Privacy Policy

Last updated: 2026-05-26 Effective date: 2026-05-26

This Privacy Policy describes how Tellusys Info Pvt Ltd ("Tellusys", "we", "us", "our") collects, uses, stores, shares, and protects personal information when you use any of our services. It covers:

Virtuo / Vibot (virtuo.in, vibot.virtuo.in, waapi.virtuo.in) — our WhatsApp AI customer-service platform
Tellusys legacy services — voice call-center solutions, custom IT consulting, and any other Tellusys-operated product

If you only use one of our products, the sections specific to that product apply to you in addition to the common sections.

1. About us

Tellusys Info Pvt Ltd is a private limited company incorporated in India. We operate the Virtuo platform alongside other legacy IT services.

Registered name: Tellusys Info Pvt Ltd
Country of incorporation: India
Primary place of business: India
Contact for privacy inquiries: privacy@tellusys.in (you may also reach the founder directly at pratham@tellusys.in)
Grievance Officer (DPDP Act, 2023): Pratham Gupta, pratham@tellusys.in

2. The three categories of people whose data we process

Throughout this policy, we refer to three distinct categories of people:

Customer / Tenant — the business that signs up for a Virtuo or Tellusys account and pays for the service. Typically a company owner, admin, or employee.
End-customer — an individual who messages a Virtuo Tenant's WhatsApp Business number (i.e. the Tenant's own customer). End-customers do not have direct accounts with us; their data is processed on behalf of the Tenant.
Visitor — anyone who browses our marketing sites (virtuo.in, tellusys.in) without signing up.

Our role differs depending on the category:

For Customer/Tenant data and Visitor data, we are the Data Fiduciary (DPDP) / Data Controller (GDPR).
For End-customer data flowing through a Tenant's WhatsApp Business number, we are the Data Processor acting on the Tenant's instructions. The Tenant is the Data Fiduciary/Controller in this relationship.

3. Information we collect (common across all services)

3.1 Information you give us directly

Account information: name, email, business name, phone number, billing address
Payment information: card details and bank details are processed by Razorpay; we never see or store full card numbers
Communications with us: support emails, chats, feedback, demo-request forms
Account credentials: managed by Clerk (our authentication provider) — we receive an opaque user ID, never your password

3.2 Information we collect automatically

Usage data: pages visited, features used, time spent, click events
Device/browser data: IP address, browser type, operating system, device identifiers
Cookies and similar technologies: essential, analytics, and functionality cookies. See Section 12 for details.
Server logs: request timestamps, response codes, error traces (retained 30 days for security/debugging)

3.3 Information from third parties

Identity providers: if you sign in with Google or another SSO, we receive your email, name, and profile picture from that provider
Payment processors: transaction status and basic billing identifiers from Razorpay
Integration partners: if you connect a third-party service (Google Calendar, Slack, etc.), we receive the data scoped to that integration (see Section 6)

4. How we use your information (common)

We process personal information to:

Provide, maintain, and improve our services
Authenticate you and secure your account
Process payments and prevent fraud
Communicate with you about service changes, security alerts, and (where you've opted in) product news
Comply with legal obligations under Indian law and the laws of jurisdictions where you reside
Train internal models for service quality (only on anonymized/aggregated data; never on raw customer or end-customer messages)

We do not sell personal data. We do not use end-customer WhatsApp messages to train any third-party AI model.

5. Virtuo / Vibot — additional disclosures

This section applies if you (a) sign up for a Virtuo Tenant account, or (b) message a business that uses Virtuo on their WhatsApp Business number.

5.1 What we process

From Tenants:

Account profile (name, email, business name)
WhatsApp Business Account (WABA) metadata received from Meta during Embedded Signup
WhatsApp access_token (stored encrypted with AES-256-GCM at rest)
Agent configuration: system prompt, persona name, greeting, escalation rules
Knowledge base documents you upload (PDF, DOCX, text, URLs)
Connected integration credentials (see Section 6) — all encrypted at rest
Billing data and Razorpay subscription state
Usage counters (messages sent/received per billing cycle)

From End-customers (the WhatsApp users who message a Tenant's business number):

Phone number (E.164 format)
WhatsApp profile name (as provided by Meta)
Inbound message content (text, voice notes, images, documents)
Inbound message metadata (timestamp, message type, media references)
Conversation state (opt-out status, escalation status)
Voice note transcripts (generated by OpenAI Whisper or Deepgram)
AI-generated image captions (generated by OpenAI GPT-4o Vision)
Document text excerpts (extracted with pdf-parse / mammoth)

5.2 How we use End-customer data

To process and respond to the End-customer's messages on behalf of the Tenant
To maintain conversation history so the AI can recall context within a conversation (last ~20 messages)
To generate vector embeddings of the Tenant's knowledge base for retrieval-augmented generation
To flag conversations for human escalation when triggered by AI tool calls
To honor opt-out requests ("STOP", "UNSUBSCRIBE", "OPT OUT") — these are processed immediately and we cease automated replies

We never use one Tenant's End-customer data to serve another Tenant. Tenant data is isolated by tenantId on every database row and every API request.

5.3 AI processing

Vibot uses the following AI services to process messages. Raw message content is sent to these providers, but only as needed to generate a response. We have data-processing agreements with all of them.

Provider	What we send	Why	Provider's data retention
OpenAI (GPT-4o)	Conversation history + system prompt for AI reasoning	To generate the AI's reply	OpenAI's API mode — no training, deleted after 30 days per OpenAI's data policy
OpenAI Whisper	Voice note audio (OGG file)	Speech-to-text transcription	Same as above
OpenAI Embeddings	Knowledge base chunks (one-time during ingestion)	To enable RAG search	Same as above
Anthropic Claude	Used as a fallback only when OpenAI is unavailable	Same purpose as GPT-4o	Anthropic's API mode — no training
Deepgram	Voice note audio (fallback to Whisper)	Speech-to-text transcription	Per Deepgram's enterprise terms — not used for model training
ElevenLabs	Reply text (when voice-reply feature enabled by the Tenant)	Text-to-speech for voice replies	Per ElevenLabs' API terms — not used for training
Langfuse	LLM trace data including prompts and outputs	Cost tracking and quality monitoring	Self-hosted by us; not shared with any third party

5.4 Where data is stored

Database: PostgreSQL on a Tellusys-controlled server in AWS Mumbai (ap-south-1)
Media files (voice notes, images, documents): MinIO object storage on the same server (Indian region)
Cache and queues: Redis on the same server
Backups: Encrypted snapshots stored within AWS Mumbai

All servers are located in India unless you explicitly opt into international processing.

6. Third-party integrations you can connect

When you connect a third-party service to Virtuo via OAuth or API key, we receive access scoped to that integration's permissions. We only request the minimum scopes necessary. You can disconnect at any time from Dashboard → Integrations.

6.1 Meta (WhatsApp Business Platform)

Scopes: whatsapp_business_messaging, whatsapp_business_management, business_management
Why: to send and receive WhatsApp messages on behalf of your business
What we store: WhatsApp Business Account ID, Phone Number ID, encrypted access token, your registered display name, message templates, and the messages themselves
How long: for the lifetime of your Tenant account, plus 90 days after deletion
Meta-specific: Vibot complies with Meta's WhatsApp Business Solution Terms and WhatsApp Commerce Policy. End-customers can opt out of automated messaging at any time by sending "STOP", "UNSUBSCRIBE", or "OPT OUT"

6.2 Google (Calendar, Sheets, Sign-in)

When you connect Google Calendar or Google Sheets to your Tenant account:

Calendar scopes: https://www.googleapis.com/auth/calendar.events, https://www.googleapis.com/auth/userinfo.email
Sheets scopes: https://www.googleapis.com/auth/spreadsheets, https://www.googleapis.com/auth/userinfo.email
Why we request each:
- calendar.events — to check availability and book appointments on behalf of your WhatsApp end-customers when they ask, e.g., "Can I book a slot for tomorrow?"
- spreadsheets — to append leads or look up rows in a spreadsheet you select, on instructions from your AI agent
- userinfo.email — to display which Google account is connected on your Tenant dashboard
What we store: OAuth refresh token (encrypted with AES-256-GCM), the connected account's email address, the calendar/spreadsheet IDs you select
What we do NOT do:
- We do not read your Calendar events except to check freeBusy windows you authorize the AI to query
- We do not list, scan, or index your spreadsheets except the ones you explicitly choose
- We do not transfer Google user data to any third party other than as essential to provide the integration (e.g., to OpenAI when the AI agent decides whether to book)
- We do not use Google user data for advertising
- We do not allow humans to read Google user data except: (a) with your explicit consent for support purposes, (b) to comply with legal process, or (c) for internal security operations on encrypted data
Limited Use: Tellusys's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
How long: until you disconnect, or 90 days after Tenant account deletion

6.3 Slack

Scopes: chat:write, channels:read
Why: to send messages from your AI agent into a Slack channel you designate (typically for human-escalation notifications)
What we store: OAuth bot token (encrypted), workspace/team name, channel ID, channel name
How long: until you disconnect, or 90 days after Tenant account deletion

6.4 Shopify

Scopes: read_products, read_orders (read-only)
Why: so the AI agent can look up product information and order status for WhatsApp end-customers
What we store: shop domain, OAuth access token (encrypted)
How long: until you disconnect, or 90 days after Tenant account deletion

6.5 Calendly

Scopes: standard Calendly OAuth (full user access — Calendly does not offer granular scopes)
Why: to fetch your event types and generate one-off booking links for WhatsApp end-customers
What we store: OAuth access + refresh tokens (encrypted), your Calendly user URI, your email
How long: until you disconnect, or 90 days after Tenant account deletion

6.6 Model Context Protocol (MCP) Servers

If you connect an external MCP server:

What we store: the server's HTTPS URL, an optional bearer token (encrypted), a list of tool names discovered from the server
What we do: call the server's tools/list and tools/call endpoints on instructions from your AI agent
What we do NOT do: modify, redistribute, or audit the content returned by the server

6.7 Custom Webhooks

If you author a Custom Webhook tool:

What we store: the HTTPS URL you provide, an optional HMAC secret (encrypted), your JSON Schema for the tool's arguments
What we do: POST signed JSON payloads to your endpoint when the AI invokes the tool
What we do NOT do: retain, cache, or share your endpoint URL or secret with any third party

7. Sub-processors

Beyond the integrations you connect, we use the following sub-processors to operate the service. These have all signed Data Processing Agreements with us where required.

Sub-processor	Purpose	Data shared	Location
Meta Platforms, Inc.	WhatsApp message delivery	All WhatsApp message data	Global (per Meta)
OpenAI, LLC	AI reasoning + transcription + embeddings	Message content, voice notes	US
Anthropic, PBC	Fallback AI reasoning	Message content (fallback only)	US
Deepgram, Inc.	Fallback voice transcription	Voice notes (fallback only)	US
ElevenLabs, Inc.	Text-to-speech	Reply text (voice-reply feature only)	US
Razorpay Software Pvt Ltd	Payment processing	Billing data	India
Clerk, Inc.	Authentication	Email, password hash, session tokens	US
Amazon Web Services (AWS)	Infrastructure hosting	All data, encrypted at rest	India (Mumbai region, `ap-south-1`)
Twilio SendGrid, Inc.	Transactional email	Email addresses, email content	US
Sentry (Functional Software, Inc.)	Error monitoring	Stack traces, error metadata (PII scrubbed)	US

We may update this list from time to time. Material changes will be notified to Tenants via the dashboard or email.

8. Data retention

Data type	Retention period	Reason
Tenant account profile	Lifetime of account + 90 days	To support reactivation and billing reconciliation
WhatsApp messages (inbound + outbound)	Lifetime of account + 90 days	Required for conversation continuity and audit
Voice note recordings (raw OGG)	90 days after creation	Audit and replay; transcripts retained alongside messages
AI-generated image captions and document excerpts	Stored with the parent message	—
Server logs	30 days	Security and debugging
Billing records	7 years	Tax law requirements (India)
Integration tokens (OAuth)	Until disconnected; deleted within 30 days of disconnection	—
Knowledge base documents	Until you delete them; deleted within 30 days of deletion	—
Sentry error traces	90 days	Debugging
Langfuse traces	60 days	Cost monitoring

You may request earlier deletion at any time by emailing privacy@tellusys.in. We will action verifiable deletion requests within 30 days, subject to legal retention requirements.

9. Data security

Encryption in transit: TLS 1.2+ on every external request (Caddy with Let's Encrypt / ZeroSSL automatic renewal)
Encryption at rest: AES-256-GCM for all OAuth tokens, WhatsApp access tokens, integration secrets, and webhook HMAC secrets
Tenant isolation: every database row carries a tenantId; every query is scoped to the authenticated user's tenant. Cross-tenant access is prevented at the query layer.
Access controls: internal access to production systems is restricted to the founding team. Tellusys staff cannot read raw message content except under explicit Tenant consent for support, or as required by law.
Webhook signature verification: all incoming webhooks from Meta, Razorpay, and Clerk are HMAC-verified before processing
Vulnerability management: dependencies scanned for known CVEs; security patches applied within 30 days of disclosure (faster for critical severities)

No security model is perfect. If you discover a vulnerability, please report it to security@tellusys.in. We will acknowledge within 48 hours.

10. International data transfers

Tellusys operates primarily out of India. However:

Some sub-processors listed in Section 7 are based outside India (OpenAI, Anthropic, Clerk, etc.). When data is transferred to them, it occurs under the Standard Contractual Clauses or equivalent contractual safeguards
We do not transfer data outside India for any purpose other than the operation of integrated sub-processors as listed
If you are in the EU/UK, transfers happen under Standard Contractual Clauses
If you are in California, transfers happen under your consent at signup

11. Your rights

Under the Digital Personal Data Protection Act, 2023 (DPDP — India), the General Data Protection Regulation (GDPR — EU/UK), and the California Consumer Privacy Act (CCPA), you have the following rights. We honor them globally regardless of which framework applies to you:

Access: request a copy of the personal data we hold about you
Correction: ask us to correct inaccurate or incomplete data
Deletion / Erasure: ask us to delete your personal data
Portability: request your data in a machine-readable format
Restriction / Objection: ask us to stop or limit certain processing
Withdrawal of consent: at any time, without affecting prior lawful processing
Complaint: lodge a complaint with the Data Protection Board of India, the Information Commissioner's Office (UK), your EU Data Protection Authority, or the California Attorney General as applicable

To exercise any right, email privacy@tellusys.in with your registered email address. We respond within 30 days. If we need more time, we'll tell you why and how much.

End-customers: if you have messaged a business that uses Virtuo, that business is the controller of your data. Address your request to them in the first instance. We will assist them in fulfilling your request.

12. Cookies and tracking

We use the following cookies on our websites (virtuo.in, vibot.virtuo.in, tellusys.in):

Cookie	Purpose	Type
`__session` (Clerk)	Authentication session	Essential
`clerk-db-jwt`	Session validation	Essential
(no analytics cookies set as of this policy version)	—	—

We do not use third-party advertising cookies. We do not embed Facebook Pixel, Google Analytics, or any cross-site tracker on virtuo.in. We may add anonymized analytics (e.g., PostHog, Plausible) in the future; this policy will be updated and Tenants notified before any such addition.

13. Children's privacy

Virtuo and Tellusys services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected such data, contact privacy@tellusys.in and we will delete it.

If you are a Tenant whose WhatsApp Business serves minors, you are responsible for obtaining parental consent under applicable law before the AI engages with them.

14. Tellusys legacy services

This section applies to customers of Tellusys's pre-Virtuo offerings: voice call-center solutions, custom IT consulting, and any other Tellusys-operated product or service that is not part of the Virtuo platform.

14.1 What we collect

Business and contact information (name, company, email, phone)
Project deliverables and intellectual property you share with us under written agreement
Call recordings, only when you have configured the service to record (you are the controller of all recordings)
Voice over IP (VoIP) traffic metadata for the duration of a session

14.2 How we use it

To deliver the contracted services
To maintain technical operations (uptime monitoring, incident response)
To bill, account, and comply with tax obligations
For internal product improvement on aggregated, anonymized data only

14.3 Sharing

We do not share legacy-service customer data with sub-processors except as needed to operate the underlying VoIP, telephony, or hosting infrastructure
Where required by Indian law, we share data with regulatory authorities
We do not share customer data with marketing partners

14.4 Retention

Project and service data: 5 years after termination of the engagement, or as agreed in the Master Services Agreement, whichever is later
Billing records: 7 years (Indian tax law)
Call recordings: per the retention configuration you set; we do not retain copies beyond what's necessary for the service

15. Changes to this policy

We may update this Privacy Policy from time to time. Material changes (new sub-processors, new categories of data collected, changes in retention) will be notified to active Tenants via the dashboard or email at least 30 days before the change takes effect. The "Last updated" date at the top of this policy always reflects the current version.

Historic versions are kept in our public Git repository for reference. If you are looking at this document at a URL we control (virtuo.in/privacy or tellusys.in/privacy), you are always seeing the current version.

16. Contact us

For any privacy question, request, or complaint:

Tellusys Info Pvt Ltd Attn: Privacy — Pratham Gupta Email: privacy@tellusys.in (general privacy inquiries) Email: pratham@tellusys.in (founder, escalation) Email: security@tellusys.in (security vulnerabilities)

For DPDP Act grievances, the designated Grievance Officer is Pratham Gupta, reachable at pratham@tellusys.in.

This policy is governed by the laws of India. Disputes shall be resolved in the courts of India.