Privacy Policy

This Privacy Policy is published by CallMissed Technologies Pvt. Ltd.("CallMissed", "we", "us"), a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDPA") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"). It explains what personal data we collect, why we collect it, how we store and protect it, and your rights.

This notice is provided in plain language as required under the DPDP Rules. For cookie-specific information, see our Cookies Policy. For contractual processing terms, enterprise customers may refer to our Data Processing Agreement.

1. Information We Collect

We collect only the personal data reasonably necessary to provide the Service. The categories below are itemised by purpose:

Account Information

• Data collected: Full name, email address, phone number (optional), organization name, role, authentication identifiers
• Purpose: Account creation, authentication, tenant management, support, and billing contact
• Legal basis: Performance of contract; consent where required

If you sign in with a supported identity provider, we receive only the profile information you authorise (typically name and email). We do not receive or store your password for that provider.

Usage Data

• Data collected: API call metadata (endpoint, model, token counts, latency), conversation metadata (timestamps, channel type, duration), credit transactions, dashboard activity, IP address, device/browser information
• Purpose: Service delivery, billing, fraud prevention, rate limiting, security monitoring, and product improvement (aggregated/anonymised where possible)

Communication Content

• Data collected: Messages, audio, transcriptions, and files processed when you deploy AI agents for your customers
• Purpose: Providing chat, voice, and automation features you configure

This content is stored in your tenant's isolated partition. It is never shared across tenants, never used to train third-party AI models, and never sold.

Payment Information

• Data collected: Billing name, email, phone (for receipts), transaction references, order IDs, payment status, amounts
• Purpose: Processing payments and statutory financial record-keeping

Card numbers, CVVs, UPI PINs, and full bank credentials are processed by our authorised payment gateway and are not stored on CallMissed servers.

2. How We Use Your Information

• Service delivery: Processing API requests, managing bots, delivering conversation data, and operating real-time voice agents
• Account management: Authentication, authorization, tenant isolation, and role-based access control
• Billing and credits: Usage metering, payment reconciliation, plan enforcement, and transaction history
• Security: Rate limiting, access logging, abuse detection, and incident response
• Communications: Transactional emails (OTP, receipts, security alerts). Marketing emails only with explicit consent where required
• Legal compliance: Tax, audit, regulatory reporting, and responding to lawful requests

3. Data Storage, Residency, and Security

Indian hosting

CallMissed hosts primary production systems on Microsoft Azure data centres in India (Central India region). Customer personal data and service content are ordinarily stored and processed within India unless we notify you otherwise in writing or applicable law requires a different approach.

Encrypted backups for production data are maintained within India.

Security safeguards (DPDP Rules, Rule 6)

• Encryption in transit and at rest for stored personal data
• Access controls, tenant isolation, and least-privilege administrative access
• Hashed credentials and API secrets — raw API keys are not stored after issuance
• Security monitoring, logging, and incident response procedures
• Regular backups and recovery testing
• Employee and contractor confidentiality obligations

Further technical detail is available on our Security page.

4. Authorised Service Partners

We engage vetted service partners who process personal data on our instructions and only for specified purposes. We do not publish partner or sub-processor names on public marketing or legal pages; enterprise customers may request the current sub-processor schedule via karan@callmissed.com or our Data Processing Agreement.

All partners are bound by written contracts requiring confidentiality, security safeguards equivalent to ours, assistance with data principal requests, and prompt breach notification.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described above:

• Active accounts: For the life of the account
• After deletion request: 30-day recovery window, then permanent deletion of account and conversation data (see Account Deletion)
• Usage logs: Up to 90 days for billing and security, then anonymised or deleted
• Security/access logs: Retained per applicable Indian cybersecurity directions and our security policy
• Payment and tax records: Up to 7 years as required under GST, Income Tax, and allied laws
• Backups: Purged on a rolling schedule, typically within 90 days of primary deletion

6. Your Rights (DPDPA 2023)

As a data principal, you have the right to:

• Access — Obtain a summary of personal data we process and the processing activities undertaken
• Correction — Update inaccurate or incomplete personal data
• Erasure — Request deletion when consent is withdrawn or processing is no longer necessary (subject to legal retention)
• Grievance redressal — Raise a complaint with our Grievance Officer
• Nominate — Designate another individual to exercise your rights in the event of death or incapacity
• Withdraw consent — Where processing is consent-based, withdraw consent through account settings or by contacting us

To exercise these rights, email support@callmissed.com or use in-product tools where available. We respond within timelines prescribed under applicable law. If you are not satisfied with our response, you may escalate to the Data Protection Board of India once operational under the DPDPA framework.

7. Consent

Where the DPDPA requires consent, we obtain it in a free, specific, informed, and unambiguous manner. We do not use pre-ticked boxes for consent. You may withdraw consent at any time through the same channels used to give it; withdrawal does not affect processing already lawfully completed.

8. Cookies and Local Storage

See our Cookies Policy for details. In summary:

• Essential cookies/tokens for authentication and security
• Functional preferences (e.g. theme) stored locally where applicable
• No third-party advertising cookies on core product surfaces

9. Children's Privacy

CallMissed is a B2B service for businesses and developers. It is not directed at individuals under 18. We do not knowingly collect personal data from minors. If we learn that we have collected such data, we will delete it promptly.

10. Personal Data Breach Notification

In the event of a personal data breach likely to affect your rights:

• We will notify affected data principals without undue delay in concise, plain language, describing the breach, likely consequences, measures taken, and recommended safety steps (DPDP Rules, Rule 7)
• We will notify the Data Protection Board of India without undue delay and provide a detailed report within 72 hours where required, unless an extension is granted

11. Applicable Law and Compliance Framework

This Policy is designed to comply with, among others:

• Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025
• Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (during the transitional period)
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 — grievance mechanism
• CERT-In directions on cybersecurity incident reporting and log retention, where applicable
• Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified via email or dashboard notice at least 30 days before they take effect, except where immediate change is required by law. The "Last updated" date at the top reflects the latest revision.

13. Contact Us

• Data Protection point of contact: support@callmissed.com
• Privacy requests: support@callmissed.com
• General inquiries: sales@callmissed.com
• Security reports: support@callmissed.com

Registered entity details (Companies Act, 2013 and Consumer Protection (E-Commerce) Rules, 2020):

• Legal name: CallMissed Technologies Pvt. Ltd.
• Registered office: Registered office address — pending (update before launch), Pune, Maharashtra 4110XX, India
• CIN: UXXXXXMH2025PTCXXXXXX
• GSTIN: 27XXXXXXXXXXXZX

14. Grievance Redressal & Grievance Officer

In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the DPDPA, the contact details of our Grievance Officer are published below.

• Name / Designation: Grievance Officer (named individual to be appointed)
• Email: karan@callmissed.com
• Address: CallMissed Technologies Pvt. Ltd., Registered office address — pending (update before launch), Pune, Maharashtra 4110XX, India

How we handle complaints:

• We acknowledge every complaint within 24 hours of receipt (IT Rules, 2021).
• We resolve complaints within 15 days of receipt (IT Rules, 2021), and in any case grievances relating to personal data within the period prescribed under the DPDP Rules, 2025 (not exceeding 90 days).
• Grievances under the SPDI Rules, 2011 are redressed within one month.

If you are not satisfied with the resolution, you may escalate to the Data Protection Board of India via its official online portal.