This policy explains what personal data Sampark Karo collects, why we collect it, and the choices you have. It is written to align with India's Digital Personal Data Protection Act, 2023 (DPDP Act). [LEGAL REVIEW: pending counsel sign-off — draft policy]
Sampark Karo (“we”, “us”) provides AI-assisted voice calling infrastructure for businesses in India. For data belonging to your account (your name, email, workspace details) we act as a data fiduciary under the DPDP Act. For the contact lists and call recipients you upload, you are the data fiduciary and we process that data on your instructions.
Account data: name, email address, and profile picture (if you sign in with Google), workspace name and business profile.
Customer data you upload: contact names and phone numbers for campaigns and broadcasts. You are responsible for having a lawful basis (consent or another ground recognised by the DPDP Act) to contact these people.
Call data: call status, duration, cost, call events, and — where the calling engine is used — transcripts of AI-assisted conversations.
Payment data: payment order references and status. Card/UPI details are handled entirely by our payment provider (Razorpay); we never see or store them.
To operate the service: placing calls you schedule, showing you call outcomes and costs, billing, and support. We do not sell personal data and we do not use your uploaded contact lists for anything other than running your own campaigns.
Outbound calling is subject to TRAI's Telecom Commercial Communications Customer Preference Regulations. Our calling engine enforces quiet hours (calls only between 9:00 and 21:00 IST), respects Do-Not-Call lists you maintain, and supports consent-required calling. You remain responsible for regulatory registration applicable to your business (e.g. DLT registration where required).
Data is stored with our infrastructure providers in the Asia-Pacific (Mumbai) region. Access is restricted by row-level security so each workspace can only see its own data. Data is encrypted in transit. See our security overview for details.
Account and call data is retained while your workspace is active. You may request deletion of your workspace and its data by writing to us; we will action verified requests within 30 days except where law requires longer retention (e.g. financial records). [LEGAL REVIEW: confirm retention periods]
Under the DPDP Act you may request access to, correction of, or erasure of your personal data, and you may nominate another person to exercise these rights. Write to hello@samparkkaro.in and we will respond within the statutory timelines. If unsatisfied, you may complain to the Data Protection Board of India.
We will post updates to this policy here and, for material changes, notify workspace owners by email.