Privacy Policy

Sahayak is operated by Demolabs, a proprietorship based in Bengaluru, Karnataka, India. Registered details:

• Proprietor: TODO: Full legal name of proprietor
• Registered address: TODO: Registered address, Bengaluru, Karnataka, India
• Contact: privacy@demolabshq.com

We collect two broad categories of information:

From operators (customers — HR, ops, training leads):

• Account details: name, work email or phone number, company name, role
• Credentials: passwords are stored only as hashes (argon2id); we never see plaintext
• Billing details: handled by our payment partners (Razorpay in India, Stripe internationally); we receive masked card metadata, never full card numbers
• Uploaded documents: SOPs, HR policies, training materials, safety manuals, and any integration content you choose to sync
• Usage telemetry: pages visited, actions taken in the dashboard, IP address, user agent

From workers (your frontline employees using WhatsApp):

• WhatsApp phone number and display name (provided by WhatsApp when the worker messages our number)
• Message content sent to and received from Sahayak on WhatsApp
• Media the worker shares with Sahayak (images, voice notes) — used to answer the worker's question, then retained per the customer's retention policy
• Approximate location if the worker shares it (e.g. reporting an issue at a specific store)

• Deliver the service: answer worker questions, route escalations, generate analytics, send notifications
• Improve product quality: identify common knowledge gaps, fix incorrect answers, refine retrieval — using aggregated and anonymized signals only
• Billing and account administration
• Security and abuse prevention: rate limiting, fraud detection, audit logs
• Customer support: when you reach out for help

We do not train third-party foundation models on your data. We use language model providers under zero-data-retention agreements where available. Your documents and your workers' messages are used only to serve your team — never to train external models or shown to other customers.

For Indian customers, application data is stored in cloud regions within India (primarily Mumbai / ap-south-1). We do not transfer personal data outside India without your consent, except where necessary for the limited cross-border processing described in "Third-party processors" below.

We rely on a small set of vetted processors. Each is bound by a data processing agreement and processes data only on our instructions:

• WhatsApp / Meta: message delivery between workers and Sahayak
• LLM providers (accessed via Vercel AI Gateway with zero data retention): generating answers
• Razorpay (India) and Stripe (international): payments
• Cloud infrastructure providers (AWS / Vercel) in India regions for Indian customers
• Sentry: error monitoring (no message content, only stack traces)
• PostHog: product analytics (events only, no message content)

We use a small number of cookies. The only strictly necessary cookie is sahayak_session, which keeps you signed in. We also use a privacy-friendly analytics cookie to measure aggregate usage. You can clear cookies from your browser at any time — clearing the session cookie will sign you out.

Under the DPDPA you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Nominate someone to exercise these rights on your behalf in case of incapacity or death
• File a grievance with our Grievance Officer (contact below)

To exercise these rights, email privacy@demolabshq.com. We respond within 30 days.

Operator account data is retained while the account is active. On account closure, personal data is deleted within 90 days, except where we are required to retain it for tax, audit, or legal compliance. Worker message history is retained per the customer's configured retention window (default: 12 months); customers can request earlier deletion via support.

Sahayak is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has used the service, contact us and we will delete their data.

When we make material changes we will notify operators in the dashboard at least 30 days before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.

For privacy questions, contact our Grievance Officer at privacy@demolabshq.com. For everything else, hello@demolabshq.com.