← Home

Privacy Policy

Last updated: 14 May 2026

This Privacy Policy describes how we collect, use, and protect personal data on the AI Sales Agent platform (the "Service"), in compliance with India's Digital Personal Data Protection Act 2023 (DPDP Act).

1. Who we are

The Service is operated by independent businesses ("Tenants") who deploy AI assistants on their own communication channels. The platform infrastructure is provided by the operators of giftrix-ai-agent. For data-fiduciary inquiries regarding a specific business's data, contact that Tenant directly. For platform-level questions, contact giftrixinfo@gmail.com.

2. What we collect

When a customer ("Data Principal") interacts with a Tenant's AI:

• Conversation content — the messages you send and the AI's replies (24-hour retention for active session, 90 days for qualified leads)
• Identifiers — phone number, email, name, company (as voluntarily shared)
• Purchase data — quote/order details and payment status (1 year, for tax + dispute records)
• Technical metadata — message timestamps, channel (WhatsApp/Email/Web/etc.), basic behavioral patterns for AI quality improvement

3. Why we collect it

• To respond to your inquiry and complete your requested service/purchase
• To send order confirmations, payment receipts, and status updates
• To improve the AI's accuracy over time (aggregated patterns only — no individual targeting)
• To comply with legal obligations (GST records, tax filings)

4. Your rights under DPDP Act

• Right to access — request a copy of all data we hold about you
• Right to erasure — request deletion of your personal data
• Right to correction — fix inaccurate information
• Right to withdraw consent — stop AI interactions at any time

Exercise these rights by contacting the Tenant (the business you interacted with) or the platform operator. Verified requests are honored within 30 days.

5. Data sharing

We share data only with:

• Sub-processors — Cloudflare (hosting), Google Cloud (AI processing), Meta (WhatsApp/Instagram delivery), Razorpay (payments). Each operates under their own privacy policy + GDPR/DPDP-equivalent commitments.
• The Tenant business — they own the relationship with you and receive your inquiry data
• Legal authorities — only when required by valid court order or law

We do not sell personal data to third parties. We do not use your data for unrelated marketing.

6. Data retention

Conversations: 24 hours · Qualified leads: 90 days · Quotes: 90 days · Payment records: 365 days · Audit logs: 365 days. Tenants can request earlier deletion of specific records.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest within Cloudflare's KV storage. Admin access is gated by per-tenant authentication tokens. Webhook signatures are cryptographically verified.

8. Changes

Material changes will be reflected here with a new "Last updated" date. Continued use of the Service constitutes acceptance.