Privacy Policy
Last updated: May 15, 2026 · Effective immediately
This Privacy Policy applies to personal data processed by KAITALK ("KAI", "we", "us") in connection with our AI customer care service. This policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.
1. Data Fiduciary
Under the DPDP Act, KAITALK is the Data Fiduciary — the entity that determines the purpose and means of processing your personal data.
Data Fiduciary: KAITALK
AI customer care service for small and medium businesses.
Contact: grievance@kaitalk.online
2. Grievance Officer
In accordance with the DPDP Act and the Information Technology Act, 2000, KAITALK has designated a Grievance Officer to address concerns and complaints from Data Principals (users).
Grievance Officer — KAITALK
E-mail: contact@kaitalk.online
Response time: Within 30 days of receipt of the grievance.
Escalation: If unresolved, you may approach the Data Protection Board of India (once established under the DPDP Act).
3. Personal Data We Collect
- Account data: name, email address, business name, business phone number.
- Call data: caller phone number, city, country, AI-generated voice transcription, AI response text, call duration, timestamp.
- Payment data: subscription plan, billing history processed by Stripe (we do not store raw card data).
- Usage data: anonymous visitor identifier (with consent only), language preference, UTM campaign parameters.
- Contact form data: name, email, phone number, business name submitted via enquiry or demo request forms.
4. Purpose and Consent
Under the DPDP Act, we process personal data only for specific, clearly stated lawful purposes, and we obtain free, informed, specific, and unambiguous consent where required.
Purposes for which we process your data:
- Providing the KAI virtual customer care service (AI call handling).
- Creating and managing your account, including magic-link authentication.
- Processing payments and managing your subscription.
- Displaying call logs and analytics in your dashboard.
- Sending transactional communications (service alerts, billing notices).
- Basic usage analytics to improve the service (consent-based).
- Compliance with applicable laws and legal obligations.
We will not process your personal data for any purpose not listed above without obtaining fresh consent or establishing another lawful basis.
5. Consent Notice
Before or at the time of collecting personal data, we provide a clear notice describing:
- What personal data is being collected.
- The purpose for which it will be used.
- How and where it will be stored or transferred.
- Your rights as a Data Principal under the DPDP Act.
- How to withdraw consent and the consequences of doing so.
Consent for non-essential data (analytics, marketing) is collected through the cookie consent banner on your first visit. Consent may be withdrawn at any time without affecting the lawfulness of processing before withdrawal.
6. Data Fiduciary Obligations
As a Data Fiduciary under the DPDP Act, KAITALK commits to:
- Purpose limitation: processing data only for stated, lawful purposes.
- Data minimisation: collecting only what is necessary for the stated purpose.
- Accuracy: taking reasonable steps to ensure data accuracy.
- Storage limitation: retaining data only as long as necessary for the purpose.
- Security safeguards: implementing appropriate technical and organisational measures to protect personal data from breach, loss, or unauthorised access.
- Breach notification: notifying the Data Protection Board of India and affected Data Principals in the event of a personal data breach, as required by the DPDP Act.
7. Call Recording and Voice Processing
Calls handled by KAI are processed by AI to generate automated responses. Voice transcriptions are generated automatically and stored for up to 24 months for service delivery, quality control, and dispute resolution.
Callers are informed at the beginning of each call. If you do not wish your voice to be processed, you may end the call at any time.
8. Cross-Border Data Transfers
KAITALK uses third-party service providers located outside India. These transfers are made in compliance with Section 16 of the DPDP Act, which permits transfer to countries notified by the Government of India, or subject to contractual clauses ensuring equivalent protection. Our key sub-processors are:
- Twilio Inc. (USA) — telephony infrastructure and call processing.
- OpenAI / Polsia AI Proxy (USA) — AI response generation.
- Stripe Inc. (USA) — payment processing.
- Render Services Inc. (USA) — application hosting.
- Neon Technologies — PostgreSQL database hosting.
We contractually require all sub-processors to maintain data protection standards equivalent to those required under the DPDP Act. We do not sell your personal data to any third party.
9. Retention Periods
- Call records and transcriptions: 24 months from the date of the call.
- Account data: for the duration of your account, plus 90 days after closure.
- Session tokens: 30 days, auto-expiring.
- Magic link tokens: 30 minutes, discarded after single use.
- Lead and form data: 24 months or until erasure is requested.
Data is securely deleted or irreversibly anonymised upon expiry of the retention period.
10. Security Measures
- HTTPS/TLS encryption for all data in transit.
- AES-256-GCM encryption for stored OAuth tokens and credentials.
- Session-based access controls with httpOnly cookies.
- HTTP security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options).
- Isolated execution environments for AI processes (no access to production credentials).
- Continuous security monitoring and automated incident alerting.
Your Rights as a Data Principal (DPDP Act)
Under the DPDP Act, you have the following rights regarding your personal data:
- Right to access information: obtain a summary of personal data processed and the processing activities undertaken.
- Right to correction and erasure: request correction of inaccurate or incomplete data, and erasure of data that is no longer necessary for the stated purpose or where consent has been withdrawn.
- Right to grievance redressal: have your grievances addressed by the Grievance Officer within 30 days, and escalate to the Data Protection Board of India if unresolved.
- Right to nominate: nominate a person to exercise your rights in the event of your death or incapacity.
- Right to withdraw consent: withdraw consent at any time for processing based on consent, with effect from the date of withdrawal.
To exercise your rights, use the form below or contact our Grievance Officer at contact@kaitalk.online.
Exercise Your Data Rights →12. Data Protection Board of India
The DPDP Act establishes the Data Protection Board of India as the adjudicatory body for data protection matters. Once fully operationalised, individuals may file complaints with the Board where grievances are not resolved by the Data Fiduciary. We will update this policy with the Board's contact details when officially published by the Government of India.
13. Children's Data
KAITALK is a business-to-business service intended exclusively for companies and professionals. We do not knowingly collect personal data of individuals under 18 years of age. If you believe a minor's data has been collected inadvertently, please contact our Grievance Officer for immediate deletion.
14. Cookies and Tracking
- kai_session (httpOnly, secure cookie): authentication session. Essential for service operation.
- kai_lang (localStorage): language preference. Non-essential.
- polsia_vid (localStorage): anonymous visitor ID for analytics. Non-essential, set only after explicit consent.
No Meta Pixel or third-party tracking scripts are loaded without your prior consent.
15. Changes to This Policy
We may update this policy periodically. Material changes will be notified to registered users by email or via a prominent notice on the website. The updated policy takes effect 15 days after publication.
16. Contact
- Grievance Officer: contact@kaitalk.online
- Data rights request form: /dsr
गोपनीयता नीति
अंतिम अपडेट: 15 मई 2026 · तुरंत प्रभावी
यह गोपनीयता नीति KAITALK ("KAI", "हम") द्वारा हमारी AI कस्टमर केयर सेवा के संबंध में संसाधित व्यक्तिगत डेटा पर लागू होती है। यह नीति भारत के डिजिटल व्यक्तिगत डेटा संरक्षण अधिनियम, 2023 (DPDP Act) के अनुपालन में है।
1. डेटा न्यासी (Data Fiduciary)
DPDP Act के तहत, KAITALK डेटा न्यासी है — वह संस्था जो आपके व्यक्तिगत डेटा के प्रसंस्करण के उद्देश्य और साधन निर्धारित करती है।
डेटा न्यासी: KAITALK
छोटे और मध्यम व्यवसायों के लिए AI कस्टमर केयर सेवा।
संपर्क: grievance@kaitalk.online
2. शिकायत अधिकारी (Grievance Officer)
DPDP Act और सूचना प्रौद्योगिकी अधिनियम, 2000 के अनुसार, KAITALK ने एक शिकायत अधिकारी नियुक्त किया है।
शिकायत अधिकारी — KAITALK
ई-मेल: contact@kaitalk.online
प्रतिक्रिया समय: शिकायत प्राप्त होने के 30 दिन के भीतर।
3. हम कौन सा व्यक्तिगत डेटा एकत्र करते हैं
- खाता डेटा: नाम, ई-मेल पता, व्यवसाय का नाम, व्यावसायिक फ़ोन नंबर।
- कॉल डेटा: कॉलर का फ़ोन नंबर, शहर, देश, AI-जनित वॉयस ट्रांसक्रिप्शन, AI प्रतिक्रिया पाठ, कॉल अवधि।
- भुगतान डेटा: सदस्यता योजना, Stripe द्वारा संसाधित बिलिंग इतिहास।
- उपयोग डेटा: केवल सहमति से अनाम विज़िटर पहचानकर्ता, भाषा प्राथमिकता।
- फ़ॉर्म डेटा: संपर्क या डेमो अनुरोध फ़ॉर्म के माध्यम से सबमिट की गई जानकारी।
4. सहमति और उद्देश्य
हम व्यक्तिगत डेटा केवल विशिष्ट, स्पष्ट रूप से बताए गए कानूनी उद्देश्यों के लिए संसाधित करते हैं और जहां आवश्यक हो, स्वतंत्र, सूचित, विशिष्ट और स्पष्ट सहमति प्राप्त करते हैं।
- KAI AI कॉल सेंटर सेवा प्रदान करना।
- आपके खाते का प्रबंधन और magic-link प्रमाणीकरण।
- भुगतान प्रसंस्करण और सदस्यता प्रबंधन।
- आपके डैशबोर्ड में कॉल लॉग और एनालिटिक्स प्रदर्शित करना।
- सेवा में सुधार के लिए बुनियादी उपयोग एनालिटिक्स (सहमति-आधारित)।
डेटा प्रिंसिपल के रूप में आपके अधिकार (DPDP Act)
DPDP Act के तहत, आपके पास निम्नलिखित अधिकार हैं:
- जानकारी का अधिकार: संसाधित व्यक्तिगत डेटा और प्रसंस्करण गतिविधियों का सारांश प्राप्त करें।
- सुधार और मिटाने का अधिकार: गलत डेटा सुधार या अनावश्यक डेटा हटाने का अनुरोध करें।
- शिकायत निवारण का अधिकार: 30 दिनों के भीतर शिकायत अधिकारी से समाधान प्राप्त करें।
- सहमति वापस लेने का अधिकार: सहमति पर आधारित प्रसंस्करण के लिए किसी भी समय सहमति वापस लें।
- नामांकन का अधिकार: मृत्यु या अक्षमता की स्थिति में अधिकार प्रयोग के लिए किसी व्यक्ति को नामांकित करें।
अपने अधिकारों का प्रयोग करने के लिए, नीचे दिए फ़ॉर्म का उपयोग करें या हमारे शिकायत अधिकारी से संपर्क करें: contact@kaitalk.online
डेटा अधिकार का प्रयोग करें →8. अंतर्राष्ट्रीय डेटा स्थानांतरण
KAITALK भारत के बाहर स्थित तृतीय-पक्ष सेवा प्रदाताओं का उपयोग करता है। ये स्थानांतरण DPDP Act की धारा 16 के अनुपालन में किए जाते हैं। मुख्य उप-प्रसंस्करणकर्ता:
- Twilio Inc. (अमेरिका) — टेलीफोनी अवसंरचना।
- OpenAI / Polsia AI Proxy (अमेरिका) — AI प्रतिक्रिया निर्माण।
- Stripe Inc. (अमेरिका) — भुगतान प्रसंस्करण।
- Render Services Inc. (अमेरिका) — एप्लिकेशन होस्टिंग।
9. कुकीज़ और ट्रैकिंग
- kai_session: प्रमाणीकरण सत्र — सेवा के लिए आवश्यक।
- kai_lang: भाषा प्राथमिकता — गैर-आवश्यक।
- polsia_vid: अनाम विज़िटर ID — केवल स्पष्ट सहमति के बाद सेट।
आपकी पूर्व सहमति के बिना कोई Meta Pixel या तृतीय-पक्ष ट्रैकिंग स्क्रिप्ट लोड नहीं की जाती।
10. संपर्क
- शिकायत अधिकारी: contact@kaitalk.online
- डेटा अधिकार अनुरोध फ़ॉर्म: /dsr