VerblyAI
Privacy Policy
1. Who We Are
VerblyAI is a Voice AI orchestration platform operated by Quasitech Innovations Private Limited, incorporated in India (CIN: U74909CT2024PTC016754), with its registered office at Chouhan Green Valley Junwani, B-10/06, Durg, Chhattisgarh – 490020, India.
For the purposes of this Policy, "VerblyAI", "we", "us", or "our" refers to Quasitech Innovations Private Limited and its associated services, including verblyai.com and verbly.ai.
2. Scope of This Policy
This Privacy Policy governs the collection and processing of personal data through:
- The VerblyAI website (verblyai.com and verbly.ai)
- The VerblyAI platform dashboard, web app, and mobile or desktop applications
- AI voice agents, IVR systems, chatbots, and omnichannel messaging tools
- APIs and developer tools provided by VerblyAI
- Third-party integrations enabled through the platform
- Demo, trial, and proof-of-concept deployments
- Any other service referencing this Privacy Policy
This Policy also applies to personal data of: (a) platform clients and their authorized users; (b) end-users who interact with AI agents deployed by VerblyAI clients; (c) website visitors; (d) job applicants; and (e) partners or vendors who share personal data with VerblyAI.
3. Personal Data We Collect
3.1 Data You Provide Directly
- Identity data: full name, job title, company or organization name
- Contact data: business email address, phone number, mailing address
- Account credentials: username and encrypted password
- Billing data: billing name and address (payment card data is handled exclusively by third-party PCI-compliant processors — we do not store card details)
- Communications content: messages, support tickets, feedback, and survey responses
- Uploaded content: knowledge base documents, call scripts, campaign configurations, audio files
3.2 Data Collected Automatically
- Usage data: pages visited, features accessed, session duration, click and navigation patterns
- Device and technical data: IP address, browser type, operating system, screen resolution, device identifiers
- Log data: API request and response logs, error logs, system access timestamps
- Voice and call data: call recordings, conversation transcriptions, call metadata (duration, timestamp, caller ID) when voice services are in use
- Cookies and tracking: session cookies, preference cookies, analytics tags (see Section 8)
3.3 Data from Third Parties
- CRM platforms (e.g. Salesforce, HubSpot) when integrated by the client
- Telephony providers for inbound and outbound call routing
- Messaging platforms (WhatsApp, Instagram) through Meta Business API integration
- Payment processors — limited to transaction confirmation metadata (no card data)
- Publicly available business information for client verification and onboarding
3.4 Special Categories of Data
VerblyAI does not intentionally collect or process sensitive personal data such as: racial or ethnic origin, political opinions, religious beliefs, health information, biometric data, genetic data, or financial account credentials.
Clients are prohibited from uploading or processing such data through the platform without a separately executed Data Processing Agreement (DPA). Any such upload without authorization constitutes a breach of VerblyAI's Acceptable Use Policy.
4. How We Use Personal Data
We process personal data only for lawful, specified, and legitimate purposes. The table below describes each purpose and its legal basis in accordance with the Digital Personal Data Protection Act (DPDPA), 2023 and international privacy standards:
| Purpose of Processing | Legal Basis |
|---|---|
| Providing and operating the VerblyAI platform | Contractual necessity |
| Account creation, authentication, and management | Contractual necessity |
| Processing payments and generating invoices | Contractual necessity / Legal obligation |
| Responding to support requests and resolving issues | Contractual necessity / Legitimate interest |
| Platform performance monitoring and analytics | Legitimate interest |
| Fraud prevention, security monitoring, and abuse detection | Legitimate interest / Legal obligation |
| Sending transactional and service notifications | Contractual necessity |
| Sending marketing and promotional communications | Consent (opt-in only; opt-out available at any time) |
| Improving AI models and platform features (anonymized data) | Legitimate interest (opt-out available on request) |
| Complying with legal, regulatory, or judicial obligations | Legal obligation |
| Enforcing our Terms of Use and other agreements | Legitimate interest / Legal obligation |
5. Data Sharing & Third-Party Disclosure
VerblyAI does not sell, rent, lease, or otherwise trade personal data to third parties for any commercial purpose.
5.1 Authorized Sharing
We share personal data only in the following circumstances:
- Service providers and sub-processors: cloud hosting providers (AWS, Azure, or equivalent), telephony providers, payment gateways, analytics tools — all bound by contractual data processing agreements ensuring equivalent data protection standards
- VerblyAI clients: end-user interaction data (call logs, transcriptions, analytics) is shared with the client organization who deployed the AI agent, under the terms of their service agreement
- Legal or regulatory authorities: where required by applicable law, valid court order, subpoena, or regulatory directive — and only to the extent strictly required
- Professional advisors: lawyers, auditors, and accountants bound by professional confidentiality obligations
- Corporate transactions: in the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred subject to the same level of protection as described in this Policy
5.2 With Your Consent
For any disclosure not covered above, we will obtain your explicit consent before sharing your personal data.
6. Data Retention
We retain personal data only for as long as necessary to fulfill the stated purpose or to comply with applicable legal obligations. Upon expiry, data is either securely deleted or anonymized.
| Data Type | Retention Period |
|---|---|
| Account and profile information | Duration of active account + 3 years post-closure |
| Call recordings and transcriptions | 90 days (default); configurable by client up to 2 years |
| Billing and payment records | 7 years (statutory obligation under Indian law) |
| Customer support communications | 3 years from the date of last interaction |
| Platform usage and analytics logs | 24 months on a rolling basis |
| Marketing consent and opt-in records | Until opt-out + 1 year thereafter |
| Anonymized and aggregated data | Retained indefinitely (contains no personal data) |
| Job applicant data | 12 months from date of application |
Clients may request early deletion of their data by submitting a written request to privacy@verblyai.com, subject to any overriding legal retention requirements.
7. Data Security
VerblyAI implements a comprehensive set of technical and organizational security measures to protect personal data against unauthorized access, loss, alteration, or disclosure. Our security framework includes:
- Encryption in transit: all data transmitted over networks is encrypted using TLS 1.2 or higher
- Encryption at rest: stored personal data is encrypted using AES-256 or an equivalent standard
- Access controls: role-based access control (RBAC) with the principle of least privilege; access is granted only on a need-to-know basis
- Authentication: multi-factor authentication (MFA) enforced for all internal system and administrative access
- Vulnerability management: regular automated vulnerability scanning and periodic penetration testing
- Incident response: a documented breach response procedure with defined notification timelines
- Employee obligations: all staff with access to personal data are subject to confidentiality agreements and annual security awareness training
- Third-party oversight: sub-processors and vendors are assessed for security compliance before onboarding
- Audit logging: comprehensive logs maintained for all system access and data processing activities
In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, VerblyAI will notify the affected parties and the relevant regulatory authority in accordance with applicable law and within the required timeframes.
8. Cookies & Tracking Technologies
8.1 Types of Cookies We Use
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Session management, authentication, security functions | No — essential for platform operation |
| Functional | User preferences, language settings, saved configurations | Yes, via browser settings |
| Analytics | Understanding usage patterns; tools include Google Analytics and similar (data anonymized where possible) | Yes, via cookie preference center |
| Marketing & Retargeting | Targeted advertising on third-party platforms (Google Ads, Meta Pixel) | Yes — requires explicit consent |
8.2 Your Cookie Choices
You may manage cookie preferences through: (a) your browser settings; (b) our cookie preference center (available at verblyai.com, where applicable); or (c) opt-out tools provided by third-party analytics and advertising providers.
Disabling strictly necessary cookies will impair or prevent your ability to use the platform. For analytics and marketing cookies, VerblyAI relies on your freely given, specific, and informed consent, which you may withdraw at any time without penalty.
9. International Data Transfers
VerblyAI's primary data infrastructure is located in India. Where personal data is transferred to or accessed from jurisdictions outside India — for example, through cloud service providers, international CRM platforms, or global clients — we ensure that such transfers are conducted with appropriate safeguards, including:
- Standard contractual clauses (SCCs) or equivalent data transfer mechanisms recognized under applicable law
- Transfers only to jurisdictions that provide an adequate level of data protection comparable to Indian standards
- Data processing agreements with all international sub-processors
- Client-specific data residency and geographic restrictions available on request for enterprise clients
10. Your Rights as a Data Principal
Under the Digital Personal Data Protection Act (DPDPA) 2023 and applicable international privacy laws, you have the following rights with respect to your personal data:
| Your Right | What It Means | How to Exercise |
|---|---|---|
| Right to Access | Obtain confirmation of whether we process your data and receive a copy of the data we hold | Submit a request to privacy@verblyai.com |
| Right to Correction | Request correction of inaccurate, incomplete, or outdated personal data | Submit a request to privacy@verblyai.com |
| Right to Erasure | Request deletion of your personal data (subject to legal retention obligations and contractual commitments) | Submit a request to privacy@verblyai.com |
| Right to Data Portability | Receive your personal data in a structured, commonly used, machine-readable format | Submit a request to privacy@verblyai.com |
| Right to Restrict Processing | Request that we limit how we use your personal data in certain circumstances | Submit a request to privacy@verblyai.com |
| Right to Object | Object to processing based on legitimate interest or to direct marketing at any time | Submit a request or use opt-out links in communications |
| Right to Withdraw Consent | Withdraw consent for consent-based processing at any time without affecting prior processing | Use opt-out links or contact privacy@verblyai.com |
| Right to Grievance Redressal | Lodge a complaint with VerblyAI's Grievance Officer or a relevant data protection authority | Contact Grievance Officer — see Section 13 |
| Right to Nominate | Nominate another individual to exercise your rights in the event of your death or incapacity (DPDPA-specific) | Submit in writing to privacy@verblyai.com |
We will acknowledge all requests within 48 hours and respond substantively within 30 days (or within any shorter period required by applicable law). We may request identity verification before processing a request.
11. Children's Privacy
The VerblyAI platform is not directed to individuals under the age of 18. We do not knowingly collect or solicit personal data from minors.
If we discover or are notified that personal data of a minor has been collected without appropriate parental consent, we will promptly delete such data. Clients deploying VerblyAI in contexts where minors may be end-users — such as educational institutions — are solely responsible for obtaining the necessary parental or guardian consent and for implementing appropriate safeguards.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the services we offer. All updates will be published on our website (verblyai.com) with the revised effective date prominently displayed.
For material changes — those that significantly affect your rights or our obligations — we will provide at least 14 days advance notice via email notification to registered account holders or via a prominent in-platform banner.
Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Policy. If you do not agree with the changes, you should discontinue use and request account closure.
13. Contact Us & Grievance Officer
Privacy Enquiries: admin@verblyai.com
General Support: tickets@verblyai.com
Website: www.verblyai.com
Registered Address: Chouhan Green Valley Junwani, B-10/06, Durg, Chhattisgarh – 490020, India
Grievance Officer (as required under DPDPA 2023):
Grievance requests will be acknowledged within 48 hours and resolved within 30 days of receipt. If you are not satisfied with our response, you may escalate to the relevant Data Protection Board of India (once operationalized under DPDPA).