1. INTRODUCTION

Thank you for choosing Zapkaro. Your privacy matters to us.

This Privacy Policy explains how Zapkaro ("Platform", "we", "our", "us") collects, uses, shares, and protects your information when you use our services, visit our website, or interact with our platform. Please read this document carefully to understand our practices regarding your personal information.

This Privacy Policy is an electronic record under the Information Technology Act, 2000 and rules thereunder, including the Digital Personal Data Protection Act, 2023. This electronic record does not require any physical or digital signatures.

This Policy is published and shall be construed in accordance with the provisions of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 and Information Technology (Intermediaries Guidelines And Digital Media Ethics Code) Rules, 2021 under the Information Technology Act, 2000, Digital Personal Data Protection Act, 2023 and other applicable laws that require publishing of the privacy notice for collection, usage, storage, disclosure and transfer of sensitive personal data or information.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

The terms of this policy will be effective upon your acceptance of the same (directly or indirectly in electronic form, by use of the platform and/or by creating a registered account on the platform) and will govern the relationship between you and us for your use of the platform and the services rendered therein.

2. DEFINITIONS

For the purposes of this Privacy Policy:

  • Service: Service means the Zapkaro website and any related mobile application operated by Zapkaro.
  • Personal Information/Personal Data: means any information that can identify you or is associated with your identity, including but not limited to your name, email address, phone number, and business details.
  • Sensitive Personal Information: shall have the meaning as defined by applicable laws.
  • Usage Data: Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Cookies: Cookies are small files stored on your device (computer or mobile device).
  • Data Controller: Data Controller means the natural or legal person who determines the purposes for which and the manner in which any personal information are processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
  • Data Processors (or Service Providers): Data Processor means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
  • Data Subject (or User): Data Subject is any living individual who is using our Service and is the subject of Personal Data.
  • Services: refers to Zapkaro's platform, tools, and related services that enable businesses to manage communications with their users.
  • User: means any individual who uses our Services, including representatives of our business clients.
  • WhatsApp Infrastructure: refers to the WhatsApp Business API integration used to facilitate communication between users and the Zapkaro platform.

3. INFORMATION WE COLLECT

3.1 Personal Information You Provide

We collect personal information you voluntarily provide when you:

  • Register for our Services
  • Create or update your account
  • Configure your preferences
  • Contact our support team
  • Use our Services

This information may include:

  • Name and contact details (email address, phone number)
  • Login credentials (username, password)
  • Business information (company name, business address)
  • Billing and payment information
  • Profile information and preferences
  • Communication data (messages, responses, feedback)
  • Phone number associated with WhatsApp
  • Social Media login credentials
  • Any other information you choose to provide

We may use your Personal Data to contact you with phone calls, newsletters, SMS, marketing or promotional materials and other information that may be of interest to you. And irrespective of the fact that if also you have registered yourself under DND or DNC or NCPR Service, you still authorize us to give you a call for the above mentioned purposes till you have an account with us. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

3.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

  • Device information (device type, operating system, browser type)
  • IP address and location information
  • Log data (pages visited, features used, time spent, actions taken)
  • Performance and error data
  • Referral source and entry/exit pages
  • Date and time of access

3.3 Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").

This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

3.4 Behavioral Data

We shall collect information which is connected with your activity on the Website/App across all your devices using your email or social media log-in details, as well as Services that you search, and opt-ins and communication preferences.

3.5 Location Data

We may use and store information about your location if you give us permission to do so ("Location Data"). We use this data to provide features of our Service, to improve and customize our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings.

3.6 Contact List & Files

We shall allow you to upload your existing contact list that contains name, mobile number, email and other data fields to initiate conversations from our Website/App. We collect the information related to your device's audio, video and other rich media files such as PDF documents, and enable you to share rich media files to your customers through our Website/App.

3.7 Cookies and Similar Technologies

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies: We use Session Cookies to operate our Service.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes.

3.8 Device Data

We collect information about computers, phones, and other connected devices with a web connection and the presence of Our Website/App and Services and integrate this information with the various devices You use. This information includes: device features such as information about operating system, hardware and software versions, battery status, signal availability, available storage space, browser type, app or file names and types, and plug-ins, device activities such as information about the activity and behavior of the device, unique identifiers, device ID, Bluetooth signals and information about nearby WiFi access points, beacons and cell towers, information that We are permitted to collect by turning on access in device configuration, as well as providing access to GPS location, camera or photo, information such as Your mobile operator's name or ISP, language, time zone, mobile phone number, IP address, connection speed.

3.9 Information from Third Parties

We may receive information about you from:

  • WhatsApp Business Platform
  • Social media platforms if you choose to connect your account
  • Our business partners (with your consent)
  • Publicly available sources
  • Third-party social media networks including your contact lists for these services and information relating to your use of the Website/App in relation to these services, if you choose to link or sign up using a third-party social network or login service (such as Facebook, Twitter, Instagram, or Google).

3.10 WhatsApp Business Integration

When you use our WhatsApp integration features, we process communication data transmitted through the WhatsApp Business API. This may include message content, metadata, and contact information. This data is processed according to WhatsApp's terms and conditions in addition to this Privacy Policy.

4. HOW WE USE YOUR INFORMATION

4.1 Providing and Managing our Services

  • To create and maintain your account
  • To provide the functionality you request
  • To process transactions and billing
  • To offer customer support and respond to inquiries
  • To send service-related communications

4.2 Improving our Services

  • To understand how users interact with our Services
  • To identify and fix technical issues
  • To develop new features and functionality
  • To enhance user experience
  • To analyze performance and usage patterns

4.3 Communication and Marketing

  • To send you important updates and notifications
  • To provide information about new features or services
  • To deliver marketing communications (with your consent)
  • To conduct surveys and collect feedback

4.4 Legal and Security Purposes

  • To verify identity and prevent fraud
  • To comply with legal obligations
  • To enforce our Terms of Service
  • To protect our rights, property, or safety, or that of our users
  • To detect and prevent security incidents

5. LEGAL BASIS FOR PROCESSING PERSONAL DATA

If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

We may process your Personal Data because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests and it is not overridden by your rights
  • For payment processing purposes
  • To comply with the law

6. HOW WE SHARE YOUR INFORMATION

Zapkaro does not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

6.1 Service Providers

We may share information with third-party service providers who help us deliver our Services, including:

  • Cloud storage and hosting providers
  • Payment processors
  • Customer support tools
  • Analytics providers
  • Communication services

6.2 WhatsApp and Related Platforms

When you use our WhatsApp integration, your data may be processed through WhatsApp's infrastructure, including Cloud API services provided by Meta. Currently, WhatsApp messages and related data may be stored in data centers located outside India, including in North America and the European Union.

Please note that at present, data localization is not offered by the Company for any such data shared or obtained in the process of providing the WhatsApp messaging. However, we are working towards implementing data localization within India in the future.

By using our WhatsApp integration features, you acknowledge and consent to this data transfer.

6.3 Business Transfers

If Zapkaro is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

6.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

6.5 Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to protect our rights, enforce our terms and conditions, investigate fraud, or protect the safety of our users or others.

7. DATA STORAGE AND SECURITY

7.1 Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication mechanisms
  • Staff training on data protection
  • Incident detection and response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7.2 Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you delete your account, we will delete or anonymize your personal information within 90 days, except where we need to retain certain information for legitimate business or legal purposes. All WhatsApp messages and related data will be deleted upon deletion of your account.

7.3 Cloud API Data Residence

For WhatsApp messaging functionality, your data is processed via Cloud API (a Meta product). Messages and related data flow directly from Meta servers and may be stored in data centers located outside India. We will retain this data as long as you maintain an active account with us.

8. YOUR PRIVACY RIGHTS

8.1 Access and Information

You have the right to request information about what personal data we process about you, why we process it, and who receives your data.

8.2 Correction

You can request that we correct inaccurate or incomplete personal information about you.

8.3 Deletion

You can request that we delete your personal information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

8.4 Objection and Restriction

You can object to our processing of your personal information or ask us to restrict processing in certain circumstances.

8.5 Data Portability

Where technically feasible, you may request a copy of your personal information in a structured, commonly used, and machine-readable format.

8.6 Withdrawal of Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Users can opt out of marketing communications by unsubscribing from emails or replying "STOP" to any of our communication messages.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe, not exceeding 30 days. We may ask for additional information to verify your identity before fulfilling your request.

9. YOUR DATA PROTECTION RIGHTS UNDER GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

10. DATA FIDUCIARY OBLIGATIONS

As per the Digital Personal Data Protection Act, 2023 of India, we acknowledge our role as a Data Fiduciary and commit to:

  • Process personal data in a fair and reasonable manner that respects your privacy
  • Process personal data only for the purposes for which it was collected
  • Take reasonable security safeguards to prevent personal data breach
  • Ensure that personal data processed is accurate and complete
  • Delete personal data when it is no longer necessary for the purpose for which it was collected
  • Implement appropriate technical and organizational measures to demonstrate compliance