This Privacy Policy explains how SandeshAI ("SandeshAI", "we", "us", "our") collects, uses, stores, shares, retains, and deletes information when you use:
The SandeshAI WhatsApp Automation Platform and Dashboard
WhatsApp Business API Integration Services
Google Sheets Integration and Automation Features
Our website, APIs, and mobile applications
Support and communication channels
This policy includes explicit disclosures required by Google OAuth verification, WhatsApp Business API policies, and international data protection regulations.
1. About Us
SandeshAI is a WhatsApp automation platform that helps businesses manage customer communications, automate workflows, and integrate with Google Sheets. We process personal data in accordance with applicable data protection laws (GDPR, CCPA, DPDPA, etc.) and are committed to transparency, security, and user control.
2. Key Definitions
Platform: All SandeshAI services including website, dashboard, APIs, and integrations.
WhatsApp Data: Messages, contacts, and conversation data processed through WhatsApp Business API.
Google User Data: Data obtained via Google OAuth scopes you authorize.
Personal Data: Any information that identifies or relates to you.
Third-Party Services: External platforms we integrate with (WhatsApp, Google).
3. Data We Collect
3.1 Account Information
Name and email address
Phone number (for account verification)
Company name and business details (optional)
Login credentials (password hashed and encrypted)
Account preferences and settings
3.2 Billing Information
Billing name and email
Billing address and country
Subscription plan and pricing information
Transaction history and invoice records
Important: We do not store payment card details. Payment information is processed securely by our PCI-DSS compliant payment processors.
3.3 Usage Data
IP address and device information
Browser type and operating system
Pages visited and features used
Timestamps and session duration
API usage metrics and automation activity
3.4 Technical Data
Log files and error reports
Performance metrics
Cookie identifiers
Analytics data (aggregated and anonymized)
Important: We do NOT intentionally collect sensitive categories such as government IDs, financial account numbers, health records, biometric data, or children's data. If you include such data in your WhatsApp messages or spreadsheets, you do so at your own risk.
4. WhatsApp Business Data
4.1 WhatsApp Business Account Connection
When you connect your WhatsApp Business account, we collect:
WhatsApp Business Account ID
Phone Number ID
Business Profile information (name, description, address, etc.)
Custom Attributes: Any custom fields you create to store contact information
4.3 How We Use WhatsApp Data
Display conversations in your dashboard
Execute automation workflows you configure
Synchronize data with Google Sheets (if enabled)
Provide analytics and reporting on message delivery
Store conversation history for your reference
Enable AI chatbot responses (if configured)
4.4 WhatsApp Data We Do NOT Access
End-to-end encrypted message content beyond what WhatsApp Business API provides
Personal WhatsApp accounts (only Business API accounts)
Contact lists not shared through your Business account
WhatsApp payment information
WHATSAPP COMPLIANCE:
Your use of WhatsApp through our Platform is subject to WhatsApp's Business Terms of Service and Commerce Policy. YOU ARE SOLELY RESPONSIBLE for compliance with WhatsApp policies, including obtaining proper consent before messaging contacts. We are not liable for any violations or consequences arising from your use of WhatsApp Business API.
4.5 WhatsApp Data Retention
Active conversations: Retained as long as your account is active
After account deletion: Purged within 30 days
Backups: May persist in encrypted backups for up to 30 additional days
5. Google User Data & OAuth Integration
5.1 OAuth Scopes Requested
When you connect your Google account, we request:
https://www.googleapis.com/auth/spreadsheets – Read/write access to Google Sheets
https://www.googleapis.com/auth/drive.file – Access files created/opened by our app
https://www.googleapis.com/auth/userinfo.email – Your email address
openid – Authentication
5.2 Google Data We Access
Email address (for account identification)
Spreadsheet names and IDs (to display in selectors)
Sheet structure (tab names, column headers)
Cell data in configured rows/columns (for automation)
5.3 How We Use Google Data
Authenticate your Google account
List available spreadsheets for selection
Read data to find rows for updates
Write WhatsApp data to your sheets
Maintain synchronization between WhatsApp and Sheets
5.4 Google Data We Do NOT Access
Gmail messages or email content
Google Drive files (documents, images, etc.)
Google Calendar, Contacts, or Photos
Spreadsheets not explicitly selected by you
5.5 Token Security
Access tokens (1-hour expiry, auto-refreshed)
Refresh tokens (encrypted, stored securely)
Transmitted only via HTTPS/TLS
Deleted within 24 hours of disconnection
5.6 Disconnecting Google Account
You can revoke our access to your Google account at any time:
From your SandeshAI dashboard (Settings → Integrations → Disconnect Google)
Provide Services: Execute WhatsApp automations, sync data with Google Sheets
Account Management: Authenticate users, manage subscriptions, send service notifications
Customer Support: Respond to inquiries, troubleshoot issues, provide technical assistance
Service Improvement: Analyze usage patterns, fix bugs, develop new features
Security: Detect fraud, prevent abuse, protect against security threats
Legal Compliance: Meet tax obligations, respond to legal requests, enforce Terms of Service
6.2 Marketing Communications (Optional)
With your consent, we may send:
Product updates and feature announcements
Educational content and best practices
Promotional offers (you can opt-out anytime)
6.3 What We Do NOT Do With Your Data
WE DO NOT:
Sell or rent your personal data to third parties
Use WhatsApp conversation content for advertising
Share Google Sheets data with advertisers
Train AI models on your private conversations (except with explicit consent for AI chatbot features you enable)
Access your data for purposes unrelated to providing our services
7. Data Sharing and Disclosure
7.1 Service Providers
We may share data with trusted third-party service providers who help us operate the Platform, including:
Cloud hosting and infrastructure providers
Email delivery services
Analytics providers (with anonymized data)
Customer support tools
All service providers are bound by confidentiality agreements and are prohibited from using your data for purposes other than providing services to us.
7.2 Third-Party APIs
WhatsApp Business API: Message content and phone numbers are transmitted to Meta's WhatsApp servers to deliver messages
Google APIs: OAuth tokens and sheet data are transmitted to Google's servers for authentication and data synchronization
AI Processing: If you enable AI chatbot features, queries may be sent to AI service providers (e.g., OpenAI) for processing
7.3 Legal Disclosure
We may disclose your data if required by law or to:
Comply with legal obligations (subpoenas, court orders)
Protect our rights, property, or safety
Investigate fraud or security incidents
Enforce our Terms of Service
Respond to government or regulatory requests
7.4 Business Transfers
If SandeshAI is acquired, merged, or sells assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred.
7.5 With Your Consent
We may share data with third parties when you explicitly authorize us to do so (e.g., integrating with additional services you choose).
8. Data Security
8.1 Security Measures We Implement
Encryption: HTTPS/TLS for data in transit, AES-256 for sensitive data at rest
Data Isolation: Multi-tenant architecture with logical data separation
Regular Audits: Security assessments and penetration testing
8.2 Your Security Responsibilities
You are responsible for:
Keeping your password confidential and secure
Enabling two-factor authentication (recommended)
Not sharing your account credentials
Logging out of shared devices
Promptly reporting any suspected unauthorized access
Securing your own devices and internet connections
8.3 SECURITY DISCLAIMER
While we implement industry-standard security measures, NO SYSTEM IS COMPLETELY SECURE. We cannot guarantee absolute security of data transmitted over the Internet or stored on our systems.
YOU ACKNOWLEDGE AND ACCEPT THE INHERENT SECURITY RISKS OF USING INTERNET-BASED SERVICES.
9. Data Retention
Data Category
Retention Period
After Deletion
Account information
Active account lifetime
30 days grace period, then deleted
WhatsApp conversations
Active account or 90 days inactive
Deleted within 30 days
Google OAuth tokens
Until disconnected
Deleted within 24 hours
Billing records
7 years
Cannot be deleted (legal requirement)
Usage logs
30 days rolling
Auto-deleted after 30 days
Support tickets
24 months
Deleted on request
Encrypted backups
30 days
Overwritten after 30 days
After retention periods expire, data is securely deleted or anonymized. Legal requirements may require us to retain certain data longer.
10. Your Rights and Choices
10.1 Rights Under Data Protection Laws
Depending on your location (GDPR, CCPA, etc.), you may have the right to:
Access
Request a copy of the personal data we hold about you
Correction
Update or correct inaccurate information
Deletion
Request deletion of your personal data
Data Portability
Receive your data in a structured, machine-readable format
Restriction
Limit how we process your data
Objection
Object to certain types of processing
Withdraw Consent
Revoke consent for data processing
10.2 How to Exercise Your Rights
You can exercise your rights by:
Using settings in your dashboard to update or delete data
Disconnecting integrations (WhatsApp, Google) from your account settings
We will respond to requests within 30 days. For complex requests, we may need additional time and will notify you. We may verify your identity before processing requests.
11. International Data Transfers
Our services may involve data transfers to countries outside your own, including:
United States (cloud hosting, WhatsApp API)
European Union (Google data centers)
Singapore (cloud infrastructure)
Other countries where our service providers operate
When we transfer data internationally, we ensure appropriate safeguards are in place:
Standard Contractual Clauses (SCCs)
Adequacy decisions by data protection authorities
Encryption in transit and at rest
Your consent (where required)
12. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.
13. We Do Not Sell Your Data
YOUR DATA IS NOT FOR SALE
We do NOT sell, rent, trade, or otherwise transfer your personal data to third parties for monetary or other valuable consideration. We have never sold user data and have no plans to do so in the future.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
Update the "Last Updated" date
Notify you via email (for significant changes)
Display a prominent notice on the Platform
Your continued use of the Platform after changes become effective constitutes acceptance of the revised policy.