Data Protection Policy

Last modified: October 27, 2025

  • Our services
  • Property rights
  • Prohibited activities
  • Services management
  • Terms & Conditions

Purpose

This Data Protection Policy establishes how Qyro Ai (“we”, “our”, “us”) collects, processes, stores, and secures personal and business data handled through our WhatsApp Automation Platform.
The objective is to ensure all data is managed lawfully, fairly, and transparently, and that users’ rights and privacy are respected at all times.

Scope

This policy applies to:

  • All customers, users, and partners using our WhatsApp automation software or related services.

  • All employees, contractors, and service providers who handle personal data on behalf of Qyro Ai.

All data collected through our website, dashboard, APIs, and integrations.

Data Collected

We collect and process the following categories of data:

Personal Information

  • Name, phone number, email address

  • Company name, business category

  • Payment details (processed securely through third-party gateways)

Business & WhatsApp Data

  • WhatsApp Business Account ID and connected phone number

  • Message templates, campaign data, and chatbot interactions

  • Contacts and conversation logs (processed only for automation and reporting)

Technical Data

  • IP address, browser type, device information

  • Usage analytics, cookies, and system logs

All data collection is done with user consent or under legitimate business purposes as allowed by law.

Data Processing Principles

We adhere to the following principles:

  • Lawfulness, Fairness, and Transparency – Data is collected and used only for legitimate, disclosed purposes.

  • Purpose Limitation – Data is processed solely to provide and improve our services.

  • Data Minimization – Only the minimum data necessary is collected.

  • Accuracy – We maintain accurate and up-to-date data.

  • Storage Limitation – Data is retained only as long as required for operational or legal needs.

Integrity and Confidentiality – Data is protected using technical and organizational safeguards.

Legal Basis for Processing

Depending on the nature of the data and the jurisdiction, we process data under:

  • User Consent (for sign-up, API integration, or marketing communication)

  • Contractual Necessity (to deliver subscribed services)

  • Legitimate Interests (to improve security, usability, and platform performance)

Legal Obligation (compliance with data protection or financial regulations)

Data Storage and Security

  • We implement advanced security protocols to protect data:

    • End-to-end SSL encryption for all communications

    • Encrypted storage of tokens, credentials, and API keys

    • Secure cloud infrastructure with restricted access

    • Regular backups, monitoring, and vulnerability assessments

    All data is stored on secure servers located in [mention country or region, e.g., India / AWS Singapore / EU region].

Data Retention

We retain personal and business data only for as long as:

  • The user account is active, or

  • Required by law or contractual necessity

After account deletion or termination, data is permanently deleted within 30 days, except for data retained for audit or legal compliance.

Data Access and Control

Users can:

  • Request access to their personal data

  • Request correction of inaccurate data

  • Request deletion of data or account

  • Withdraw consent at any time (which may disable services)

To exercise these rights, email us at [support@yourdomain.com].
We verify identity before processing such requests to ensure data safety.

Data Sharing & Third Parties

Data is shared only when necessary:

  • With Meta (WhatsApp Business API) for message routing and verification

  • With payment gateways (e.g., Razorpay, Stripe) for secure transactions

  • With cloud or analytics providers under strict NDAs and data protection terms

We do not sell, rent, or trade user data to any third party.

Breach Notification

In the event of a data breach or unauthorized access:

  • We will promptly assess the incident

  • Notify affected users and authorities within 72 hours (as applicable under law)

Take immediate corrective measures to contain and prevent further exposure

Employee & Contractor Responsibility

All employees, contractors, and partners must:

  • Handle user data responsibly and confidentially

  • Follow internal security protocols

  • Report any data breach or suspicious activity immediately

Violation of these obligations may result in disciplinary or legal action.

Compliance

This policy aligns with:

  • India’s Digital Personal Data Protection Act (DPDP), 2023

  • General Data Protection Regulation (GDPR) (EU)

  • Information Technology Act, 2000 (India)

WhatsApp Business Platform Policies and Meta Terms

Updates to This Policy

We may modify this policy periodically. Changes will be published on our website with the updated “Last Updated” date. Continued use of our services constitutes acceptance of the revised policy.

Contact Information

For any queries or legal concerns, please contact:
📧 Email: [support@yourdomain.com]
🏢 Company: [Your Company Name / Legal Entity]
📍 Registered Office: [Full Business Address]