Privacy Policy

Last updated: 16 May 2025

This policy applies to all users of ClearIQ, a product of Antigravity Technologies, and governs how we collect, use, store, and protect your personal data. It is compliant with India's Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Data We Collect

We collect only the information necessary to provide our WhatsApp Business CRM services. This includes:

  • Business information — company name, address, GSTIN, PAN
  • Account details — name, email address, phone number, role
  • Customer and contact data you import or create
  • Invoice, payment, and transaction records
  • WhatsApp Business Account credentials and conversation content
  • Usage logs and analytics to improve our services
  • Device information and IP address for security purposes

We collect this data only with your consent or as required to fulfil the service agreement, as permitted under Section 7 of the DPDP Act, 2023.

2. How We Use Your Data

Your data is used solely for the following purposes (as notified at the time of collection and consented to by you):

  • Operating your CRM workspace — contacts, invoices, orders, tasks
  • Sending and receiving WhatsApp messages on your behalf
  • Providing AI-assisted features (see Section 5 below)
  • Generating business reports and analytics
  • Sending transactional notifications and service updates
  • Complying with legal and regulatory obligations
  • Preventing fraud and ensuring platform security

We do not use your data for advertising, profiling, or any purpose not listed above. We do not sell your personal data to any third party.

3. WhatsApp Business Integration

ClearIQ integrates with Meta's WhatsApp Business Platform API. When you connect your WhatsApp Business account:

  • We store your WhatsApp Business Account ID and phone number ID
  • We process message content to deliver your communications
  • Conversation history is stored in your ClearIQ workspace only
  • All usage complies with Meta's Business Messaging Policy and WhatsApp Commerce Policy
  • We do not share your WhatsApp data with any third party outside of Meta's platform

You may disconnect your WhatsApp account at any time from Settings. Message history is retained according to your chosen data retention settings.

4. Third-Party Subprocessors

We engage the following third-party service providers to operate ClearIQ. Each is bound by contractual data protection obligations:

ProviderPurposeData AccessedCountry
Meta PlatformsWhatsApp Business APIMessage content, WABA IDUSA
Groq Inc.AI inference (optional features)See Section 5USA
AWS / Cloud hostServer infrastructureAll platform data (encrypted)India (ap-south-1)

No subprocessor has access to your inference inputs or outputs with our Zero Data Retention configuration enabled (see Section 5).

5. AI-Powered Features

AI Provider Disclosure — Groq Inc. (USA)

ClearIQ uses Groq's AI inference API to power optional AI features such as reply suggestions, conversation analysis, campaign generation, and customer insights. Groq processes text inputs on our behalf under a Data Processing Agreement (DPA).

What data Groq receives when you use AI features:

  • Message text from your WhatsApp conversations (only when you actively use an AI feature)
  • Contact name, business name — for context personalisation
  • Campaign message content — when using campaign generation

What Groq does NOT do with your data:

  • Zero Data Retention (ZDR) is enabled — Groq does not store, log, or retain your input text or AI outputs after the inference is complete
  • Groq does not train any model on your data
  • Groq does not share your data with any third party
  • Our DPA with Groq is auto-executed and includes 72-hour breach notification obligations

AI features are optional:

  • No AI feature runs automatically without a deliberate user action
  • You can use ClearIQ fully without ever activating any AI feature
  • Administrators can disable AI features for their entire organisation from Settings

For full details on Groq's data practices, see groq.com/privacy-policy and their Data Retention documentation.

6. Data Security

We implement technical and organisational measures to protect your data:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Strict multi-tenant data isolation — no cross-tenant data access is possible
  • Role-based access controls within your organisation
  • Regular security reviews and access audits
  • Infrastructure hosted in India (AWS ap-south-1 Mumbai region)

In the event of a personal data breach, we will notify affected Data Principals and the Data Protection Board of India within 72 hours of becoming aware of the breach, as required under the DPDP Act, 2023.

7. Data Retention

We retain your personal data only for as long as it is necessary for the purposes described in this policy, or as required by applicable law.

  • Account and business data — retained while your subscription is active
  • Transaction and invoice data — retained for 8 years (GST / Income Tax Act requirement)
  • Conversation and message data — retained for 1 year by default (configurable)
  • Audit logs — retained for 2 years
  • AI inference inputs/outputs — not retained by Groq (ZDR enabled)

Upon account cancellation, your data is deleted within 30 days, except where longer retention is required by law. You may request earlier deletion at any time.

8. Your Rights Under the Digital Personal Data Protection Act, 2023

The Digital Personal Data Protection Act, 2023 (DPDP Act) is India's primary data protection legislation. As a Data Principal (the person whose data is processed), you have the following rights:

Right to Access Information (Section 11)

You have the right to obtain a summary of your personal data that we process, the identities of all Data Fiduciaries and Processors with whom your data has been shared, and any other information prescribed under the Act.

Right to Correction and Erasure (Section 12)

You may request correction of inaccurate or misleading personal data, completion of incomplete data, and erasure of personal data that is no longer necessary for the purpose for which it was collected — unless retention is required by law.

Right to Grievance Redressal (Section 13)

You have the right to have your grievances addressed by our Grievance Officer within the timeframe prescribed by law. If unresolved, you may escalate to the Data Protection Board of India.

Right to Nominate (Section 14)

You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.

Right to Withdraw Consent (Section 7)

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal. Some features of ClearIQ may become unavailable upon withdrawal of consent for essential processing activities.

To exercise any of these rights, contact our Grievance Officer (see Section 10). We will respond within 30 days of receiving your request.

9. Cookies and Session Data

ClearIQ uses strictly necessary cookies and session tokens to keep you logged in and maintain your workspace session. We do not use third-party tracking cookies, advertising cookies, or cross-site tracking technologies.

  • cleariq-token — authentication session (expires on logout or after 30 days)
  • cleariq-org — remembers your last selected organisation

No consent banner is required for strictly necessary cookies. You may clear these cookies at any time through your browser settings, which will log you out.

10. Grievance Officer & Contact

In accordance with the DPDP Act, 2023, we have appointed a Grievance Officer for India to address any concerns related to the processing of your personal data.

Grievance Officer

Antigravity Technologies

Email: [email protected]

Response time: Within 30 days of receipt of grievance

If your grievance is not resolved within 30 days, or if you are dissatisfied with the resolution, you may approach the Data Protection Board of India once it is established and operational under the DPDP Act, 2023.

For general support queries unrelated to privacy, contact us at [email protected].

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you by email and display a notice in the ClearIQ dashboard at least 14 days before the changes take effect. Continued use of ClearIQ after that date constitutes your acceptance of the updated policy. The date at the top of this page always reflects when the policy was last updated.