Privacy Policy
Effective date: 2026-05-01
1. Who we are
VyaptIX Technologies LLP (“VyaptIX”, “we”, “us”) operates Growth OS, a multi-channel messaging and CRM platform for Indian small and medium businesses (the “Service”), available at https://setu.vyaptix.ai. We are an Indian limited liability partnership.
Growth OS lets our customers (“Business Users”) communicate with their own end users (“End Users”) via WhatsApp Business Platform, SMS, and email. This Privacy Policy explains how we handle personal data in both roles.
1A. Our role as a Meta Tech Provider
VyaptIX Technologies LLP is a registered Tech Provider on the Meta WhatsApp Business Platform. We provide Setu by VyaptIX as a SaaS service that enables our Business Users to operate their own WhatsApp Business Accounts. Each Business User connects their own WhatsApp Business Account to Setu through Meta's Embedded Signup flow.
As a Tech Provider, our use of Platform Data (any information or data we obtain from Meta) is strictly limited as follows:
- Platform Data is used only to provide the Setu service to the Business User who owns the connected WhatsApp Business Account.
- Platform Data of one Business User is never shared with, accessed by, or used for any other Business User. Tenant isolation is enforced at the database layer via Postgres Row-Level Security and per-tenant encrypted secrets.
- We never sell, license, transfer, or otherwise make Platform Data available to advertisers, data brokers, or any third party except the sub-processors listed in Section 7 below (which act only as our infrastructure providers).
- We never use Platform Data to train machine-learning models, build user profiles for advertising, create lookalike audiences, or for any purpose unrelated to delivering the Setu service to its rightful Business User.
- Our use of Platform Data complies with Meta's Platform Terms, Developer Policies, and the WhatsApp Business Messaging and Commerce policies linked in Section 4.
2. Roles & responsibilities
- For Business User accounts (people who sign up to Growth OS): we are the data controller. We decide why and how your account data is processed.
- For End User data (contacts, leads, messages uploaded or exchanged through Growth OS by a Business User): we act as a data processor on behalf of the Business User. The Business User is the controller of that data.
3. What we collect
From Business Users
- Account data: name, email, phone, organisation name, role.
- Authentication data via Firebase Authentication / Google sign-in.
- Billing data: GST number, billing address, payment metadata.
- Usage telemetry: pages viewed, features used, error events.
From End Users (uploaded by Business Users)
- Contact identifiers: name, phone number, email, tags, custom fields.
- Message content sent or received via WhatsApp / SMS / email.
- Message metadata: timestamps, delivery status, read receipts.
- Consent records: opt-in source, channel, timestamp, IP address.
4. WhatsApp Business Platform data
Growth OS integrates with WhatsApp Business Platform (operated by Meta Platforms, Inc.) to send and receive business messages on behalf of Business Users. When a Business User connects their WhatsApp Business Account through Embedded Signup:
- We store an encrypted access token, phone number ID, and WhatsApp Business Account ID, scoped to that Business User's tenant only.
- Inbound and outbound message content, media, and metadata are relayed through Meta's servers and stored in Growth OS for as long as the Business User retains them.
- We never share End User WhatsApp data across tenants or with third-party advertisers.
- Use of WhatsApp data is governed by Meta's WhatsApp Business Messaging Policy and Business Data Transfer Addendum, in addition to this policy.
5. How we use data
- To provide, secure, and operate the Service.
- To deliver messages on behalf of Business Users.
- To bill and collect payments.
- To detect abuse, fraud, and policy violations.
- To improve product reliability via aggregated, de-identified telemetry.
- To comply with legal obligations under Indian law.
We do not sell personal data. We do not use End User WhatsApp message content to train machine-learning models.
6. Consent & opt-in
Business Users must obtain explicit, recorded opt-in from each End User before sending them WhatsApp messages through Growth OS, and must honour STOP / UNSUBSCRIBE requests. Growth OS provides built-in tools to capture, store, and surface that consent record. Business Users are contractually responsible for the lawfulness of the contact lists they upload.
7. Sharing & sub-processors
We share data only with sub-processors required to run the Service:
- Google Cloud Platform (hosting, Cloud SQL Postgres, Vercel-fronted compute) — primary region: Asia.
- Vercel Inc. (application hosting and CDN).
- Firebase / Google LLC (authentication).
- Meta Platforms, Inc. (WhatsApp Business Platform).
- Razorpay / Stripe (payment processing, where applicable).
- Email and SMS gateway providers used by the Business User.
We never share data with advertisers or data brokers.
8. Data retention
- Account data: retained while the Business User account is active, plus 90 days after closure.
- Message content: retained as long as the Business User retains it; deleted within 30 days of an End User deletion request relayed by the Business User.
- Consent records: retained for the lifetime of the contact plus 24 months, to satisfy audit requirements.
- Backups: encrypted, retained for 30 days, then purged.
9. Security
- TLS 1.2+ in transit; AES-256 at rest.
- Postgres Row-Level Security enforces tenant isolation at the database layer.
- Per-tenant encrypted secrets for WhatsApp tokens.
- Least-privilege IAM, audit logging, and quarterly access reviews.
10. Your rights
Subject to applicable law (including India's Digital Personal Data Protection Act, 2023), you may request access to, correction of, or deletion of your personal data. End Users should generally contact the Business User who uploaded their data; if that is not possible, contact us using the details below and we will route the request appropriately.
To exercise rights or raise a grievance, email privacy@vyaptix.ai or use our data deletion request page, which documents the deletion process and offers a verified request form for users who cannot sign in.
11. International transfers
Data is primarily stored in Asia. Some sub-processors (e.g. Meta, Vercel, Google) may process data in other regions. We rely on standard contractual clauses and the sub-processor's own safeguards for cross-border transfers.
12. Children
Growth OS is a B2B product not intended for children under 18. We do not knowingly collect data from minors.
13. Changes
We may update this policy. Material changes will be notified by email and a banner in the product at least 14 days before they take effect.
14. Contact
VyaptIX Technologies LLP
Email: privacy@vyaptix.ai
Support: support@vyaptix.ai