Privacy Policy

1. Introduction & Scope

Dialora ("we," "us," or "our") is a CRM and unified communications platform designed for businesses to manage their customer relationships, calls, SMS, and email communications. This Privacy Policy ("Policy") governs how we collect, use, store, protect, and handle all personal data and customer data processed through our platform at dialora.in and any associated applications or services (collectively, the "Services").

By accessing or using the Services, you ("User," "You," or "Client") agree to this Policy in its entirety. If you do not agree, you must immediately discontinue use of the Services.

This Policy applies to:

• All individual users who register for a Dialora account
• All businesses and organizations that subscribe to Dialora's Services
• All data processed through the Dialora platform on behalf of our clients
• All visitors to dialora.in

2. Definitions

For clarity and legal precision, the following terms are defined as follows:

• "Account Data" means personal information you provide to create and maintain your Dialora account, including name, company name, email address, phone number, and billing information.
• "Customer Data" means all data belonging to your clients and leads that is uploaded, generated, stored, or processed through the Dialora platform, including contact details, call recordings, voicemails, SMS logs, email communications, and any related metadata. Customer Data is owned exclusively by you.
• "System Data" means technical and operational data we collect to maintain and improve platform functionality, including IP addresses, access logs, session metadata, error reports, and usage analytics. System Data does not include Customer Data.
• "Google Workspace Data" means any data accessed through Google API integrations, including Gmail messages, contacts, and calendar events.
• "Data Fiduciary" has the meaning ascribed to it under the Digital Personal Data Protection Act, 2023 (India).
• "Processing" means any operation performed on personal data, including collection, storage, use, transfer, or deletion.

3. Absolute Zero-Sharing Policy

3.1 Core Commitment

Dialora's Zero-Sharing Policy is the cornerstone of our service. It is absolute, unconditional, and non-negotiable. We do not share, sell, rent, lease, license, trade, disclose, or otherwise transfer your Customer Data to any third party under any circumstances, except as expressly described in Sections 3.2 and 3.3 below.

3.2 Prohibition on Commercial Data Sharing

The following activities are strictly and permanently prohibited at Dialora:

• Selling, renting, or licensing Customer Data to any third party for any purpose
• Sharing Customer Data with advertisers, data brokers, analytics companies, or marketing platforms
• Using Customer Data to build profiles for advertising targeting
• Aggregating or anonymizing Customer Data for resale or commercial use
• Providing Customer Data to business partners, affiliates, or subsidiaries without your explicit written consent
• Using Customer Data to train, fine-tune, or improve any AI, machine learning, or data processing models — internal or external

3.3 Legally Compelled Disclosure

In the rare and extraordinary circumstance where we receive a valid, legally binding court order, subpoena, or governmental directive requiring disclosure of your data, we will:

• Immediately notify you in writing upon receipt of such demand, unless we are legally prohibited from doing so by the terms of the order itself
• Provide you with sufficient time and information to seek a protective order, injunction, or other legal remedy to resist disclosure
• Vigorously challenge any overly broad or legally deficient demands on your behalf
• Disclose only the minimum data strictly required by the specific legal order — never in excess of what is legally mandated
• Provide you with a written account of what was disclosed, to whom, and the legal basis, immediately upon the lifting of any gag order

3.4 Internal Access Controls

Access to your Customer Data by Dialora employees is governed by strict internal controls:

• No Dialora employee may access your Customer Data without your explicit, written, time-limited authorization
• Access is granted only for the specific technical support purpose you authorize, and for no other reason
• All internal access events are logged with timestamp, employee ID, and the specific data accessed
• Access logs are available to you upon request at any time
• Unauthorized access by employees constitutes a termination-level violation of our employment policies

4. Information We Collect

4.1 Account Data

We collect the following information when you register for and use Dialora:

• Full name, company name, business address
• Email address and phone number
• Billing details (processed securely through our payment processor — we do not store raw card numbers)
• Account preferences and configuration settings

4.2 Customer Data (Your Clients' Information)

This is data about your clients and leads that you upload, import, or generate through the platform:

• Client contact information (name, phone, email, address)
• Call recordings, voicemails, and call metadata (duration, timestamps, caller ID)
• SMS and messaging logs
• Email threads and attachments
• Notes, tags, and custom fields you create

4.3 System Data

We automatically collect limited technical data to operate and secure the platform:

• IP addresses and device information
• Browser type and operating system
• Session duration and feature usage patterns (aggregated, anonymized)
• Error reports and crash logs
• API request logs for security monitoring

4.4 Payment Data

Payment transactions are processed by our third-party payment processor (Razorpay / Stripe). We do not store, log, or have access to your full credit or debit card numbers, CVV codes, or net banking credentials. We receive only a transaction confirmation token and masked billing details for invoicing purposes.

4.5 Third-Party Integration Data

If you connect third-party services to Dialora (e.g., WhatsApp Business API, telephony providers), data exchanged through those integrations is subject to this Policy. We collect only the data necessary to enable the integration and do not share it with the integration provider beyond what is required for the technical function.

5. Google API Services & User Data

6. How We Use Your Data

We use the data we collect solely for the following purposes:

• To create, maintain, and operate your Dialora account
• To provide CRM, calling, SMS, and email features you have subscribed to
• To process payments and issue invoices
• To send service-critical communications (account notices, security alerts, billing notifications)
• To diagnose and fix technical issues when you request support
• To improve platform stability and performance using anonymized, aggregated System Data
• To comply with our legal obligations under Indian law

We will never use your data to send you unsolicited marketing communications without your express opt-in consent. You may withdraw this consent at any time.

7. Data Security

7.1 Technical Safeguards

We implement the following security measures to protect your data:

• AES-256 encryption for all data at rest
• TLS 1.2 / TLS 1.3 encryption for all data in transit
• Role-based access control (RBAC) limiting employee access to the minimum necessary
• Multi-factor authentication (MFA) required for all internal system access
• Network-level firewall protection and intrusion detection systems
• Regular automated vulnerability scanning and penetration testing

7.2 Organizational Safeguards

• All employees with any system access undergo mandatory privacy and security training
• Security policies are reviewed and updated at minimum annually
• Vendor agreements with all sub-processors include binding data protection obligations equivalent to this Policy

7.3 Limitation of Liability

While we employ industry-leading security practices, no system is impenetrable. In the event of a security incident, we will follow the breach notification procedures described in Section 11 of this Policy.

8. Cookies & Tracking Technologies

8.1 Essential Cookies

We use essential cookies that are strictly necessary to operate the platform — for authentication, session management, and security. These cannot be disabled without impairing core platform functionality.

8.2 Analytics Cookies

With your consent, we use analytics tools to understand aggregate usage patterns and improve the platform. These cookies collect anonymized data only and cannot be used to identify individual users.

8.3 Your Cookie Choices

You may manage your cookie preferences at any time through the cookie settings panel on our website. Withdrawing consent for non-essential cookies will not affect your ability to use the platform.

We do not use tracking pixels, fingerprinting technologies, cross-site tracking, or any mechanism designed to follow you across the internet beyond our own platform.

9. Your Rights & Data Control

You have the following rights with respect to your data, exercisable at any time:

• Right of Access: Request a complete export of all Account Data and Customer Data we hold for you
• Right to Correction: Request correction of any inaccurate or incomplete data
• Right to Portability: Receive your Customer Data in a machine-readable format (CSV / JSON)
• Right to Erasure: Request permanent deletion of all your data from our systems
• Right to Restrict Processing: Request that we limit how we use your data while a dispute is resolved
• Right to Withdraw Consent: Withdraw any previously granted consent at any time without penalty
• Right to Nominate: Under India's DPDP Act 2023, nominate an individual to exercise these rights on your behalf in the event of incapacity

To exercise any of these rights, contact us at privacy@dialora.in. We will acknowledge your request within 48 hours and fulfill it within 30 calendar days. Complex requests may require up to an additional 30 days, and we will notify you if this is the case.

10. Data Retention

We retain your data only for as long as necessary:

11. Data Breach Notification

In the event of a security incident that results in unauthorized access to, or disclosure of, your personal or Customer Data, Dialora will:

• Notify you in writing within 72 hours of becoming aware of the breach
• Provide a full account of: the nature of the breach, categories of data affected, approximate number of records involved, likely consequences, and the measures taken or proposed to address the breach
• Notify the relevant Data Protection Board of India as required under the DPDP Act 2023
• Provide ongoing updates as the investigation progresses
• Offer remediation assistance, including guidance on protective steps you and your clients can take

We maintain a documented Incident Response Plan that is tested and updated annually to ensure rapid and effective response to any breach.

12. India DPDP Act 2023 Compliance

Dialora is fully committed to compliance with India's Digital Personal Data Protection Act, 2023 ("DPDP Act"). In our capacity as a Data Fiduciary:

• We process personal data only for lawful purposes and only with your valid, informed, and freely given consent
• We implement technical and organizational measures to ensure data accuracy and security
• We delete personal data as soon as the purpose for which it was collected is fulfilled, subject to our retention schedule in Section 10
• We maintain records of all processing activities as required by law
• We will appoint a Data Protection Officer (DPO) as required upon the applicable threshold being triggered under the DPDP Act

You have the right to raise a complaint with the Data Protection Board of India if you believe your rights under the DPDP Act have been violated, without prejudice to any other legal remedy.

13. Children's Data

Our Services are not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor without verifiable parental consent, we will immediately and permanently delete such data. If you believe a minor has provided us with data, please contact privacy@dialora.in immediately.

14. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. In the event of a material change — defined as any change that affects your rights, our data sharing practices, or the nature of data we collect — we will:

• Notify you by email to your registered address at least 30 days before the change takes effect
• Display a prominent notice on dialora.in for 30 days
• Require your affirmative acknowledgment for changes that materially affect your rights

Your continued use of the Services after the effective date of a change constitutes your acceptance of the revised Policy. If you do not agree to the revised Policy, you must cease using the Services and may request deletion of your data under Section 9.

15. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act 2023, Dialora has designated a Grievance Officer to address any complaints or concerns regarding the processing of your data. To raise a grievance, contact us at grievance@dialora.in. We will respond within 72 hours and resolve within 30 days.

If your grievance is not resolved to your satisfaction within 90 days, you may escalate to the Data Protection Board of India.

16. Contact Us

For all privacy-related inquiries, data requests, or concerns, please contact:

We take all privacy communications seriously and will respond promptly. This Policy is governed by the laws of India. Any disputes arising out of this Policy shall be subject to the exclusive jurisdiction of the courts in India.