Legal

Privacy Policy

We take your privacy seriously. This policy explains how we collect, use, and protect your personal information.

Last updated: 15 August 2025

What we do

We are a SaaS platform that lets businesses run WhatsApp campaigns and handle replies using an AI assistant with human hand-off. Our stack includes Firebase (Google Cloud), WhatsApp Business Platform (Meta), and OpenAI APIs for retrieval-augmented responses.

Data we collect

Website visitors & admin users(Controller)

  • Identifiers: name, work email, phone, company, role
  • Account & auth: password hashes, OAuth identifiers, session tokens
  • Usage & device: pages viewed, IP address, browser/OS, location
  • Support content: messages and attachments sent to support

Customer data & end-users(Processor)

  • Contact records: names, phone numbers, WhatsApp IDs, segments
  • Messaging data: templates, campaigns, logs, inbound messages
  • Knowledge base: documents, URLs, text chunks, embeddings
  • Agent activity: assignments, notes, inbox actions
Important: Our platform is not intended for special categories of data (health, biometric, financial account numbers, etc.). Customers must not upload such data unless our written DPA explicitly permits it.

How we use data & legal bases

Website/admin accounts (Controller)

Provide and secure the service
Create accounts, authenticate, prevent abuse
Contract performance, legitimate interests, DPDP consent
Product operations & support
Diagnostics, logs, responding to requests
Legitimate interests, DPDP legitimate use
Communications
Onboarding, updates, service notices
Contract/legitimate interests
Analytics
Aggregate usage trends (no profiling for ads)
Consent where required, otherwise legitimate interests

Customer tenant data (Processor)

Process Contact & Messaging data
Only on Customer's documented instructions: sending campaigns, receiving replies, routing to agents, storing logs.
AI assistant
Generate answers using Customer content via retrieval; responses stored for audit and team training (not model training).
Security & reliability
Rate-limiting, spam detection, incident response.

OpenAI: We use OpenAI's API where API data is not used to train OpenAI models.

Meta (WhatsApp): Messages processed via Meta's infrastructure; content may be available to Meta per their terms.

Sharing & data recipients

We share personal data only with:

  • Infrastructure & communications: Google Cloud/Firebase, Meta Platforms (WhatsApp), email/SMS providers for alerts
  • AI vendor: OpenAI, for generating answers from Customer content
  • Optional payments (if enabled): Paddle (our Merchant-of-Record); your card data is handled directly by the processor
  • Compliance & advisors: Auditors, legal counsel, or regulators when required by law
  • Third-party integrations: CRMs/helpdesks via webhooks if Customer enables them
All vendors are bound by contracts and appropriate data processing terms.

Your privacy rights

India (DPDP Act 2023)

  • Right to access, correction, and erasure of personal data
  • Right to grievance redressal via our Grievance Officer
  • Consent management (where we rely on consent)

EEA/UK (GDPR/UK GDPR)

  • Access, rectification, erasure, restriction, portability
  • Right to object and not be subject to automated decisions
  • Lodge complaint with your local Data Protection Authority

California (CCPA/CPRA)

  • Know, access, delete, correct personal information
  • Opt-out of "sale"/"sharing" (we do not sell personal information)
  • Limit use of sensitive personal information, non-discrimination
Note: If you are an end-user of a Customer, please direct your request to that Customer (the data controller). We will assist them in fulfilling your request.

Security

Security measures we implement

  • Encrypted transport (TLS)
  • Encryption at rest for primary stores
  • Role-based access controls
  • Comprehensive audit logs
  • Least-privilege key management
  • Environment isolation
  • Regular vulnerability patching

Security disclaimer

No method is 100% secure. We maintain incident response processes and will notify Customers/authorities as required by law.

Data retention

  • Account/admin data: 12 months after closure
  • Message logs: 12 months (configurable)
  • Knowledge uploads: until Customer deletion
  • Backups: per disaster-recovery policies

How to contact us

Questions about this policy? Reach us at:

We may update this policy to reflect changes to our practices or legal requirements. We will post updates here and notify account owners of material changes.

Kalcend

Kalcend builds and runs custom AI agents for your business, across every channel and connected to your tools. For enterprises, we deploy custom models inside your own infrastructure, so your data never leaves.

© 2026 Kalcend Technologies Pvt. Ltd. All rights reserved.

support@kalcend.ai

NVIDIA, the NVIDIA logo, and NVIDIA Inception are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and/or other countries.

All other product names, logos, and brands shown are the property of their respective owners and are used for identification purposes only. Their use does not imply affiliation with or endorsement by their owners.