Privacy Policy

This Privacy Policy describes how Sandeshly ("we", "us", the "Platform") handles personal information when you use our unified messaging platform for WhatsApp, Facebook Messenger, and Instagram Direct.

1. Roles under the DPDP Act, 2023

The Platform is a tool that lets businesses ("Tenants") send and receive messages with their own customers using Meta's WhatsApp Business Cloud API, the Messenger Platform, and the Instagram Messaging API. Two distinct relationships exist:

• Tenant ↔ End-recipient. The Tenant decides who to message and what to send. Under India's Digital Personal Data Protection Act, 2023, the Tenant is the Data Fiduciary for the end-recipients in their contact list and is responsible for obtaining consent, providing notice, and honouring data principal rights.
• Platform ↔ Tenant. We provide the software and store the data the Tenant uses. Under the DPDP Act, we are a Data Processor acting on the Tenant's instructions, except for our minimal use of Tenant account data described in Section 4.

2. What we store about Tenants

• Account information: business name, contact name, email address, password hash (we never store plaintext passwords).
• Authentication telemetry: login times, IP addresses, user-agent strings, and outcomes of login attempts.
• WhatsApp Cloud API credentials: phone number id, WhatsApp Business Account id, display phone number, and an encrypted permanent access token.
• Acceptance record of these Terms / Privacy Policy.

3. What we store about end-recipients

When a Tenant uploads a CSV or sends a campaign, we store:

• Phone number (E.164 format), name (if provided), and tags.
• Opt-in status as marked by the Tenant.
• The original CSV filename and which Tenant user uploaded it.
• For each message sent: the rendered message body, recipient phone number, timestamps for sent/delivered/read, Meta's message id, and any error code returned by Meta.
• Verbatim copies of incoming Meta webhook payloads, capped at 200 KB each, used for dispute resolution.

3a. What we store about Messenger and Instagram users

When a Tenant connects a Facebook Page or Instagram Business Account, we additionally receive and store the following data from Meta's Messenger Platform and Instagram Messaging API:

• Sender identifiers. The Page-scoped ID (PSID) for Messenger users and the Instagram-scoped ID (IGSID) for Instagram users. These identifiers are scoped to the connected Page or Instagram account and cannot identify the individual outside of that scope.
• Public profile information. First name, last name, and profile picture URL, fetched from Meta's Graph API solely to display the sender in the operator's inbox.
• Message content. Text, stickers, reactions, quick replies, and attachments (images, audio, video, file URLs) sent in conversations with the connected Page or Instagram account, in either direction.
• Conversation metadata. Message IDs, conversation IDs, timestamps, delivery and read receipts.
• Connection metadata. Page ID and name, Instagram Business Account ID and username, and the encrypted Page or System User access token used to call Meta's APIs.
• Raw webhook payloads, capped at 200 KB each, retained for dispute resolution and debugging.

We process this data only to deliver the Messenger and Instagram inbox features the Tenant has signed up for. We do not use Messenger or Instagram message content, sender identifiers, or profile information for our own marketing, profiling, advertising, or AI training.

4. How we use the data

• To operate, secure, and debug the Platform.
• To compute usage and bill the Tenant.
• To investigate fraud, abuse, or violations of our Terms.
• To respond to Tenant support requests.
• To comply with legal obligations, court orders, and regulator inquiries.
• To produce aggregated, anonymised statistics about Platform usage.

We do not use end-recipient phone numbers, names, or message content for our own marketing, AI training, or other commercial purposes outside the operational uses listed above without explicit written consent from the relevant Data Fiduciary.

5. Sharing

• Meta. Message content, sender identifiers (phone numbers, PSIDs, IGSIDs), and related metadata are exchanged with Meta to deliver and receive messages on the connected channels. Meta's processing of WhatsApp data is governed by the WhatsApp Business Solution Terms; Meta's processing of Messenger and Instagram data is governed by the Meta Platform Terms and the Developer Policies.
• Service providers. Our hosting, database, and monitoring providers, under data-processing agreements.
• Authorities. Only when legally compelled (court order, regulator request, etc.).
• We never sell personal data.

6. Retention

• Account and audit data: retained while the account is active and for 12 months after closure for security and legal purposes, then deleted.
• Raw webhook payloads: rolled off after 90 days unless an active dispute requires retention.
• Daily usage counters: retained for 3 years for billing reconciliation.

A Tenant may request earlier deletion at any time by writing to [email protected].

7. Security

• WhatsApp access tokens are encrypted at rest using Fernet (authenticated AES).
• Passwords are hashed with bcrypt; we cannot recover plaintext passwords.
• TLS in transit when deployed behind a properly-configured TLS terminator.
• Restricted database file access on the host operating system.

The Platform is not currently certified to ISO 27001 or SOC 2. Contact us if you have specific security requirements before signing up.

8. Your rights under the DPDP Act

For data we hold as a Data Fiduciary (i.e. data about your Tenant account), you may:

• request access to your personal information;
• request correction of inaccuracies;
• request erasure (subject to legal retention obligations);
• withdraw consent;
• lodge a grievance with the Data Protection Board of India.

Write to [email protected]. We will acknowledge within 7 days and respond substantively within 30 days.

For data about your own customers (end-recipients) where you are the Data Fiduciary, you must provide a privacy notice and consent flow to them yourself. We will assist by providing the data we hold on you on your written instruction.

8a. End-user data requests (Messenger and Instagram senders)

If you sent a message to a Facebook Page or Instagram Business Account that uses Sandeshly, your message and profile information are held by us on behalf of the Page operator. The Page operator is the controller of your conversation. To request access to or deletion of your conversation data, please first contact the Page or Instagram account you messaged.

If you cannot resolve the request with the operator, write to [email protected] with the Page or Instagram account name and your Messenger / Instagram handle, and we will identify the data, delete it, and confirm in writing within 30 days. You can also see our standalone Data Deletion Instructions page.

9. Children

The Platform is not intended for use by anyone under 18. We do not knowingly process personal data of minors as a Data Fiduciary.

10. International transfers

Our primary infrastructure is in India. We may use providers with infrastructure outside India only as permitted by the DPDP Act and rules notified by the Government of India.

11. Cookies

We use a single session cookie to keep you signed in. It is HTTP-only, lax-same-site, and contains no personal information beyond a session identifier.

12. Changes to this Policy

We will post material changes on this page and notify Tenants via in-app banner or email at least 14 days before the change takes effect.

13. Grievance Officer / Contact

In accordance with the Digital Personal Data Protection Act, 2023 and the Information Technology (Intermediary Guidelines) Rules, the following individual is designated as the Grievance Officer for Sandeshly:

The Grievance Officer will acknowledge complaints within 7 days and respond substantively within 30 days, in keeping with statutory timelines.

For general queries you may also write to [email protected]. Privacy-specific queries: [email protected].