Privacy Policy

Your privacy matters to us

We're committed to protecting your personal data and being transparent about how we collect, use, and safeguard it.

Last updated: July 10, 2026

Overview

BotReply ("we", "our", or "us") provides a multi-channel AI customer-engagement platform: businesses build AI agents that reply to their customers on WhatsApp, Telegram, and an embeddable web chat widget, and capture enquiries from connected lead marketplaces such as IndiaMART and TradeIndia. This Privacy Policy explains how we handle information when you use our services, website, and integrations. For messages your customers send to your connected channels, we process that data on your behalf and under your instructions. By using BotReply, you agree to the practices described in this policy. We follow the principles of the EU GDPR and India's Digital Personal Data Protection (DPDP) Act, 2023.

GDPR Compliant

We follow EU data protection standards for all users worldwide.

Encrypted at Rest

Credentials and payment configuration are encrypted at rest with industry-standard authenticated encryption.

Deletion Controls

Delete conversations, knowledge items, or your entire account at any time.

You Stay in Control

Export or delete your data anytime from account settings.

Data We Collect

We collect only the information necessary to operate and improve our service.

  • Account data — name, email address, phone number, company name, and billing details.
  • Customer conversations — messages your customers send to your connected channels (WhatsApp, Telegram, web chat widget), processed to generate AI replies on your behalf.
  • Knowledge base content — documents, product data, FAQs, and website content you upload or crawl to power your AI agents.
  • Lead enquiries — buyer name, contact details, and enquiry text received from marketplaces you connect (e.g. IndiaMART, TradeIndia).
  • Channel credentials — API tokens and connection settings for the channels you connect, stored encrypted.
  • Usage data — feature interactions, log files, device and browser information.
  • Cookies — used for authentication and analytics purposes (see our Cookie Policy).

How We Use Your Data

Your data is used to provide, maintain, and improve BotReply. Specifically, we use it to deliver AI-generated replies across your connected channels, authenticate your account, process payments, send service notifications, provide customer support, and analyze aggregated usage to enhance our product. Message content is sent to the AI provider configured for your workspace solely to generate replies and search your knowledge base — we do not use your content to train AI models, and we never sell your personal data to third parties.

End-customer messages. When your customers message you on WhatsApp (via the WhatsApp Business Platform), Telegram, or the web chat widget embedded on your website, we process those messages as a data processor acting on your instructions. You remain responsible for obtaining any consent required from your customers and for complying with each platform's messaging policies, including Meta's WhatsApp Business Messaging Policy.

Data Sharing & Sub-processors

We share data only with trusted sub-processors who help us deliver our service under strict data processing agreements.

ProviderPurposeLocation
Meta (WhatsApp Business Platform)WhatsApp message deliveryGlobal
TwilioWhatsApp message delivery (BSP)USA / Global
TelegramTelegram bot message deliveryGlobal
AI providers (OpenAI, Anthropic, Google, or others you configure)AI reply generation & knowledge searchUSA / Global
Razorpay / PhonePePayment processingIndia
Google (Firebase)Sign-in with Google & product analyticsGlobal
IndiaMART / TradeIndiaLead enquiry sync (only when you connect them)India
CloudflareCDN, DNS & traffic proxyingGlobal
Cloud hosting (VPS)Application & database hostingIndia

Security

All traffic is encrypted in transit with TLS. Channel credentials, provider API keys, and payment gateway configuration are encrypted at rest. Every business account is an isolated tenant — your agents, conversations, and knowledge base are never shared with or visible to other customers. Authentication uses HttpOnly, Secure cookies, and team access is controlled by per-workspace, per-module permissions. Learn more on our Security page.

Your Rights

Depending on your jurisdiction, you have the right to access, correct, export, or delete your personal data, restrict or object to processing, and withdraw consent at any time. To exercise these rights, contact us at the email below — we respond within 30 days.

Retention. We keep your data for as long as your account is active. You can delete conversations, knowledge items, agents, and workspaces from your dashboard at any time. When you delete your account, associated data is removed from our systems within a reasonable period, except where we must retain records (such as invoices) to meet legal and tax obligations. Step-by-step instructions are on our Data Deletion page.

Cookies

We use a small number of cookies: HttpOnly authentication cookies to keep you signed in, and analytics cookies to understand product usage. The web chat widget uses browser storage (not cookies) on the websites that embed it to remember the visitor and conversation. Full details, including how to manage preferences, are in our Cookie Policy.

Questions about your privacy?

Reach our data protection team and we'll get back to you within 5 business days.