Privacy Policy | Vrattiks Intelligence LLP

1. Introduction

Vrattiks Intelligence LLP ("Vrattiks", "we", "our", or "us") is an AI Automation and SaaS company registered in India. We build a WhatsApp CRM platform and Lead Management System that helps businesses capture leads from Facebook and Instagram Lead Ad forms, manage those leads in a CRM dashboard, and communicate with leads via the WhatsApp Business API.

This Privacy Policy describes how we collect, use, store, share, and protect personal information when you visit our website, use our products or services, or when we process data on behalf of our business clients.

We process your data only with your consent, as required to fulfil our contract with you, or as required by applicable law. If you do not agree with these practices, please discontinue use of our services and contact us to request deletion of any data we hold about you.

2. Company Information

Legal Entity Name: Vrattiks Intelligence LLP

Type of Entity: Limited Liability Partnership (LLP), registered in India

Primary Business: WhatsApp CRM, Lead Management, and AI Automation SaaS Platform

Contact for Privacy Matters: Email: hitesh@vrattiks.io
Website: www.vrattiks.io

For any privacy-related queries, data requests, or consent withdrawal, please contact us at hitesh@vrattiks.io. We will respond within 30 business days.

3. What Data We Collect

We collect information necessary to provide our services, ensure legal compliance, and improve your experience.

3.1 Facebook / Meta Platform Data

When a business client connects their Facebook or Instagram account to Vrattiks, we access and store:

Lead form submissions from Facebook and Instagram Lead Ad forms (name, phone number, email, custom responses)
Lead submission timestamps and form/campaign/ad identifiers
Facebook Page metadata and engagement data needed to operate the integration
Ad account identifiers and page identifiers associated with the connected account

How this data is used: Lead data accessed via the Meta Lead Ads API is used solely to fulfil the contracted CRM service for the business client who owns the lead form. This data is never sold, shared with advertisers, or used for any purpose outside the contracted service.

3.2 WhatsApp Business Data

Phone numbers of end-users interacting via WhatsApp Business accounts managed by Vrattiks on behalf of clients
Contact names and WhatsApp profile information where provided by users
Message content and metadata (timestamps, delivery status, read receipts)
Opt-in and opt-out consent records for WhatsApp messaging

3.3 User Account Data

Name, business name, email address, and phone number
Business category, industry type, and location
Billing and payment information (processed via third-party payment gateways)

3.4 Usage Data and Analytics

IP address, browser type, device information, and operating system
Pages visited, time on site, referral sources, and clickstream data
Platform feature usage, campaign performance logs, and analytics data
Cookies and similar tracking technologies (see Section 10)

4. Meta API Permissions We Use

When a client connects their Facebook or Instagram account to Vrattiks (for Lead Ads integration), we request the following Meta platform permissions. Each permission is used only for the purpose described below:

leads_retrieval

To fetch lead form submissions from Facebook and Instagram Lead Ad forms on behalf of the connected client. This is the core permission enabling our CRM lead capture functionality.

pages_manage_metadata

To access page metadata (name, ID, category) required to connect and manage the client's Facebook Page within the Vrattiks dashboard.

pages_read_engagement

To read page engagement data for analytics and reporting features within the CRM. Used to provide clients with campaign performance insights.

pages_show_list

To display the list of Facebook Pages managed by the user, allowing them to select which Page to connect to Vrattiks during the onboarding flow.

Scope of use: All Meta API permissions are used exclusively for the CRM and lead management functionality described in this Policy. Data obtained via these permissions is not transferred to other platforms, sold to third parties, or used for advertising purposes. Access is maintained only while the client's integration remains active and is revoked upon disconnection or account termination.

We comply with all applicable Meta Platform Terms and Meta Platform Policies.

5. How We Use Your Data

5.1 Lead Management and CRM Functionality

Automatically importing leads from Facebook and Instagram Lead Ad forms into the client's CRM dashboard
Displaying lead details, contact information, and form responses in the CRM
Enabling clients to manage, segment, and follow up on leads
Sending analytics and lead performance reports to clients

5.2 WhatsApp Messaging to Leads

Sending approved WhatsApp message templates only to leads who have provided explicit opt-in consent
AI-based customer tagging, routing, and workflow automation
Support automation and human agent handoff tools

Important: We only message individuals who have explicitly opted in to receive WhatsApp communications. We never send unsolicited or bulk messages from purchased or scraped contact lists.

5.3 Analytics and Reporting

Providing campaign performance dashboards and lead analytics to clients
Improving platform features and monitoring for abuse or fraud

5.4 What We Do NOT Do With Your Data

We do not sell personal data to third parties, advertisers, or data brokers
We do not use Meta platform data for purposes beyond the contracted CRM service
We do not transfer lead data from Meta to other advertising platforms
We do not profile users for targeted advertising using data obtained via Meta APIs

6. WhatsApp Business Data

6.1 Secure Storage

WhatsApp message content and conversation data are stored on secure cloud infrastructure with encryption at rest and in transit. Access is restricted to authorised personnel on a need-to-know basis.

6.2 Opt-In Requirement

We and our clients must collect explicit user consent before initiating WhatsApp communications. Our systems require:

Businesses clearly identify themselves when collecting opt-in consent
Customers are informed of the nature and frequency of messages they will receive
Separate consent is required for different message categories (support, promotions, service updates)
Opt-out requests are honoured within 24 hours and recorded in the system
Verifiable consent records are maintained for audit purposes

6.3 WhatsApp Business Policy Compliance

We comply with the WhatsApp Business Policy and WhatsApp Commerce Policy. We do not support messaging for prohibited product categories including gambling, adult content, weapons, pharmaceuticals without prescription, cryptocurrency trading, or other restricted industries.

6.4 Multi-Tenant Data Isolation

Vrattiks operates as a multi-tenant SaaS platform. Each client's lead data, WhatsApp conversations, and contact lists are stored in logically isolated data partitions. One client cannot access another client's data.

7. Data Retention

We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy, or as required by law:

Lead data from Facebook/Instagram Lead Ads — Retained for up to 2 years from the date of collection, or until deletion is requested by the client or end-user.
WhatsApp messages and conversation data — Retained for up to 1 year from the date of collection, unless a shorter period is requested or required by law.
Client account data — Retained for the duration of the client relationship and up to 3 years after termination, for legal and audit purposes.
Opt-in / opt-out consent records — Retained for a minimum of 5 years to comply with regulatory requirements.
Website analytics data — Retained for up to 1 year in aggregated, anonymised form.

Upon the expiry of retention periods, data is securely deleted or anonymised so it can no longer be attributed to an individual.

8. Data Deletion

You have the right to request deletion of your personal data at any time. We will process deletion requests within 30 days of receipt.

8.1 How to Request Data Deletion

Send a deletion request to: hitesh@vrattiks.io
Please include your name, email address, and a description of the data you wish to have deleted. We may request identity verification before processing your request.

8.2 Meta Data Deletion Callback

If you submitted data through a Facebook or Instagram Lead Ad form managed by one of our clients, you can also submit an automated data deletion request via our Meta-compliant Data Deletion Callback endpoint:

Data Deletion Callback URL:
https://vrattiks-s1.onrender.com/meta/data-deletion

This endpoint is registered with Meta and will process deletion requests for data accessed via the Meta Platform. You can also trigger this via Facebook's App Settings page by removing Vrattiks from your connected apps.

9. Your Rights

Under India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable international frameworks including GDPR, you have the following rights regarding your personal data:

Right to Access — Request a copy of the personal data we hold about you.
Right to Correction — Request that inaccurate or incomplete data be corrected.
Right to Erasure — Request deletion of your personal data, subject to legal retention obligations.
Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
Right to Opt-Out of WhatsApp Messages — Reply "STOP" or "Unsubscribe" to any message, or contact hitesh@vrattiks.io. Opt-out requests are honoured within 24 hours.
Right to Grievance Redressal — Raise a complaint with us and expect a response within 30 business days.
Right to Nominate — Under the DPDPA, nominate another person to exercise your rights in the event of death or incapacity.

To exercise any of these rights, contact: hitesh@vrattiks.io

10. Cookies & Website Tracking

Our website uses cookies and similar technologies to improve functionality and understand visitor behaviour:

Essential Cookies — Required for the website to function correctly. Cannot be disabled.
Analytics Cookies — Help us understand how visitors interact with our website (e.g., Google Analytics). Data is aggregated and anonymised.
Preference Cookies — Remember your settings and preferences across sessions.
Marketing Cookies — Used only where you have consented, to show relevant content or ads.

You can control or disable cookies through your browser settings at any time.

11. Third-Party Services

We use the following third-party services to operate our platform:

Meta Platforms Inc. (Facebook & WhatsApp) — For WhatsApp Business API integration, Facebook/Instagram Lead Ads data retrieval, and page management. Data processed is subject to Meta's Privacy Policy.
Google Analytics — For website analytics. Google processes analytics data under its own privacy policy.
Cloud Infrastructure Providers — For secure data hosting, storage, and processing.
Payment Processors — For secure billing and subscription management. We do not store raw payment card data.

We do not sell, rent, or trade personal data to third parties. Data shared with the above providers is limited to what is necessary to deliver our services.

12. Data Sharing

Vrattiks shares personal data only in the following limited circumstances:

With Meta Platforms Inc. — As required to operate the WhatsApp Business API and comply with Meta's terms of service.
With Our Clients — Lead data is shared with the business client on whose behalf we operate the Lead Ads integration, where relevant to the contracted service.
With Service Providers — Trusted vendors who assist in service delivery (cloud hosting, payment processing, analytics), all bound by data processing agreements.
With Legal Authorities — Where required by law, court order, or regulatory authority in India or applicable jurisdictions.

We never share personal data with advertisers, data brokers, or marketing networks without your explicit consent.

13. Data Storage & Security

Data is stored on secure cloud infrastructure with access controls and encryption at rest
All data transmitted between our systems and third-party APIs (including Meta) is encrypted using HTTPS/TLS
Access to personal data is restricted to authorised personnel on a need-to-know basis
We conduct periodic security reviews and monitor our systems for vulnerabilities
In the event of a data breach posing a risk to your rights, we will notify affected users within the timeframes required by applicable law

Primary data storage is in India. Where data is processed outside India (e.g., via Meta's WhatsApp Cloud API infrastructure), we ensure appropriate safeguards are in place.

14. Legal Basis for Processing

We process personal data under the following legal bases, in compliance with India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable international frameworks:

Consent — Where you or your customers have provided explicit opt-in consent to receive WhatsApp messages or communications.
Contractual Necessity — Where data processing is required to fulfil our agreement with you as a client or partner.
Legitimate Interests — Where processing is in our legitimate interest to operate, improve, and secure our services.
Legal Obligation — Where processing is necessary to comply with applicable Indian law, Meta's WhatsApp Business policies, or regulatory requirements.

15. International Users

Vrattiks is incorporated in India and primarily serves Indian businesses. If you are accessing our services from outside India, please be aware that your data may be transferred to, stored, and processed in India, where data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA) or United Kingdom, we process data in accordance with applicable GDPR principles, including data minimisation, purpose limitation, and lawful processing bases.

16. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, our Grievance Officer is:

Grievance Officer

Hitesh Dave, Founder & CTO

Vrattiks Intelligence LLP

Email: hitesh@vrattiks.io

Website: www.vrattiks.io

Response Time: Within 30 business days of receipt

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the Effective Date at the top of this document
Post a prominent notice on our website
Notify registered clients via email and seek fresh consent where required by law

We encourage you to review this page periodically to stay informed of any updates.

18. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us:

Vrattiks Intelligence LLP

Email: hitesh@vrattiks.io • arpit@vrattiks.io • vrattiks@gmail.com

Website: www.vrattiks.io

Address: 912, International Finance Centre, VIP Road, Vesu, Surat, Gujarat, India – 395007