Privacy Policy

1. Introduction

Botsense Tech Private Limited ("we", "us", or "our") operates LeadSense, a multi-product SaaS platform that includes WhatsApp Business messaging and automation, CRM and lead management, AI calling, and AI lead discovery, as well as the LeadSense WhatsApp for Shopify application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. We are a company incorporated in India and process personal data in a manner consistent with India's Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password. If you sign up via Google OAuth, we receive your name, email, and profile picture from Google.

2.2 Shopify Store Data

When you install the LeadSense WhatsApp for Shopify app, we access your Shopify store data as permitted by the scopes you authorize during installation. This includes: order information, customer names and phone numbers (for sending WhatsApp notifications), checkout data (for abandoned cart recovery), and fulfillment/shipping details.

2.3 WhatsApp Business API Data

If you configure WhatsApp Business API credentials, we securely store your Phone Number ID, WhatsApp Business Account ID, and access token (encrypted at rest using AES-256-CBC). We log message delivery statuses (sent, delivered, read, failed) but do not store the content of messages sent to your customers.

2.4 Usage Data

We automatically collect information about how you interact with our services, including page views, feature usage, and error logs. We use server-side logging only and do not use third-party advertising trackers.

2.5 End-Customer & Lead Data

To provide the CRM, messaging, AI-calling, and lead-discovery features, we process data about the contacts, leads, and end-customers you manage through the platform — such as names, phone numbers, email addresses, and conversation/contact history. You are the controller of this data; we process it on your behalf solely to provide the Services, and you are responsible for having a lawful basis and any required consent to upload and contact these individuals.

2.6 Payment Information

Payments for subscriptions and prepaid recharges are processed by our third-party payment gateway, PayU. Card and banking details are entered directly with the gateway — we do not collect or store your full card numbers or banking credentials. We retain only transaction metadata (such as amount, status, timestamp, and a payment reference) needed for billing, reconciliation, and refunds.

3. How We Use Your Information

• To provide, operate, and maintain our services, including sending automated WhatsApp messages on your behalf
• To process Shopify orders, fulfillments, and abandoned carts for your configured automations
• To generate analytics and reports about your message delivery and cart recovery performance
• To improve, personalize, and expand our services
• To communicate with you about service updates, security alerts, and support
• To detect, prevent, and address technical issues and fraud

4. Data Storage and Security

Your data is stored on secure servers hosted in data centers with industry-standard security measures. We implement the following security practices:

• Shopify access tokens are encrypted at rest using AES-256-CBC encryption
• All data transmission uses HTTPS/TLS encryption
• Webhook payloads are verified using HMAC-SHA256 signatures
• Session management uses secure, HttpOnly, SameSite cookies
• Database access is restricted with role-based credentials

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

• WhatsApp/Meta: Customer phone numbers and message template variables are sent to the WhatsApp Business API (operated by Meta) to deliver messages on your behalf
• Service Providers: We use Supabase for authentication and database hosting, and Redis for session management
• Payment Gateway (PayU): Payment details you enter to recharge or subscribe are processed by PayU; we receive only transaction metadata, not your full card/banking details
• Telecom / calling providers: For AI-calling features, recipient phone numbers and call data are shared with the telecom/voice providers used to place the calls
• Legal Requirements: We may disclose information if required by law, regulation, or legal process

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Message logs are retained for 90 days after which they are automatically purged
• Abandoned cart data is retained for 30 days after recovery or expiry
• When you uninstall the Shopify app, we deactivate your store data. After 48 hours, Shopify sends a shop data deletion request and we permanently delete all data associated with your store
• You may request deletion of your data at any time by contacting us

7. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your personal data

For Shopify store customers: If you are a customer of a Shopify store using our app and wish to exercise your data rights, please contact the store owner directly. Store owners can manage customer data requests through their Shopify admin panel, which will trigger our GDPR compliance endpoints automatically.

8. Shopify App Specific Terms

The LeadSense WhatsApp for Shopify app accesses only the data necessary to provide its functionality:

• read_orders: To trigger order confirmation and shipping update messages
• read_customers: To access customer phone numbers for WhatsApp messaging
• read_checkouts: To track abandoned carts for recovery messages
• read_fulfillments: To send shipping notifications with tracking details
• read_products: To include product details in messages

We comply with Shopify's API Terms of Service and handle all mandatory GDPR webhooks (customer data request, customer data erasure, and shop data erasure).

9. Cookies

We use essential cookies only, required for authentication and session management. We do not use advertising or tracking cookies. The Shopify embedded app uses session cookies (HttpOnly, Secure, SameSite=None) to maintain your authenticated session within the Shopify admin iframe.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: