Privacy Policy

1. Definitions and scope

In this Policy:

• “Personal data” means data about an identifiable individual, as defined under the DPDP Act.
• “Data Principal” means the individual to whom the personal data relates (including you, when we collect your data as an account holder or site visitor).
• “SICIPL” means Sonawala Integrated Circuit Industries Private Limited, the company that owns and operates ChatYug.
• “Data Fiduciary” means the entity that determines the purpose and means of processing personal data. For account, billing, and website data described below, SICIPL is the Data Fiduciary.
• “Data Processor” means an entity that processes personal data on behalf of a Data Fiduciary. When you use ChatYug to message or store your customers’ data, you are typically the Data Fiduciary for that customer data and we act as your Data Processor, processing such data only on your documented instructions and to provide the service.

This Policy applies to visitors of chatyug.com, registered users, authorised sub-users, and, where relevant, explains how we process end-customer data on behalf of our business users.

2. Data Fiduciary details

Legal name: Sonawala Integrated Circuit Industries Private Limited (“SICIPL”)
Brand / product: ChatYug (WhatsApp Business API platform; also marketed as SICI Technologies)
Registered office: B 20, Tulshi Dham Society, Zadeshwar Road, Bharuch, Gujarat, India – 392011
CIN: U31905GJ2018PTC100760
GSTIN: 24AAZCS8063R1Z3
General email: admin@sicitechnologies.com
Privacy / grievance contact: Nishant Sonawala, Director — nishant@sicitechnologies.com
Phone: +91 70167 93529

SICIPL is a Meta Certified Business Partner for WhatsApp Business API solutions. We do not sell personal data.

3. Categories of personal data we collect

Depending on how you use ChatYug, we may collect:

• Account data: name, email address, phone number, business name, password (stored in hashed form), and registration details you provide.
• WhatsApp and business configuration: WhatsApp Business Account identifiers, phone numbers, template names, webhook URLs, API keys, and related settings needed to operate the service.
• Message and conversation data: message content, delivery status, timestamps, media metadata, and conversation history processed through ChatYug on your behalf.
• Catalog and commerce data: product names, descriptions, prices, images, SKUs, inventory, and order information you upload or sync for WhatsApp Commerce features.
• Usage and technical data: IP address, browser type, device information, log files, error reports, and analytics about how you use the dashboard and APIs.
• Billing data: billing name, address, GST details, payment references, and invoice history. Payment card details are handled by our payment processors; we do not store full card numbers.
• Support communications: emails, chat messages, and tickets you send to our support team.

We do not intentionally collect special categories of sensitive personal data (such as health, biometric, or financial account credentials beyond billing metadata) unless you voluntarily provide them in message content or uploads. You should not upload such data unless necessary and lawful.

For your customers’ personal data processed through ChatYug, you must provide them a lawful privacy notice and obtain valid consent or another lawful ground under applicable law before messaging or processing their data.

4. Purposes of processing

We use personal data to:

• Provide, operate, and maintain the ChatYug platform and WhatsApp Business API integrations.
• Transmit messages and catalog data to Meta’s WhatsApp APIs as required for the features you enable.
• Authenticate users, manage accounts, and enforce security controls.
• Process subscriptions, issue GST-compliant invoices, and handle billing enquiries.
• Provide customer support and respond to your requests.
• Monitor performance, troubleshoot errors, and improve reliability.
• Comply with applicable laws, respond to lawful requests, and protect our rights and users.
• Send service-related notices (for example account, security, or billing updates). Marketing messages are sent only where permitted by law and your preferences.

5. Product catalog data

We collect and store product catalog information (product names, descriptions, prices, images, and related commerce fields) on behalf of our users to enable WhatsApp Business messaging and commerce features. This data is stored securely in our systems and used only to operate catalog sync, product display in WhatsApp conversations, and order workflows you configure. Catalog data is shared with Meta’s APIs only as needed to display products and process orders through WhatsApp. Only the catalog owner and authorised team members on your account can manage catalog data unless you grant additional access.

6. Lawful grounds under Indian law

We process personal data only where permitted under applicable law, including the DPDP Act, including on the following bases (as applicable):

• Consent: when you register, tick acceptance at sign-up, subscribe to optional communications, or otherwise give clear, informed consent that is free, specific, and withdrawable.
• Performance of contract: to provide ChatYug, authenticate you, bill you, and support your use of WhatsApp API features.
• Legal obligation: tax (including GST), accounting, regulatory, court, or government requests.
• Certain legitimate uses under the DPDP Act (where applicable), such as preventing fraud, network security, and enforcing legal rights, subject to applicable conditions in law.

By registering, you confirm you are at least 18 years of age, have authority to bind your business (if applicable), and will obtain valid consent or another lawful basis from your customers before using ChatYug to contact them.

You may withdraw consent for processing that is consent-based by contacting us; withdrawal does not affect processing already lawfully completed or processing required to perform the contract or comply with law.

7. Your rights as a Data Principal

Subject to the DPDP Act and applicable exceptions, you may exercise the following rights in relation to personal data for which we are the Data Fiduciary:

• Right of access to information about personal data we process about you and related processing activities.
• Right to correction of inaccurate or misleading personal data.
• Right to erasure of personal data when retention is no longer necessary for the stated purpose, consent is withdrawn (where processing is consent-based), or as otherwise required by law.
• Right to grievance redressal through our Grievance Officer (see Section 17).
• Right to nominate another individual to exercise your rights in the event of death or incapacity, in the manner prescribed under law.

To exercise these rights, email nishant@sicitechnologies.com with the subject line “DPDP Data Principal Request”. We may verify your identity before responding. We aim to respond within timelines prescribed under the DPDP Act and rules.

If you are an end customer of a business using ChatYug, direct your request to that business first; we will assist our customer where we are their Data Processor and law permits.

8. Sharing and subprocessors

We may share personal data with:

• Meta / WhatsApp: to deliver messages, templates, commerce, and related API features you enable.
• Infrastructure and service providers: hosting, email, payment, analytics, and support tools that help us run ChatYug, under contractual confidentiality and security obligations.
• Professional advisers: lawyers, accountants, or auditors where reasonably necessary.
• Authorities: when required by law, court order, or to protect rights, safety, and security.

We require service providers to process personal data only for specified purposes and to maintain appropriate confidentiality and security. A list of categories of recipients is available on request.

We do not sell or trade personal data. We do not share personal data for third-party independent marketing without your consent.

9. Your data, backups, and data loss

Backup of your business data (messages, contacts, catalogs, templates, media, and configuration) is solely your responsibility. SICIPL provides the ChatYug platform as a tool; we do not undertake to archive, restore, or guarantee recovery of your data. You must maintain independent backups and export copies as needed.

SICIPL shall not be liable for any loss, corruption, deletion, or unavailability of data arising from your failure to back up, your actions, third-party failures (including Meta/WhatsApp), technical errors, subscription lapse, account suspension, or events beyond our reasonable control. Data loss is outside the scope of SICIPL’s obligations except where expressly required by applicable law.

10. Retention, subscription lapse, and deletion

We retain personal data only as long as necessary for the purposes described in this Policy, including:

• Active subscription: for the duration of your paid subscription and use of ChatYug.
• Legal and tax records: up to eight (8) years where required under GST, income-tax, or other applicable law.
• Disputes and claims: until resolution and expiry of limitation periods under Indian law.

Subscription lapse: If your subscription payment fails, expires, or is not renewed, and you do not renew within one (1) calendar month from the date of expiry or failure, SICIPL may permanently delete or anonymise your account data (including messages, contacts, catalogs, and configuration) without further notice. After such deletion, data cannot be recovered. Renewal before expiry avoids this outcome; export your data before lapse.

Upon verified erasure request or lawful account closure, we delete or anonymise personal data unless retention is required by law.

11. Security practices

We implement reasonable security practices and procedures consistent with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and industry standards, including role-based access, HTTPS encryption in transit, secured credentials, logging, and periodic review of access. No system is completely secure. You must protect passwords, OTPs, and API keys and notify us immediately of suspected compromise.

12. Personal data breach

If we become aware of a personal data breach likely to affect your rights, we will take reasonable steps to contain and remediate the incident, and notify you and/or the Data Protection Board of India (or other authority) as required under the DPDP Act and applicable rules, including where notification to affected Data Principals is mandated.

13. Cookies and similar technologies

We use cookies and similar technologies for essential functions such as keeping you signed in to the dashboard (session cookies), security, and basic site operation. We do not use non-essential tracking cookies for advertising on the marketing site without notice. You can control cookies through your browser settings; disabling essential cookies may affect login and dashboard functionality.

14. WhatsApp, messaging, and your responsibilities

ChatYug is developed by SICIPL to align with Meta’s technical standards and permitted use cases for the WhatsApp Business Platform. SICIPL does not control and is not responsible for how you use the portal, which message types you select, template creation or approval, message content, sending volume, targeting, timing, or delivery outcomes.

You are solely responsible for: (a) lawful opt-in and consent from recipients; (b) choice of utility, marketing, or authentication templates; (c) compliance with WhatsApp Business Policy, Meta Commerce Policy, and TRAI/NCPR rules where applicable; (d) privacy notices to your end customers; and (e) all consequences of messages sent from your account. Data transmitted through ChatYug may be processed by Meta outside India under Meta’s terms.

15. Children

ChatYug is a business platform and is not directed at children. Under the DPDP Act, a “child” means an individual who has not completed eighteen (18) years of age. We do not knowingly process personal data of children without verifiable parental consent as required by law. If you believe we have collected a child’s data without proper authority, contact us for deletion.

16. Cross-border transfers

Our primary systems are located in India. Where personal data is transferred outside India (including to Meta, cloud hosts, or support tools), we do so in compliance with the DPDP Act, including transfers to countries or territories notified by the Central Government, or under contractual clauses and safeguards permitted by law.

17. Grievance Officer and Board referral

In accordance with the DPDP Act, you may raise grievances regarding SICIPL’s processing of your personal data:

Grievance Officer: Nishant Sonawala, Director
Company: Sonawala Integrated Circuit Industries Private Limited (ChatYug)
Email: nishant@sicitechnologies.com (subject: “Privacy Grievance”)
Phone: +91 70167 93529
Address: B 20, Tulshi Dham Society, Zadeshwar Road, Bharuch, Gujarat, India – 392011

SICIPL will acknowledge grievances promptly and endeavour to resolve them within timelines prescribed under the DPDP Act and applicable rules. If you are not satisfied, you may approach the Data Protection Board of India as provided in law.

18. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. We will post the revised version here with an updated “Last updated” date. Where required by the DPDP Act, we will seek fresh consent or give notice before changes that materially affect your rights. Continued use after the effective date of non-material updates constitutes acknowledgement; where consent is required, we will obtain it separately.