Privacy Policy

We collect the following categories of information when you use the Botify platform: Personal Information • Name, email address, phone number, and company details provided during account registration • Billing information, including GST number and payment method details • Government-issued identification when required for DLT registration or compliance verification Usage Data • Log data such as IP address, browser type, device information, and access timestamps • Feature usage patterns, API call logs, and dashboard interactions • Performance metrics and error reports Communication Data • Message content, templates, and media transmitted through our platform on your behalf • Delivery status, read receipts, and engagement metrics for messages sent through our Service • Contact lists and recipient information uploaded by you for messaging campaigns We collect this information directly from you, automatically through your use of the Service, and from third-party integrations you connect to your Botify account.

We use the information we collect for the following purposes: Service Delivery • Providing, maintaining, and improving the Botify platform and its features • Processing and delivering messages across WhatsApp, RCS, SMS, and email channels • Managing your account, billing, and subscription • Providing customer support and responding to your inquiries Analytics & Improvement • Analyzing usage patterns to improve platform performance and reliability • Generating aggregated, anonymized insights to enhance our services • Conducting research and development for new features • Monitoring and preventing fraud, abuse, and technical issues Marketing & Communication • Sending service-related notifications (billing alerts, maintenance updates, security notices) • Providing product updates, feature announcements, and educational content • Sharing relevant offers and promotions (only with your consent, and you may opt out at any time)

We share your data only as necessary to deliver the Service and as described below. We never sell your personal data to third parties. Service Partners • Meta / WhatsApp — Message content and recipient phone numbers are transmitted to Meta for WhatsApp Business API delivery • Google — Campaign data is shared with Google for RCS delivery and advertising services • Telecom Carriers — SMS content and recipient numbers are shared with carriers for message delivery Infrastructure & Payment Processors • Cloud hosting providers for data storage and processing • Payment gateways for processing subscription and credit purchases • Email delivery infrastructure partners Legal & Compliance • When required by law, regulation, legal process, or government request • To protect the rights, property, or safety of Botify, our users, or the public • In connection with a merger, acquisition, or sale of assets (with prior notice to affected users) All third-party partners are bound by data processing agreements and are prohibited from using your data for any purpose other than providing the specified services.

We implement comprehensive security measures to protect your data: Encryption • All data in transit is encrypted using TLS 1.2 or higher • Data at rest is encrypted using AES-256 encryption • API keys and sensitive credentials are stored using industry-standard vault solutions Certifications & Standards • SOC 2 Type II certified — demonstrating our commitment to security, availability, and confidentiality • ISO 27001 certified — adhering to international information security management standards • Regular penetration testing and vulnerability assessments by independent security firms Access Controls • Role-based access controls for all internal systems • Multi-factor authentication for employee access to production systems • Regular access reviews and principle of least privilege enforcement • Comprehensive audit logging of all data access Incident Response • Dedicated security team with 24/7 monitoring • Documented incident response procedures • Commitment to notify affected users within 72 hours of a confirmed data breach

You have the following rights regarding your personal data: • Right of Access — Request a copy of the personal data we hold about you • Right to Correction — Request correction of inaccurate or incomplete personal data • Right to Deletion — Request deletion of your personal data, subject to legal retention requirements • Right to Data Portability — Request your data in a structured, machine-readable format • Right to Object — Object to processing of your data for direct marketing purposes • Right to Restrict Processing — Request restriction of processing in certain circumstances • Right to Withdraw Consent — Withdraw previously given consent at any time To exercise any of these rights, please contact us at privacy@botify.in. We will respond to your request within 30 days. We may ask for additional information to verify your identity before processing your request.

We use cookies and similar tracking technologies on our website and platform: Essential Cookies • Session management and authentication • Security features and fraud prevention • Load balancing and performance optimization Analytics Cookies • Understanding how users interact with our platform • Measuring the effectiveness of features and campaigns • We use tools such as Google Analytics for this purpose Marketing Cookies • Tracking the effectiveness of our advertising campaigns • Providing relevant advertisements on third-party platforms • Social media integration You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may affect the functionality of the Service. We honor Do Not Track (DNT) signals sent by your browser.

Our platform integrates with various third-party services. When you connect these services to your Botify account, your data may be shared with and processed by these providers according to their own privacy policies: • Meta Platforms (WhatsApp, Facebook, Instagram) — Meta Privacy Policy • Google (RCS, Google Ads, Analytics) — Google Privacy Policy • Payment processors — Respective payment provider privacy policies • Cloud infrastructure providers — Respective cloud provider privacy policies We encourage you to review the privacy policies of any third-party services you connect to your Botify account. We are not responsible for the privacy practices of third-party services.

The Botify platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe that a child has provided us with personal data, please contact us at privacy@botify.in.

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). Key provisions include: Legal Basis for Processing • Contract performance — Processing necessary to deliver the Service • Legitimate interests — Analytics, security, and service improvement • Consent — Marketing communications and optional data processing • Legal obligation — Compliance with applicable laws and regulations International Data Transfers • When data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms • Our primary data processing occurs in India, with appropriate safeguards in place Data Protection Officer • We have designated a Data Protection Officer (DPO) to oversee GDPR compliance • You may contact our DPO at privacy@botify.in Supervisory Authority • You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy: • Account data — Retained for the duration of your account plus 30 days after deletion • Communication data — Message logs are retained for 90 days for delivery verification, then anonymized • Billing data — Retained for 7 years as required by Indian tax regulations • Usage analytics — Anonymized and aggregated after 24 months You may request earlier deletion of your data by contacting privacy@botify.in, subject to applicable legal retention requirements.

We may update this Privacy Policy from time to time. When we make material changes, we will: • Update the "Last Updated" date at the top of this page • Notify you via email or in-app notification • Provide at least 15 days notice before material changes take effect We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: • Privacy Inquiries: privacy@botify.in • General Support: support@botify.in • Website: https://botify.in • Address: Botify, Salem, Tamil Nadu, India We aim to respond to all privacy-related inquiries within 30 days.