to: provide, operate, maintain, and improve the Service; manage your account and authenticate access; process payments and send invoices; generate AI output by sending relevant data to our AI providers; send transactional and promotional communications; understand usage patterns and develop new features; detect and prevent fraud, abuse, and security incidents; comply with applicable laws and enforce our agreements; and conduct internal record-keeping and audits.

5. Sharing and Disclosure

We do not sell personal data. We share personal data with service providers who process data on our behalf, including: Vercel and Supabase (cloud hosting, Mumbai region for primary data residency); Google Gemini and other AI providers; Razorpay (payment processing); Resend (email delivery); Vercel Analytics; and WhatsApp Business API for notifications you opt into. These providers are bound by data protection obligations.

We may also disclose personal data to comply with applicable laws or legal processes; to enforce our Terms or protect our rights; to investigate fraud or security issues; or in connection with a merger, acquisition, or sale of assets.

6. International Data Transfers

We primarily store data in India (Supabase Mumbai region). Certain service providers such as AI providers and analytics tools may process data outside India. By using the Service, you consent to such transfers. We will comply with any government notifications restricting cross-border data transfers under the DPDP Act.

7. Data Retention

We retain personal data only as long as necessary: account data for the duration of your subscription plus up to one year; billing data for at least eight (8) years to comply with Indian tax laws; communication records for up to three (3) years; log data for six (6) to twelve (12) months; and end-user conversation data subject to your retention preferences, deleted within thirty (30) days of account termination. We may retain data longer if required by law or for dispute resolution.

8. Your Rights as a Data Principal

Under the DPDP Act, you have the right to: access information about personal data we hold; correction of inaccurate or incomplete data; erasure of personal data subject to legal retention requirements; grievance redressal through our grievance officer; nominate another individual to exercise your rights in case of death or incapacity; and withdraw consent at any time. To exercise these rights, contact us at hello@botalio.com. We may require identity verification before processing requests.

9. Grievance Redressal

For concerns about our data practices, contact our Grievance Officer at hello@botalio.com. The Grievance Officer's name and direct contact details will be updated here upon LLP incorporation. We will acknowledge grievances within forty-eight (48) hours and aim to resolve them within thirty (30) days. If unsatisfied, you may approach the Data Protection Board of India.

10. Data Security

We implement reasonable security practices including encryption of data in transit (TLS/HTTPS), encryption of sensitive data at rest, access controls, regular security reviews, and use of reputable cloud providers with industry-standard certifications. No system is completely secure. We cannot guarantee absolute security and disclaim liability for unauthorized access or breach resulting from causes beyond our reasonable control.

11. Customer Responsibility for End-User Data

When you deploy Botalio chatbots and collect data from your end users, you are the Data Fiduciary for that data under the DPDP Act. You are responsible for providing privacy notices and obtaining consents from your end users, and for honoring end-user rights requests. Botalio acts as the Data Processor and processes such data only as necessary to provide the Service. You indemnify Botalio for any claims arising from your failure to comply with applicable data protection laws regarding end-user data.

12. Cookies

We use cookies and similar technologies. See our Cookie Policy for details.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-Service notice at least fifteen (15) days before taking effect. Your continued use of the Service after such notice constitutes acceptance.

14. Contact Us

For questions or to exercise your rights: hello@botalio.com. Botalio is currently being incorporated. Our registered office address will be updated here upon incorporation.