← Back to Home

Data Processing & Security

Last Updated: June 13, 2026

VyapaarSathi AI prioritizes data safety and system resilience. This document describes the encryption systems, physical controls, retention rules, deletion guidelines, and internal employee data access practices we enforce to secure client and customer information.

1. Data Encryption

We encrypt all data in transit and at rest to ensure it cannot be intercepted or modified:

  • Encryption in Transit: All communications between customers and our servers, as well as connections to Meta/WhatsApp API services, are secured using TLS 1.3 (Transport Layer Security) encryption.
  • Encryption at Rest: All stored databases containing chat logs, lead coordinates, business profile details, and account variables are encrypted using industry-standard AES-256 algorithm protocols.

2. Access Controls

We restrict database access to protect client privacy:

  • Strict Isolation: Customer lead tables and chat databases are segmented by client account. A business client cannot access or search records belonging to another business.
  • Authorized Employee Access: Access to production databases is strictly restricted to senior engineers for system optimization and troubleshooting. Employees are authenticated using Multi-Factor Authentication (MFA) and access logs are monitored.
  • No Passwords Stored: All client account passwords use strong cryptographic hashing (bcrypt) before saving to disk.

3. Data Retention Policy

We store details only for as long as needed to provide the services:

Data Category Retention Period Purpose
Chat transcripts & messages 90 Days Contextual AI training, debugging, and dashboard review
Captured leads & contact info Active Subscription Enabling client dashboard analytics and exports
Billing logs & invoices 7 Years Compliance with Indian Tax & GST Regulations
Uploaded FAQ docs & files Active Subscription Configuring and feeding the AI assistant model

4. Deletion Workflows

If you cancel your subscription or wish to wipe your databases, you can submit a written deletion request to support@vyapaarsathi.ai. Within 7 working days, we will:

  • Permanently delete your business FAQ documents from our storage.
  • Purge all chat records and transcripts associated with your business number.
  • Clear all collected customer lead details from our production databases.
  • Backup copies, if any, will be overwritten during our routine 30-day backup cycle.

5. Security Incident Response

In the unlikely event of a security breach or unauthorized database access, we enforce an incident plan. We will notify affected business owners within 72 hours of identifying the incident, specifying the categories of data affected and our immediate mitigation steps, in compliance with Cert-In (Indian Computer Emergency Response Team) regulations.