Short version: We collect only what's needed to run your AI receptionist. We don't sell your data. We store it securely in India-compliant infrastructure. You can delete everything at any time by emailing hello@vakoza.com.
1. Who We Are
Vakoza is an AI receptionist service for Indian small businesses. When you use Vakoza, your business gets a 24/7 AI agent that handles WhatsApp messages and voice calls — booking appointments and answering queries on your behalf.
This policy applies to vakoza.com and the Vakoza app. For questions, contact us at hello@vakoza.com.
2. What Data We Collect
Business owner data (you):
- Name, email address, phone number
- Business name, type, and operating hours
- Services and pricing information you provide
- Google Calendar connection (if you choose to connect)
Your customers' data (collected by your AI agent):
- Name and phone number (required to book appointments)
- Appointment date, time, and reason for visit
- Conversation transcripts from voice calls and WhatsApp chats
Technical data:
- IP addresses (for rate limiting and security)
- Browser and device type
- Usage logs (for debugging and service improvement)
3. Why We Collect It
- To provide the service — your AI agent needs your business info to answer customer queries correctly
- To book appointments — customer name and phone are required to create calendar entries
- To send notifications — we alert you when a new appointment is booked
- To handle billing — subscription and payment records
- To improve the service — anonymised usage patterns help us make Vakoza better
4. Who We Share Data With
We use the following third-party services to operate Vakoza. Each acts as a data processor under our instructions:
- Supabase — database and authentication (data stored on AWS in the EU; we use their India-compliant tier)
- ElevenLabs — AI voice and conversation engine (processes call audio and transcripts)
- Twilio — telephony infrastructure for voice calls and WhatsApp
- Google Calendar — appointment syncing (only if you connect your calendar)
- Cashfree Payments — billing and subscription management (Indian payment processor)
We do not sell, rent, or share your data with advertisers or any other third parties for commercial purposes.
5. Data Retention
- Appointment records — retained for 2 years, then deleted
- Conversation transcripts — retained for 90 days, then purged
- Account data — retained while your account is active; deleted within 30 days of account closure
- Billing records — retained for 7 years as required by Indian tax law
6. Your Rights Under the DPDP Act 2023
Under India's Digital Personal Data Protection Act 2023, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate data
- Erasure — request deletion of your personal data (we will comply within 30 days, except where retention is legally required)
- Grievance redressal — raise a complaint with us; we will respond within 7 business days
To exercise any of these rights, email hello@vakoza.com with the subject line "Data Request".
7. Your Customers' Rights
As a Vakoza user, you are a Data Fiduciary under the DPDP Act for your customers' data. You are responsible for:
- Informing your customers that an AI agent handles their initial enquiries
- Honouring any data deletion requests from your customers
If your customer contacts us directly for data deletion, we will delete their data from Vakoza's systems and notify you.
8. Security
We take security seriously:
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Database access is protected by Row Level Security (RLS) — each client can only see their own data
- Webhook endpoints use HMAC secret validation to prevent unauthorised access
- We do not store raw payment card details — all payments are handled by Cashfree
9. Cookies
We use only functional cookies — specifically, Supabase Auth uses a session cookie to keep you logged in. We do not use advertising cookies or third-party tracking.
10. Children's Privacy
Vakoza is a B2B service intended for business owners. We do not knowingly collect data from anyone under the age of 18.
11. Changes to This Policy
If we make material changes to this policy, we will notify you by email at least 14 days before the changes take effect. Continued use of Vakoza after that date constitutes acceptance.
12. Contact
For any privacy-related questions or requests:
- Email: hello@vakoza.com
- Subject line: "Privacy" or "Data Request"
- We respond within 7 business days