Get in touch →
Home Privacy Policy
Legal

Privacy Policy

This policy explains how Skanda AI Solutions Private Limited collects, uses, stores, and protects data across all our AI services and platforms.

Last updated: May 19, 2026

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. WhatsApp Business Platform
  5. Voice AI & Telephony Services
  6. Other AI Services & Platforms
  7. Data Sharing & Third Parties
  8. Data Retention & Deletion
  9. Security Measures
  10. Your Rights
  11. Opt-In & Opt-Out
  12. Children's Privacy
  13. International Data Transfers
  14. Legal Basis for Processing
  15. Changes to This Policy
  16. Contact Us

1. Who We Are

Skanda AI Solutions Private Limited (hereinafter "Skanda AI", "we", "our", or "us") is an Artificial Intelligence engineering company incorporated under the Companies Act, 2013, with CIN U62013TS2026PTC216311 and GSTIN 36ABTCS7747M1Z7, having its registered office at Plot No. 69, Road No. 7, HMT Officers Colony, Alwal, Hyderabad – 500010, Telangana, India.

We design, develop, and deploy AI-powered systems including but not limited to Voice AI agents, WhatsApp Business automation, conversational AI chatbots, computer vision systems, machine learning models, large language model (LLM) fine-tuning, retrieval-augmented generation (RAG) systems, agentic AI pipelines, and enterprise workflow automation — for businesses in India and globally.

This Privacy Policy applies to all persons and entities who visit our website (www.skandaai.in), engage our services, use any platform or application we develop, or whose data is processed as part of any AI deployment we operate on behalf of a client.

2. Data We Collect

We collect data in the following categories depending on the nature of your interaction with us:

2.1 Website Visitors

  • Name, email address, phone number, company name submitted via contact forms
  • IP address, browser type, device type, pages visited, referral source (via Google Analytics)
  • Cookie data for analytics and preference storage

2.2 Business Clients

  • Company name, CIN/GSTIN, registered address, authorised representative name and contact details
  • Payment and billing information (processed via third-party payment processors — we do not store card numbers)
  • Project specifications, business requirements, integration credentials, and API access tokens provided to us during engagement

2.3 End Users of Client Deployments

When we deploy AI systems on behalf of our clients — including WhatsApp automation, voice agents, chatbots, and analytics platforms — we may process personal data of the end users of those systems on behalf of our clients (as a data processor). This data may include:

  • WhatsApp phone numbers and message content
  • Voice call recordings and transcripts
  • Names, queries, and interaction history
  • Location data (where provided by the user)
  • Order, transaction, or support-related data specific to the client's business

2.4 Technical & Operational Data

  • System logs, error logs, and performance metrics from deployed AI systems
  • Model inference data and anonymised conversation data used to improve system performance
  • Webhook payloads, API request/response data

3. How We Use Your Data

We use data collected for the following purposes:

  • Service delivery: To build, deploy, operate, and maintain AI systems for our clients
  • Communication: To respond to enquiries, send project updates, invoices, and support communications
  • Analytics: To understand website usage and improve our services
  • Compliance: To meet our legal, regulatory, and contractual obligations
  • Security: To detect, investigate, and prevent fraud, abuse, or unauthorised access
  • Marketing: With your consent only, to send relevant updates about our services (you can opt out at any time)
  • Model improvement: Using anonymised, aggregated data to improve AI model performance, where permitted by client agreement

We do not sell, rent, or trade your personal data to any third party for commercial gain.

4. WhatsApp Business Platform

This section specifically addresses data processing conducted via the WhatsApp Business Platform and Meta's Cloud API, in compliance with Meta's Data Privacy and Security requirements for Business Solution Providers.

Skanda AI operates as a technology platform provider using the WhatsApp Business Platform Cloud API provided by Meta Platforms, Inc. We build and deploy WhatsApp-based automation and AI communication solutions on behalf of business clients.

4.1 Data Processed via WhatsApp

When we operate WhatsApp-based AI systems on behalf of a client, the following data is processed through the WhatsApp Cloud API:

  • Sender and recipient phone numbers
  • Message content (text, media, templates)
  • Message metadata (timestamps, delivery status, read receipts)
  • WhatsApp Business Account (WABA) information
  • Interactive response data (button clicks, list selections)

4.2 Opt-In Requirement

We only send WhatsApp messages to users who have explicitly opted in to receive communications from the relevant business. Our client deployments are built to collect, record, and honour opt-in consent before any message is sent. Opt-in may be collected via:

  • Website forms, checkout flows, or registration pages operated by our clients
  • In-chat flows where the user proactively initiates contact
  • Click-to-WhatsApp advertisements (Meta ads)
  • Offline sign-ups where the user's written consent is documented by the client

We do not send unsolicited marketing messages. Our clients are contractually required to obtain and maintain valid opt-in records prior to initiating any WhatsApp communication.

4.3 Role as Data Processor

With respect to end-user data processed through WhatsApp, Skanda AI acts as a data processor on behalf of our business clients (data controllers). Our clients bear primary responsibility for ensuring they have obtained the necessary consents and legal basis for processing under applicable laws.

Skanda AI, as a platform connecting to Meta's Cloud API, makes phone numbers, message content, and message metadata available to Meta as part of the Cloud API architecture. Meta's processing of this data is governed by the WhatsApp Business Platform Cloud API Terms and Meta Terms for WhatsApp Business.

4.4 Prohibited Data on WhatsApp

We do not and will not transmit the following categories of data via the WhatsApp Business Platform:

  • Full-length payment card numbers or financial account numbers
  • Government-issued ID numbers (Aadhaar, PAN, Passport) unless required and encrypted by the specific use case
  • Protected health information (PHI) unless the deployment is specifically architected for healthcare compliance
  • Biometric data
  • Sexually explicit content or content prohibited under WhatsApp Business Policy

4.5 Message Templates

All outbound WhatsApp messages initiated by our clients outside the 24-hour customer service window use Meta-approved message templates. Templates are submitted for Meta's review and approval before use. We maintain records of all approved templates per client deployment.

4.6 WhatsApp Data Retention

Message content processed via the WhatsApp Cloud API is retained on Meta's infrastructure for up to 30 days per Meta's standard policy. Conversation logs stored on our platform are retained for the duration of the client agreement, after which they are permanently deleted within 30 days of contract termination. Clients may request earlier deletion at any time.

5. Voice AI & Telephony Services

When we deploy Voice AI agents (inbound or outbound call automation) for clients, the following data may be processed:

  • Caller phone numbers and call metadata
  • Audio recordings of conversations (where permitted under applicable law and disclosed to callers)
  • Automated speech recognition (ASR) transcripts
  • Call duration, outcome classification, and agent performance data

All voice AI deployments include a mandatory disclosure to callers that the call may be automated or recorded. Callers are given the option to speak with a human agent at any point. We do not retain audio recordings beyond the period required for quality assurance and model improvement, unless the client specifies a longer retention requirement for their own compliance purposes.

6. Other AI Services & Platforms

6.1 Computer Vision

Camera feeds, images, or video streams processed through our computer vision systems (for quality control, defect detection, inventory management, or security monitoring) are processed in real time. Still images or video clips may be retained for model training purposes only with explicit client and, where applicable, end-user consent. We do not retain biometric or facial recognition data unless the use case specifically requires it and is governed by a separate data processing agreement.

6.2 LLM Fine-Tuning & RAG Systems

Client-provided training data, documents, and knowledge bases used for LLM fine-tuning or retrieval-augmented generation are treated as strictly confidential. This data is used exclusively to build and improve the AI system for that specific client and is never shared with or used to benefit any other client or third party. Upon project completion or termination, client training data is permanently deleted from our systems within 30 days.

6.3 Website & Conversational AI Chatbots

Chat conversations with AI systems deployed on client websites are processed to generate responses in real time. Conversation logs are retained per client agreement terms. Users may request deletion of their conversation data by contacting the relevant business (our client) or directly emailing us at privacy@skandaai.in.

6.4 Workflow Automation & Integrations

When our automation systems connect to third-party platforms (CRMs, ERPs, payment gateways), data exchanged through these integrations is processed only as necessary to execute the automated workflow. We do not store third-party platform credentials in plaintext — all credentials are encrypted at rest using AES-256 encryption.

7. Data Sharing & Third Parties

We share data only in the following circumstances:

  • Meta Platforms, Inc. — Phone numbers, message content, and metadata shared via the WhatsApp Business Platform Cloud API as described in Section 4
  • AI model providers — Queries and context sent to LLM providers (e.g., OpenAI, Anthropic) to generate AI responses. These providers process data under their own privacy policies and data processing agreements
  • Cloud infrastructure providers — Data hosted on cloud servers (AWS, Google Cloud, Azure) under standard data processing agreements
  • Payment processors — Billing information processed by third-party payment gateways (Razorpay, Stripe). We do not store card details
  • Analytics — Anonymised website analytics processed by Google Analytics (GA4)
  • Legal requirements — If required by law, court order, or regulatory authority in India or the jurisdiction governing the data
  • Business transfers — In the event of a merger, acquisition, or sale of assets, data may be transferred to the acquiring entity subject to equivalent privacy protections

We do not sell personal data. We do not share client or end-user data with advertisers or data brokers.

8. Data Retention & Deletion

We retain data for the minimum period necessary to fulfil the purpose for which it was collected:

  • Client contract data: Duration of the engagement + 5 years (for legal and accounting compliance under the Companies Act and GST Act)
  • WhatsApp conversation logs: Duration of client agreement, deleted within 30 days of termination
  • Voice call recordings: 90 days unless extended by client agreement
  • LLM training data: Duration of project, deleted within 30 days of completion or termination
  • Website contact form submissions: 2 years or until the enquiry is resolved
  • Website analytics: 26 months (Google Analytics default, anonymised)

Upon expiry of the retention period, data is permanently deleted or anonymised such that it can no longer be attributed to an individual or business entity. Deletion requests are processed within 30 days of receipt.

9. Security Measures

We implement technical and organisational measures to protect data against unauthorised access, loss, or disclosure:

  • Encryption in transit: All data transmitted over our systems uses TLS 1.2 or higher
  • Encryption at rest: Sensitive data stored on our servers is encrypted using AES-256
  • Access control: Role-based access control (RBAC) — employees and contractors access only the data required for their role
  • API security: All API tokens and credentials are stored in encrypted secret managers, never in source code or plaintext configuration files
  • Infrastructure security: Production environments are isolated from development environments. Security patches are applied within 72 hours of release
  • Incident response: We maintain a documented incident response procedure. In the event of a data breach affecting personal data, affected parties and relevant authorities will be notified within 72 hours as required by applicable law
  • Third-party audits: We conduct periodic security reviews of our infrastructure and third-party integrations

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to correction: Request correction of inaccurate or incomplete data
  • Right to deletion: Request deletion of your personal data ("right to be forgotten")
  • Right to portability: Receive your data in a structured, machine-readable format
  • Right to restriction: Request that we restrict processing of your data in certain circumstances
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at privacy@skandaai.in. We will respond within 30 days. If you are an end user of a service operated by one of our clients, please contact that business directly — we will cooperate with them to fulfil your request.

If you are in India, you also have rights under the Digital Personal Data Protection Act, 2023 (DPDPA). If you are in the European Union or UK, you have rights under the General Data Protection Regulation (GDPR).

11. Opt-In & Opt-Out

WhatsApp communications: You will only receive WhatsApp messages from a Skanda AI-powered system if you have explicitly opted in through the relevant business's consent mechanism. To opt out at any time, reply "STOP" to any WhatsApp message, or contact the business that deployed the service. We will process opt-out requests within 24 hours.

Voice calls: Outbound automated calls are made only to numbers that have been provided with consent for such contact. To opt out, say "remove me" or "stop calling" at any point during the call, or contact us at privacy@skandaai.in.

Email marketing: We send marketing emails only with your prior consent. Every marketing email contains an unsubscribe link. Opt-out requests are processed immediately.

Website cookies: You may manage cookie preferences through your browser settings. Disabling analytics cookies does not affect website functionality.

12. Children's Privacy

Our services are intended for businesses and individuals aged 18 years or older. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@skandaai.in and we will delete such data promptly.

13. International Data Transfers

As an India-headquartered company serving clients globally, data may be transferred across borders in the following contexts:

  • WhatsApp Cloud API data is processed on Meta's global infrastructure, which may include servers outside India
  • AI model inference data sent to providers (OpenAI, Anthropic, Google) may be processed in the United States
  • Cloud infrastructure (AWS, GCP, Azure) may host data in regions chosen by the client or Skanda AI

Where we transfer data outside India, we ensure appropriate safeguards are in place including standard contractual clauses, data processing agreements with third-party providers, or other mechanisms recognised under applicable law. For EU/UK data subjects, transfers are governed by GDPR-compliant mechanisms.

We process personal data on the following legal bases:

  • Contract: Processing necessary for the performance of a contract with our clients or to take pre-contractual steps
  • Consent: Where we have obtained explicit consent from the data subject (e.g., WhatsApp opt-in, email marketing consent)
  • Legitimate interests: For security monitoring, fraud prevention, and improving our services — balanced against data subjects' rights
  • Legal obligation: Where processing is required to comply with Indian law, GST, corporate filings, or court orders

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our services, technology, legal requirements, or best practices. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify clients by email.

Continued use of our services after the effective date of a revised policy constitutes acceptance of the updated terms. We encourage you to review this policy periodically.

16. Contact Us

For any privacy-related questions, requests, or complaints, please contact our designated Privacy Officer:

Data Privacy Officer — Skanda AI Solutions Private Limited

Email: privacy@skandaai.in
General: karthik@skandaai.in
Phone: +91 98665 17854
Address: Plot No. 69, Road No. 7, HMT Officers Colony, Alwal, Hyderabad – 500010, Telangana, India
Website: www.skandaai.in

We will acknowledge all privacy requests within 5 business days and resolve them within 30 days.