Effective 2026-05-01

Privacy Policy

How we collect, use, and protect your data.

Who we are

Cualify is operated by [Cualify LLP, IFSC, India]. The Data Protection Officer can be reached at dpo@cualify.in.

What we collect

(a) Account data: name, email, phone, organisation, billing details. (b) Usage data: campaigns, calls, transcripts, recordings, credits debited. (c) Telemetry: IP, user agent, error logs, product analytics events.

Lawful basis

Most processing is necessary to perform the Agreement. Outbound calling and recording rely on your representation that valid consent has been captured from end-recipients.

Where data is stored

Postgres + recordings + transcripts: Mumbai (ap-south-1). Email transactional logs: EU. Product analytics: EU (cookie-less). No PII leaves Indian soil without a DPA.

Sharing

We share data only with the sub-processors listed at /security#sub-processors. We do not sell personal data.

Your rights (DPDP)

Access, erasure, portability, and consent withdrawal requests are fulfilled within 30 days. Submit through the in-app DSR inbox or email dpo@cualify.in.

Retention

Recordings: default 90 days, configurable up to 365. Transcripts: same retention as recordings, plus 30 days for redacted backups. Account data: lifetime of account + 7 years for tax compliance.

Security

Encryption at rest (AES-256) and in transit (TLS 1.3). Multi-tenant isolation via Postgres RLS. SSO + MFA for staff access. Annual penetration tests once revenue exceeds ₹10 lakh MRR.

Phase 2 placeholder. The final wording is reviewed by counsel before public launch — not legal advice.