Tapaali.
Log In
Tapaali·Legal·Privacy Policy

Privacy Policy

Your privacy matters. This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have over your data.

Effective

[DD MONTH YYYY]

Last updated

[DD MONTH YYYY]

Version

1.0

Compliance

DPDP · GDPR

Privacy at a glance

A plain-language summary · Full details below

We don't sell your data. Not to advertisers, not to data brokers, not to anyone.

You own your data. We process it to provide the Service; you can export or delete it anytime.

We encrypt data in transit and at rest and maintain enterprise-grade security controls.

We're a data processor for messages you send to your end users. You remain the data controller.

01. Who We Are

This Privacy Policy describes the practices of [Tapaali Technologies Private Limited] ("Tapaali", "we", "us", "our") — a company incorporated in India with registered office at [REGISTERED ADDRESS, CITY, STATE, PIN].

We operate the Tapaali platform, a SaaS product that helps businesses send, automate, and manage WhatsApp Business messaging at scale via the official Meta WhatsApp Business Platform.

02. Scope of This Policy

This Policy applies to personal data we process when you:

  • Visit our websites (including tapaali.com and any regional subdomains).
  • Register for and use the Tapaali Platform (our "Service").
  • Communicate with us by email, chat, phone, or WhatsApp.
  • Receive marketing or sales communications from us.
  • Apply for a job with us.

This Policy does not cover:

  • Messages our Customers send to their own end users via our Platform — those are governed by each Customer's own privacy notice (our Customer is the data controller for that data).
  • Third-party websites or services linked from our Platform.

03. Controller vs Processor

Our role under data protection law depends on whose data is being processed:

When we are a Data Controller

For personal data about our Customers and website visitors — your name, email, billing details, account activity, support interactions — we act as a data controller. We decide why and how this data is processed.

When we are a Data Processor

For personal data about your End Users — the contacts you upload, message content, conversation history, chatbot responses — we act as a data processor on your behalf. You (our Customer) are the data controller. Our processing of End User data is governed by our Data Processing Addendum (DPA).

Why this matters

If you are an End User and have a question about why you received a WhatsApp message, please contact the business that sent it — we process the message on their behalf but do not control why or when it was sent.

04. Data We Collect

We collect personal data in the following categories:

CategoryExamplesSource
Account dataName, email, hashed password, phone, company nameYou, at sign-up
Billing dataBilling name/address, Tax ID, payment tokensYou & Processors
Usage dataIP address, browser, feature usage, API callsAutomatically collected
Customer ContentContact lists, templates, automation flowsYou, via Service

05. How We Use Data

  • Providing the Service — creating accounts, routing messages, dashboards.
  • Billing and payments — generating invoices, processing payments.
  • Customer support — responding to tickets, diagnosing issues.
  • Product improvement — analysing aggregated usage to improve features.
  • Security — monitoring for abuse and unauthorised access.

08. Who We Share With

We share personal data with selected recipients bound by confidentiality:

  • Meta Platforms, Inc. — To deliver WhatsApp Business Platform messages.
  • Cloud hosting (AWS/Google) — Infrastructure and secure storage.
  • Payment processors (Stripe/Razorpay) — Secure transaction handling.

10. Data Retention

  • Account data: Duration of account + 6 years (statutory).
  • Customer Content: Duration of account + 30 days, then deleted.
  • Message delivery logs: 90 days (standard).

11. Security

We implement enterprise-grade security including TLS 1.2+ encryption in transit, AES-256 at rest, and regular third-party penetration testing. No system is perfectly secure; contact security@tapaali.com for any concerns.

12. Your Rights

Access

Exercise your right to access your data anytime by contacting us.

Correction

Exercise your right to correction your data anytime by contacting us.

Deletion

Exercise your right to deletion your data anytime by contacting us.

Portability

Exercise your right to portability your data anytime by contacting us.

Restriction

Exercise your right to restriction your data anytime by contacting us.

Objection

Exercise your right to objection your data anytime by contacting us.

19. Contact Us & DPO

General Enquiries

Email: privacy@tapaali.com

We aim to respond within 7 business days.

Data Protection Officer

Email: dpo@tapaali.com