InboundSage

Legal

Privacy Policy

Last updated: 21 May 2026

Spectrum Enterprises (“InboundSage”, “we”, “us”) operates the InboundSage marketing-automation platform. This Privacy Policy explains what personal data we collect, why, how we store and protect it, and your rights under the Digital Personal Data Protection Act, 2023 (the “DPDP Act”).

1. Who we are

Data Fiduciary: Spectrum Enterprises, Flat No. 1201, J Wing, ParkSyde Homes, Near Bali Mandir, Hanuman Nagar, Panchavati, Nashik, Maharashtra 422003, India. GSTIN 27BDXPB5801K2Z7. Privacy contact: hello@inboundsage.com.

2. Data we collect

  • Account data: name, business name, email, phone number, password (hashed).
  • Billing data: billing name, GSTIN, and payment metadata. Card/bank details are handled by Razorpay; we do not store them.
  • WhatsApp conversation data: messages, contacts, templates, and delivery metadata processed through your connected WhatsApp Business Account, via Meta’s official APIs, in order to provide inbox, broadcast, and automation features.
  • Usage data: log data, device/browser information, and cookies (see section 8).

3. Why we collect it

To provide and operate the Service; to authenticate users; to process subscription billing; to provide customer support; to maintain security and prevent abuse; and to comply with legal obligations.

4. Legal basis

We process personal data on the basis of your consent and for the performance of our contract with you, in accordance with the DPDP Act, 2023.

5. How we store and protect it

Data is stored on secured servers with encryption in transit (TLS) and access controls. Production data is hosted on infrastructure located in India. Access is restricted to authorised personnel on a need-to-know basis.

6. Third parties we share data with

We share data only as necessary to provide the Service:

  • Meta Platforms (WhatsApp Business Platform) — as the messaging channel and API provider. Your WhatsApp conversation data is processed through Meta’s infrastructure subject to Meta’s terms and privacy policy.
  • Razorpay (Razorpay Payments Private Limited) — for payment processing.
  • Resend — for transactional email delivery (e.g., account notifications).

We do not sell your personal data.

7. Your rights (DPDP Act, 2023)

You have the right to access, correct, and erase your personal data; to withdraw consent; to nominate; and to grievance redressal. To exercise these rights, contact hello@inboundsage.com. We respond within the timelines required by law.

8. Cookies

We use essential cookies for authentication and session management, and minimal analytics cookies to understand usage. You can control cookies through your browser settings.

9. Data retention

We retain account and billing data for as long as your account is active and as required by Indian tax and accounting law (typically up to 8 years for financial records). WhatsApp conversation data is retained while your account is active and deleted within 90 days of account closure, unless a longer period is legally required.

10. Children

The Service is not directed to individuals under 18.

11. Changes

We may update this Privacy Policy; material changes will be notified by email or in-app.

12. Grievance Officer

For privacy concerns or complaints under the DPDP Act, contact our Grievance Officer at hello@inboundsage.com. We acknowledge complaints within 48 hours and resolve them within the statutory timeframe.