Automate bulk messaging for promotions, alerts, and updates - Explore

Contact us

Privacy Policy

Effective Date: 9 May 2025

1. Introduction

This Privacy Policy ("Policy") sets forth the principles and practices adopted by Helo.ai, a product operated by VivaConnect Private Limited ("Helo", "we", "us", or "our"), in relation to the collection, use, storage, disclosure, and protection of Personal Data obtained through our Services. This Policy is framed in accordance with prevailing industry standards and applicable legal obligations, with particular reference to Communications Platform as a Service (CPaaS) operations.
Helo.ai primarily functions as a Data Processor, enabling business clients to communicate with their end-users via supported channels such as WhatsApp, RCS, SMS, Email, and Voice. The business clients remain the Data Controllers and are solely responsible for determining the purposes and lawful bases of processing.

2. Scope of Application

This Policy applies to:

  • Business entities and organizations that use the Helo.ai platform ("Clients" or "Customers");
  • End-users who receive communications from our Clients using Helo.ai's infrastructure;
  • Visitors to our website or individuals engaging with our support services.

This Policy does not extend to data independently collected or processed by Clients outside the scope of the Helo.ai platform.

3. Categories of Personal Data Processed

A. Client Data (Business-to-Business)

  • Business name and contact details;
  • User authentication credentials and session identifiers;
  • Billing, invoicing, and payment-related information;
  • Communication logs and platform usage analytics.

B. End-User Data (Processed on Behalf of Clients)

  • Mobile numbers;
  • Message content (including interactions with automated bots);
  • Email addresses (as provided by the Client);
  • Communication metadata (e.g., timestamps, delivery status, channel identifiers).

C. Website Visitor Data

  • IP addresses;
  • Device and browser-specific information;
  • Cookie and tracking identifiers.

We do not intentionally process sensitive personal data (e.g., biometric, racial or ethnic origin, health-related data), unless explicitly directed by a Client and subject to a lawful basis under applicable data protection laws.

4. Legal Bases for Processing

Processing of Personal Data is undertaken on one or more of the following legal grounds:

  • Valid consent obtained by the Client from the end-user;
  • Necessity for the performance of contractual obligations to our Clients;
  • Compliance with applicable legal and regulatory requirements (e.g., telecommunications regulations);
  • Legitimate interests, including security, fraud prevention, and service improvement, provided such interests are not overridden by individual data protection rights.

5. Use of Personal Data

We use Personal Data strictly for the following purposes:

  • Transmission of messages, alerts, and notifications;
  • Execution of automated workflows and chatbot-driven interactions;
  • Maintenance of logs for operational audits, quality assurance, and dispute resolution;
  • Detection and mitigation of technical issues or abuse;
  • Enhancement of service functionality and user experience.

We do not engage in profiling, automated decision-making, or behavioral targeting based on Personal Data.

6. Cookies and Tracking Technologies

Cookies and related technologies are employed for:

  • Session management and user navigation;
  • Analytical insights on user interactions and marketing campaigns;
  • Personalization of services.

Users may control cookie preferences via browser settings. For further information, refer to our Cookie Policy.

7. Data Storage and International Transfers

Personal Data is stored and processed within data centers located in India, specifically in Mumbai and Noida. Data transfers outside of India occur only upon Client request and are subject to appropriate legal safeguards.
We utilize third-party service providers (e.g., AWS, WhatsApp, Google RCS) under binding contractual agreements ensuring robust data protection.

8. Security Measures

We implement administrative, technical, and physical safeguards in line with ISO/IEC 27001 standards, including but not limited to:

  • Encryption of data at rest and in transit;
  • Role-Based Access Control (RBAC);
  • Endpoint protection and firewall configurations;
  • Periodic security audits and penetration testing;
  • Business continuity and disaster recovery protocols.

9. Data Retention

Personal Data is retained for the minimum duration necessary to:

  • Fulfill contractual and service delivery obligations;
  • Satisfy legal and regulatory recordkeeping requirements;
  • Resolve disputes or enforce agreements.

Retention timelines vary based on the communication channel, message type, and applicable laws. Clients may formally request data deletion or customized retention terms.

10. Sub-Processors and Third-Party Disclosures

We engage reputable sub-processors to facilitate our Services, including:

  • Telecommunications providers and internet service providers;
  • Cloud infrastructure providers (e.g., Amazon Web Services);
  • Channel-specific providers (e.g., Meta Platforms for WhatsApp, Google for RCS).

A complete list of sub-processors is available in our Subprocessor List. All third-party vendors are contractually bound to maintain data confidentiality and adhere to stringent security standards.

11. End-User Rights

If you are an end-user receiving communications through our platform, you are entitled to exercise the following rights under applicable data protection laws:

  • Right to access and rectify your Personal Data;
  • Right to withdraw consent where applicable;
  • Right to request deletion or restriction of processing.

To exercise these rights, please contact the Client (i.e., the business entity from whom the communication originated). If you contact Helo.ai directly, we will notify the relevant Client within seventy-two (72) hours.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect or process Personal Data relating to minors.

13. Amendments to This Policy

This Policy may be amended from time to time to reflect changes in legal requirements, technological advancements, or operational practices. The updated Policy will be published on our website with the revised effective date.

14. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Email: info@helo.ai
Postal Address:
Vivaplex, C7, Street 22,
MIDC, Opp. Rolta Technology Park,
Andheri (East), Mumbai – 400093, India.

15. Definitions

The following terms, when used in this Policy, shall have the meanings assigned below unless the context otherwise requires:

  • "Client" or "Customer" means any business entity or organization that uses the Helo.ai platform to send communications to End Users.
  • "Data Controller" refers to the natural or legal person which determines the purposes and means of processing of Personal Data. Our Clients are the Data Controllers in relation to the End User Data transmitted via the Helo.ai platform.
  • "Data Processor" means a person or entity that processes Personal Data on behalf of the Data Controller. Helo.ai acts as a Data Processor in most cases.
  • "End User" means an individual recipient of messages or communications from a Client using the Helo.ai platform.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" or "Process" refers to any operation performed on Personal Data including collection, use, storage, disclosure, or deletion, whether by automated means or otherwise.
  • "Services" refers to the suite of communication-related offerings provided by Helo.ai, including but not limited to messaging via WhatsApp, RCS, SMS, Email, and Voice.
  • "Sub-Processor" means a third-party vendor engaged by Helo.ai to assist in providing the Services and who may process Personal Data on behalf of Helo.ai.
  • "Cookies" are small data files stored on a user's browser or device used to collect standard Internet log information and visitor behavior information.
  • "Lawful Basis" refers to the legal justification for the collection and processing of Personal Data as defined under applicable data protection legislation.