Privacy Policy — Sarathi-AI Business Technologies

  Summary: We collect only what's necessary to provide our service.
  We never sell your data. Your client information belongs to you.

1. Who We Are

Sarathi-AI Business Technologies ("Sarathi-AI", "we", "us") provides an AI-powered financial advisor CRM platform for insurance advisors, agents, and firms in India. Our services include client relationship management, insurance calculators, branded reports, and communication tools.

Contact: [email protected]

2. Information We Collect

2.1 Tenant (Advisor) Information

When you sign up, we collect:

Firm name and owner name
Phone number (used for login via OTP)
Email address (optional, used for notifications)
City and IRDAI license number (optional)
Branding preferences (tagline, CTA, colors)

2.2 Client Data (Managed by You)

As a CRM platform, you store your clients' data through our system:

Client names, phone numbers, and email addresses
Insurance policy details (type, premium, dates)
Lead status and interaction notes
Follow-up schedules and reminders

  Important: You (the advisor) are the data controller for your client data.
  We are the data processor. You are responsible for obtaining appropriate consent from your clients
  to store their information in our system.

2.3 Automatically Collected Data

IP address and browser type (for security and rate limiting)
Usage timestamps and feature access logs
Calculator usage statistics (aggregate, not client-specific)

3. How We Use Your Information

Service delivery: CRM features, calculators, reports, reminders
Authentication: OTP-based login via phone number
Communication: Trial reminders, payment receipts, service updates
Security: Fraud prevention, abuse detection, rate limiting
Improvement: Aggregate analytics to improve our platform (no individual tracking)

4. Data Sharing

We do not sell, rent, or trade your personal data or your client data to third parties.

We share data only with:

Razorpay: Payment processing (name, email, amount — as required by payment regulations)
Telegram: Bot messaging (messages you send via your CRM bot)
Google AI: For AI-generated greeting messages (no client PII is sent)

5. Data Security

We implement industry-standard security measures:

JWT-based authentication with HMAC-SHA256 signing
OTP verification for login (no passwords stored)
HTTPS encryption for all data in transit
Tenant isolation — each firm's data is logically separated
Rate limiting and input sanitization against attacks
httpOnly cookies to prevent XSS token theft

6. Data Retention

Active accounts: Data retained as long as your subscription is active
Cancelled accounts: Data retained for 30 days after cancellation, then permanently deleted
Expired trials: Data retained for 30 days after trial expiry
Wiped accounts: All data (leads, policies, interactions) permanently deleted; only tenant record kept for abuse prevention

7. DPDP Act 2023 Compliance

  Governing Law: This policy complies with India's Digital Personal Data Protection Act, 2023 (DPDP Act).
  Sarathi-AI acts as a Data Fiduciary for tenant account data and as a Data Processor for client data you store in the CRM.

7.1 Lawful Basis for Processing

Consent: Collected at signup and before processing personal data (DPDP §6)
Contractual necessity: Processing required to deliver the subscribed service
Legitimate use: Analytics, security monitoring, and fraud prevention

7.2 Consent Management

Consent is collected via explicit opt-in at registration. You may withdraw consent at any time by contacting the Grievance Officer (see §12). Withdrawal does not affect the lawfulness of processing prior to withdrawal.

7.3 Cross-Border Data Transfers

Your data may be processed by Google AI (USA) for AI features. Such transfers comply with DPDP §16 requirements. Infrastructure is hosted on Oracle Cloud (India region) to minimize cross-border transfers.

7.4 Data Breach Notification

In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals without undue delay, as required by DPDP §8.

8. Your Rights (Data Principal Rights)

Under the DPDP Act 2023, you have the right to:

Access: View all data associated with your account via the dashboard
Export: Download your data in standard formats
Deletion: Request complete deletion of your account and all data
Correction: Update your information via the dashboard or by contacting us
Portability: Request your data in a machine-readable format
Grievance redressal: File a complaint with our Grievance Officer or the Data Protection Board of India

To exercise these rights, contact our Grievance Officer at [email protected] or email [email protected].

9. Cookies

We use minimal cookies:

sarathi_token: Authentication cookie (httpOnly, session-based). Required for the service to work.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children's Privacy

Sarathi-AI is a business tool intended for insurance professionals (18+). We do not knowingly collect information from children under 18.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you via email when significant changes are made. Continued use after changes constitutes acceptance.

12. Grievance Officer & Contact

For privacy-related questions, data requests, or grievances:

Grievance Officer: Data Protection Team, Sarathi-AI Business Technologies
Email: [email protected]
Support: [email protected]
Telegram: @SarathiBizBot
Response time: Within 72 hours of receipt

If unsatisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act 2023.