Privacy Policy

Last Updated: 8 Sept 2025

1. Company Information

Responn is a product of Dhinker AI Labs Private Limited. For privacy inquiries, contact privacy@responn.com.

2. Legal Basis for Processing

Business Customer Data:

We process business customer information based on contract performance – this processing is necessary to provide our services as agreed in our Terms of Service.

End User Data:

We process end user chat conversations on the following bases:

  • Where end users voluntarily provide information in order to interact with our business clients through Responn, such processing is treated as consent.
  • For jurisdictions recognizing legitimate interests, we rely on this basis to provide customer support and services on behalf of our business clients. This processing is necessary for the proper functioning of our services and supports the legitimate business interests of our clients in communicating with their customers.
  • Where required by law (e.g., for non-essential cookies, marketing communications), explicit consent is obtained before processing.

3. Information We Collect

From Business Customers:

We collect account and profile information when a company signs up for our service. This includes company name, email addresses, contact details, billing information, and any documents or knowledge bases you upload (PDFs, FAQs, etc.) to train your bot. We also log administrative usage (portal logins, IP addresses, activity logs) to keep the system secure.

From End Users (Chat Participants):

We collect the content of conversations between users and the chatbot. This includes all text messages sent during the chat. For voice conversations, we process audio in real-time only – no voice recordings are stored permanently. If a user chooses to provide personal details (for example, their name, email, or phone number) in chat, we collect that information as well. We also automatically collect metadata such as timestamps, device/browser type, and IP address to route messages and maintain security.

Metadata may also be used for fraud prevention, abuse detection, and compliance with applicable legal obligations. Chat content and related information are retained only as long as the business customer maintains them within their account. Once deleted or the account is closed, such data is either permanently deleted or anonymized.

Automatically Collected Data:

In addition to the above, we gather non-identifying usage information. For example, we use cookies or local storage in our web chat widget to keep you logged in and to improve performance. We may assign each device a temporary identifier so we recognize returning users. Any such data is used only to enhance the service (e.g., by remembering preferences) and is treated as personal data only if linked to an identified user.

4. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies:

Strictly necessary for the operation of our service (such as maintaining your login session in the admin portal). These cookies do not require consent.

Performance Cookies:

We may use cookies to analyze how our service is used and to improve performance. These cookies collect aggregated or pseudonymized usage statistics and do not directly identify individual users.

Local Storage:

Our web chat widget may use local storage to remember user preferences and maintain chat continuity.

Third-Party Cookies (if applicable):

If we integrate third-party services such as analytics, crash reporting, or advertising tools, those providers may also place cookies on your device. Any such use will be disclosed in our cookie banner and subject to your consent.

Retention and Control:

  • Session cookies are deleted when you close your browser.
  • Persistent cookies or local storage may remain for a defined period (typically up to 12 months) unless you clear them through your browser.
  • You can control or disable cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our service.

Consent and Withdrawal:

If we use any non-essential cookies, we will obtain your consent through our cookie banner before placing them on your device. You may withdraw or change your cookie preferences at any time via the cookie banner or browser settings.

5. How We Use Your Data

Provide and Improve the Service:

Personal data and chat content allow our LLM (Google's Gemini) to generate relevant, contextual responses. Data used to power AI responses is stored only as necessary for service improvement and is not shared outside the organization except in anonymized form.

Analytics and Insights:

We analyze aggregated usage data to monitor performance and usage patterns. Any analysis is done on aggregate or anonymized data only. We may share anonymized usage trends with our team or prospective clients.

Lead Generation and Follow-Up:

If configured, the chatbot will ask qualifying questions and capture leads. Any contact or lead information provided by the user is securely stored and made available in the admin dashboard for the business to follow up.

Automated Decision-Making and Profiling:

We use automated analysis of chat content to score leads, personalize conversations, and improve response quality. Users may contact us to request review, correction, or deletion of their personal data involved in automated processes. Business customers retain control over final decisions regarding leads and customer interactions.

Legal and Contractual Obligations:

We may use or retain data as needed to comply with laws, enforce contracts, and protect the Service.

6. Data Storage, Retention & Transfers

Hosting:

All data is stored on secure servers. Our backend infrastructure is hosted on Hetzner (EU), and our web dashboard is served by Vercel. We use industry-standard security measures, including HTTPS/TLS for data in transit and encryption at rest wherever possible.

Cross-Border Transfers:

Personal data may be transferred outside India to our EU-based hosting servers with appropriate safeguards.

Retention:

We retain personal data only as long as necessary to provide our services, comply with obligations, and support legitimate business purposes. Business customers can export or delete their data at any time.

7. Data Sharing & Third Parties

  • Business Customers (Partners): We share user data only with the business that owns the bot.
  • Messaging Platforms: WhatsApp/Instagram, Telegram, Web Chat, and Telephony services are used only to deliver messages and generate bot responses. No personal data is used for advertising.
  • AI Processing (Google Gemini): All user messages are sent to Google's Gemini API to generate responses. Transfers to third-party servers have safeguards in place.
  • Service Providers: Trusted third parties receive only the minimum data needed to provide services and maintain confidentiality.
  • Legal Requirements: We will not share personal data except if required by law or to protect rights and safety.

8. Your Rights & Controls

Data Subject Rights (Global):

Under applicable privacy laws, you have the following rights regarding your personal data:

  • Right to Access: Request information about what personal data we hold and how we use it.
  • Right to Rectification: Ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data under certain circumstances.
  • Right to Data Portability: Obtain a copy of your personal data in a structured, machine-readable format.
  • Right to Object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Restrict Processing: Request that we limit how we process your personal data in certain situations.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw that consent at any time.

India Residents (DPDP Act 2023):

Indian users have specific rights under the DPDP Act, including:

  • The right to access, correct, delete, and withdraw consent over their personal data.
  • The right to be informed about how their data is used.

You may contact us at privacy@responn.com with any concerns, and we will address them promptly within a reasonable timeframe.

Business Customer Controls:

Each business customer can manage their users' data through the Responn admin portal. They can:

  • View or download chat logs and lead information at any time.
  • Delete conversation history or other stored data for their account.

We respond to verified data requests within 72 hours (up to 14 days for complex cases). The business customer acts as the Data Controller for their customers' information, and Responn acts as a Data Processor on their behalf.

9. Children's Privacy

Not for children; no data knowingly collected from children under 16 (GDPR), 18 (India). Parents/guardians may request removal via business or privacy@responn.com.

10. Data Breach Response

Responn maintains documented incident response procedures and will act without delay to mitigate risks. Business customers will be notified immediately of any breach affecting their data.

11. Legal Compliance

Responn complies with all applicable data protection and privacy laws, including:

  • India (DPDP Act 2023, IT Act 2000, IT Rules 2011): We comply with India's Digital Personal Data Protection Act and related IT laws. As a startup, we are eligible for certain exemptions, but we provide clear channels for redressal via privacy@responn.com.
  • European Union (GDPR): Our business customers act as the data controllers and Responn functions as their data processor. We offer Data Processing Agreements (DPAs) upon request.
  • California (CCPA, if applicable): If we process data of California residents, we will honor their rights under the CCPA. We do not sell personal information as defined under the CCPA.

12. Security

We implement industry-standard technical and organizational measures to safeguard data, including encryption, access controls, monitoring, and personnel training.

13. Changes to This Policy

Updates announced via email or prominent notice; effective 30 days post-notification unless law requires immediate effect.

14. Contact Us

Please contact us if:

  • you have any questions or comments about this Privacy Policy;
  • you wish to access, update, and/or correct inaccuracies in your Personal Data; or
  • you otherwise have a question or complaint about the manner in which our service providers or we treat your Personal Data.

Email: privacy@responn.com