Privacy Policy

vSense AI is a brand of Nativebyte Private Limited, a company incorporated in India (collectively “vSense”, “Nativebyte”, “we”, “us”). Nativebyte operates an enterprise AI platform and related services, including conversational messaging experiences built on the WhatsApp Business Platform. This Privacy Policy explains what personal data we collect, how we use it, and the choices and rights available to individuals.

We operate in two distinct roles, and the protections in this policy apply to both:

• Controller — when you visit our websites, contact us, or apply to partner with us, we determine the purposes and means of processing your information.
• Processor — when our customers use the vSense platform (including WhatsApp messaging features) to serve their own end-users, we process that data strictly on the customer’s documented instructions under a Data Processing Agreement.

From visitors and prospects

• Contact information you submit (name, work email, company, role, message).
• Limited technical metadata required to deliver the website securely (IP address, user-agent, request timestamps) — used for security and abuse prevention only.

From customers and authorised users

• Account information (name, email, organisation, authentication identifiers).
• Configuration and operational data needed to run the services (workspace settings, integration credentials stored in encrypted form, audit logs of administrative actions).

Data processed on behalf of customers

• Messages, media, and contact phone numbers exchanged through the WhatsApp Business Platform when our customer uses vSense to send or receive WhatsApp messages.
• WhatsApp business profile information, template and message status events, and media assets uploaded to or downloaded from Meta’s servers.
• Any other content that customers or their authorised users submit to the platform.

We do not require sensitive personal data (health, biometric, government identifiers, payment card data) for any standard product feature. Customers who choose to process such data through the platform are responsible for ensuring they have a lawful basis to do so.

We use information only for the purposes for which it was collected:

• To deliver, secure, and support the services our customers have requested.
• To route, send, and receive WhatsApp messages on behalf of our customers, and to manage the WhatsApp business profiles and phone numbers they register through us.
• To respond to enquiries you send us through the contact form, email, or phone.
• To detect, investigate, and prevent fraud, abuse, security incidents, or violations of our terms.
• To comply with legal obligations, lawful requests from competent authorities, and Meta’s policies that apply to the WhatsApp Business Platform.
• To improve product reliability and quality using aggregated and de-identified or anonymised information only. Where we generate analytics or insights for product improvement or marketing, the data is aggregated and stripped of identifiers such that individual end-users cannot be re-identified.

We do not use customer messages, customer content, or end-user personal data to train general-purpose AI models, and we do not sell personal data.

vSense acts as a Tech Provider on the WhatsApp Business Platform. We use the whatsapp_business_messaging permission granted by Meta to:

• Send WhatsApp messages to phone numbers on behalf of our business customers.
• Upload and retrieve media attached to those messages.
• Manage WhatsApp business profile information for our customers.
• Register customer phone numbers with Meta and maintain their configuration.

All messaging experiences delivered through our platform are either initiated by a customer (the business operating the WhatsApp account) or by an end-user who has chosen to message that business. We do not initiate messages on our own behalf using customer accounts.

Any product analytics, marketing, or advertising use we make of platform activity is performed exclusively on aggregated and de-identified or anonymised information from which individual end-users cannot be re-identified. We do not create marketing profiles of end-users, and we do not share WhatsApp content with advertising networks.

Information exchanged via WhatsApp is additionally subject to WhatsApp’s Privacy Policy and Meta’s platform terms. End-users who receive messages from our customers should also review the privacy notice published by the business they are interacting with.

We treat all customer data — including WhatsApp messages, contacts, media, and business profile information — as strictly confidential. We use it only to service the customer’s requirements as described in this policy and in the customer’s contract with us.

• We do not sell, rent, trade, or otherwise make customer data available to third parties for their own purposes.
• We do not grant any third party access to customer data except where that access is essential to deliver the service the customer has asked for (for example, Meta itself when transmitting a WhatsApp message that the customer has instructed us to send) or where we are compelled by law.
• Access within vSense is restricted on a need-to-know basis to personnel who require it to operate, support, and secure the platform. All such access is logged.
• All personnel with access to customer data are bound by written confidentiality obligations that survive the end of their engagement with vSense.

To run the platform we rely on a small number of vetted infrastructure providers (for hosting, transactional email, and the WhatsApp Business Platform itself). These providers are sub-processors: they act only on our instructions, they are contractually bound to the same confidentiality and security obligations that apply to us, and they may not use customer data for any purpose of their own.

We maintain a current list of sub-processors and will provide it on request to any customer. Customers will be notified before a new sub-processor with access to their data is engaged, so they have a reasonable opportunity to object.

• TLS 1.2+ encryption for all data in transit between clients, our platform, and Meta.
• AES-256 encryption at rest for stored data and credentials.
• Role-based access control, multi-factor authentication for administrative access, and audit logging of privileged actions.
• Network segmentation, hardened build pipelines, dependency vulnerability scanning, and periodic penetration testing.
• Incident response procedures including notification to affected customers without undue delay in the event of a personal data breach.

No system is perfectly secure, but we maintain the controls described in our Trust & Security page and continuously improve them.

We retain data only as long as needed to provide the service or to meet legal, accounting, or reporting obligations. Specifically:

• Customer-controlled data (including WhatsApp messages and media): we retain it for the period the customer configures, and we delete or return it on written request or on termination of the customer’s contract.
• Operational logs: retained for a limited period for security and troubleshooting, then deleted or anonymised.
• Website enquiries: retained for as long as needed to respond and for a reasonable follow-up period, then deleted.

Subject to applicable law (including the GDPR and India’s Digital Personal Data Protection Act, 2023), individuals have the right to:

• Access the personal data we hold about them.
• Request correction of inaccurate or incomplete data.
• Request deletion of personal data, subject to overriding legal obligations.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with the relevant data protection authority.

For data we hold as a processor on behalf of a customer, please direct your request to that customer (the data controller). We will assist the customer in responding. For data we hold as a controller, write to us at privacy@vsense.ai.

Our infrastructure is operated primarily from India. Some sub-processors — notably Meta, which operates the WhatsApp Business Platform — may process data in other jurisdictions. Where data crosses borders, we rely on contractual safeguards (such as standard contractual clauses) and on the recipient’s own published transfer mechanisms to protect it.

Our services are designed for businesses and their authorised users. We do not knowingly collect personal data directly from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of the page and, for material changes, notify customers by email or through the platform. Continued use of the services after the effective date constitutes acceptance of the updated policy.

The data controller (and, where applicable, the data processor) for the purposes of this Privacy Policy is Nativebyte Private Limited, a company incorporated in India and operating under the vSense AI brand.

Where Nativebyte Private Limited and a customer have entered into a separately signed written agreement covering the Services — for example a master services agreement, order form, or data processing agreement — the terms of that agreement supersede this Privacy Policy to the extent of any inconsistency, and the signed agreement will prevail.

This Privacy Policy is governed by the laws of India. The courts at New Delhi, India have exclusive jurisdiction over any dispute arising out of or relating to this Privacy Policy, subject to any contrary provision in a signed agreement and to any non-waivable rights an individual has under their local data protection law.

For privacy questions, data subject requests, or to report a concern, contact our privacy team:

• Entity: Nativebyte Private Limited (operating as vSense AI)
• Email: privacy@vsense.ai
• General enquiries: leads@vsense.ai
• Phone: +91-8826-319-519
• Offices: Delhi and Pune, India