Privacy Policy

1. Introduction

Vrattiks Intelligence LLP ("Vrattiks", "we", "our", or "us") is an Adaptive Intelligence and AI Automation company registered in India. We build AI-powered systems, SaaS products, and automation solutions for businesses, with a primary focus on WhatsApp-based customer intelligence and campaign delivery.

This Privacy Policy describes how we collect, use, store, share, and protect personal information when you:

• Visit our website and digital properties
• Use any of our products or services (including Vrattiks S1)
• Communicate with us via WhatsApp, email, or other channels
• Are a client, partner, or end-customer interacting through platforms we power

We process your data only with your consent, as required to fulfil our contract with you, or as required by applicable law — as described in this Policy. If you do not agree with these practices, please discontinue use of our services and contact us to request deletion of any data we hold about you.

2. Company Information

Legal Entity Name:
Vrattiks Intelligence LLP

Type of Entity:
Limited Liability Partnership (LLP), registered in India

Primary Business:
AI Automation, SaaS Products, and Customer Intelligence Systems

Contact for Privacy Matters:
Email: vrattiks@gmail.com
Website: www.vrattiks.io

For any privacy-related queries, data requests, or consent withdrawal, please contact us at vrattiks@gmail.com. We will respond within 30 business days.

3. Information We Collect

We collect information necessary to provide our services, ensure legal compliance, and improve your experience. The types of data we collect include:

3.1 Information You Provide Directly

• Name, business name, email address, and phone number
• Business category, industry type, and location
• WhatsApp phone numbers (yours and your customers') provided for campaign setup
• Billing and payment information (processed securely via third-party payment gateways)
• Any content, data, or files you share with us during onboarding or support

3.2 WhatsApp Conversation Data

• Phone numbers of end-users interacting via WhatsApp Business channels we manage on behalf of clients
• Message metadata (timestamps, delivery status, read receipts)
• Customer interaction data used for AI tagging, segmentation, and campaign analytics
• Opt-in and opt-out consent records for WhatsApp messaging

3.3 Automatically Collected Data (Website)

• IP address, browser type, device information, and operating system
• Pages visited, time on site, referral sources, and clickstream data
• Cookies and similar tracking technologies (see Section 10)

3.4 Third-Party Sources

• Business contact information from public directories or LinkedIn for limited business-to-business partnership research, never for WhatsApp promotional messaging unless explicit WhatsApp opt-in consent has been collected
• Data received from Meta/WhatsApp as part of the WhatsApp Business API integration

4. Legal Basis for Processing Personal Data

Vrattiks processes personal data under the following legal bases, in compliance with India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable international frameworks:

• Consent — Where you or your customers have provided explicit opt-in consent to receive WhatsApp messages or communications.
• Contractual Necessity — Where data processing is required to fulfil our agreement with you as a client or partner.
• Legitimate Interests — Where processing is in our legitimate interest to operate, improve, and secure our services, provided it does not override your rights.
• Legal Obligation — Where processing is necessary to comply with applicable Indian law, Meta's WhatsApp Business policies, or regulatory requirements.

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery

• Setting up and managing your WhatsApp Business API account and campaigns
• AI-based customer segmentation, tagging, and campaign recommendations
• Sending WhatsApp message templates on behalf of our clients to their consented customers
• Providing analytics, reporting, and campaign performance data

5.2 Platform Operations

• Maintaining and improving our products (including Vrattiks S1)
• Ensuring system security, preventing fraud, and monitoring for abuse
• Processing payments and managing billing

5.3 Communication

• Responding to your support queries and service requests
• Sending product updates, service announcements, or critical notices
• Sending marketing communications, only where you have explicitly opted in

5.4 Compliance & Legal

• Maintaining consent records as required by Meta's WhatsApp Business Policy
• Complying with applicable Indian laws, including the DPDPA, 2023
• Responding to lawful requests from regulatory authorities

6. WhatsApp Data & Meta Platform Compliance

Vrattiks uses the Meta WhatsApp Cloud API to power WhatsApp-based communication for our clients and their customers. Our practices with respect to WhatsApp data are governed by both this Privacy Policy and the Meta WhatsApp Business Terms of Service.

6.1 Data We Process on Meta's Platform

• Phone numbers and profile information of end-users who interact with WhatsApp Business accounts managed by Vrattiks on behalf of our clients
• WhatsApp message templates submitted for Meta approval
• Delivery, read, and engagement metadata returned by the WhatsApp Cloud API

6.2 Consent for WhatsApp Communication

Vrattiks and its clients must collect user consent before initiating WhatsApp communications. Our systems and onboarding process require the following:

• Businesses must clearly identify themselves when collecting opt-in consent
• Customers must be informed that they will receive WhatsApp messages from the specific business
• Consent records must show the source, timestamp, consent language, and phone number where available
• Opt-out requests are honoured immediately and recorded in the system
• We maintain verifiable records of all opt-in consents collected

6.3 What Meta Receives

When using the WhatsApp Cloud API, certain metadata (such as phone numbers and message delivery status) may be processed by Meta's systems according to WhatsApp's own business terms and privacy practices. For more information, please review Meta's Privacy Policy at www.whatsapp.com/legal/privacy-policy.

6.4 Prohibited Uses

• We do not use WhatsApp data to profile users beyond the purpose of the contracted service
• We do not sell or rent WhatsApp contact data to any third party
• We do not send unsolicited, scraped-list, purchased-list, or spam messages through any WhatsApp account we manage
• We do not use public directory, LinkedIn, or cold outreach data for WhatsApp campaigns without explicit opt-in consent

7. Data Sharing & Third Parties

Vrattiks does not sell, rent, or trade personal data. We share data only in the following limited circumstances:

• Meta Platforms Inc. — As required to operate the WhatsApp Business API and comply with Meta's terms of service.
• Service Providers — Trusted third-party vendors who assist us in delivering our services (e.g., cloud hosting, payment processing, analytics), all bound by data processing agreements.
• Our Clients — Your data may be shared with the business client on whose behalf we operate a WhatsApp channel, where relevant to the contracted service.
• Legal Authorities — Where required by law, court order, or regulatory authority in India or applicable jurisdictions.
• Business Transfers — In the event of a merger, acquisition, or restructuring, personal data may be transferred as part of that transaction, with appropriate notice to affected users.

We never share your personal data with advertisers, data brokers, or marketing networks without your explicit consent.

8. Data Storage & Security

We are committed to protecting your personal data using industry-standard security practices:

• Data is stored on secure cloud infrastructure with access controls and encryption at rest
• All data transmitted between our systems and third-party APIs (including Meta) is encrypted using HTTPS/TLS
• Access to personal data is restricted to authorised personnel on a need-to-know basis
• We conduct periodic security reviews and monitor our systems for vulnerabilities
• In the event of a data breach that poses a risk to your rights, we will notify affected users within the timeframes required by applicable law

Primary data storage is in India. Where data is processed outside India (e.g., via Meta's WhatsApp Cloud API infrastructure), we ensure appropriate safeguards are in place consistent with applicable data protection laws.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as required by law:

• Client account data: Retained for the duration of the client relationship and up to 3 years after termination, for legal and audit purposes.
• WhatsApp campaign and conversation data: Retained for up to 2 years from the date of collection, unless a shorter period is requested.
• Consent records (opt-in/opt-out): Retained for a minimum of 5 years to comply with regulatory requirements.
• Website analytics data: Retained for up to 1 year in aggregated, anonymised form.

Upon the expiry of retention periods, data is securely deleted or anonymised so that it can no longer be attributed to an individual.

10. Cookies & Website Tracking

Our website uses cookies and similar tracking technologies to improve functionality and understand user behaviour. The types of cookies we use include:

• Essential Cookies — Required for the website to function correctly. These cannot be disabled.
• Analytics Cookies — Help us understand how visitors interact with our website (e.g., Google Analytics). Data is aggregated and anonymised.
• Preference Cookies — Remember your settings and preferences across sessions.
• Marketing Cookies — Used only if you have consented, to show relevant content or ads.

You can control or disable cookies through your browser settings at any time. Disabling cookies may affect the functionality of certain parts of our website. We will request your consent for non-essential cookies via a cookie consent banner on your first visit.

11. Your Rights

Under India's Digital Personal Data Protection Act, 2023 (DPDPA) and applicable international frameworks, you have the following rights regarding your personal data:

• Right to Access — You may request a copy of the personal data we hold about you.
• Right to Correction — You may request that inaccurate or incomplete data be corrected.
• Right to Erasure — You may request deletion of your personal data, subject to legal retention obligations.
• Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Grievance Redressal — You may raise a complaint with us and expect a response within 30 business days.
• Right to Nominate — Under the DPDPA, you may nominate another person to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact us at vrattiks@gmail.com. We may request identity verification before processing your request.

12. Opting Out of WhatsApp Communications

If you are an end-customer receiving WhatsApp messages from a business powered by Vrattiks, you have the right to opt out at any time:

• Reply "STOP" or "Unsubscribe" to any WhatsApp message you receive
• Contact the business directly and request removal from their messaging list
• Contact us at vrattiks@gmail.com if you believe your opt-out has not been honoured

All opt-out requests are honoured within 24 hours. You will not receive further promotional or campaign messages after opting out. Transactional messages directly related to your active relationship with the business may still be sent where legally permitted.

13. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at vrattiks@gmail.com and we will take steps to delete the information.

14. International Users

Vrattiks is incorporated in India and primarily serves Indian businesses. If you are accessing our services from outside India, please be aware that your data may be transferred to, stored, and processed in India, where data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA) or United Kingdom, we process data in accordance with applicable GDPR principles, including data minimisation, purpose limitation, and lawful processing bases. For users in other jurisdictions, we comply with the relevant local privacy laws to the extent they apply.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. When we make material changes, we will:

• Update the Effective Date at the top of this document
• Post a prominent notice on our website
• Notify registered clients via email and seek fresh consent where required by law

For non-material changes (e.g., formatting, clarifications), the updated Policy will take effect on the date shown. We encourage you to review this page periodically to stay informed of any updates.

16. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, the name and contact details of the Grievance Officer are as follows:

17. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your personal data, please reach out to us: