01Introduction
Veltrum Technologies Pvt. Ltd. ("Converz", "we", "our", or "us") operates the Converz.io AI agentic calling platform — a software-as-a-service product that helps Indian D2C brands automate calling workflows with voice AI agents. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it.
This policy applies to converz.io, our customer dashboard, our APIs, and any product, page or interaction that links to it. It does not apply to third-party services we integrate with — those are governed by their own privacy policies.
02Who we are
Veltrum Technologies Pvt. Ltd. is incorporated in India, with its registered office in Hyderabad, Telangana. For the purposes of EU/UK GDPR, we act as a data controller with respect to information collected through our marketing site and account onboarding, and as a data processor with respect to data processed inside our customers' Converz workspaces on their behalf.
03Data we collect
We collect information in three categories:
3.1 Information you give us
- Account data: name, work email, phone number, brand name, monthly order volume, team size.
- Billing data: billing contact, GST/VAT number, billing address, last four digits of payment instrument (full instrument is held by our payment processor).
- Communications: emails, support tickets, calls and any content you send us.
3.2 Information generated when you use Converz
- Workspace data: agent configurations, playbook definitions, audit logs, call analytics and transcripts.
- Connector data: the data you authorise Converz to read from connected systems (Shopify, Delhivery, Shiprocket, etc.) — only the fields needed to run the agents you have deployed.
- Telemetry: page views, feature usage, browser type, IP address, device identifiers, error reports.
- Call data: voice recordings, transcripts, and outcome metadata from calls placed or received by Converz agents on your behalf.
3.3 Information from third parties
- Identity providers (Google, Microsoft) when you sign in via SSO — name, email, profile photo.
- Commerce platforms — order data, customer profiles, and fulfilment data from your connected storefront, used solely to operate calling workflows you've configured.
04How we use data
| Purpose | Examples |
|---|---|
| Provide the service | Run voice agents, sync connectors, generate call transcripts, render dashboards. |
| Improve the service | Aggregated, de-identified analytics; debugging; A/B tests of agent voice quality. |
| Communicate | Onboarding emails, product updates, security advisories, billing notices. |
| Sales & marketing | Reach out to prospects who requested a pilot; targeted advertising for lookalike audiences. |
| Compliance | Anti-abuse, anti-fraud, audit trails, DPDPA compliance, responding to lawful requests. |
We do not use customer workspace data or call recordings to train foundation models, and we do not sell personal data to third parties.
05Legal basis (EEA / UK)
Where GDPR applies, we rely on the following lawful bases:
- Contract — to deliver Converz to you under our customer agreement.
- Legitimate interest — to keep Converz secure, prevent abuse, and improve the product.
- Consent — for non-essential cookies, marketing emails to non-customers, and any sensitive processing where consent is required.
- Legal obligation — to comply with tax, accounting, DPDPA, or court orders.
06Sharing & disclosure
We share data only with the following categories of recipients, and only when needed:
- Sub-processors who run parts of our infrastructure (see section 7).
- Connectors you authorise. When you connect Shopify, Delhivery, etc., Converz reads from and writes to those services on your behalf.
- Professional advisers (lawyers, auditors, accountants) under confidentiality.
- Acquirers in the event of a merger, acquisition or asset sale — with prior notice and equivalent protection.
- Authorities when compelled by valid legal process, with the narrowest scope possible and notice to you where lawful.
07Sub-processors
An always-current list of our sub-processors is available from info@veltrum.io on request. Today they include:
| Vendor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Hosting, compute, storage | ap-south-1, us-east-1 |
| Cloudflare | CDN, DDoS, WAF | Global |
| Stripe / Razorpay | Payments | US / IN |
| Anthropic, OpenAI | LLM inference | US |
| Postmark | Transactional email | US |
| Sentry | Error monitoring | US |
| PostHog | Product analytics | EU |
08Retention
- Account data: retained while your workspace is active and for 90 days after deletion.
- Call recordings & transcripts: retained for 12 months by default; configurable per your data policy.
- Connector data: refreshed continuously; cached up to 30 days after disconnect.
- Audit logs: 12 months by default, configurable up to 7 years on Enterprise plans.
- Marketing leads: 24 months from last interaction.
- Tax & billing records: as long as required by Indian tax law (currently 8 years).
09Security
Controls include:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- SSO + SCIM, MFA enforcement, role-based access control.
- Dedicated VPC, network segmentation, private subnets for data plane.
- Annual third-party penetration tests; SOC 2 Type II in progress.
- 24/7 security monitoring with on-call rotation; documented incident response plan.
- DPDPA-aligned consent recording and DND list enforcement for all outbound calls.
If you suspect a vulnerability, please email info@veltrum.io. We aim to acknowledge reports within 24 hours.
10International transfers
Converz is operated from India and the United States. When personal data leaves your country of residence, we rely on Standard Contractual Clauses, the UK IDTA, and equivalent transfer mechanisms. A copy of the relevant clauses is available on request.
11Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten").
- Object to or restrict certain processing.
- Port your data to another provider.
- Withdraw consent at any time.
- Lodge a complaint with your supervisory authority.
To exercise any of these, email info@veltrum.io. We aim to respond within 30 days.
12Cookies & tracking
We use first-party cookies for essential functions (auth, CSRF, session) and a small set of third-party analytics tools (PostHog, Microsoft Clarity) to understand how the product is used. You can opt out via the cookie banner on first visit, or by adjusting your browser settings.
We do not run third-party advertising trackers inside the authenticated Converz dashboard.
13Children's privacy
Converz is a B2B product not directed at children. We do not knowingly collect data from anyone under 18. If you believe a minor has used our service, please contact us and we will delete the relevant information.
14Changes to this policy
We may update this policy as the product evolves. Material changes will be communicated by email to active customers at least 30 days before they take effect. The version and "last updated" date at the top of this page will always reflect the current revision.
15Contact
For any privacy questions, requests, or concerns, contact our Data Protection team:
- Email: info@veltrum.io
- Postal: Veltrum Technologies Pvt. Ltd., Hyderabad, Telangana, India