Kaarya AIKaarya AI

    Privacy Policy

    Last updated: 2026-03-02

    1. Scope and Controller

    This Privacy Policy describes how Kaarya AI (“we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our platform and services, including messaging automation (e.g. WhatsApp, Instagram), voice AI and telecalling, AI assistant, document generation, payments, and related features (the “Services”). It applies to (a) business customers who use our Services (“Customers”) and (b) end-users (e.g. your contacts who interact with your business via WhatsApp, Instagram, or voice) whose data we process on your behalf or in connection with the Services.

    Kaarya AI is the data controller for the processing described in this policy, unless we act as a processor on your instructions (e.g. when processing your customers’ data for you). For questions or to exercise your rights, contact: privacy@kaaryaai.com. For EU/EEA/UK residents, you may also have the right to lodge a complaint with a supervisory authority.

    2. Information We Collect

    We collect information that you provide, that we obtain from your use of the Services, and that we receive from third-party platforms and providers.

    • Account and business information: Name, email, phone number, company name, business details, and account credentials when you register or manage your account.
    • Messaging and communications data: Message content, contact identifiers (e.g. phone numbers, social handles), and related metadata that flow through our Services when you use WhatsApp, Instagram, or other integrated channels (via Meta’s and other providers’ APIs).
    • Voice and telephony data: Call metadata, call recordings (if enabled), and transcripts when you use voice AI or telecalling features; audio may be processed by our speech-to-text and text-to-speech providers (e.g. Sarvam, Deepgram, OpenAI Whisper).
    • Payment and transaction data: Information needed to process payments and payment links (e.g. via Razorpay), including billing details and transaction identifiers; we do not store full card numbers.
    • Document and content data: Invoices, receipts, and other documents you generate or upload; content you provide for AI assistant, knowledge base, or document generation (e.g. via PDFMonkey).
    • AI and model usage: Prompts, responses, and related text sent to or from AI/LLM and embedding providers (e.g. OpenAI, DeepSeek) and speech providers as part of the Services; we may log usage for cost, quality, and security purposes.
    • Technical and usage data: IP address, device and browser information, log data, and analytics (e.g. via Sentry, PostHog) to operate, secure, and improve the Services.

    3. Legal Basis for Processing

    We process personal data where: (a) necessary to perform our contract with you (e.g. to provide the Services); (b) necessary for our legitimate interests (e.g. security, analytics, product improvement), where not overridden by your rights; (c) you have given consent (e.g. for marketing or optional features); or (d) necessary to comply with a legal obligation. Where we process data on your behalf as a processor (e.g. your end-users’ messaging data), we do so in accordance with your instructions and our data processing terms.

    4. How We Use Your Information

    We use the information we collect to:

    • Provide, operate, maintain, and improve the Services (including messaging, voice, AI, documents, and payments).
    • Process transactions, send transactional and product-related communications, and provide support.
    • Secure the Services, detect and prevent fraud and abuse, and comply with legal obligations.
    • Analyze usage and trends (including via analytics providers) to improve our products and experience.
    • Send marketing or product updates where you have consented or where permitted by law.

    5. Third-Party Services and Data Sharing

    We use the following categories of third-party providers to operate the Services. Data may be shared as described below; each provider has its own privacy and data processing terms.

    • Meta (WhatsApp, Instagram): Message content, contact identifiers, and metadata to deliver messaging and comply with Meta’s policies. High sensitivity; used for core messaging.
    • Voice and speech (e.g. Bolna, Sarvam, Deepgram, OpenAI Whisper): Audio and transcripts for telecalling and voice AI. High sensitivity (biometric/voice data).
    • AI and language models (e.g. OpenAI, DeepSeek): Text (conversations, documents) for assistant, embeddings, and document understanding. May include PII depending on your use.
    • Payments (Razorpay): Payment and transaction data for processing payments and payouts. High sensitivity (financial).
    • Email (Resend): Email addresses and content for transactional and notification email. Medium sensitivity.
    • Document generation (PDFMonkey): Document content (e.g. invoices, receipts) to generate PDFs. High sensitivity when content is financial or contains PII.
    • Storage (e.g. AWS S3): Stored assets, documents, and recordings where we use cloud storage. Sensitivity varies by content.
    • Analytics and operations (e.g. Sentry, PostHog): Error reports, usage events, and related data to improve and debug the Services. We minimize PII in analytics where possible.
    • Authentication (e.g. Google OAuth): Identity information you choose to use for sign-in.

    We do not sell your personal information. We may disclose information to affiliates, service providers, and professional advisors; when required by law or to protect rights and safety; or in connection with a merger, sale, or other transfer of assets (with notice where required).

    6. International Transfers

    Your data may be processed in India (where we operate) and in other countries where our service providers are located. Where we transfer personal data from the EU/EEA/UK or other restricted jurisdictions, we implement appropriate safeguards (e.g. standard contractual clauses or other mechanisms approved by applicable law) to ensure an adequate level of protection.

    7. Data Retention

    We retain your information for as long as your account is active or as needed to provide the Services, and as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods may apply to different data types (e.g. logs, call recordings, payment records) in accordance with our internal policies and legal requirements. You may request deletion of your account and associated personal data subject to applicable retention obligations.

    8. Your Rights

    Depending on your location, you may have the right to:

    • Access your personal information and receive a copy.
    • Rectification of inaccurate or incomplete data.
    • Erasure (“right to be forgotten”) in certain circumstances.
    • Restriction of processing in certain circumstances.
    • Data portability (receive your data in a structured, machine-readable format).
    • Object to processing based on legitimate interests or for direct marketing.
    • Withdraw consent where processing is based on consent (without affecting lawfulness of prior processing).
    • Lodge a complaint with a supervisory authority (e.g. in the EU/EEA/UK).

    To exercise these rights, contact us at privacy@kaaryaai.com. We will respond within the timeframes required by applicable law. If we process your data on behalf of a Customer (e.g. as a processor), we may refer your request to that Customer where appropriate.

    9. Cookies and Similar Technologies

    We use cookies, local storage, and similar technologies to operate the Services (e.g. session management, preferences, security) and for analytics (e.g. PostHog) where you have consented or where we have a legitimate interest. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services.

    10. Security

    We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including encryption in transit and at rest where applicable, access controls, and regular security assessments. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and for the security of data you transmit through the Services (e.g. ensuring consent and compliance when processing end-user data).

    11. Children

    The Services are not directed at individuals under 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will take steps to delete it.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will post the revised policy on our website and update the “Last updated” date. For material changes that affect how we use your personal data, we will provide additional notice (e.g. by email or in-product) where required by law or where reasonably practicable. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

    13. Contact Us

    For privacy-related questions, to exercise your rights, or to report a concern:

    Email: privacy@kaaryaai.com
    Kaarya AI
    Unit No. 303, SBR Surya Pearl, Opp. Raheja, HITEC City, Sector 3, Mindspace, Hyderabad, Telangana 500081