Privacy Policy

This Privacy Policy ("Policy") is published in accordance with the provisions of the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and other applicable laws of India, including but not limited to the Digital Personal Data Protection Act, 2023 ("DPDP Act"). This Policy governs the collection, use, storage, processing, transfer, disclosure, and protection of information — including personal data, sensitive personal data, and non-personal data — provided by users ("User", "you", "your") of the websites, applications, platforms, products, and services (collectively, "Services") owned, operated, and managed by KSBM Infotech Pvt Ltd ("Company", "KSBM", "we", "us", "our"), a company duly incorporated under the Companies Act, 2013, having its registered office in Delhi, India.

By accessing, browsing, registering on, or using any of our Services — including but not limited to our website at ksbminfotech.com, AI chatbot widgets, WhatsApp AI agents, voice bots, CRM platforms, marketing automation tools, mobile applications, APIs, consultation forms, lead generation tools, payment portals, and any other digital or physical medium through which we interact with you — you expressly and unconditionally consent to the collection, use, storage, processing, disclosure, and transfer of your information as described in this Privacy Policy. If you do not agree to this Policy in its entirety, you must immediately cease using our Services.

1. DEFINITIONS AND INTERPRETATION

1.1. "Personal Data" means any data about an individual who is identifiable by or in relation to such data, including but not limited to name, email address, phone number, postal address, IP address, device identifiers, geolocation data, biometric data, financial information, employment details, communication records, browsing history, cookies, and any other data that can, directly or indirectly, identify a natural person.

1.2. "Sensitive Personal Data or Information" (SPDI) as defined under the SPDI Rules includes passwords, financial information (bank account, credit/debit card, payment instrument details), physical/physiological/mental health conditions, sexual orientation, medical records/history, biometric information, and any other information as may be prescribed.

1.3. "Data Fiduciary" means KSBM Infotech Pvt Ltd, which alone or in conjunction with other persons determines the purpose and means of processing of personal data.

1.4. "Data Principal" means the individual to whom the personal data relates.

1.5. "Processing" includes collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction of data.

1.6. "Third Party" means any entity or individual other than the User and the Company, including but not limited to vendors, partners, service providers, payment processors, analytics providers, advertising networks, cloud hosting providers, and government authorities.

2. INFORMATION WE COLLECT

2.1. Information You Provide Directly:

• Full legal name, business name, designation, and organization details
• Email address (personal and/or business), phone numbers (mobile, landline, WhatsApp)
• Postal address, city, state, country, and PIN code
• Date of birth, gender, and age
• PAN, GST number, Aadhaar (where legally permissible and necessary), and other identification documents
• Bank account details, UPI ID, payment card information, and billing address for payment processing
• Login credentials including usernames, passwords (stored in encrypted form), security questions and answers
• Business requirements, project specifications, industry type, budget range, and service preferences communicated via forms, email, WhatsApp, phone calls, or meetings
• Feedback, reviews, testimonials, survey responses, complaints, and support tickets
• Any documents, files, images, or media uploaded through our platforms
• Communication records — including but not limited to WhatsApp messages, chat transcripts with our AI chatbots, email exchanges, recorded phone calls (where consent is obtained), and video call recordings

2.2. Information Collected Automatically:

• IP address, browser type and version, operating system, device type, screen resolution, and language preferences
• Pages visited, links clicked, time spent on pages, scroll depth, session duration, referring URL, and exit pages
• Cookies, web beacons, pixel tags, local storage data, and similar tracking technologies
• Geolocation data (approximate location derived from IP address or precise GPS location if permission granted)
• Device identifiers including IMEI, advertising ID, hardware model, and unique device tokens
• Internet service provider (ISP) information and network connection type
• Interaction data with our AI chatbots, voice bots, and automated systems — including queries submitted, responses received, conversation flow patterns, and engagement metrics

2.3. Information from Third Parties:

• Information from social media platforms (Facebook, LinkedIn, Instagram, Twitter/X, Google) when you interact with our social media profiles, click on our ads, or use social login features
• Lead information from advertising platforms including Google Ads, Meta Ads (Facebook/Instagram), LinkedIn Ads, and other digital marketing channels
• Payment confirmation and transaction data from payment gateways (Razorpay, PayU, Cashfree, Stripe, etc.)
• Analytics data from Google Analytics, Microsoft Clarity, Hotjar, Meta Pixel, and similar analytics tools
• Publicly available information from business directories, government registries, LinkedIn profiles, and professional databases
• Information shared by your organization or employer when they engage our services on your behalf

3. PURPOSE OF COLLECTION AND USE OF INFORMATION

We collect and process your information for the following purposes, which you expressly consent to:

• Service Delivery: To provide, maintain, personalize, and improve our AI automation services, chatbots, voice bots, CRM solutions, marketing automation, appointment booking systems, and all other products and services offered by KSBM Infotech
• Communication: To respond to your inquiries, provide customer support, send service-related notifications, project updates, delivery status, and operational communications via email, SMS, WhatsApp, phone calls, push notifications, and in-app messages
• Marketing and Promotions: To send promotional materials, newsletters, special offers, event invitations, product announcements, blog updates, industry insights, and marketing communications. You may opt out of marketing communications at any time, but operational/transactional communications will continue.
• Analytics and Improvement: To analyze usage patterns, user behavior, engagement metrics, conversion data, and service performance to improve our platforms, develop new features, optimize user experience, and enhance our AI models and algorithms
• AI Training and Enhancement: To use anonymized and aggregated data — including chatbot interactions, voice bot conversations, and user queries — to train, improve, and refine our AI models, machine learning algorithms, natural language processing systems, and automated decision-making processes
• Payment Processing: To process payments, verify transactions, detect and prevent fraud, manage billing, issue invoices and receipts, and comply with financial regulations
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, including tax laws, data protection regulations, court orders, and regulatory inquiries
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activities, security breaches, terms of service violations, and to protect our rights, property, safety, and the rights of our users
• Research and Development: To conduct internal research, statistical analysis, trend identification, benchmarking, and product development using anonymized and aggregated data
• Lead Generation and Sales: To identify potential customers, qualify leads, nurture prospects through automated and manual outreach, and facilitate the sales process for our Services
• Account Management: To create, maintain, and manage user accounts, authenticate identity, manage preferences, and provide personalized experiences
• Integration Services: To facilitate integration with third-party platforms, APIs, CRM systems, ERP systems, and other business tools as required for service delivery

4. COOKIES AND TRACKING TECHNOLOGIES

4.1. We use cookies, web beacons, pixel tags, local storage, session storage, and similar tracking technologies to collect information about your interactions with our Services. These technologies serve the following purposes:

• Essential Cookies: Required for basic functionality including navigation, authentication, login sessions, form submissions, and security features. These cannot be disabled without impairing core functionality.
• Performance/Analytics Cookies: Google Analytics 4, Microsoft Clarity, Hotjar — used to understand how users interact with our Services, measure traffic, identify popular content, track conversion rates, and improve performance.
• Advertising/Marketing Cookies: Meta Pixel (Facebook), Google Ads, LinkedIn Insight Tag — used for retargeting, lookalike audience creation, ad performance measurement, and attribution modeling.
• Functional Cookies: Remember user preferences, language settings, theme preferences, previously viewed pages, and customize the user experience.

4.2. By continuing to use our Services, you consent to the use of all cookies and tracking technologies described herein. You may control cookies through your browser settings; however, disabling cookies may limit certain functionality of our Services. KSBM Infotech shall not be liable for any diminished user experience resulting from disabled cookies.

4.3. Third-party cookies placed by our advertising and analytics partners are governed by their respective privacy policies. KSBM Infotech does not control and is not responsible for the practices of third-party cookie providers.

5. DATA SHARING AND DISCLOSURE

5.1. KSBM Infotech may share, transfer, or disclose your information — in whole or in part — to the following categories of recipients, and you hereby provide your explicit consent for such sharing:

• Service Providers and Vendors: Cloud hosting providers (AWS, Google Cloud, Azure, DigitalOcean, Vultr), payment gateways (Razorpay, PayU, Cashfree, Stripe), email service providers (SendGrid, Mailchimp, AWS SES), SMS providers, WhatsApp Business API providers (Meta), AI/ML service providers (OpenAI, Google AI, Anthropic), analytics platforms, and other technology vendors essential for service delivery
• Business Partners: Strategic partners, resellers, referral partners, white-label clients, and affiliate partners who assist in providing, marketing, or distributing our Services
• Advertising Partners: Google, Meta (Facebook/Instagram), LinkedIn, Twitter/X, and other advertising networks for targeted advertising, retargeting, lookalike audience creation, and marketing optimization
• Group Companies and Affiliates: KSBM Infotech's parent company, subsidiaries, joint ventures, and affiliated entities for internal business purposes, consolidated analytics, and shared service delivery
• Legal and Regulatory Authorities: Government agencies, law enforcement authorities, courts, tribunals, regulatory bodies, and other entities as required or permitted by law, court orders, legal processes, or governmental requests
• Professional Advisors: Lawyers, auditors, chartered accountants, consultants, and financial advisors engaged by KSBM Infotech for professional services
• During Business Transfers: In connection with any merger, acquisition, restructuring, asset sale, joint venture, financing, or bankruptcy of KSBM Infotech, your information may be transferred to the acquiring or resulting entity
• With Your Consent: To any other third party where you have provided express consent for such disclosure

5.2. KSBM Infotech shall not be responsible for the privacy practices or data handling of third parties to whom your data is disclosed in accordance with this Policy. Users are advised to review the privacy policies of such third parties independently.

6. DATA STORAGE, RETENTION, AND SECURITY

6.1. Storage: Your information is stored on secure servers managed by reputable cloud service providers located in India and other jurisdictions as necessary for service delivery. Data may be stored on servers located in the United States, European Union, Singapore, or other countries where our cloud providers maintain data centers.

6.2. Retention Period: We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including:

• Active account data: For the duration of your engagement with KSBM Infotech plus 7 (seven) years after the last interaction or account closure
• Transactional and payment data: 8 (eight) years from the date of transaction, as required by Indian tax and financial regulations
• Communication records (emails, chat logs, call recordings): 5 (five) years from the date of communication
• Marketing and lead data: 5 (five) years from the date of last interaction or until consent is withdrawn
• AI training data (anonymized): Indefinitely, as this data does not contain personally identifiable information
• Legal and compliance records: As required by applicable laws, which may extend beyond the periods specified above

6.3. Security Measures: KSBM Infotech implements reasonable security practices and procedures consistent with the SPDI Rules and industry standards, including but not limited to:

• SSL/TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Multi-factor authentication for administrative access
• Regular security audits and vulnerability assessments
• Role-based access control (RBAC) limiting data access to authorized personnel
• Firewalls, intrusion detection/prevention systems, and DDoS protection
• Employee training on data security and privacy practices
• Incident response procedures for data breach management

6.4. Limitation of Liability: While KSBM Infotech implements reasonable security measures, no method of electronic transmission or storage is 100% secure. KSBM Infotech shall not be held liable for any unauthorized access, data breach, cyberattack, or data loss that occurs despite the implementation of reasonable security measures. Users acknowledge that they transmit data at their own risk.

7. CROSS-BORDER DATA TRANSFERS

7.1. Your personal data may be transferred to, stored in, and processed in countries outside India — including but not limited to the United States, European Union member states, Singapore, and other jurisdictions — where our servers, service providers, and group companies are located.

7.2. By using our Services, you explicitly consent to such cross-border transfers. KSBM Infotech will take reasonable steps to ensure that your data is treated securely and in accordance with this Policy, but shall not be liable for data protection practices in other jurisdictions that may differ from Indian laws.

8. YOUR RIGHTS

8.1. Subject to applicable laws and our legitimate business interests, you may have the following rights regarding your personal data:

• Right to Access: Request information about the personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data, subject to our legal obligations and legitimate retention requirements. Erasure requests will be processed within 30 business days, and KSBM may retain certain data as required by law
• Right to Withdraw Consent: Withdraw consent for processing at any time, without affecting the lawfulness of processing prior to withdrawal. Withdrawal of consent may result in inability to provide certain Services
• Right to Grievance Redressal: Lodge a complaint or grievance regarding data processing practices

8.2. To exercise any of these rights, please contact our Grievance Officer (details in Section 12). KSBM Infotech reserves the right to verify your identity before processing any request and may charge a reasonable fee for excessive, repetitive, or manifestly unfounded requests.

8.3. KSBM Infotech reserves the right to deny requests that are: (a) technically infeasible; (b) in conflict with legal obligations; (c) that would adversely affect the privacy of others; (d) that would require disproportionate effort; or (e) that relate to data that has been anonymized or aggregated.

9. CHILDREN'S PRIVACY

9.1. Our Services are not intended for individuals under the age of 18. KSBM Infotech does not knowingly collect personal data from children. If we discover that personal data of a child has been collected without verifiable parental consent, we will take steps to delete such data. Parents or guardians who believe their child's data has been collected may contact us for assistance.

10. THIRD-PARTY LINKS AND SERVICES

10.1. Our Services may contain links to third-party websites, applications, integrations, and services that are not operated or controlled by KSBM Infotech. This Privacy Policy does not apply to third-party services. KSBM Infotech is not responsible for the privacy practices, data handling, content, or security of any third-party services. Users access third-party services at their own risk and should review the applicable privacy policies independently.

11. CHANGES TO THIS POLICY

11.1. KSBM Infotech reserves the right to modify, update, amend, or replace this Privacy Policy at any time at its sole discretion. Changes will be effective immediately upon posting the updated Policy on our website. The "Last Updated" date at the top of this page will be revised accordingly. Your continued use of our Services after any changes constitutes your acceptance of the revised Policy. It is your responsibility to review this Policy periodically.

11.2. KSBM Infotech is not obligated to notify individual users of changes to this Policy, although we may choose to do so for material changes at our discretion.

12. GRIEVANCE OFFICER

12.1. In accordance with the IT Act, 2000 and applicable rules, the details of the Grievance Officer are as follows:

• Name: Balvinder Singh, Director
• Company: KSBM Infotech Pvt Ltd
• Email: cs@ksbminfotech.com
• Phone: +91 8899021313
• Address: Delhi, India

12.2. Grievances will be addressed within 30 days of receipt. KSBM Infotech reserves the right to extend this timeline where the grievance requires detailed investigation.

13. GOVERNING LAW AND JURISDICTION

13.1. This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising from this Policy or your use of our Services shall be subject to the exclusive jurisdiction of the courts in Delhi, India.

13.2. If any provision of this Policy is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.

14. CONSENT

14.1. By using the Services of KSBM Infotech, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. You expressly consent to the collection, use, storage, processing, disclosure, and transfer of your personal data as described herein. This consent is voluntary and informed.

14.2. Where required by applicable law, we will obtain your express opt-in consent before: (a) collecting sensitive personal data; (b) using your data for a purpose materially different from the purpose for which it was originally collected; or (c) sharing your data with third parties for their independent marketing purposes.