VyaptIX

Growth OS

Privacy Policy

Effective date: 2026-05-01

1. Who we are

VyaptIX Technologies LLP (“VyaptIX”, “we”, “us”) operates Growth OS, a multi-channel messaging and CRM platform for Indian small and medium businesses (the “Service”), available at https://setu.vyaptix.ai. We are an Indian limited liability partnership.

Growth OS lets our customers (“Business Users”) communicate with their own end users (“End Users”) via WhatsApp Business Platform, SMS, and email. This Privacy Policy explains how we handle personal data in both roles.

2. Roles & responsibilities

  • For Business User accounts (people who sign up to Growth OS): we are the data controller. We decide why and how your account data is processed.
  • For End User data (contacts, leads, messages uploaded or exchanged through Growth OS by a Business User): we act as a data processor on behalf of the Business User. The Business User is the controller of that data.

3. What we collect

From Business Users

  • Account data: name, email, phone, organisation name, role.
  • Authentication data via Firebase Authentication / Google sign-in.
  • Billing data: GST number, billing address, payment metadata.
  • Usage telemetry: pages viewed, features used, error events.

From End Users (uploaded by Business Users)

  • Contact identifiers: name, phone number, email, tags, custom fields.
  • Message content sent or received via WhatsApp / SMS / email.
  • Message metadata: timestamps, delivery status, read receipts.
  • Consent records: opt-in source, channel, timestamp, IP address.

4. WhatsApp Business Platform data

Growth OS integrates with WhatsApp Business Platform (operated by Meta Platforms, Inc.) to send and receive business messages on behalf of Business Users. When a Business User connects their WhatsApp Business Account through Embedded Signup:

  • We store an encrypted access token, phone number ID, and WhatsApp Business Account ID, scoped to that Business User's tenant only.
  • Inbound and outbound message content, media, and metadata are relayed through Meta's servers and stored in Growth OS for as long as the Business User retains them.
  • We never share End User WhatsApp data across tenants or with third-party advertisers.
  • Use of WhatsApp data is governed by Meta's WhatsApp Business Messaging Policy and Business Data Transfer Addendum, in addition to this policy.

5. How we use data

  • To provide, secure, and operate the Service.
  • To deliver messages on behalf of Business Users.
  • To bill and collect payments.
  • To detect abuse, fraud, and policy violations.
  • To improve product reliability via aggregated, de-identified telemetry.
  • To comply with legal obligations under Indian law.

We do not sell personal data. We do not use End User WhatsApp message content to train machine-learning models.

6. Consent & opt-in

Business Users must obtain explicit, recorded opt-in from each End User before sending them WhatsApp messages through Growth OS, and must honour STOP / UNSUBSCRIBE requests. Growth OS provides built-in tools to capture, store, and surface that consent record. Business Users are contractually responsible for the lawfulness of the contact lists they upload.

7. Sharing & sub-processors

We share data only with sub-processors required to run the Service:

  • Google Cloud Platform (hosting, Cloud SQL Postgres, Vercel-fronted compute) — primary region: Asia.
  • Vercel Inc. (application hosting and CDN).
  • Firebase / Google LLC (authentication).
  • Meta Platforms, Inc. (WhatsApp Business Platform).
  • Razorpay / Stripe (payment processing, where applicable).
  • Email and SMS gateway providers used by the Business User.

We never share data with advertisers or data brokers.

8. Data retention

  • Account data: retained while the Business User account is active, plus 90 days after closure.
  • Message content: retained as long as the Business User retains it; deleted within 30 days of an End User deletion request relayed by the Business User.
  • Consent records: retained for the lifetime of the contact plus 24 months, to satisfy audit requirements.
  • Backups: encrypted, retained for 30 days, then purged.

9. Security

  • TLS 1.2+ in transit; AES-256 at rest.
  • Postgres Row-Level Security enforces tenant isolation at the database layer.
  • Per-tenant encrypted secrets for WhatsApp tokens.
  • Least-privilege IAM, audit logging, and quarterly access reviews.

10. Your rights

Subject to applicable law (including India's Digital Personal Data Protection Act, 2023), you may request access to, correction of, or deletion of your personal data. End Users should generally contact the Business User who uploaded their data; if that is not possible, contact us using the details below and we will route the request appropriately.

To exercise rights or raise a grievance, email privacy@vyaptix.ai.

11. International transfers

Data is primarily stored in Asia. Some sub-processors (e.g. Meta, Vercel, Google) may process data in other regions. We rely on standard contractual clauses and the sub-processor's own safeguards for cross-border transfers.

12. Children

Growth OS is a B2B product not intended for children under 18. We do not knowingly collect data from minors.

13. Changes

We may update this policy. Material changes will be notified by email and a banner in the product at least 14 days before they take effect.

14. Contact

VyaptIX Technologies LLP
Email: privacy@vyaptix.ai
Support: support@vyaptix.ai