Privacy Policy

Zappio Technologies Private Limited ("Zappio", "we", "us", or "our") operates the website zappio.in and the Zappio AI calling platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use our Services.

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

2.1 Information You Provide

• Account registration details: name, email address, phone number, organisation name.
• Billing and payment information (processed by PCI-DSS-compliant third-party payment processors — we do not store raw card numbers).
• Voice bot configuration data: call scripts, qualification questions, routing rules.
• Communications you send us: support requests, feedback, correspondence.
• Onboarding form responses and preferences.

2.2 Information We Collect Automatically

• Usage data: pages visited, features used, time spent, clicks, session duration.
• Device and browser data: IP address, browser type, operating system, device identifiers.
• Log files: server access logs, error logs, API request logs.
• Cookies and similar tracking technologies (see Section 6).

2.3 Call and Voice Data (Platform Users)

When Zappio places or receives AI-assisted calls on behalf of your organisation, we process:

• Call recordings and audio files.
• AI-generated transcriptions and summaries.
• Lead response data: intent signals, conversation outcomes, qualification scores.
• Caller metadata: phone numbers, call duration, timestamps.

2.4 Third-Party Sources

• Lead data imported by you from CRM systems or third-party lead portals (99acres, Housing.com, MagicBricks, etc.).
• OAuth sign-in providers (Google) — limited to name, email, and profile picture.
• Analytics partners providing aggregated website behaviour data.

We use the information we collect for the following purposes:

3.1 Service Delivery

• Provisioning, operating, and improving the Zappio platform.
• Processing and routing AI voice calls on your behalf.
• Generating call transcriptions, summaries, and lead intelligence reports.
• Syncing call outcomes with your connected CRM.
• Sending transactional notifications (call completions, credit alerts, billing).

3.2 Account & Billing Management

• Creating and managing your account and subscription.
• Processing payments and issuing invoices.
• Detecting and preventing fraudulent activity.

3.3 Product Improvement & Research

• Analysing anonymised usage patterns to improve AI model accuracy.
• Conducting internal research on call quality and feature effectiveness.
• Training AI models on anonymised, aggregated voice and text data (never on personally identifiable audio without consent).

3.4 Communications

• Responding to support requests and enquiries.
• Sending product updates, feature announcements, and newsletters (opt-out available).
• Legal and compliance notifications.

3.5 Legal & Safety

• Complying with applicable laws, court orders, or regulatory requirements.
• Enforcing our Terms of Service.
• Protecting the rights, property, or safety of Zappio, our users, or the public.

We do not sell, rent, or trade your personal data. We share information only in the following limited circumstances:

4.1 Service Providers (Data Processors)

We engage trusted third-party vendors who process data strictly on our instructions:

• Cloud infrastructure providers (hosting, storage, compute).
• Payment processors (Razorpay, Stripe — subject to their own PCI-DSS compliance).
• Telephony providers (for placing AI calls via TRAI-registered infrastructure).
• Analytics platforms (aggregated, anonymised data only).
• Email and notification delivery services.
• Error monitoring and logging tools.

All processors are bound by data processing agreements requiring them to protect your data.

4.2 Your Connected Integrations

When you connect Zappio to a CRM (Salesforce, HubSpot, Zoho, etc.) or lead portal, call outcome data is shared with that platform per your configuration. You control these connections.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you before your data becomes subject to a different privacy policy.

4.4 Legal Obligations

We may disclose information if required to do so by law, court order, or governmental authority under the IT Act, 2000 or any other applicable Indian legislation, or to protect the rights and safety of Zappio and its users.

4.5 Aggregated & Anonymised Data

We may share aggregated statistical information (e.g., "X% of real estate leads respond within 2 minutes") that cannot be used to identify any individual.

Zappio's servers are primarily located in India. We use reputable cloud providers that maintain certified data centres.

5.1 Retention Periods

After the applicable retention period, data is securely deleted or anonymised. You may request earlier deletion (subject to legal hold obligations) — see Section 7.

We use cookies and similar technologies to operate and improve our Services.

6.1 Types of Cookies We Use

• Strictly Necessary: Essential for authentication, session management, and security. Cannot be disabled.
• Functional: Remember your preferences (language, theme, dashboard layout).
• Analytics: Understand how users interact with our site (page views, feature usage). Data is aggregated and anonymised.
• Marketing: Track campaign effectiveness. Only set with your consent.

6.2 Managing Cookies

You can control cookies through your browser settings. Disabling strictly necessary cookies will impair core functionality. For analytics and marketing cookies, you may opt out via our cookie consent banner or by adjusting browser settings. Most modern browsers allow you to refuse new cookies and delete existing ones.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws, you have the following rights regarding your personal data:

7.1 Rights under the DPDP Act, 2023

• Right to Access (Section 11): Obtain confirmation of what personal data we hold about you and a summary of how it is being processed.
• Right to Correction & Erasure (Section 12): Request correction of inaccurate or incomplete data, and erasure of data no longer necessary for its original purpose.
• Right to Grievance Redressal (Section 13): Lodge a grievance with our Grievance Officer (see Section 15).
• Right to Nominate (Section 14): Nominate another individual to exercise your rights in the event of your death or incapacity.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.

7.2 Additional Rights (IT Rules, 2011 & General Practice)

• Right to review and update your personal data via your account settings.
• Right to opt out of marketing communications at any time.
• Right to data portability for data you have provided to us (available on request).
• Right to object to processing for direct marketing purposes.

7.3 How to Exercise Your Rights

Submit a request by emailing privacy@zappio.in. We will respond within 30 days of receiving a verifiable request. We may need to verify your identity before processing certain requests.

We implement industry-standard technical and organisational security measures to protect your data against unauthorised access, disclosure, alteration, or destruction.

8.1 Technical Measures

• TLS 1.2+ encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Role-based access controls (RBAC) limiting data access to authorised personnel only.
• Regular penetration testing and vulnerability assessments.
• Secure coding practices and dependency audits.
• Multi-factor authentication (MFA) for administrative access.

8.2 Organisational Measures

• Security awareness training for all staff handling personal data.
• Data access logging and anomaly detection.
• Incident response procedures compliant with CERT-In guidelines.
• Vendor security assessments for all data processors.

8.3 Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will notify affected users and the relevant authorities within the timelines required under the DPDP Act, 2023 and CERT-In Directions, 2022 (within 6 hours of discovery for reportable incidents).

Zappio's Services are not directed at, and we do not knowingly collect personal data from, individuals under the age of 18. This is consistent with our obligations under the DPDP Act, 2023, which imposes heightened obligations on the processing of children's personal data.

If we become aware that we have inadvertently collected personal data of a minor without verifiable parental consent, we will delete such data promptly. If you believe we have collected data from a minor, please contact us at privacy@zappio.in.

Zappio operates AI calling infrastructure in full compliance with Indian telecommunications regulations:

10.1 TRAI Compliance

• All outbound calls are placed through TRAI-registered telemarketing infrastructure.
• We maintain and honour Do Not Disturb (DND) / National Customer Preference Registry (NCPR) registrations. Numbers registered on DND are not called without explicit opt-in consent.
• Calling hours are restricted to 9:00 AM – 9:00 PM IST as mandated by TRAI.
• All calls include a caller identification compliant with TRAI's Telecom Commercial Communications Customer Preference Regulations, 2018.

10.2 Customer Consent for AI Calls

Zappio customers (organisations using our platform) are responsible for ensuring that they have obtained valid, documented consent from their leads before initiating AI calls through our platform. Zappio provides consent management tooling but the legal obligation to obtain consent rests with the customer.

10.3 Call Recording Disclosure

All calls placed through Zappio include an automated disclosure at the beginning of the call informing the called party that the call is AI-assisted and may be recorded for quality and legal compliance purposes.

Zappio uses artificial intelligence and machine learning to deliver its core services. This section specifically addresses how AI interacts with your data.

11.1 How AI Uses Your Data

• Call transcription: audio is converted to text using automated speech recognition (ASR) models.
• Conversation analysis: AI extracts intent, sentiment, and qualification signals from transcripts.
• Lead scoring: AI assigns lead quality scores based on conversation patterns.
• Script optimisation: anonymised aggregate conversation data is used to improve call script effectiveness.

11.2 Model Training

We do not use personally identifiable voice recordings or transcripts to train our AI models without explicit, written consent. We use only anonymised, aggregated data for model improvement.

11.3 Human Review

A small number of calls may be reviewed by Zappio quality assurance staff to evaluate and improve AI accuracy. Such reviewers are bound by strict confidentiality obligations and access controls.

Zappio's primary data processing occurs within India. However, some of our third-party service providers (e.g., cloud infrastructure, analytics tools) may process data in other jurisdictions.

Where data is transferred outside India, we ensure that:

• The recipient country provides an adequate level of data protection, or
• Appropriate safeguards are in place (Standard Contractual Clauses or equivalent agreements), or
• The transfer is necessary for the performance of a contract with you.

Cross-border data transfers will be governed by the provisions of the DPDP Act, 2023 and any rules or notifications issued thereunder by the Central Government designating permissible countries for data transfer.

We process personal data under the following legal bases as recognised under Indian law:

13.1 Information Technology Act, 2000 & IT (SPDI) Rules, 2011

• We are a "body corporate" as defined under the IT Act and comply with the SPDI Rules, 2011 for the collection and processing of sensitive personal data.
• Sensitive personal data (financial information, passwords) is collected only with prior written consent and is used solely for the purpose for which it was collected.
• We maintain a privacy policy as mandated under Rule 4 of the SPDI Rules, 2011.

13.2 Digital Personal Data Protection Act, 2023 (DPDP Act)

• Consent (Section 6): We obtain free, specific, informed, unconditional, and unambiguous consent from Data Principals (users) before processing personal data, where required.
• Legitimate Uses (Section 7): Certain processing is permitted without consent for specified legitimate uses, including processing by the State for public interest, legal proceedings, medical emergencies, and employment-related purposes.
• Obligations of Data Fiduciary (Section 8): Zappio, as a Data Fiduciary, ensures data accuracy, completeness, and implements appropriate technical and organisational measures to ensure compliance.

13.3 Consumer Protection (E-Commerce) Rules, 2020

As an e-commerce platform, we comply with the Consumer Protection (E-Commerce) Rules, 2020, including maintaining clear return, refund, and grievance redressal policies.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Send an email notification to registered account holders.
• Display a prominent notice on our website for 30 days.

Your continued use of the Services after the effective date of the revised policy constitutes your acceptance of the updated terms. If you do not agree to the changes, you should discontinue use and may request deletion of your account.

For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact: