Privacy Policy
Effective date: 1 June 2025
1. Introduction
Respondly ("we", "us", or "our") operates the Respondly platform accessible at therespondly.com ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service. By using the Service you agree to the practices described in this Policy.
2. Information We Collect
2a. Information you provide directly
- Account data: business name, email address, password (hashed), business type, and the date and time you accepted these terms.
- Business profile: WhatsApp number, business address, description, and Google Sheets credentials (if connected).
- Property listings: property title, description, price, location, and related metadata you enter into the platform.
- Support communications: messages you send to our support team.
2b. Lead data (your customers' data)
When your customers interact with your AI assistant via WhatsApp, we collect and store on your behalf:
- WhatsApp phone number and display name
- Conversation messages (both inbound and AI-generated outbound)
- Lead qualification data (name, budget, location, requirements) as captured by the AI
- Lead status and notes you add manually
You are the data controller for your customers' data. You are responsible for ensuring you have a legal basis to collect and process this data and for informing your customers.
2c. Usage and technical data
- Platform activity logs (API calls, AI usage events, WhatsApp message events)
- Token consumption per message (for billing and cost tracking)
- IP addresses and browser/device information for security purposes
- Error logs and performance metrics
2d. Payment data
Payment processing is handled by Razorpay. We do not store full card numbers, CVVs, or bank account details on our servers. We receive and store a Razorpay customer ID, subscription ID, and payment status for billing management. Razorpay's privacy policy applies to all payment data.
3. How We Use Your Information
- Providing the Service: processing WhatsApp conversations through OpenAI, storing and displaying leads in your dashboard, syncing to Google Sheets.
- Billing & subscriptions: managing your trial, subscription, payments, and credits via Razorpay.
- Platform improvement: anonymised and aggregated usage analytics to improve AI response quality and platform performance. We do not use individual conversation content to train third-party AI models without your consent.
- Communication: transactional emails (password reset, billing notifications, trial ending reminders). We do not send marketing emails without your opt-in.
- Security: detecting fraud, abuse, and unauthorised access.
- Legal compliance: retaining records as required by applicable law.
4. Third-Party Services & Data Sharing
We share data with the following third-party providers to deliver the Service:
| Provider | Purpose | Data shared |
|---|---|---|
| OpenAI | AI conversation generation | Conversation messages sent to API; not retained per OpenAI's API policy |
| Meta (WhatsApp Business API) | WhatsApp messaging (inbound/outbound) | Phone numbers, message content |
| Meta (WhatsApp) | WhatsApp Business API (direct integration) | Phone numbers, message content |
| Razorpay | Payment processing & subscriptions | Name, email, billing amount, subscription status |
| Google Sheets API | Lead sync (only if you connect it) | Lead data you choose to export |
We do not sell, rent, or share your personal data or your customers' data with any third party for marketing purposes.
5. Data Retention
- Active accounts: data is retained for the duration of your subscription plus 30 days after cancellation.
- Deleted accounts: all data is permanently deleted within 30 days of account deletion, unless retention is required by law.
- Activity logs: system-level logs are retained for up to 90 days for security and debugging purposes.
- Billing records: transaction records are retained for 7 years as required by Indian financial regulations.
6. Data Security
We implement industry-standard security measures including:
- Passwords hashed with bcrypt
- JWT tokens for authenticated sessions with short expiry
- HTTPS/TLS encryption in transit for all API communication
- Database access restricted to backend services only
- Payment data handled exclusively by Razorpay (PCI-DSS compliant)
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to support@therespondly.com.
7. Your Rights
Subject to applicable law, you have the right to:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate data
- Deletion: request deletion of your account and associated data
- Portability: export your lead data via the dashboard at any time
- Objection: object to processing of your data for certain purposes
To exercise these rights, contact us at support@therespondly.com. We will respond within 30 days.
8. Cookies & Local Storage
Our dashboard uses browser localStorage to store your authentication token (JWT) for session management. We do not use third-party tracking cookies or advertising cookies. If we introduce analytics or cookies in the future we will update this policy and obtain your consent where required.
9. Children's Privacy
The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before the changes take effect. The updated policy will always be accessible at this URL with the revised effective date.
11. Contact & Grievance Officer
For any privacy-related concerns or to exercise your data rights, contact our Data Privacy team: