Privacy, Security & Cookies Policy

Claritel Communications Pvt. Ltd. ("Claritel", "we", "us", or "our") is committed to protecting the privacy, security, and confidentiality of information entrusted to us by our customers, users, and business partners ("you" or "your").

This Privacy, Security & Cookies Policy ("Policy") explains how we collect, use, store, share, and protect information when you access or use Claritel's cloud communication, telephony, messaging, analytics, and related software services (collectively, the "Services").

By using the Services, you agree to the practices described in this Policy. This Policy forms part of and is incorporated into Claritel's Terms of Service.

Scope & Applicability

This Policy applies to all users, visitors, customers, authorized users, and representatives accessing or using the Services.

Definitions

• “Personal Data / Personal Information”: Any information that identifies or relates to an identifiable individual.
• “Customer Data”: Data submitted, transmitted, or processed by customers through the Services.
• “Processing”: Any operation performed on Personal Data, including collection, storage, use, or disclosure.
• “Applicable Law”: Means all laws, rules, regulations, directions, and governmental orders applicable to Claritel or the Services, including data protection, information technology, and telecom laws in India and other applicable jurisdictions.
• “Data Principal”: Means an individual to whom Personal Data relates, as defined under applicable data protection laws.
• “Data Fiduciary”: Means an entity that determines the purpose and means of processing Personal Data, as defined under the Digital Personal Data Protection Act, 2023.
• “Sub-Processor”: Means any third party engaged by Claritel to process Customer Data on behalf of customers in connection with the Services.
• “Services”: Means Claritel’s cloud-based communication platforms, software, applications, APIs, dashboards, and related infrastructure.
• “Sensitive Personal Data”: Means such categories of personal data as may be classified as sensitive under Applicable Law.

Role of Claritel – Data Controller and Data Processor

• For the purposes of applicable data protection laws, Claritel acts as a Data Controller with respect to Personal Data relating to account management, billing, website usage, compliance, and its internal business operations.
• Claritel acts as a Data Processor in respect of Customer Data processed on behalf of customers through the Services, including call data, recordings, messages, logs, and related communication metadata, and processes such data in accordance with customer instructions, contractual terms, and Applicable Law.

1. Information We Collect

We collect information necessary to provide and improve our Services.

1.1 Information You Provide

• Account and registration details (name, email address, phone number, company details, etc)
• Billing and commercial information
• API credentials, integration details, and technical configurations
• Communications with Claritel, including support requests and feedback

1.2 Information Collected Automatically

• IP address, device type, browser, and operating system
• Usage data related to calls, messages, logs, analytics, and service interactions
• Date, time, duration, and metadata of communications processed through the Services
• Call recordings, message content, and communication metadata where enabled or required for service delivery, compliance, or quality purposes.

1.3 Information from Third Parties

• Information received from integration partners, service providers, or public sources where required for service delivery, compliance, or fraud prevention

1.4 Regulatory and Compliance Information

• We may collect, generate, or retain certain information as required to comply with applicable telecom, information technology, and other regulatory obligations, including audit logs, system access records, and compliance-related documentation.

2. How We Use Information

We use information to:

• Provide, operate, and maintain the Services
• Enable communication, messaging, call routing, analytics, and integrations
• Ensure platform security, prevent fraud, and detect abuse
• Respond to inquiries, service requests, and technical issues
• Improve performance, reliability, and user experience
• Comply with applicable legal and regulatory obligations

All processing is conducted on lawful bases, including contractual necessity, legitimate interest, consent, or legal obligation, and includes processing required for compliance with Applicable Law, telecom regulations, lawful interception requirements, and binding directions issued by competent authorities.

Where processing is based on legal obligation or contractual necessity, withdrawal of consent shall not affect such processing.

3. Sharing of Information

We do not sell personal information. We may share information in limited circumstances, including the following:

3.1 Service Providers

• With trusted vendors who support our infrastructure, hosting, analytics, customer support, and operations, subject to confidentiality obligations.

3.2 Business Integrations

• With third-party platforms, APIs, or tools that you choose to connect with the Services.

3.3 Legal & Regulatory Requirements

• Where required to comply with Applicable Law, legal process, or binding requests from government or regulatory authorities.

3.4 Corporate Transactions

• In connection with a merger, acquisition, restructuring, or sale of assets, subject to continued data protection obligations.

3.5 Sub-Processors

• Claritel may engage sub-processors for service delivery and will ensure appropriate contractual safeguards are in place.

3.6 Lawful Access and Regulatory Disclosure

Claritel may disclose Personal Data or Customer Data where required to do so under applicable law, court orders, governmental directives, lawful interception requests, or regulatory requirements.

Such disclosures are limited to what is legally required and are made in accordance with applicable legal procedures. Claritel is not obligated to contest or challenge lawful requests and disclosures mandated under Applicable Law.

3.7 No Sale of Data

Claritel does not sell, rent, or commercially exploit Personal Information.

4. Data Storage & International Transfers

Information is stored and processed exclusively within India, in facilities operated by Claritel or its authorized service providers.

Claritel ensures that all storage and processing of Personal Data comply with Applicable Law, including the Digital Personal Data Protection Act, 2023, and applicable rules thereunder. Where required by Applicable Law, certain categories of data are stored and processed strictly within India.

5. Data Retention

Claritel retains Personal Data and Customer Data only for as long as reasonably necessary to provide the Services, comply with Applicable Law, and address contractual, audit, or dispute resolution requirements. When such information is no longer required for these purposes, it is securely deleted or anonymized in accordance with Claritel’s data retention practices.

5.1 Retention by Data Category

Retention periods may vary based on the nature of the data, the purpose for which it is processed, contractual commitments, and applicable legal or regulatory obligations, including those relating to telecom operations, taxation, and audits.

5.2 Post-Termination Retention

Following termination or expiry of the Services, Customer Data will be retained only to the extent necessary to comply with Applicable Law or to resolve outstanding legal, regulatory, or contractual matters, after which such data will be securely deleted or anonymized in accordance with Claritel’s internal policies.

Residual copies may remain in backup systems for limited periods in accordance with Claritel’s backup and recovery practices.

6. Security Measures

• Claritel implements administrative, technical, and physical safeguards designed to protect Personal Data and Customer Data against unauthorized access, loss, misuse, alteration, or disclosure.
• Claritel is certified under ISO 9001 (Quality Management System) and ISO/IEC 27001:2022 (Information Security Management System) and maintains controls assessed under SOC 2 Type II.
• Claritel also conducts periodic Vulnerability Assessment and Penetration Testing (VAPT) as part of its ongoing security risk management program.

6.1 Security Standards and Controls

Claritel’s information security program incorporates administrative, technical, and organizational controls aligned with generally accepted industry practices and applicable regulatory expectations. Such controls are subject to periodic review, testing, and improvement as part of Claritel’s ongoing risk management, compliance, and governance processes.

6.2 Business Continuity and Resilience

Claritel maintains business continuity and disaster recovery measures intended to support service availability, operational resilience, and data integrity in the event of operational disruptions, subject to reasonable technical, operational, and regulatory limitations.

6.3 Security Frameworks, Assessments, and Testing

References to certifications, standards, frameworks, or security assessments in this Policy confirm that Claritel has obtained such certifications or assessments at the relevant time; however, they do not constitute a guarantee of uninterrupted service, absolute security, or breach prevention.

7. Your Responsibilities

You are responsible for:

• Maintaining the confidentiality of your login credentials and API keys
• Ensuring authorized use of the Services within your organization
• Promptly notifying Claritel of any suspected unauthorized access or security incident
• Ensuring that use of the Services, including call recording and messaging, complies with Applicable Law, including data protection, telecom, and anti-spam requirements, and that all necessary end-user consents have been obtained.

8. Cookies & Tracking Technologies

Claritel uses cookies and similar technologies to:

• Enable core website and platform functionality
• Analyze usage and improve performance
• Understand how users interact with our Services

You can control or disable cookies through your browser settings. Some features may not function properly if cookies are disabled.

8.1 Types of Cookies

Claritel may use strictly necessary cookies, performance cookies, and analytics cookies to enable functionality and improve user experience.

8.2 Third-Party Tools

Claritel may use third-party analytics or service tools to understand usage trends and improve Services, subject to applicable contractual and data protection safeguards.

9. Your Rights as a Data Principal

Subject to Applicable Law, you may exercise rights available to you as a data principal, including rights set out below.

9.1 Statutory Rights

Subject to applicable law, you may exercise rights available to you as a data principal, including the right to access, correction, erasure, grievance redressal, and nomination, as provided under applicable data protection laws.

9.2 Withdrawal of Consent

Where processing is based on consent, you may withdraw such consent, subject to legal or contractual restrictions. Withdrawal of consent may impact the availability or functionality of certain Services.

10. Children's Privacy

The Services are not intended for individuals under the age of 18. Claritel does not knowingly collect personal information from minors.

11. Data Breach Response

In the event of a data security incident, Claritel will take appropriate steps to investigate, mitigate, and comply with applicable notification requirements.

Where required by Applicable Law, Claritel will notify affected customers or authorities of a confirmed data breach without undue delay.

12. Grievance Redressal and Data Protection Contact

In accordance with Applicable Law, Claritel maintains a grievance redressal mechanism for addressing data protection-related concerns.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in law, technology, or business practices. Updated versions will be posted on our website or communicated through appropriate channels.

Continued use of the Services constitutes acceptance of the updated Policy.

In the event of any conflict between this Policy and the Terms of Service or a data processing agreement executed with a customer, the applicable contractual terms shall prevail.

Contact Us

For questions, concerns, or requests regarding this Policy, please contact: