Privacy Policy

1. Introduction

Beth Soft Technologies India Private Limited (hereinafter referred to as "Beth Technologies," "Company," "we," "us," or "our"), a company incorporated under the Companies Act, 2013, with its registered office at Infopark, Kochi, Kerala 682042, India (CIN: U74910KL2020PTC064426), is committed to protecting the privacy and personal data of every individual who interacts with our products, services, and platforms.

This Privacy Policy applies to all products and services offered by Beth Technologies, including but not limited to:

WizMessage — WhatsApp Business API platform for marketing, automation, AI chatbots, payment reminders, and Tally ERP integration
AI Helpdesk — GPT-powered customer support and ticket resolution platform
Custom CRM Solutions — Bespoke customer relationship management integrations
Custom API Development — Third-party integration and workflow automation services
All associated websites, mobile applications, APIs, and sub-domains (collectively, the "Platform")

This Policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Important Notice

By accessing or using any of our products, services, or platforms, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of our services immediately.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings assigned to them below:

Term	Definition
Data Principal	The individual to whom the personal data relates; this includes you as a user, customer, or visitor of our Platform. Where the Data Principal is a child (under 18 years), it includes the parent or lawful guardian.
Data Fiduciary	Beth Soft Technologies India Private Limited, which determines the purpose and means of processing personal data.
Data Processor	Any person or entity that processes personal data on behalf of a Data Fiduciary, including our sub-processors and service providers.
Personal Data	Any data about an individual who is identifiable by or in relation to such data, in digital form.
Processing	Any operation or set of operations performed on personal data, including collection, recording, storage, retrieval, use, disclosure, sharing, erasure, or destruction.
Platform	All websites, applications, APIs, dashboards, and services operated by Beth Technologies.
End User	The recipient of messages sent through our Platform by our customers (e.g., a consumer who receives a WhatsApp message from a business using WizMessage).

3. Applicability & Scope

This Privacy Policy applies to:

All users who register for, subscribe to, access, or use any Beth Technologies product or service
Website visitors who browse bethtechnologies.com, wizmessage.com, or any sub-domains
End Users who receive communications through our Platform on behalf of our customers
Business partners, vendors, and contractors whose personal data we process in the course of our business operations
Job applicants and employees whose data is processed for recruitment and employment purposes

This Policy applies to the processing of digital personal data within India and to processing outside India where it relates to offering goods or services to individuals located within India, in accordance with Section 2 of the DPDP Act, 2023.

4. Personal Data We Collect

We collect and process the following categories of personal data, each linked to the specific service or purpose for which it is required:

4.1 Account & Identity Data

Data Category	Examples	Purpose
Identity Information	Full name, email address, phone number, business name	Account creation, communication, support
Authentication Data	Password (encrypted), two-factor authentication tokens	Account security and access control
Business Verification	GST number, business registration details, Meta Business verification data	WhatsApp Business API setup, compliance
Billing Information	Billing address, tax identification numbers	Invoicing, tax compliance

4.2 Payment Data

Data Category	Examples	Purpose
Transaction Records	Subscription plan, payment amounts, payment dates, invoice history	Subscription management, accounting
Payment Method	Partial card details (last 4 digits), UPI ID, bank name	Payment processing, refund processing

Note: Full payment card details are processed exclusively by our PCI-DSS compliant payment gateway partner(s) and are never stored on our servers.

4.3 Usage & Technical Data

Data Category	Examples	Purpose
Platform Usage	Features accessed, messages sent/received count, chatbot interactions, campaign statistics	Service delivery, analytics, improvements
Device & Browser	IP address, browser type, operating system, device type, screen resolution	Security, compatibility, diagnostics
Log Data	Access timestamps, API call logs, error logs, session duration	Security monitoring, debugging, compliance

4.4 Communication Data

Data Category	Examples	Purpose
WhatsApp Message Data	Message templates, broadcast lists, contact lists uploaded by customer, chatbot conversation logs	Service delivery (sending messages on behalf of customer)
Support Communications	Support tickets, chat transcripts, email correspondence with our team	Customer support, quality improvement

4.5 Integration Data

Data Category	Examples	Purpose
Tally ERP Data	Invoice numbers, party names, outstanding amounts, payment statuses (synced by customer)	Automated payment reminders via WhatsApp
CRM Data	Customer records, lead information, pipeline data (synced by customer)	CRM integration services
Third-Party API Data	Webhook payloads, API authentication tokens	Integration services, workflow automation

Data Processed on Behalf of Customers

When our customers upload contact lists, Tally data, or CRM records to our Platform, they act as the Data Fiduciary for that data, and Beth Technologies acts as a Data Processor. Our customers are responsible for obtaining appropriate consent from their end users before uploading such data to our Platform. We process this data solely as instructed by our customers and in accordance with our Terms and Conditions.

5. Purpose of Processing

We process your personal data for the following specific, lawful purposes:

Service Delivery: To create and maintain your account, provide access to our SaaS products, process and deliver WhatsApp messages, operate AI chatbots, execute automated workflows, and sync with integrated platforms (Tally, CRM, etc.)
Billing & Transactions: To process subscription payments, generate invoices, manage renewals, process refunds, and maintain financial records as required by law
Customer Support: To respond to your queries, troubleshoot technical issues, provide onboarding assistance, and resolve complaints
Platform Improvement: To analyze usage patterns, identify bugs, improve performance, develop new features, and enhance user experience
Security & Compliance: To detect fraud, prevent unauthorized access, monitor for abuse, enforce our terms, and comply with legal obligations
Communication: To send transactional notifications (payment confirmations, service updates, security alerts), and where you have opted in, promotional communications about our products and services
Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including tax laws, the IT Act, and the DPDP Act

We shall not process your personal data for any purpose beyond what is specified above, or for any purpose that is not reasonably expected by you, without obtaining fresh consent.

6. Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data based on the following legal grounds:

Consent (Section 6, DPDP Act): Where you have given free, specific, informed, unconditional, and unambiguous consent to the processing. This is the primary basis for most of our processing activities.
Legitimate Uses (Section 7, DPDP Act): Where processing is necessary for purposes you have voluntarily provided your data for (e.g., fulfilling a service you have subscribed to), for compliance with Indian law, for responding to medical emergencies, for employment-related purposes, or for purposes in the public interest.
Contractual Necessity: Where processing is necessary to perform a contract with you (e.g., delivering the SaaS services you have subscribed to).
Legal Compliance: Where processing is required under applicable Indian law (e.g., tax records, regulatory filings, law enforcement requests).

7.1 How We Obtain Consent

We obtain your consent through clear, affirmative actions at the time of data collection, including:

Account registration forms with explicit consent checkboxes
Cookie consent banners on our websites
Opt-in mechanisms for marketing communications
Consent dialogs for specific data processing activities (e.g., Tally data sync, contact list import)

Each consent request is accompanied by this Privacy Policy notice, clearly describing what personal data is being collected, the purpose of processing, and how you can exercise your rights.

7.2 Withdrawal of Consent

You have the right to withdraw your consent at any time. To withdraw consent:

For marketing communications: Click the "Unsubscribe" link in any promotional email
For platform data processing: Email us at privacy@bethtechnologies.com with the subject line "Consent Withdrawal"
Through your account dashboard: Navigate to Settings → Privacy → Manage Consent

Upon withdrawal of consent, we will cease processing your data for the specified purpose within a reasonable time (not exceeding 30 days). Please note that withdrawal of consent may impact our ability to provide certain services to you, but will not affect the legality of processing carried out before the withdrawal.

We do not sell, rent, or trade your personal data to any third party. We may share your personal data only in the following circumstances:

8.1 Service Providers (Data Processors)

We engage trusted third-party service providers who process data on our behalf under strict contractual obligations:

Service Provider Category	Purpose	Data Shared
Meta Platforms (WhatsApp Business API)	Message delivery via WhatsApp	Phone numbers, message content, templates
Cloud Infrastructure Providers	Hosting, storage, computation	All platform data (encrypted at rest)
Payment Gateway Providers	Payment processing	Transaction details, billing info
Analytics Providers	Usage analytics, performance monitoring	Anonymized/pseudonymized usage data
Customer Support Tools	Ticketing, live chat	Name, email, support correspondence
Email Service Providers	Transactional and marketing emails	Email address, name

All Data Processors are contractually bound to process data only as instructed by us, maintain confidentiality, implement adequate security measures, and delete or return data upon termination of the engagement.

8.2 Legal Disclosures

We may disclose personal data where required or permitted by law, including:

In response to lawful requests by public authorities, including law enforcement or national security agencies
To comply with a court order, subpoena, or legal process
To enforce our Terms and Conditions or protect our legal rights
To prevent fraud, security incidents, or illegal activities

8.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of the transaction. We will provide notice before your data becomes subject to a different privacy policy.

9. Cross-Border Data Transfer

Your personal data may be transferred to and processed in countries outside India, including by our cloud infrastructure providers and third-party service providers. Such transfers are made in compliance with the DPDP Act, 2023, and we ensure that:

Data is not transferred to countries specifically restricted by the Central Government of India through notification under the DPDP Act
Adequate contractual safeguards are in place with all international data processors
The receiving party maintains security standards equivalent to or exceeding those required under Indian law

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with our legal obligations:

Data Category	Retention Period	Reason
Account Data	Duration of account + 90 days post-deletion	Service delivery, account recovery window
Transaction & Billing Records	8 years from date of transaction	Income Tax Act, GST compliance
WhatsApp Message Logs	90 days from delivery	Delivery reporting, dispute resolution
Chatbot Conversation Logs	Duration of subscription + 30 days	Service delivery, knowledge base training
Customer Contact Lists	Deleted upon account termination or customer request	Service delivery only
Support Tickets	3 years from resolution	Quality assurance, recurring issue identification
Log & Security Data	1 year minimum	Security monitoring, DPDP Rules compliance
Cookie & Analytics Data	13 months maximum	Usage analytics

Upon expiry of the retention period, or upon withdrawal of consent (where consent was the legal basis), personal data is securely deleted or anonymized within 30 days, unless retention is required by law.

11. Data Security Safeguards

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, use, disclosure, modification, or destruction, in compliance with the DPDP Rules, 2025:

Encryption: All personal data is encrypted at rest (AES-256) and in transit (TLS 1.2/1.3). Database fields containing sensitive data are additionally encrypted at the application level.
Access Controls: Role-based access control (RBAC) with the principle of least privilege. Multi-factor authentication (MFA) for all internal systems and administrative access.
Access Logging: Comprehensive audit logs of all data access events, reviewed regularly.
Infrastructure Security: Enterprise-grade cloud infrastructure with firewalls, intrusion detection systems (IDS), DDoS protection, and regular vulnerability assessments.
Data Backups: Encrypted, geographically distributed backups to ensure continuity of processing even in disaster scenarios.
Organizational Measures: Employee confidentiality agreements, regular security awareness training, background checks for personnel with data access, and documented incident response procedures.
Vendor Security: Contractual security obligations for all Data Processors and sub-processors, including the right to audit.

Despite these measures, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

12. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights regarding your personal data:

Right to Access (Section 11): You have the right to obtain a summary of your personal data being processed by us along with the processing activities. Request this via your account dashboard or by emailing us.
Right to Correction (Section 11): You have the right to request correction of inaccurate or misleading personal data, and completion of incomplete personal data.
Right to Erasure (Section 12): You have the right to request erasure of your personal data where the specified purpose has been fulfilled and retention is no longer necessary, or where you have withdrawn your consent.
Right to Grievance Redressal (Section 13): You have the right to have your grievances addressed through our internal mechanism and, if unsatisfied, to file a complaint with the Data Protection Board of India.
Right to Nominate (Section 14): You have the right to nominate any individual who shall exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact our Grievance Officer (details in Section 18 below). We will respond to valid requests within 30 days and will not charge a fee for processing your first request within a 12-month period.

12.1 Your Duties as a Data Principal

Under Section 15 of the DPDP Act, you also have certain duties, including:

Providing only accurate and complete personal data when registering or using our services
Not impersonating another person while providing personal data
Not suppressing material information while providing personal data
Not filing false or frivolous complaints with the Data Protection Board

13. Children's Personal Data

Our products and services are intended for use by individuals who are 18 years of age or older, or by businesses and their authorized representatives. We do not knowingly collect personal data from children (individuals below 18 years of age) without verifiable consent from a parent or lawful guardian.

In compliance with Section 9 of the DPDP Act, 2023:

We obtain verifiable consent from a parent or lawful guardian before processing any personal data of a child
We do not undertake processing that is likely to cause detrimental effect on the well-being of a child
We do not track, behaviorally monitor, or target advertising at children

If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete such data within 72 hours.

14. Cookies & Tracking Technologies

Our websites and Platform use cookies and similar tracking technologies to enhance your experience:

Cookie Type	Purpose	Duration	Required?
Essential Cookies	Authentication, session management, security, load balancing	Session / 30 days	Yes — cannot be disabled
Functional Cookies	Language preferences, dashboard settings, theme selection	1 year	Optional
Analytics Cookies	Page views, feature usage, performance monitoring	13 months	Optional
Marketing Cookies	Campaign attribution, conversion tracking	90 days	Optional

You can manage your cookie preferences through the cookie consent banner displayed on your first visit, or at any time through your browser settings. Disabling non-essential cookies will not affect the core functionality of our services.

15. Third-Party Services & Links

Our Platform may contain links to third-party websites or integrate with third-party services (e.g., Meta/WhatsApp, Tally, Salesforce, HubSpot, payment gateways). These third parties have their own privacy policies, and we are not responsible for their data practices. We encourage you to review the privacy policies of any third-party service before providing your personal data.

Key third-party policies relevant to our services:

Meta Platforms / WhatsApp: WhatsApp Privacy Policy
Razorpay / Payment Gateways: Subject to respective PCI-DSS compliant privacy policies

16. WhatsApp Business API — Special Provisions

Given that WizMessage operates on the official WhatsApp Business API provided by Meta Platforms, the following additional provisions apply:

Meta's Terms: All WhatsApp messaging is subject to WhatsApp Business Terms of Service and WhatsApp Business Policy. Users must comply with Meta's commerce, messaging, and data handling requirements.
Message Content: Message content sent through our Platform is transmitted via Meta's servers. We do not store the content of delivered messages beyond the retention period specified in Section 10.
Contact Data: Contact lists uploaded by customers are stored on our servers and are used solely for the purpose of message delivery. We do not use customer contact lists for our own marketing or share them with third parties.
Opt-Out Compliance: We provide tools for end users to opt out of receiving messages. When an end user opts out, we immediately cease sending messages to that number and update the customer's contact list accordingly.
Co-Existence Mode: When operating in co-existence mode (where the customer continues to use their existing WhatsApp Business app alongside our API), we do not access, read, or store messages from the customer's personal WhatsApp app.

17. Data Breach Notification

In the event of a personal data breach, we follow a strict protocol in compliance with the DPDP Act, 2023 and DPDP Rules, 2025:

Detection & Containment: Our security team is available 24/7 to detect, investigate, and contain breaches immediately upon discovery.
Board Notification: We will notify the Data Protection Board of India of any personal data breach without unreasonable delay, and within the timeframe prescribed by the DPDP Rules.
Data Principal Notification: We will notify affected Data Principals of any breach that is likely to result in harm, providing details of the nature of the breach, the data affected, and the steps being taken to mitigate harm.
Remediation: We implement corrective measures, conduct post-incident reviews, and update security safeguards as needed.
Record Keeping: All breach incidents are documented and maintained for a minimum of 1 year, including the nature of the breach, data affected, root cause analysis, corrective actions, and notifications sent.

18. Grievance Redressal

In compliance with the DPDP Act, 2023, we have appointed a Grievance Officer to address your privacy-related concerns and complaints:

Grievance Officer / Data Protection Officer

Name: The Grievance Officer, Beth Technologies
Email: privacy@bethtechnologies.com
Phone: +91 80750 60280
Address: Beth Technologies, 2nd Floor, Olimala Tower, Vazhapilly, Muvattupuzha, Kerala, India -686673
Response Time: Within 48 hours of receiving your complaint, with full resolution within 30 days

If you are unsatisfied with our response, you have the right to file a complaint with the Data Protection Board of India established under the DPDP Act, 2023.

19. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:

The "Last Updated" date at the top of this page will be revised
For material changes, we will notify you via email to your registered email address and/or through a prominent notice on our Platform at least 15 days before the changes take effect
Where required by law, we will obtain fresh consent for any new processing activities not covered by the original consent

We encourage you to review this Policy periodically. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Policy.

20. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Beth Technologies
2nd Floor, Olimala Tower
Vazhapilly, Muvattupuzha
Kerala, India -686673

General Inquiries: info@bethtechnologies.com
Privacy Inquiries: privacy@bethtechnologies.com
Phone: +91 80750 60280
Support Portal: bethtechnologies.freshdesk.com

This Privacy Policy is available in English. In the event of any inconsistency between translated versions and the English version, the English version shall prevail.

© 2026 Beth Soft Technologies India Private Limited. All rights reserved.