Privacy Policy

Last Updated: January 17, 2026

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, company details, billing information
• Business Verification: Business registration documents, GST details, authorized signatory information (as required by TRAI)
• Payment Information: Credit card details, UPI information, bank account details (processed securely through PhonePe)
• Communications Data: Messages, contact lists, templates, and media files you upload to our platform

1.2 Automatically Collected Information

• Usage Data: API calls, message delivery status, platform interactions
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: Session cookies, authentication tokens, preference cookies
• Log Data: Access times, pages viewed, system activity logs

2. How We Use Your Information

• Service Delivery: Provide WhatsApp Business API and RCS messaging services
• Account Management: Create, maintain, and secure your account
• Payment Processing: Process transactions and maintain billing records
• Compliance: Comply with TRAI regulations, WhatsApp Business Policy, and legal obligations
• Communication: Send service updates, technical notices, security alerts
• Analytics: Monitor platform performance, analyze usage patterns, improve services
• Security: Detect fraud, prevent abuse, protect platform integrity

3. Legal Basis for Processing (GDPR Compliance)

We process your personal data based on:

• Contractual Necessity: To fulfill our service agreement with you
• Legitimate Interests: To improve services, prevent fraud, ensure security
• Legal Obligations: To comply with TRAI, IT Act 2000, and other regulations
• Consent: Where specifically obtained for marketing or optional features

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

• Meta (WhatsApp): For WhatsApp Business API message delivery
• Jio/Airtel/Vi: For RCS message delivery through telecom operators
• PhonePe: For payment processing
• Cloud Providers: For hosting and storage (AWS/Google Cloud)
• Analytics Tools: For service improvement and monitoring

4.2 Legal Requirements

We may disclose information when required to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms and Conditions
• Protect rights, property, or safety of BharatReach, users, or public
• Respond to TRAI directives or telecom regulatory requirements

5. Data Retention

• Active Accounts: Data retained while account is active
• Message Logs: Retained for 90 days as per TRAI guidelines
• Billing Records: Retained for 7 years as per Indian tax laws
• After Account Closure: Data deleted within 30 days, except where legal retention is required

6. Data Security

We implement industry-standard security measures:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Access Controls: Role-based access, multi-factor authentication
• Monitoring: 24/7 security monitoring and incident response
• Audits: Regular security audits and vulnerability assessments
• Compliance: ISO 27001, SOC 2 compliant infrastructure

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal obligations)
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request limited processing of your data
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected]

8. TRAI Compliance

In compliance with Telecom Regulatory Authority of India (TRAI) regulations:

• We maintain mandatory message logs and headers as required
• We verify business legitimacy before providing services
• We comply with DND (Do Not Disturb) registry requirements
• We implement content filtering for promotional messages
• We maintain audit trails for regulatory inspections

9. WhatsApp Business Policy Compliance

• Messages must comply with WhatsApp Commerce and Business Policies
• User consent required before sending messages
• Opt-out mechanisms must be provided
• Message templates subject to Meta approval
• Quality ratings and limits enforced by WhatsApp

10. International Data Transfers

Your data may be transferred to and processed in countries outside India. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)
• Compliance with cross-border data transfer regulations

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Cookies and Tracking

We use cookies for:

• Essential: Authentication, security, session management
• Functional: User preferences, language settings
• Analytics: Usage patterns, performance monitoring (with consent)

You can control cookies through your browser settings.

13. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

• Email notification to your registered email address
• Prominent notice on our website
• In-app notification

14. Contact Us

For privacy-related inquiries or to exercise your rights:

15. Grievance Redressal

Under Indian IT Act 2000 and Rules, we have appointed a Grievance Officer: