1. Overview

Samva Technologies Pvt. Ltd. ("Samva," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Email Communication Platform.

This policy applies to all users of our Services, including customers, message recipients, and visitors to our website. By using our Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and contact information (email, phone number)
• Company name and business details
• GST number and billing address
• Authentication credentials
• DLT registration details (Entity ID, Template IDs)

2.2 Usage Data

We automatically collect information about your use of our Services:

• API usage statistics and logs
• IP addresses and device information
• Browser type and operating system
• Access times and referring URLs
• Dashboard interactions and preferences

2.3 Message Data

When you send messages through our platform:

• Recipient phone numbers and email addresses
• Message content and templates
• Delivery status and timestamps
• Campaign metadata and tags
• Conversation threading data

2.4 Payment Information

For billing purposes, we collect:

• Payment method details (processed by Stripe)
• Transaction history and invoices
• Credit balance and usage
• GST compliance information

3. How We Use Information

We use the collected information to:

• Provide Services: Process and deliver messages, manage accounts
• Billing: Process payments, generate invoices, manage credits
• Compliance: Ensure DLT compliance, prevent fraud and abuse
• Communication: Send service updates, respond to inquiries
• Improvement: Analyze usage patterns, enhance features
• Security: Detect and prevent security threats
• Legal: Comply with legal obligations and enforce terms

4. Data Sharing

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

4.1 Service Providers

We share data with trusted service providers who assist us:

• MSG91 & Authkey: SMS delivery partners
• Meta: WhatsApp message delivery
• AWS: Infrastructure and email delivery
• Stripe: Payment processing
• Analytics providers: Service improvement

4.2 Legal Requirements

We may disclose information when required by law:

• To comply with legal processes or government requests
• To protect our rights, property, or safety
• To prevent fraud or illegal activities
• To enforce our Terms of Service

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5. Data Security

We implement comprehensive security measures:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Access Control: Role-based permissions, multi-factor authentication
• Infrastructure: Secure AWS infrastructure in ap-south-1
• Monitoring: 24/7 security monitoring and intrusion detection
• Auditing: Regular security audits and penetration testing
• Incident Response: Established breach notification procedures

6. Data Retention

We retain data based on the following criteria:

• Account Data: Duration of account plus 30 days after closure
• Message Logs: 90 days for operational data, 7 years for financial records
• Analytics Data: Aggregated and anonymized after 90 days
• Payment Records: 7 years as per Indian tax laws
• DLT Records: As required by TRAI regulations

You may request deletion of your data, subject to legal and operational requirements.

7. Your Rights

You have the following rights regarding your personal information:

7.1 Access & Correction

• Request a copy of your personal data
• Correct inaccurate or incomplete information
• Access your message history and usage data

7.2 Deletion

• Request deletion of your account and associated data
• Subject to legal retention requirements
• Some data may be anonymized instead of deleted

7.3 Portability

• Export your data in a machine-readable format
• Transfer data to another service provider

7.4 Consent Withdrawal

• Withdraw consent for specific data processing
• Opt-out of marketing communications
• Disable certain features that require data processing

8. Cookies & Tracking

We use cookies and similar technologies to:

• Essential Cookies: Required for platform functionality
• Analytics Cookies: Understand usage patterns (PostHog)
• Preference Cookies: Remember your settings
• Security Cookies: Detect fraudulent activity

You can control cookies through your browser settings. Disabling certain cookies may limit functionality.

9. International Transfers

Your data is primarily stored in India (AWS ap-south-1 region). If we transfer data internationally, we ensure:

• Adequate data protection agreements are in place
• Compliance with applicable data transfer regulations
• Similar levels of protection as provided in India

10. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately.

11. Changes to Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Services. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us:

• Email: privacy@samva.app
• Data Protection Officer: dpo@samva.app

Response time: We aim to respond to all privacy requests within 30 days.