Privacy Policy

1. Information We Collect

1.1 Account Information

When you create a Rapid Sales account, we collect your name, email address, phone number, company name, sales team size, and any optional information you provide (such as your use case description or industry). If you contact us through our website form, we collect the information you submit.

1.2 Lead Data You Upload

When you use our Service, you upload lead and prospect data via CSV files or manual entry. This data may include names, email addresses, phone numbers, company names, job titles, industry tags, and any other fields present in your uploaded files (“Lead Data”). You are the data controller of all Lead Data you upload, and we process it solely on your behalf as a data processor to provide the Service.

Important: You represent and warrant that you have a lawful basis (such as consent, legitimate interest, or an existing business relationship) to contact each lead whose data you upload, and that you have obtained all necessary consents or authorizations required under applicable law (including the Telecom Commercial Communications Customer Preference Regulations, the Telephone Consumer Protection Act, GDPR, and any other applicable telemarketing, data protection, or anti-spam laws). We do not independently verify the legality of your lead lists.

1.3 Communication Content and History

When you use our Service to send emails, WhatsApp messages, or initiate AI Voice Call, we process and store the following:

• Email Content and Threads:We store the full email thread history for each lead, including both outbound emails you send through the Service AND inbound replies received from leads. When you connect your email account via Google OAuth (Gmail/Google Workspace), Zoho Mail, or custom SMTP/IMAP, we access your connected email account to send outbound emails and read incoming replies. This two-way email data is stored and displayed in your dashboard's Unified Timeline. We store subject lines, body text, sender/recipient addresses, timestamps, and delivery status for each email in the thread.
• WhatsApp Conversation History:The full conversation history of WhatsApp messages exchanged between you and your leads through Meta's official WhatsApp Business API, including outbound messages (pre-approved templates and follow-ups) and inbound replies from leads. This two-way conversation data is stored and displayed in your dashboard.
• AI Voice Call Call Data: Call recordings (audio files, where enabled by your subscription plan), AI-generated call transcripts (text), call duration, call disposition (answered, unanswered, voicemail), and any notes or outcomes logged by the system. Both recordings and transcripts are stored and displayed in your dashboard.

Important: All communication data (email threads, WhatsApp conversations, call recordings, and transcripts) stored in the Service is accessible only to the account holder whose account generated or received the data. Our team does not access, view, or analyze your communication data unless strictly required as described in Section 4 (Data Security).

1.4 Interaction and Engagement Data

We collect data about how your leads interact with your outreach, including:

• Email Engagement Tracking:We embed tracking pixels (small, invisible images also known as web beacons) in emails sent through the Service to detect when a recipient opens an email. We also track link clicks, bounces, and reply detection. This data is collected automatically when the recipient's email client loads the tracking pixel or when a recipient clicks a tracked link.
• WhatsApp Engagement:Delivery receipts, read receipts (where available), and reply detection, as provided by Meta's WhatsApp Business API.
• Call Engagement: Call pickup rates, call duration, call disposition (answered, unanswered, voicemail), and AI-generated call outcomes.
• Automated Lead Classification:Our system uses AI-powered intent detection to automatically classify leads based on their engagement (e.g., “replied,” “interested,” “not interested,” “do not contact”). These automated classifications are used to trigger sequence actions (such as stopping outreach when a lead replies) and to display lead status in your dashboard. You may override any automated classification manually.

1.5 Usage and Analytics Data

We collect standard usage data to improve our Service, including pages visited within our application, features used, campaign activity, sequence configurations, error logs, browser type and version, device type, operating system, and IP address.

1.6 Payment Information

When you subscribe to a paid plan, your payment is processed by Razorpay. We do not store your credit card, debit card, UPI, or bank account details on our servers. We receive only a transaction reference, payment status, and invoice details from Razorpay.

1.7 Cookies and Tracking Technologies

Our Service uses the following cookies and tracking technologies:

• Essential Cookies: Required for authentication, session management, and core Service functionality. These cannot be disabled.
• Analytics Cookies: We may use analytics services (such as Google Analytics) to collect anonymized usage statistics. These services may set cookies on your device. You can learn more about how Google uses data at policies.google.com/technologies/partner-sites.

You can control cookies through your browser settings. Disabling essential cookies may impair the functionality of our Service.

2. How We Use Your Information

We use the information we collect to provide and improve the Rapid Sales Service. Specifically:

• Outreach Execution: To send emails, WhatsApp messages, and AI Voice Call to leads in your campaigns at your direction, using your configured sequences and schedules.
• AI Features: To generate AI-powered voice conversations, email content suggestions, and campaign recommendations. AI text features are powered by Google Gemini. AI Voice Call synthesis is powered by ElevenLabs and/or Cartesia. The provider used depends on the configuration selected by the user. When you use AI features, relevant context (such as lead information, industry, and campaign parameters) may be sent to these AI providers for processing. We do not send your account credentials or payment information to AI providers.
• Campaign Analytics: To track and display engagement metrics (opens, replies, call outcomes) for your outreach campaigns.
• Lead Management: To store, organize, and manage your uploaded lead data within your account.
• Unified Timeline: To aggregate all interactions (emails, WhatsApp messages, calls) for each lead into a single chronological view.
• Service Improvement: To analyze aggregated, anonymized usage patterns to improve features, fix bugs, develop new capabilities, and enhance platform performance.
• Customer Support: To respond to your inquiries and resolve issues.
• Security and Fraud Prevention: To detect and prevent fraud, abuse, and unauthorized access.
• Compliance Monitoring: To monitor for compliance with applicable telecommunications regulations and platform policies (including Meta WhatsApp Business API policies).

We reserve the right to use aggregated, anonymized, and de-identified data (from which no individual or business can be identified) for any lawful business purpose, including analytics, benchmarking, research, product development, and marketing. This right survives termination of your account.

3. Data Storage and Retention

3.1 What We Store

• Account Data: Your name, email, phone number, company information, and account preferences, stored for the duration of your account.
• Lead Data: Names, contact information, and industry tags of leads you upload, stored permanently within your account unless you delete them. Lead Data persists across campaigns so you can reuse lists.
• Email Connection Credentials: Depending on which email connection method you use, we store the following using AES-256 encryption at rest:
  • Google OAuth (Gmail/Google Workspace): We store your Google OAuth access tokens and refresh tokens, which grant the Service permission to read incoming emails and send outbound emails on your behalf via your Gmail or Google Workspace account. We do not store your Google account password. Tokens are used solely to authenticate and operate email functionality within the Service.
  • Zoho Mail: We store your Zoho Mail OAuth tokens or connection credentials, which grant the Service permission to read incoming emails and send outbound emails on your behalf via your Zoho Mail account. We do not store your Zoho account password.
  • Custom SMTP/IMAP: We store your SMTP and IMAP server credentials (host, port, username, and password or app-specific password). These credentials are used solely to authenticate, send emails, and read incoming replies on your behalf.
• Campaign Data: Sequence configurations, scheduling rules, email templates, WhatsApp templates, and call scripts you create within the Service.
• Communication Logs: Records of all emails sent, WhatsApp messages delivered, and AI calls made through the Service, including timestamps, delivery status, and engagement outcomes.
• Call Recordings and Transcripts: Where call recording is enabled (Advance plan and above), recordings and AI-generated transcripts are stored for the duration specified in your plan. Call recordings are retained for up to 90 days after creation unless you delete them earlier. Transcripts are retained for the duration of your account.
• Engagement Data: Email opens, replies, WhatsApp delivery/read receipts, and call outcomes are retained for the duration of your account to power the Unified Timeline and analytics features.

3.2 What We Do Not Store

• Your Google account password, Zoho account password, or any email account password (we use OAuth tokens for Google and Zoho connections, and app-specific passwords or SMTP/IMAP credentials for custom connections — we never access or store your primary account passwords).
• Your payment card details (handled entirely by Razorpay).
• WhatsApp end-to-end encryption keys (messages are handled through Meta's official API infrastructure).
• The contents of your entire Gmail, Zoho, or email inbox (we access and store only email threads related to leads managed within Rapid Sales campaigns, not your complete email account contents).

3.3 Retention After Account Deletion

When you delete your Rapid Sales account:

• All Lead Data, campaign data, communication logs, call recordings, and transcripts are deleted within 30 days.
• Account information and personal data are deleted within 30 days.
• Anonymized, aggregated analytics data that cannot be used to identify you or your leads may be retained indefinitely for service improvement and benchmarking purposes.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers, and between our servers and third-party APIs (including Google Gemini, ElevenLabs, cartesia, Plivo, Twilio, Zoho Mail, Google OAuth, and Meta WhatsApp Business API), is protected using HTTPS with TLS 1.2 or higher.
• Encryption at Rest: Sensitive data, including Google OAuth tokens, Zoho Mail connection credentials, SMTP/IMAP credentials, API keys, and WhatsApp Business API tokens, are stored using AES-256 encryption at rest.
• Access Controls: We employ strict role-based access controls (RBAC) and require multi-factor authentication (MFA) for all internal system access.
• No Unauthorized Human Access: Our policy prohibits employees or contractors from manually viewing, accessing, or analyzing your Lead Data, communication content, or call recordings unless strictly required for: (a) responding to a support request you have initiated and with your explicit permission, (b) security auditing or investigating suspected abuse, (c) critical debugging necessary to maintain the Service, or (d) compliance with applicable law or legal process.
• Infrastructure: Our Service is hosted on Amazon Web Services (AWS) in the Asia Pacific (Mumbai) region (ap-south-1), with regular security patches, automated monitoring, and intrusion detection. AWS maintains SOC 1, SOC 2, and ISO 27001 certifications for its infrastructure.

While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data, and you acknowledge and accept this inherent risk.

In the event of a data breach affecting your personal data or Lead Data, we will notify you as required by applicable law. Where GDPR applies, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of natural persons, and will notify affected individuals without undue delay where the breach is likely to result in a high risk. Under the DPDP Act, 2023, we will notify the Data Protection Board of India and affected Data Principals as required by applicable rules. Our liability in connection with any data breach is limited to the extent set forth in our Terms and Conditions. We will take commercially reasonable steps to mitigate the impact of any breach, but we are not liable for breaches resulting from factors outside our reasonable control, including zero-day vulnerabilities, sophisticated cyberattacks, or failures of third-party service providers.

5. Data Sharing and Disclosure

We do not sell, rent, trade, or share your Lead Data, communication content, or call recordings with any third party for their own advertising, profiling, marketing, or independent use.

We may share limited data only in the following circumstances:

• Service Providers: We use the following categories of third-party service providers that process data on our behalf under strict contractual obligations to maintain confidentiality and security. These providers do not have independent rights to use your data:
  • Cloud Infrastructure: Amazon Web Services (AWS) — for hosting, database, storage, and computing services.
  • AI Text Processing: Google Gemini API — for AI-powered email content suggestions, campaign recommendations, and text-based AI features. Receives contextual campaign data; does not receive your credentials or payment information.
  • AI Voice Call Synthesis: ElevenLabs and cartesia — for generating human-like AI Voice Call conversations during outbound calls. Receives call scripts and contextual data necessary for voice generation.
  • Telephony: Plivo and Twilio — for outbound voice call infrastructure, call routing, and call recording. These providers receive phone numbers and handle call audio. We may use either or both providers for call routing; the specific provider used for any given call is determined by our system based on routing optimization, availability, and geographic factors.
  • Email Access (Google OAuth):Google APIs — when you connect your Gmail or Google Workspace account via Google OAuth, we use Google's APIs to read incoming emails and send outbound emails on your behalf. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
  • Email Access (Zoho Mail):Zoho Mail APIs — when you connect your Zoho Mail account, we use Zoho's APIs to read incoming emails and send outbound emails on your behalf.
  • WhatsApp Messaging:Meta WhatsApp Business API — for sending and receiving WhatsApp messages. Processes message content and recipient phone numbers in accordance with Meta's data policies.
  • Payment Processing: Razorpay — for subscription billing and payment processing.
  • Analytics: We may use analytics services (such as Google Analytics) for anonymized website usage statistics.
• Legal Requirements: We may disclose your information if required to do so by applicable law, regulation, legal process, or governmental request.
• Safety and Security: We may disclose information if we believe in good faith that it is necessary to prevent fraud, protect the safety of any person, address security or technical issues, or protect our legal rights.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections described in this policy. We will notify you via email or a prominent notice on our Service before your data is transferred and becomes subject to a different privacy policy.
• With Your Consent: We may share your information for purposes not described in this policy if you provide explicit consent.

6. Third-Party AI Processing

6.1 Google Gemini

When you use AI-powered text features (such as email content suggestions or campaign recommendations), relevant context may be sent to Google's Gemini API for processing. Google's use of this data is governed by the Google API Terms of Service and Google Privacy Policy. We do not send your account credentials, payment information, or call recordings to the Gemini API. You are solely responsible for reviewing, editing, and approving all content generated by Google Gemini before sending to leads. We provide AI suggestions as-is, without warranty of accuracy, appropriateness, or legal compliance.

6.2 ElevenLabs

When you use AI Voice Call calling features, call scripts and contextual data are sent to ElevenLabs for voice synthesis. ElevenLabs processes this data to generate human-like voice output during calls. ElevenLabs' use of this data is governed by their Privacy Policy. Call recordings are handled by Plivo's and/or Twilio's telephony infrastructure, not by ElevenLabs.

6.3 Cartesia

When you use AI Voice Call calling features, call scripts and contextual data are sent to Cartesia for voice synthesis if it is selected as your configured provider. Cartesia processes this data to generate human-like voice output during calls. Cartesia's use of this data is governed by their Privacy Policy. Call recordings are handled by Plivo's and/or Twilio's telephony infrastructure, not by Cartesia.

6.4 Meta WhatsApp Business API

When you send WhatsApp messages through our Service, message content and recipient phone numbers are processed through Meta's official WhatsApp Business API. Meta's handling of this data is governed by the Meta Business Terms and Meta Privacy Policy. We use only approved message templates and comply with Meta's WhatsApp Business API policies.

6.5 Plivo and Twilio (Telephony)

When you initiate AI Voice Call through our Service, phone numbers and call audio are processed through Plivo's and/or Twilio's telephony infrastructure. We may use either or both providers for call routing; the specific provider used for any given call is determined by our system based on routing optimization, availability, and geographic factors. Plivo's handling of data is governed by their Privacy Policy. Twilio's handling of data is governed by their Privacy Policy. Call recordings (where enabled) are stored on our AWS infrastructure, not on Plivo's or Twilio's servers. Outbound calls are made using virtual phone numbers provisioned through Plivo and/or Twilio; lead phone numbers and the virtual caller ID numbers used are logged as part of call records.

6.6 Google OAuth (Gmail / Google Workspace)

When you connect your Gmail or Google Workspace account to Rapid Sales via Google OAuth, you grant our Service permission to access specific data in your Google account. Specifically:

• Scopes Requested: We request permissions to read incoming email messages (to detect lead replies and sync email threads) and to send outbound email messages on your behalf (to execute email campaigns). We request only the minimum scopes necessary to provide the Service.
• Data Accessed: We access email threads related to leads managed within your Rapid Sales campaigns. We do not access, read, or store your entire Gmail inbox or emails unrelated to your Rapid Sales campaigns.
• Limited Use Compliance: Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use data obtained through Google APIs for advertising, and we do not transfer this data to third parties except as necessary to provide the Service (e.g., to display email threads in your dashboard).
• Token Storage: We store your Google OAuth access tokens and refresh tokens using AES-256 encryption at rest. Tokens are used solely for the purposes described above.
• Revocation:You may revoke Rapid Sales' access to your Google account at any time through your Google Account settings (myaccount.google.com/permissions) or by disconnecting your Google email account from the Rapid Sales dashboard. Upon revocation, we will no longer be able to send emails or read replies via your Google account. Previously synced email threads that are already stored in your Rapid Sales dashboard will remain accessible until you delete them or delete your account.

6.7 Zoho Mail

When you connect your Zoho Mail account to Rapid Sales, you grant our Service permission to access specific data in your Zoho Mail account. Specifically:

• Data Accessed: We access email threads related to leads managed within your Rapid Sales campaigns. We do not access, read, or store your entire Zoho Mail inbox or emails unrelated to your campaigns.
• Credential Storage: We store your Zoho Mail connection credentials (OAuth tokens or authorized credentials) using AES-256 encryption at rest. These credentials are used solely to authenticate and operate email functionality within the Service.
• Zoho's Policies:Zoho's handling of your data is governed by their Privacy Policy.
• Revocation: You may disconnect your Zoho Mail account from Rapid Sales at any time through the dashboard. Previously synced email threads will remain accessible until you delete them or delete your account.

6.8 AI Provider Changes

We reserve the right to change the underlying AI service providers, models, or technologies used in the Service at any time. When we change AI providers, we may change where your data is processed (e.g., from one provider's servers to another provider's servers, potentially in a different jurisdiction). We will update this Privacy Policy to reflect material changes in AI providers and will notify you of such changes. Your continued use of the Service after notification constitutes acceptance of the new processing arrangements. If a provider change materially alters how your data is processed (such as changing data residency), we will provide at least 15 days' notice before the change takes effect.

7. Your Rights and Data Deletion

7.1 Your Rights

You have the following rights regarding your data:

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may request correction of inaccurate or incomplete personal data.
• Deletion: You may request deletion of your personal data and Lead Data at any time (see Section 7.2).
• Data Portability: You may request your data in a structured, machine-readable format.
• Withdraw Consent: You may withdraw your consent to data processing at any time by deleting your account.
• Restrict Processing: You may request restriction of processing of your personal data in certain circumstances (e.g., while we verify accuracy of data you have contested), as provided under GDPR Article 18 where applicable.
• Object: You may object to certain processing of your data, including processing for direct marketing purposes.

7.2 Deleting Your Data

You may delete your data through the following methods:

• In-app: Delete individual leads, campaigns, call recordings, or your entire account through the dashboard.
• Email: Send a request to help@rapidsales.ai with the subject line “Data Deletion Request.” We will confirm receipt within 48 hours and complete the deletion within 30 days.

Upon account deletion, all Lead Data, campaign data, communication logs, call recordings, and transcripts are permanently deleted within 30 days, except for anonymized, aggregated data that cannot identify you or your leads.

7.3 Lead Data Deletion by Leads (Data Subjects)

If an individual whose data you have uploaded to our Service contacts us directly to request deletion of their data, we will notify you and process the request in accordance with applicable law. You agree to cooperate with us to fulfill such requests.

7.4 Lead Opt-Out and Unsubscribe

Rapid Sales includes features to help manage lead opt-outs:

• Email Unsubscribe: Emails sent through the Service may include unsubscribe links (as required by CAN-SPAM and other anti-spam laws). When a lead clicks an unsubscribe link, the Service will automatically stop future email outreach to that lead within your account.
• WhatsApp Opt-Out:If a lead sends a stop or opt-out message in response to a WhatsApp message, Meta's WhatsApp Business API may automatically prevent further messaging to that number. You are responsible for honoring all opt-out requests.
• Call Opt-Out:Our AI Voice Call agents include a “Stop on Reply” feature powered by intent detection. When a lead expresses disinterest or requests to not be contacted, the system flags the lead and halts further automated outreach. You are responsible for ensuring that flagged leads are not re-added to future campaigns.

You are ultimately responsible for honoring all opt-out, unsubscribe, and do-not-contact requests from leads across all channels, regardless of whether the Service's automated features detect them.

7.5 Automated Decision-Making

Our Service uses AI-powered intent detection to automatically classify leads based on their engagement behavior (e.g., “interested,” “not interested,” “do not contact”). These classifications are used to automate sequence actions such as stopping outreach or triggering handoff to your human sales team. These automated classifications do not produce legal or similarly significant effects on the leads being classified — they are used solely for campaign workflow automation within your account. You may review and override any automated lead classification at any time through the dashboard.

If you are subject to GDPR, you acknowledge that you, as the data controller, are responsible for informing your leads about any automated decision-making that affects them and for providing appropriate safeguards as required under Article 22 of the GDPR.

8. Telecommunications Compliance

8.1 Your Responsibility

You are solely responsible for ensuring that your use of the Service complies with all applicable telecommunications laws and regulations, including but not limited to:

• The Telecom Regulatory Authority of India (TRAI) Telecom Commercial Communications Customer Preference Regulations (TCCCPR)
• The Telephone Consumer Protection Act (TCPA) (if contacting leads in the United States)
• The General Data Protection Regulation (GDPR) (if contacting leads in the European Economic Area)
• The CAN-SPAM Act (for email communications to US recipients)
• Any applicable do-not-call (DNC) registries and opt-out requirements
• Any other applicable national, state, or local telemarketing, data protection, or anti-spam laws

8.2 Our Role

Rapid Sales provides the technology platform for outreach execution. We do not determine who you contact, when you contact them, or what you say to them. You are the originator of all outreach campaigns, and you bear full legal responsibility for compliance. We may, but are not obligated to, implement features or safeguards to assist with compliance (such as DNC list checking or opt-out management), but the ultimate responsibility remains with you.

8.3 WhatsApp Compliance

All WhatsApp outreach is conducted through Meta's official WhatsApp Business API using pre-approved message templates. Meta reviews and approves all templates before they can be used. We comply with Meta's WhatsApp Business API policies, and you agree to comply with all applicable Meta policies when using WhatsApp features.

9. Children's Privacy

Rapid Sales is a business-to-business platform designed for use by businesses and professionals. It is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at help@rapidsales.ai. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

10. International Data Transfers

Rapid Sales is operated by Kash India from Ahmedabad, India. Our primary data infrastructure is hosted on Amazon Web Services (AWS) in the Asia Pacific (Mumbai) region (ap-south-1), meaning your data is primarily stored and processed in India.

Certain third-party services we use (such as Google Gemini, ElevenLabs, cartesia, Plivo, Twilio, Google APIs, and Zoho) may process data in other jurisdictions, including the United States and the European Economic Area. If you access our Service from outside India, or if you upload Lead Data containing contact information of individuals located outside India, please be aware that data may be transferred to and processed in India and other jurisdictions.

We take appropriate safeguards to ensure that data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed. Where required by applicable law (such as transfers from the European Economic Area), we implement appropriate legal mechanisms such as standard contractual clauses to ensure adequate data protection.

11. Compliance with Data Protection Laws

11.1 General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, or if you upload Lead Data containing personal data of individuals in the EEA or UK, additional obligations may apply. Our legal basis for processing your personal data is your explicit consent (provided when you create an account) and our legitimate interest in providing the Service.

For Lead Data, you act as the data controller and we act as the data processor. You are responsible for ensuring you have a lawful basis for processing Lead Data under the GDPR.

To exercise your GDPR rights, please contact us at help@rapidsales.ai. We will respond within 30 days.

11.2 California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to know what personal information is collected about you, the right to delete your personal information, the right to opt out of the sale of your personal information, and the right to non-discrimination for exercising your privacy rights. We do not sell your personal information. To exercise your CCPA rights, please contact us at help@rapidsales.ai.

11.3 Digital Personal Data Protection Act, 2023 (India)

We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), and the Digital Personal Data Protection Rules, 2025, as applicable. In accordance with the DPDP Act:

• We process your personal data only with your explicit consent.
• We collect and process only the personal data that is necessary to provide the Service.
• We provide clear mechanisms to withdraw consent, request data deletion, and exercise your rights as a Data Principal.
• We maintain reasonable security safeguards to protect your personal data.
• We have designated a Grievance Officer to address your concerns (see Section 14).

We also comply with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, to the extent they remain applicable.

11.4 Data Processing Relationship for Lead Data

With respect to Lead Data that you upload to the Service, you are the “Data Fiduciary” (under the DPDP Act) or “Data Controller” (under GDPR), and Kash India acts as the “Data Processor” processing Lead Data on your behalf and according to your instructions (as configured through your campaigns and sequences). You are responsible for: (a) ensuring you have a lawful basis for collecting and processing Lead Data, (b) providing any required notices to Data Principals/Data Subjects, (c) responding to Data Principal/Data Subject rights requests (we will assist upon request), and (d) conducting any required data protection impact assessments. If a Data Principal contacts us directly, we will redirect them to you and notify you of their request.

A Data Processing Agreement (DPA) is available upon request for customers who require one for GDPR compliance or other regulatory purposes. To request a DPA, please contact us at help@rapidsales.ai. We also maintain a list of sub-processors used in the Service, available upon request.

12. Do Not Track Signals

Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no universally accepted standard for interpreting DNT signals, our Service does not currently respond to DNT signals. You may opt out of tracking technologies as described in Section 1.7.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Service, applicable law, or the addition of new features and integrations. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy.
• Notify you via email (if you have an account) or through a prominent notice on our website at least 7 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. We reserve the right to update this policy as our Service evolves, including as we add new communication channels, AI capabilities, integrations, or data processing activities.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please contact us at:

Grievance Officer (India — DPDP Act, 2023)

In accordance with the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, we have appointed the following Grievance Officer to address your concerns:

If you have any grievances relating to the processing of your personal data, you may contact the Grievance Officer. We will acknowledge your grievance within 48 hours and endeavor to resolve it within 30 days.

We will respond to all privacy-related inquiries within 48 hours.