Gupshup Privacy Policy - Data Protection

Global - English

Conversation Cloud
Conversation Cloud
Conversational tools for the customer lifecycle
Converse
Go beyond communication and switch to two-way conversation
View all
Campaign Manager
Conversation Builder
Agent Assist
Conversational AI
Advertise
All-in-one tool to manage and scale click-to-chat ads
Gupshup AI
Domain-specific models built for business conversations
Personalize
Personalize every conversation with unified customer profiles
Enterprise Security
Enterprise grade security for protecting your data and customer privacy
Communicate
Send and receive multi-channel rich media & texts across countries
Omnichannel Messaging
WhatsApp
SMS
RCS
Viber
Voice
Instagram
Web & App
Telegram
View all
AI Offerings
- AI Agents
- AI Agent Library
Solutions
- By Function
  Conversational Marketing
  Conversational Commerce
  Conversational Support
- By Industry
  BFSI
  Food & Beverage
  Retail and eCommerce
  Healthcare
  Gaming
  Advertising
  Real Estate
  Travel & Hospitality
  Education
  Media
  Government
Partners
Company
Resources
BlogsLatest insights on AI & conversational engagement
GuidesDeep dive into trending topics of business value
eBooks & WhitepapersExplore industry research reports, whitepapers, & eBooks
Customer StoriesDiscover how our solutions help drive CX & revenue
Events & WebinarsTune into on-demand webinars & upcoming events
WhatsApp TemplatesPre-approved templates & journeys to help you go to market faster
WhatsApp Chat Widget GeneratorAdd WhatsApp chat widget for free to your site & start customer conversations instantly
WhatsApp QR Code GeneratorCreate free WhatsApp QR codes so customers can easily reach your business
Featured Reads
eBook
Simplify Product Discovery on Instagram for Customers via Conversations
Read More details
Blog
WhatsApp for Education – A Complete Guide
Read More details
Global - English

updated privacy poicy:

We care about protecting the personal information of our customers and visitors who use our website www.gupshup.io, our products or services (collectively, our “User/s”,).

This Privacy Policy governs the manner in which Gupshup collects, uses, shares, maintains and discloses information collected from users (each, a "User", you ) of the https://www.gupshup.io/developer/privacy website ("Site"). This privacy policy applies to the Site and all products and services offered by Gupshup. In this policy, "we", "us" and "our" referred to Gupshup and Gupshup Corporate family.

For the purposes of applicability of the European Union’s General Data Protection Regulation 2016/679, or GDPR, on Gupshup and each of the products or services for which you have signed up, it applies only if you are located in a jurisdiction where these regulations are implemented.

INFORMATION COVERED BY THIS PRIVACY POLICY

This privacy policy covers personal information, including any information we collect, use and share from you, as described further below. This privacy policy applies to all websites in the Gupshup corporate family, our products and services, and our mobile applications (collectively, the “Services”). This privacy policy does not cover how our Users may use or share data that they collect using our services.

When you use any of our product or Service, your personal information will be collected, used, and shared consistent with the provisions of this privacy policy as well as the relevant agreements/contracts related to particular products and services offered by Gupshup.

1. INFORMATION WE COLLECT FROM YOU

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information, location or time-zone. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service provider’s utilized and other similar information.

Web browser cookies

Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

Gupshup's Business Products:

We create apps, services, features, APIs, software, or website that enable businesses to interact with users of our products and services (“Business Products”). Partners (the “data controllers”) may submit personal information about their customers to us using our Business Products. While Partners decide what information to submit, it typically includes things like customer phone numbers and other information under the Partner's control. For more information, customers may contact the relevant Partner. We process these personal data provided by Partners to provide Business Products in accordance with the terms applicable to the relevant Business Product and otherwise with the Partners' instructions.

Information We Collect from Third Parties

We receive information about Users and their representatives, and prospective customers and their representatives from third parties that provide services or support Gupshup’s business operations. We limit our use of personal information to the purposes described in this policy. Personal information we receive from third parties includes:

Contact information such as name, contact number and email address;
Organization information, such as company name, job title, and company address;
Customer relationship management (CRM) and Sales pipeline information, such as deal name, deal value, deal stage, deal close date;
Account information from video conferencing platforms, such as video conferencing platform, username, and single sign-on password authentication;
Meeting information, such as participant names and emails, number of meetings, meeting duration, and time of day;
Social Media information related to URLs, profile pictures, and profile ID.

2. HOW WE USE COLLECTED INFORMATION

Gupshup may collect and use Users information for the following purposes:

We may process data about your use of our website and services ("usage data"). The usage data may include but not limited to your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is consent and our legitimate interests, namely monitoring and improving our website and services.

We may process your account data ("account data"). The account data may include your name and email address. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent and our legitimate interests, namely the proper administration of our website and business.

We may process your information included in your personal profile on our website ("profile data"). The profile data may include your name, your organization name, address, telephone number, email address, profile pictures, gender, and date of birth. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is your consent.

We may process your personal data that are provided in the course of the use of our services ("service data"). The service data may include logs, usage reports, services used, date and time stamps of the service usage, telephone numbers. The source of the service data is the usage of our service and website. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases, improving our services, developing new services, measuring performance and communicating with you. The legal basis for this processing is your consent.

We may process information contained in any enquiry you submit to us regarding our products and services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is your consent.

We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with you.

We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.

We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business, products and services against risks.

In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, and/or in order to protect your vital interests or the vital interests of another natural person

In addition to the above, we may process the data collected for the protection of our users and public at large. We use information to help improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm Gupshup, our users, or the public.

In addition to the above, we may process the data collected for the purpose of analytics and measurement to understand how our services are used and for ensuring that our services are working as intended, such as tracking outages or troubleshooting issues that you report to us. And we also use your information to make improvements to our services.

3. SHARING YOUR PERSONAL INFORMATION

As described below, we will only share certain personal information;

Authorized Users

All users authorized by you to have access to your account can view personal information stored in the account. A primary account holder can view personal information saved in subaccounts to which they have authorized access. We share information about authorized users only for legitimate purposes consistent with this privacy policy, including servicing your account and marketing products and services to you.

SHARING WITHIN THE GUPSHUP CORPORATE FAMILY:

We share personal information with other members of the Gupshupcorporate family to allow our corporate affiliates to contact you with offers, services or products that may be of interest to you and to provide you with their products and services. Any such corporate affiliate may use your information only according to the terms of this privacy policy. If you are located in a jurisdiction where such sharing requires your permission, we will only do so with your consent.

SHARING WITH INSURERS AND PROFESSIONAL ADVISERS

We may disclose your data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

SHARING WITH PARTNERS

When we share personal information with certain third-party partners, including marketing and advertising partners, that information includes your name, email address and other information enabling partners to: (a) assist you in using our products and services, (b) contact you with offers, services or products that may be of interest to you, and (c) provide you with their products or services.

If you are located in a jurisdiction where such sharing requires your consent, we will only do so with your consent. Please note that if you access our services through any tool that hides your location, such as through a virtual private network, you may not receive our request for permission because we were not able to identify you as being located in a jurisdiction where your permission is required.

Further, our partners are prohibited from using your contact information for any purpose beyond those set forth above without your consent. We will not provide our partners with your credit card information. In the event we collect information from you in connection with an offer that is jointly presented by us and a partner, we will let you know who is collecting the information and whose privacy policy applies, as well as any options you may have regarding use of your information.

SHARING WITH THIRD PARTY SERVICE PROVIDERS AND VENDORS

Occasionally, we enter into contracts with carefully selected third parties so that they can assist us in servicing you (for example, providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services) or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Our contracts with such third parties prohibit them from using any of your personal information for any purpose beyond the purpose for which it was shared.

If you purchase a product or service from a third party through one of our product or brands, we will pass your personal information to such third party in order for them to fulfill your order and provide you the relevant services.

We also share non-personal information with certain third parties, including the media, industry observers, marketing and advertising partners, vendors, customers, potential customers or partners. For example, we disclose mobile search trends, email open rates by industry, campaign best practices or the number of users that have been exposed to, or clicked on, our websites or evaluated or purchased our products and services. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys or serve us services as a telecom operator. We may share your information with these third parties for those limited purposes only and with your necessary consent under the law, if any.

Payment Services Providers:

Financial transactions relating to our website and services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

Compliance with Laws and Law Enforcement Requests:

We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Gupshup’s products and services, (d) to protect Gupshup’s , our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information. Gupshupalso reserves the right to disclose personally identifiable information and/or non-personally-identifiable information that Gupshupbelieves, in good faith, is appropriate or necessary to enforce our Terms of Service, take precautions against liability, to investigate and defend itself against any third-party claims or allegations, to assist government enforcement agencies, to protectthe security or integrity of our web site, and to protect the rights, property, or personal safety of Gupshup, our Users or other natural person.

Gupshup Inc is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC)

BUSINESS TRANSFERS:

We may share or transfer your information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify all users under the contract of our services by email and/or a prominent notice on our website of any such transfer.

Gupshup remains responsible and liable under the EU-U.S. DPF Principles, the UK extension to the EU-U.S. DPF and or the Swiss-U.S. DPF Principles if third party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the DPF Principles unless Gupshup proves that it is not responsible for the event giving rise to the damage.

4. Opt-In and Opt-Out rights under Data Privacy Framework

In accordance with the Data Privacy Framework, Gupshup limits the use and disclosure of Personal Data of Data Subjects (residing in the EU, UKand Switzerland), and provides an opt-in choice for Sensitive Personal Data collected. If Personal Data is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized or is to be disclosed to sub-processors, Gupshup will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Gupshup's affiliates or related party collecting personal data will obtain affirmative consent (i.e., opt-in) from Data Subjects. To opt out of such uses or disclosures of Personal Data or Sensitive Personal Data, Data Subjects may contact Gupshup on dpo@gupshup.io.

5. SECURITY

Transmission of information to Gupshup through third parties conversational channels is your responsibility. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted through various communication channels; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational security measures to safeguard your personal information against loss, theft and unauthorized use, access or modification. In case of collection of financial account information, we protect its transmission through the use of encryption such as the Transport Layer Security (TLS) protocol.

In order to protect you and your information, Gupshup may suspend your use of the Website without notice, pending an investigation, if any security breach is suspected. We are not responsible for any lost, stolen, or compromised passwords or for any unauthorized account activity that may result.

6. How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

7. International transfers of your personal data

In order for us to provide the Services to you, your personal information will be transferred to, and stored at/processed in the United States, Europe and Asia. Your personal data is also processed by staff operating outside the European Economic Area (EEA), such as in Asia and the USA, who work for us or for one of our suppliers. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy.

For transfers of personal information within the Gupshupcorporate family, such transfer will be under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and 2010/87/EU.

For transfers of data to third parties, the third parties shall be required to sign a Data Privacy Addendum (DPA) with Gupshupto ensure the protection of personal/sensitive personal/sensitive personal data that is disclosed to the third parties. The MSA shall include the clauses on privacy such as data protection requirements, procedures to handle contract breaches, procedures to handle personal/sensitive personal/sensitive personal data on the termination of the contract, remedial action to respond to the misuse of personal/sensitive personal data by third parties, etc.

A documented section on remedial action shall be made within the Data Privacy Addendum (DPA)to respond to the misuse of personal/sensitive personal data by third parties.

You can contact the Data Protection Officer listed below to obtain a copy of the data transfer agreement or more information regarding the relevant safeguard we put in place.

We and our group companies have offices and facilities in India and USA. The hosting facilities for our website are situated in United States, Europe and Asia. The European Commission has made an "adequacy decision" with respect to the data protection lawsof each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be obtained from https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en

You acknowledge that the personal data that you submit for publication through our website or services may be available, via the internet, apps, website around the world. We cannot prevent the use or misuse of such personal data by others.

8. Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.

9. UNAUTHORIZED ACCOUNTS

If an account or profile was created without your knowledge or authorization, please contact customer support at the brand on which the account or profile is located to request removal of the account or profile.

10. RETENTION OF PERSONAL INFORMATION

We retain your personal information to provide services to you and as otherwise necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Notwithstanding the other provisions of this Section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We will retain your Personal Data only as long as needed to provide you with services or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

11. Our policy towards children

GupshupServices are not directed to individuals under 18. We do not knowingly collect Personal Information from children under 18. If we become aware that a child under 18 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact our Support Services at support@gupshup.io

12. Your rights

12.1. In this Section, we have summarized the rights that you have under Data Privacy Framework. Some of the rights are complex, and not all ofthe details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

12.2. Your principal rights under data protection law are:

the right to access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right to complain to a supervisory authority; and
the right to withdraw consent.

12.3. To the extent that the legal basis for our processing of your personal data is:

Your consent; or that the processing is necessary for the performance of a contract to which you are party with us or with our partners to whom we are providing services as a processor or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

12.4. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

12.5. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

12.6. You may exercise any of your rights in relation to your personal data by written notice to us at support@gupshup.io

13. Advertisements:

Ads appearing on our site may be delivered to Users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile non personal identification information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This privacy policy does not cover the use of cookies by any advertisers

14. Changes to this privacy policy

14.1. We may update this policy at its discretion from time to time by publishing a new version on our website.

14.2. You should check this page occasionally to ensure you are happy with any changes to this policy. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

14.3. We may(but shall not be obligated to) notify you of significant changes to this policy by email or through the private messaging system on our website, by sending you an email or other notification, and indicate when such changes will become effective. Your continued use of this Privacy Policy after notice of such changes indicates your consent to be bound by them. Information will continue to be governed by the Privacy Policy in effect at the time such information was collected

14.4. Any information that we collect is subject to the privacy policy in effect at the time such information is collected.

15. Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

16. Compliance with privacy laws and regulations

You as a User or partner agree not to use the Gupshup Services in a manner that would violate laws protecting an individual’s privacy rights, health, safety or financial data, including but not limited to the Health Insurance Portability and Accountability Act of 1996 as amended (HIPAA), the Gramm-Leach-Bliley Act and its implementing regulations, European Union’s General Data Protection Regulation 2016/679, or GDPR, the Privacy Rule and the Safeguards Rule thereof.

17. Data Privacy Framework

Gupshup complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Gupshup has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Gupshup has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit www.dataprivacyframework.gov

In Compliance with EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S DPF, Gupshup commits to resolve DPF Principles related complaints about our collection and use of your personal information. EU, UK or Swiss individuals with inquires or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and theUK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. DPF should first contact dpo@gupshup.io.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Gupshup commits to cooperate and comply respectively with the advice of the panel established by the EU Data Protection Authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If your complaint regarding our processing of Personal Data cannot be resolved through the above channels, you may invoke binding arbitration under the Data Privacy Framework. This option is available for residual claims that are not resolved by other dispute resolution or enforcement mechanisms. Binding arbitration is subject to certain preconditions, including:

Prior efforts to resolve the dispute through the relevant DPAs or other dispute resolution bodies.
Written notice to the organization outlining the complaint.

18. Complaints or inquiry:

If you have any questions or complaints about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: support@gupshup.io

19. Data protection officer

Our data protection officer can be contacted at dpo@gupshup.io

Conversation Cloud

Converse

Advertise

Gupshup AI

Personalize

Enterprise Security

Communicate

Omnichannel Messaging

eBook

Blog

Company

Resources

Follow Us