Privacy Policy

Privacy Policy

Effective Date: May 7, 2026 · Last Updated: May 7, 2026

This Privacy Policy describes how Samcom Technologies ("we", "our", "us") collects, uses, stores, and discloses information when you use Pingly (available at pingly.in) — our AI-powered WhatsApp CRM & customer support platform. By accessing or using Pingly, you agree to this Privacy Policy.

1. Overview & Scope

Pingly is a B2B SaaS platform that enables businesses ("Workspace Administrators" or "Customers") to manage customer communications across WhatsApp Business API, WhatsApp Direct (personal number via QR scan), and Web Chat. We act as a data processor when handling your end-users' personal data on your behalf, and as a data controller for our own operational data (account, billing, etc.).

This policy applies to:

  • Visitors to pingly.in and its sub-pages (including /pricing, /enterprise)
  • Registered users (Admins, Managers, Agents, Support staff) of the Pingly platform
  • End-customers ("Contacts") whose data is processed through Pingly by our business customers
  • Visitors who interact with a Pingly-powered Web Chat Widget embedded on a third-party site
India DPDP Act 2023: We comply with the Digital Personal Data Protection Act, 2023 (India). As a Data Fiduciary under the Act, we provide individuals with clear notice and obtain consent before processing personal data, and honour all data principal rights described in Section 11.

2. Information We Collect

2.1 Account & Registration Information

When you register for or use Pingly:

  • Identity: Full name, email address, password (bcrypt-hashed, never stored in plaintext), role
  • Organisation: Company name, workspace name, business hours, timezone
  • Integration credentials: WhatsApp Business API keys (Gupshup), AI API keys (Anthropic Claude, OpenAI GPT) — all stored AES-256 encrypted
  • Billing profile: Company name, billing address, GST number, contact email (for invoice delivery)

2.2 Contact & Conversation Data (Processed on Your Behalf)

When businesses use Pingly to communicate with their customers, we process:

  • Contact profiles: Name, phone number, email, tags, opt-in/opt-out status, custom attributes, WhatsApp profile picture URL (if fetched), WhatsApp Business profile data (category, website, description — if applicable)
  • Conversation messages: Text content, images, documents, audio/voice notes, videos, stickers, locations, contact cards (vCards), message timestamps, delivery/read receipts
  • WhatsApp status: Delivery ticks (sent/delivered/read) and message status updates from WhatsApp
  • CSAT ratings: 1–5 star ratings and optional text feedback submitted by end-users
  • Web Chat sessions: Visitor name, email, phone (from pre-chat form); chat messages; session identifiers; browser user-agent (for display only)
  • Support tickets: Ticket subject, description, status, priority, linked conversation data
  • Sales leads: Lead name, phone, email, requirement, budget, pipeline status, notes

2.3 Knowledge Base Documents

If you upload documents (PDFs, Word files, text) to the Pingly Knowledge Base for AI bot training, those documents are stored in our infrastructure and may be processed by the AI provider you select (Anthropic or OpenAI) when the AI bot generates responses. You are responsible for ensuring you have the right to upload and process any documents you provide.

2.4 Enterprise Enquiry Data

When you submit the Enterprise Plan enquiry form at /enterprise, we collect: company name, contact name, work email, phone, team size, use case description, payment preference, and net payment terms. This data is used solely to respond to your enquiry and is visible only to Samcom Technologies's sales team and Super Admin users.

2.5 Automatically Collected Technical Data

  • Server logs: IP addresses, browser type, OS, pages visited, timestamps, HTTP response codes
  • Session tokens: JWT authentication tokens stored in browser localStorage (see Section 12)
  • Usage metrics: Feature usage patterns, API call volumes, error rates — aggregated, not individually identifiable
  • WebSocket connection data: Real-time event delivery for inbox, notifications, and presence features

2.6 Third-Party Integration Data

If you connect external systems via Contact Sync or API webhooks, we may receive data from those sources. You are responsible for ensuring lawful transfer of that data into Pingly.

3. WhatsApp Data Processing

Pingly offers two WhatsApp integrations with distinct data-handling characteristics. It is important that you understand which applies to your setup.

3.1 WhatsApp Business API (via Gupshup BSP)

When you use the WhatsApp Business API integration, messages are delivered through Gupshup(an authorised Meta Business Solution Provider). In this model:

  • Message content passes through Gupshup's infrastructure on its way to and from WhatsApp
  • Inbound WhatsApp voice calls are detected and can be routed to your VOIP PBX or AI Voice Agent
  • Template messages sent to contacts are subject to Meta's WhatsApp Business Policy
  • Gupshup's Privacy Policy applies: gupshup.io/privacy-policy

3.2 WhatsApp Direct (Personal Number via QR Scan)

WhatsApp Direct connects your personal WhatsApp number to Pingly using an open-source library (Baileys). This is a non-official integration and is not affiliated with or endorsed by Meta Platforms, Inc.

Important: WhatsApp Direct uses your personal WhatsApp account linked via QR scan. Use of unofficial WhatsApp clients may be subject to WhatsApp's Terms of Service. By enabling this feature you acknowledge and accept this risk. Samcom Technologies is not liable for any account suspension or restrictions imposed by WhatsApp.

In this model, Pingly processes:

  • Session credentials: Encrypted WhatsApp session keys stored in our database, required to maintain the connection
  • Message content: All inbound and outbound messages on the connected number, stored in your workspace's conversation inbox
  • LID (Linked Device) map: A mapping of WhatsApp's internal identifiers to phone numbers, stored per workspace for privacy-mode resolution
  • Historical chat sync: When you first connect via QR, WhatsApp may deliver recent message history (typically last 50–100 chats). Pingly ingests these into your inbox and stores them as conversation records
  • Contact profile pictures: Fetched from WhatsApp and cached (refreshed every 7 days) as profilePictureUrl on Contact records
  • Call notifications: When a customer calls your WhatsApp number, Pingly records the call event (caller JID, timestamp, duration if available) in the conversation timeline. Note: WhatsApp Direct does not route or connect voice calls — it shows notifications only.
  • WhatsApp Groups (if enabled): Group JID, group name, participant list, and group messages — stored only if the "Receive group messages" setting is enabled by the workspace admin

Data for WhatsApp Direct sessions is stored only within your workspace and is not shared with Gupshup or any BSP. It is transmitted between your linked phone and our server using WhatsApp's own end-to-end encryption (E2EE).

4. Voice & Call Data

Pingly supports voice call handling for WhatsApp Business API (BSP) workspaces. WhatsApp Direct workspaces receive call notifications only (no call routing or recording).

4.1 What We Store for Voice Calls (BSP)

  • Call event log: Caller phone number, timestamp, call duration, call status (answered / missed / rejected), and agent who answered
  • VOIP routing records: Which SIP trunk or extension the call was routed to, and the outcome
  • AI Voice Agent transcripts: If an AI Voice Agent handles the call, the transcript of the conversation is stored in the conversation timeline — linked to the caller's Contact record
  • Missed-call auto-reply log: A record of the WhatsApp message automatically sent to a caller who was not answered

4.2 Call Recordings

Pingly itself does not record voice calls. Recording, if any, is performed by your VOIP PBX or SIP provider and is governed by that provider's policies. You are responsible for informing callers of any recording in accordance with applicable law (e.g., Indian Telegraph Act, TRAI regulations).

4.3 Browser SIP WebPhone

When agents use the browser-based SIP WebPhone feature, the browser establishes a WebRTC/SIP connection directly to your configured SIP server. Pingly does not proxy or record audio streams; it only manages the signalling (call state, routing instructions).

4.4 WhatsApp Direct — Call Notifications Only

For WhatsApp Direct workspaces, Pingly stores only the call notification event (caller, timestamp, missed/answered status). No audio, no routing, no AI agent is involved. The notification appears in the conversation timeline so agents are aware a call was attempted.

5. AI & Chatbot Data

5.1 What Data Is Sent to AI Providers

When the AI chatbot feature is enabled, Pingly sends the following to your chosen AI provider (Anthropic Claude or OpenAI GPT) to generate a response:

  • The last 20 messages of the conversation (as context window)
  • Relevant excerpts from your Knowledge Base documents (vector-matched to the query)
  • The system prompt you configured
  • The incoming customer message
Important: Customer message content (which may include personal data) is transmitted to the AI provider you select. You should review Anthropic's and OpenAI's data processing agreements before enabling AI features, especially if you handle sensitive personal data (health, financial, legal). We use their API with our own keys; we do not use shared consumer-tier models.

5.2 AI Provider Privacy Policies

5.3 AI Training

Pingly does not use your conversation data to train its own AI models. API calls to Anthropic and OpenAI are made under their API (enterprise-tier) terms, which by default do not use your data for model training. Your API keys are used — we never use a shared platform key that could mingle your data with other customers.

5.4 AI Reply Suggestions

The AI reply suggestion feature (agent assist) sends the current conversation context to the AI provider to generate suggested replies shown only to the agent. Suggestions are not sent to customers unless the agent chooses to send them.

6. How We Use Your Information

PurposeLegal Basis
Provide and operate the Pingly platformContractual necessity
Process and deliver WhatsApp and Web Chat messagesContractual necessity
Authenticate users and maintain secure sessionsContractual necessity / Legitimate interests
Route inbound WhatsApp voice calls to VOIP / AI Voice Agent (BSP)Contractual necessity
Display WhatsApp call notifications in inbox (WA Direct)Contractual necessity
Run AI chatbot on your Knowledge Base and conversation contextContractual necessity
Generate analytics, CSAT summaries, and performance reportsContractual necessity
Process subscription payments via RazorpayContractual necessity
Respond to Enterprise Plan enquiriesLegitimate interests / Consent
Send SLA breach alerts, system notifications, and billing emailsContractual necessity
Improve platform features, fix bugs, and prevent abuseLegitimate interests
Comply with legal obligations (DPDP Act, IT Act, court orders)Legal obligation

We do not sell, rent, or use your data or your end-customers' data for advertising purposes.

7. Data Sharing & Sub-processors

We do not sell or rent personal information. We share data only in the following limited circumstances:

7.1 Sub-processors

The following sub-processors may receive personal data as part of service delivery. All are bound by Data Processing Agreements:

Sub-processorPurposeLocation
GupshupWhatsApp Business API message deliveryIndia / USA
AnthropicAI chatbot (Claude) responses — if enabledUSA
OpenAIAI chatbot (GPT-4o) responses — if enabledUSA
RazorpayPayment processing for subscriptions and add-onsIndia
Cloud host (VPS)Application hosting, PostgreSQL databaseIndia
Meta (WhatsApp)Message delivery via WhatsApp networkUSA / Global

7.2 Legal Requirements

We may disclose information if required by law, court order, regulation, or a government authority — or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. We will notify affected Workspace Administrators via email at least 30 days before data becomes subject to a different privacy policy.

7.4 With Your Consent

We may share data with third parties only when you have explicitly consented to that sharing.

7.5 Workspace Data Isolation

Each workspace's data is logically isolated. Workspace A cannot access Workspace B's contacts, conversations, or configuration. Super Admin users (Samcom Technologies staff) can access any workspace's data only for support, compliance, or abuse-prevention purposes, and such access is logged.

8. Billing & Payments

Subscription payments, add-on purchases, and coupon redemptions are processed by Razorpay(Razorpay Software Private Limited, India). Pingly does not store your full card number, CVV, or bank account details. Razorpay's Privacy Policy applies to payment data: razorpay.com/privacy

We store the following billing records:

  • Razorpay order_id and payment_id (tokenised references only)
  • Subscription plan, billing cycle (monthly/annual), amount, currency (INR)
  • Invoice details: company name, address, GST number (for GST-compliant invoices)
  • Payment status, renewal dates, and failed-payment events
  • Coupon codes applied and discount amounts
  • Billing audit log entries for all billing events (plan change, upgrade, downgrade, cancellation)
Enterprise customers who pay via offline PO / bank transfer: invoice and payment correspondence may be handled by email. No card data is collected. Reference IDs and payment confirmations are stored in our billing records.

9. Data Retention

We retain personal data for as long as necessary for the purposes described, subject to:

Data typeRetention period
Conversation messages & mediaSubscription duration + 90 days after termination, then deleted
Contact profilesWhile workspace is active + 90 days after termination or deletion request
WhatsApp Direct session keysUntil workspace disconnects the session; purged on revocation
WhatsApp LID map & history sync dataTied to the workspace session; deleted with session
Voice call event logsUp to 12 months, then deleted
AI Voice Agent transcriptsSame as conversation messages — 90 days post-termination
Knowledge Base documentsUntil deleted by admin, or workspace termination + 90 days
Account / user dataUntil account deleted or workspace terminated
Billing records & invoices7 years (statutory requirement under Indian tax law)
Audit logs12 months
CSAT ratingsSubscription duration + 90 days
Enterprise enquiry form data2 years from submission, then deleted
Server logs (IP, access logs)90 days

You may request early deletion by contacting us at privacy@pingly.in. Backup copies are securely purged within 30 days of primary data deletion.

10. Security

We implement industry-standard technical and organisational measures:

  • Encryption in transit: TLS 1.2+ for all web traffic and API calls
  • Encryption at rest: AES-256 encryption for sensitive fields (API keys, WhatsApp session tokens)
  • Password hashing: bcrypt with per-user salts — plaintext passwords are never stored
  • Authentication: JWT-based sessions with configurable idle timeout; role-based access control (SUPER_ADMIN, ADMIN, MANAGER, AGENT, SUPPORT)
  • Database access: Restricted to the application server; no public database endpoint
  • Audit logging: All privileged actions (workspace override, plan change, Super Admin access) are logged with actor and timestamp
  • Dependency management: Regular security patches and dependency updates
  • Infrastructure: Hosted on dedicated VPS within India with firewall rules limiting external access
No system can guarantee absolute security. If you suspect a security breach or vulnerability, please contact us immediately at privacy@pingly.in with subject line "URGENT — Security". We aim to acknowledge security reports within 24 hours.

11. Your Rights (DPDP Act 2023 / GDPR)

Depending on your jurisdiction, you have the following rights. We honour these rights for all users regardless of location, consistent with India's DPDP Act 2023 and GDPR principles.

Access

Request a copy of the personal data we hold about you, including what data we have collected and how it is used.

Rectification

Request correction of inaccurate or incomplete personal data.

Erasure

Request deletion of your personal data ("right to be forgotten"). Subject to legal retention requirements.

Data Portability

Receive your account data in a structured, machine-readable format (JSON/CSV).

Restriction

Request that we temporarily or permanently restrict processing of your data.

Objection

Object to processing based on our legitimate interests.

Withdraw Consent

Withdraw consent at any time where processing is consent-based, without affecting prior processing.

Nominate

(DPDP Act) Nominate another individual to exercise your data rights on your behalf in case of death or incapacity.

Grievance Redressal

(DPDP Act) Lodge a complaint with our Grievance Officer (see Section 16) or with the Data Protection Board of India.

Non-discrimination

Exercise your rights without receiving inferior service or being penalised.

Workspace users (Admins / Managers / Agents): Access and update profile data in Settings → Profile. To delete your account, contact your Workspace Administrator or email us.

End-customers (Contacts): Contact the business that communicated with you via Pingly.Samcom Technologies acts as a data processor in that relationship and will assist the Customer in fulfilling your request.

To exercise any right, email privacy@pingly.in with the subject "Privacy Request". We will respond within 30 days (7 business days for DPDP Act requests where mandated).

12. Cookies & Tracking

Pingly uses minimal cookies and local storage:

NameTypePurposeDuration
tokenlocalStorageJWT authentication token for logged-in sessionUntil logout or session timeout
userlocalStorageBasic user profile (name, role) for UI displayUntil logout
Session cookieHTTP CookieServer-side session context for authenticated API callsSession (browser close)
pingly_widCookieWeb Chat Widget visitor identifier (embedded widget only)6 months

We do not use advertising cookies, third-party tracking pixels, or analytics platforms that share data with advertisers (e.g., Google Analytics, Meta Pixel, Hotjar). We do not engage in cross-site tracking.

13. Children's Privacy

Pingly is a business-to-business (B2B) platform intended for use by organisations and their employees. It is not directed at children under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data without parental consent, we will delete it promptly. If you believe a child's data has been collected, contact us at privacy@pingly.in.

14. International Data Transfers

Samcom Technologies is based in India. Your data is primarily stored on servers within India. However, some data may be processed by sub-processors in other countries (e.g., Anthropic and OpenAI in the United States) when you enable AI features. When we transfer personal data internationally, we rely on:

  • Data Processing Agreements with all sub-processors
  • Standard Contractual Clauses (SCCs) where required
  • Adequacy decisions by relevant data protection authorities where available

By using Pingly and enabling AI features, you consent to the transfer and processing of relevant data in the United States and other countries as described above.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Effective Date" and "Last Updated" at the top of this page
  • Display a prominent in-app notice for at least 14 days
  • Send an email notification to registered Workspace Administrators

Your continued use of Pingly after the effective date of any revised policy constitutes acceptance of the changes. If you do not agree to material changes, you may cancel your subscription before the effective date.

16. Contact Us & Grievance Officer

For any questions, privacy requests, or complaints about this Privacy Policy or our data practices:

Samcom Technologies

Grievance Officer / Data Protection Contact

Email: privacy@pingly.in

Address: Samcom Technologies, India

Website: pingly.in

We aim to respond to all privacy requests within 30 days(7 business days for urgent matters or requests under the DPDP Act 2023). For security vulnerabilities, mark your email "URGENT — Security".

Under the Digital Personal Data Protection Act, 2023 (India), if your concern is not resolved to your satisfaction, you may approach the Data Protection Board of India once it is constituted by the Central Government.

← Back to HomeTerms of ServiceEnterprise© 2026 Samcom Technologies. All rights reserved.