Legal
Privacy Policy
Last updated: 2 May 2026·Effective from: 1 February 2026
This policy explains what personal data Traject AI collects, why we collect it, who we share it with, and the rights available to you under the GDPR, UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the UAE Personal Data Protection Law, and India's Digital Personal Data Protection Act, 2023 (DPDP Act).
1. Who we are
"Traject AI", "we", "our" and "us" refer to TRAJECT AI, a business based in India, providing the platform available at traject-ai.in, app.traject-ai.in, and related subdomains (collectively, the "Platform").
Contact for privacy matters:
Email: admin-naren@traject-ai.in
WhatsApp: +91 78638 30951
Postal: Available on request for data-subject inquiries.
2. Scope and roles
Depending on whose data is being processed, Traject AI acts in one of two roles:
- Data Controller — when we collect information directly from you as a visitor to our marketing site or as a business owner signing up for the Platform (name, email, phone, billing details, account settings).
- Data Processor— when our AI agents handle messages from your end customers on your behalf (for example, a person messaging your business on WhatsApp or through a chat widget). You (the business owner, called the "Tenant") are the Controller of that end-customer data; we process it strictly on your documented instructions under our Data Processing Addendum.
3. Data we collect
3.1 From business owners (Tenants)
- Identity: name, email, Google account ID (via Firebase Authentication / Google SSO).
- Contact: business phone number (digits + country code, stored in a format compatible with the WhatsApp Business API).
- Business profile: business name, type, operating hours, services offered, booking type, inventory units (tables/rooms/seats where applicable), pricing, timezone, locale.
- Knowledge base uploads: PDFs, CSVs, text, or website URLs you provide to train your AI agent. These are chunked and converted to vector embeddings stored against your tenant ID.
- Billing: subscription tier, plan start/end dates, payment references (full card data is never seen or stored by us — it stays with the payment processor, see Section 7).
- Usage telemetry: conversations handled, tokens used, turn latency, cache-hit ratio, feature adoption.
- Integrations: OAuth tokens for Google Calendar and WhatsApp Business (stored encrypted); API credentials for Cal.com or Calendly where connected.
3.2 From end customers (people who message a Tenant's AI agent)
- Phone number (WhatsApp and voice channels).
- Name, where provided by the user or derived from the WhatsApp profile.
- Message content — text, images, audio, documents — exchanged with the AI agent.
- Booking details — date, time, party size, assigned unit, contact email where collected.
- Lead details — name, email, phone, free-text reason/requirement the customer provided.
- Derived signals — intent classification, confidence score, escalation flag.
End-customer data belongs to the Tenant (the business owner) who operates the agent. We process it only to deliver the service: replying to the customer, booking their appointment, syncing to the Tenant's calendar, and sending confirmation emails.
3.3 Automatic / technical data
- Device and browser information (user agent, approximate IP, timezone).
- Authentication tokens, session identifiers, CSRF tokens.
- Log data — HTTP request metadata, error traces, audit records.
- Cookies — strictly necessary (session, auth, CSRF) and functional (preferences). No advertising cookies.
3.4 Data we do not collect
- Government-issued ID numbers (Aadhaar, SSN, passport) — we never ask for these.
- Payment card numbers, CVVs, or bank credentials — these are collected directly by our payment processor (Razorpay) over its own secure channels.
- Biometric data.
- Precise location (GPS).
4. Why we use your data (purposes and legal bases)
| Purpose | Data used | Legal basis (GDPR / DPDP) |
|---|---|---|
| Create and operate your account | Identity, contact, business profile | Contract |
| Deliver AI-agent replies and bookings | Tenant config + end-customer messages | Contract / legitimate interest of the Tenant |
| Bill subscriptions and process payments | Identity, payment reference | Contract, legal obligation (tax) |
| Send transactional emails (bookings, invoices, alerts) | Email, booking details | Contract |
| Security, fraud prevention, abuse detection | Logs, IPs, rate-limit counters, Model Armor signals | Legitimate interest, legal obligation |
| Product improvement and aggregate analytics | De-identified usage metrics only | Legitimate interest |
| Marketing our own services to Tenants | Business email | Consent (opt-in) / legitimate interest with opt-out |
| Comply with legal requests | Whatever is required by law | Legal obligation |
We do not sell your personal data. We do not use your conversations or knowledge-base content to train third-party AI models.
5. WhatsApp Business data handling
When a Tenant connects a WhatsApp Business number to Traject AI, messages flow through the Meta WhatsApp Cloud API. All WhatsApp webhook requests are cryptographically verified using HMAC-SHA256 against Meta's shared secret — unsigned requests are rejected. Your business phone number and WABA identifiers are stored per tenant; individual end-customer phone numbers are stored in an encrypted form.
We use the WhatsApp Business Platform in line with Meta's Business Terms and Policies. Traject AI is a registered Tech Provider with Meta, and is in partner onboarding with Gupshup (an approved Business Solution Provider) to handle template management and billing at scale. If you are an end customer and wish to stop receiving messages from a Traject AI–operated business, reply STOP in the WhatsApp thread, or contact the Tenant directly.
6. Who we share data with
We share data only with the categories of recipients below, under contract and only to the extent needed:
6.1 Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform (Cloud Run, Firestore, Cloud Storage, Secret Manager, Cloud Logging) | Application hosting, database, file storage, secrets, logs | United States (us-central1) |
| Google — Gemini Enterprise Agent Platform (formerly Vertex AI) — Gemini 3.1 Pro, Gemini 3 Flash, Gemini 2.5 Flash, Gemini Live 2.5 Flash, Gemini Embedding 2, Google Model Armor | LLM inference, audio processing, safety screening, embeddings | United States (us-central1); global endpoint for LLM calls |
| Firebase Authentication | Google SSO, token issuance | Google global |
| Meta Platforms — WhatsApp Business Cloud API | WhatsApp message delivery | Meta global |
| Gupshup (partner onboarding in progress) | WhatsApp template management, analytics, carrier billing | India / global |
| Razorpay | Subscription billing | India |
| Cal.com, Calendly (optional, Tenant-enabled) | External calendar synchronization | Varies |
| SMTP provider (Gmail SMTP / SES-compatible) | Transactional email delivery | United States |
| Vercel / Firebase Hosting / Netlify | Static web hosting and global CDN | Global edge |
An up-to-date list of sub-processors is maintained in our Data Processing Addendum. We will notify Tenants of material changes at least 30 days in advance where practicable.
6.2 Other disclosures
- Legal compliance — We may disclose data when required by a valid legal process (court order, lawful request by a public authority) or to protect the rights, property, or safety of Traject AI, our Tenants, or the public.
- Business transfers — If Traject AI is merged, acquired, or reorganised, personal data may transfer to the successor entity subject to this policy.
- With consent — In any other case, only with your explicit consent.
7. International data transfers
Our production infrastructure runs in Google Cloud's us-central1 region. Personal data originating in the EU, UK, UAE, or India may therefore be transferred to and processed in the United States. Transfers are protected by:
- The European Commission's Standard Contractual Clauses (SCCs), incorporated by reference in our DPA.
- Google Cloud's commitment to the EU-US Data Privacy Framework and equivalent UK/Swiss extensions.
- Encryption in transit (TLS 1.3) and at rest (AES-256).
Enterprise customers requiring data residency in the EU, UK, UAE, or India can request a dedicated deployment in the relevant region (europe-west, me-central1, asia-south1) as part of our Enterprise tier. This roadmap item is tracked publicly on our roadmap.
8. How we protect your data
- Encryption at rest — AES-256-GCM on sensitive fields (phone numbers, names, OAuth tokens). Firestore and Cloud Storage default encryption on all data.
- Encryption in transit — TLS 1.3 on every public endpoint; HSTS enforced.
- Phone-number privacy — end-customer phone numbers are stored as AES-256-GCM ciphertext plus an HMAC-SHA256 hash used only for fast lookups; no plaintext phone numbers live in our database.
- Webhook integrity — every inbound WhatsApp webhook is HMAC-verified against Meta's signature; unsigned requests are rejected.
- Input and output safety — Google Model Armor screens every inbound user message and every outbound AI reply for prompt injection, harmful content, and data leakage.
- Access control — Firebase Authentication with Google SSO; every Firestore query is filtered by tenant ID; service accounts use least-privilege IAM.
- Secret management — API keys and signing keys are stored in Google Secret Manager and mounted into Cloud Run at runtime, never committed to source.
- Rate limiting and abuse protection — per-IP, per-session, and per-tenant rate limits; spend caps prevent runaway usage.
- Audit logging — every agent turn is logged to an immutable
turnLogscollection for forensic review. - Dependency hygiene — automated dependency scanning (Dependabot) on all repositories.
Our full security posture, current controls, and the 12-month compliance roadmap (including SOC 2 Type II, VPC-SC, CMEK) are published at /trust. No system is 100% secure, and we do not claim otherwise — but we invest continuously to raise the bar.
9. How long we keep data
| Data category | Retention |
|---|---|
| Active tenant account data | For the life of your subscription |
| End-customer conversation sessions | 90 days rolling, then deleted by automated daily sweep (Tenants may request shorter retention) |
| ADK session memory (agent working memory) | 48 hours of inactivity, auto-purged every 15 minutes |
| Booking records | 3 years from appointment end-time, then deleted by automated daily sweep (earlier deletion on request) |
| Billing and tax records | As required by law (typically 7 years in India) |
| Audit logs (turnLogs) | ~13 months (395 days), then deleted by automated daily sweep |
| Backup copies | 30 days (Google Cloud Firestore platform-level backups) |
| Marketing preferences / opt-out flags | Until you re-opt-in or your account closes |
| Free-trial ledger (Google account ID + signup date) | Retained indefinitely for the sole purpose of preventing re-grants of the one-per-account lifetime trial. Not shared with third parties; no other personal data attached. |
When you close your account, we delete or anonymise your data within 30 days, except where law requires longer retention (such as tax records).
10. Your rights
Depending on your jurisdiction, you have some or all of the following rights:
- Access — ask for a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion / erasure — ask us to delete your data, subject to legal retention requirements.
- Portability — receive your data in a structured, machine-readable format.
- Restriction / objection — object to certain processing activities or ask us to restrict processing.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
- Lodge a complaint — with a supervisory authority (for example, the ICO in the UK, your local DPA in the EU, or the Data Protection Board of India under the DPDP Act).
- California residents (CCPA/CPRA) — right to know, delete, correct, opt-out of "sale" or "sharing", and limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioural advertising.
To exercise any right, email admin-naren@traject-ai.in. We respond within 30 days. We may need to verify your identity before acting on requests.
End customers: if your data is being processed by one of our Tenants, please contact that Tenant directly — they are the Controller. We will assist them in responding to your request.
11. Children
Traject AI is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Cookies and similar technologies
We use a minimal set of cookies and local-storage items:
- Strictly necessary — authentication tokens, session IDs, CSRF tokens.
- Functional — your UI preferences (theme, dismissed banners).
- Analytics — aggregated, privacy-respecting product analytics (no cross-site tracking).
We do not use advertising cookies. You can clear cookies in your browser settings; doing so will sign you out of the Platform.
13. Automated decision-making
Our AI agents make automated replies and routing decisions (for example, classifying a message as a booking, an FAQ, or a lead). These are not legally significant decisions; a human Tenant can always intervene via the dashboard, and critical actions (cancelling or rescheduling a booking) require explicit customer confirmation.
14. Changes to this policy
We may update this policy to reflect changes in our product or the law. Material changes will be announced in the dashboard and by email at least 14 days before they take effect. The "Last updated" date at the top of this page is authoritative.
15. How to contact us
Questions about this policy, requests to exercise your rights, or reports of a security issue:
- Email: admin-naren@traject-ai.in
- WhatsApp: +91 78638 30951
- Postal address available on written request.
Responsible disclosure of security vulnerabilities is welcomed — email the address above with "SECURITY" in the subject line. We aim to acknowledge within 48 hours.
© 2026 TRAJECT AI. This policy is provided under our Terms of Service and supplemented by our Data Processing Addendum.