Kalcend

Privacy Policy

We take your privacy seriously. This policy explains how we collect, use, and protect your personal information.

Last updated: 15 August 2025

Quick Navigation

What we collectHow we use dataData sharingYour rightsSecurityContact us

What we do

We are a SaaS platform that lets businesses run WhatsApp campaigns and handle replies using an AI assistant with human hand-off. Our stack includes Firebase (Google Cloud), WhatsApp Business Platform (Meta), and OpenAI APIs for retrieval-augmented responses.

Data we collect

Website visitors & admin usersController

  • Identifiers: name, work email, phone, company, role
  • Account & auth: password hashes, OAuth identifiers, session tokens
  • Usage & device: pages viewed, IP address, browser/OS, location
  • Support content: messages and attachments sent to support

Customer data & end-usersProcessor

  • Contact records: names, phone numbers, WhatsApp IDs, segments
  • Messaging data: templates, campaigns, logs, inbound messages
  • Knowledge base: documents, URLs, text chunks, embeddings
  • Agent activity: assignments, notes, inbox actions

Important: Our platform is not intended for special categories of data (health, biometric, financial account numbers, etc.). Customers must not upload such data unless our written DPA explicitly permits it.

How we use data & legal bases

Website/admin accounts (Controller)

Provide and secure the service

Create accounts, authenticate, prevent abuse

Contract performance, legitimate interests, DPDP consent

Product operations & support

Diagnostics, logs, responding to requests

Legitimate interests, DPDP legitimate use

Communications

Onboarding, updates, service notices

Contract/legitimate interests

Analytics

Aggregate usage trends (no profiling for ads)

Consent where required, otherwise legitimate interests

Customer tenant data (Processor)

Process Contact & Messaging data

Only on Customer's documented instructions: sending campaigns, receiving replies, routing to agents, storing logs.

AI assistant

Generate answers using Customer content via retrieval; responses stored for audit and team training (not model training).

Security & reliability

Rate-limiting, spam detection, incident response.

OpenAI: We use OpenAI's API where API data is not used to train OpenAI models.

Meta (WhatsApp): Messages processed via Meta's infrastructure; content may be available to Meta per their terms.

Sharing & data recipients

We share personal data only with:

Infrastructure & communications

Google Cloud/Firebase, Meta Platforms (WhatsApp), email/SMS providers for alerts

AI vendor

OpenAI, for generating answers from Customer content

Optional payments (if enabled)

Stripe, Razorpay, or similar processors; your card/UPI data handled directly by provider

Compliance & advisors

Auditors, legal counsel, or regulators when required by law

Third-party integrations

CRMs/helpdesks via webhooks if Customer enables them

All vendors are bound by contracts and appropriate data processing terms.

Your privacy rights

India (DPDP Act 2023)

  • Right to access, correction, and erasure of personal data
  • Right to grievance redressal via our Grievance Officer
  • Consent management (where we rely on consent)

EEA/UK (GDPR/UK GDPR)

  • Access, rectification, erasure, restriction, portability
  • Right to object and not be subject to automated decisions
  • Lodge complaint with your local Data Protection Authority

California (CCPA/CPRA)

  • Know, access, delete, correct personal information
  • Opt-out of "sale"/"sharing" (we do not sell personal information)
  • Limit use of sensitive personal information, non-discrimination

Note: If you are an end-user of a Customer, please direct your request to that Customer (the data controller). We will assist them in fulfilling your request.

Security

Security measures we implement:

  • Encrypted transport (TLS)
  • Encryption at rest for primary stores
  • Role-based access controls
  • Comprehensive audit logs
  • Least-privilege key management
  • Environment isolation
  • Regular vulnerability patching

Security disclaimer

No method is 100% secure. We maintain incident response processes and will notify Customers/authorities as required by law.

Data retention

  • • Account/admin data: 12 months after closure
  • • Message logs: 12 months (configurable)
  • • Knowledge uploads: until Customer deletion
  • • Backups: per disaster-recovery policies

How to contact us

support@kalcend.com
+917736931116

We may update this policy to reflect changes to our practices or legal requirements. We will post updates here and notify account owners of material changes.