Vaacha
Privacy Policy
Effective date: April 2026
Vaacha is an AI-powered customer communication platform developed and operated by Nivaara Consulting (“we”, “our”, “us”). This Privacy Policy explains how we collect, use, and protect your information when you use the Vaacha platform or visit our website.
Vaacha enables businesses to deploy AI agents that communicate with their customers via WhatsApp, SMS, email, and voice. In doing so, we process data on behalf of both the businesses using Vaacha (“business customers”) and the individuals those agents interact with (“end-users”).
1. Who we are
Nivaara Consulting is a technology and AI consulting firm based in Hyderabad, India. Vaacha is a SaaS product built and operated by Nivaara Consulting.
- Nivaara Consulting, Hyderabad, India
- GSTIN: 36DJGPD7514C1ZK
- Email: support@nivaaraconsulting.com
2. Information we collect
a. From business customers
When a business registers for Vaacha, we collect:
- Name and contact details of the account holder
- Business name, address, and GSTIN where applicable
- Email address and phone number
- WhatsApp Business Account credentials and phone number IDs
- Knowledge base content uploaded to the platform (PDFs, FAQs, price lists, manuals)
- Billing details, processed via third-party payment providers — Vaacha does not store card numbers
b. From end-users (customers of businesses using Vaacha)
When an individual interacts with a Vaacha-powered AI agent, we may process:
- Phone number or WhatsApp ID
- Name, if provided in the conversation
- Conversation content — messages sent and received
- Appointment, order, or transaction details shared during the conversation
- Voice audio, for calls handled via the voice channel — processed for speech-to-text conversion and not stored beyond what is necessary for that purpose
c. From website visitors
When you visit the Vaacha website, we automatically collect basic technical data including IP address, browser type, and pages visited. This is used for security monitoring and aggregate analytics only.
3. How we use your information
We use your information to:
- Operate and deliver the Vaacha platform — routing messages, generating AI responses, and executing actions such as appointment bookings
- Improve platform quality — conversation data may be used in anonymised form to evaluate AI accuracy; identifiable data is not used for model training without consent
- Manage the business customer relationship — billing, support, and onboarding
- Comply with legal obligations under the DPDP Act 2023 and Meta's WhatsApp Business Platform policies
- Detect and prevent fraud, abuse, and security incidents
We do not sell or rent personal data to third parties. We do not use end-user data for advertising.
4. Data sharing
We may share your data with:
- Meta Platforms — for WhatsApp message delivery via the Cloud API
- LLM providers (such as OpenAI) — message content is sent to generate AI responses, under their data processing terms
- Speech-to-text providers (Sarvam AI, Reverie) — voice audio is sent for transcription and processed only for that purpose
- Cloud hosting providers — all data is stored on servers located in India
- Payment processors — for billing of business customers only
- Legal authorities — if required under applicable Indian law
All such sharing is limited to what is necessary to operate the platform.
5. WhatsApp and Meta platform data
Messages sent via WhatsApp pass through Meta's infrastructure before reaching Vaacha's servers. Meta's own privacy policy governs data on their infrastructure. Vaacha receives message content and sender details via Meta's webhook system and stores this data in India.
Business customers are responsible for ensuring they have obtained appropriate consent from their end-users before deploying a Vaacha agent on their WhatsApp number. Vaacha complies with Meta's WhatsApp Business Messaging Policy.
6. Voice and audio data
Where Vaacha handles voice calls, audio is processed by speech-to-text providers solely to generate a text transcript. Raw audio is deleted within 7 days of transcription. Transcripts are handled in the same way as other conversation data.
Businesses deploying voice agents are required to inform callers that the call is handled by an AI system.
7. Data storage and security
Your data is stored securely on servers in India and protected against unauthorised access, misuse, or disclosure. We use encryption in transit and at rest, and limit access to authorised personnel only.
In the event of a data breach likely to cause harm, we will notify affected business customers and, where required, the Data Protection Board of India, within the timeframes prescribed by the DPDP Act 2023.
8. Data retention
We retain personal data as follows:
- Conversation data (messages, transcripts, action records): minimum 12 months from the date of the conversation, in line with the DPDP Act 2023
- Knowledge base content: for the duration of the subscription, deleted within 30 days of account termination
- Business customer account data: for the duration of the relationship and 3 years thereafter for legal compliance
- Voice audio (raw): deleted within 7 days of transcription
- Website visitor logs: 90 days
On account termination, all personal data associated with the account will be deleted or anonymised within 30 days, subject to any legal obligation to retain records.
9. Your rights
Under the Digital Personal Data Protection Act, 2023, you may:
- Request access to your personal data
- Request correction of inaccurate data
- Request erasure of your data where processing is no longer necessary
- Withdraw consent for data processing
- Raise a grievance with our designated Grievance Officer
End-users wishing to exercise these rights should contact the business they interacted with, who will coordinate with Nivaara Consulting as required. Business customers may contact us directly using the details in Section 12.
10. Updates to this policy
We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated effective date. For material changes, we will notify business customers by email at least 14 days before the change takes effect.
11. Governing law
This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023. Subject to mandatory provisions of applicable law, disputes arising in connection with this policy shall be subject to the exclusive jurisdiction of the courts at Hyderabad, Telangana, India.
12. Contact us
If you have any questions or concerns about this Privacy Policy or your data, please contact:
- Vaacha — a product of Nivaara Consulting
- Contact: Data Grievance
- Email: support@nivaaraconsulting.com
- Location: Hyderabad, India
- GSTIN: 36DJGPD7514C1ZK