Privacy Policy
This Privacy Policy explains how The Consultant (“we”, “us”) collects, uses, shares, and protects your information when you use theconsultant.chat and related services (the “Service”).
1. What we collect
1.1 Account & billing data
- Name, email, organisation, country.
- Subscription plan, billing currency, transaction IDs and the last 4 digits of the payment instrument (returned by the payment gateway).
- Authentication metadata (login timestamps, IP addresses for security).
1.2 Conversation data (WhatsApp / chat)
- Inbound and outbound messages are processed in a per-tenant isolated container. Messages are held only in memory long enough to generate a response and are then discarded.
- We do not persistently store the content of WhatsApp conversations unless you have explicitly enabled a logging or analytics feature in your dashboard.
- Aggregated, non-identifying counters (e.g. number of messages handled, tokens consumed) are stored for billing and capacity planning.
1.3 Operational telemetry
- Error logs, latency metrics, and security events. Where these contain identifiers we minimise and rotate them.
2. How we use your data
- To deliver, maintain, and secure the Service.
- To process payments, send invoices and prevent fraud.
- To respond to your support requests.
- To send transactional emails (billing, security, product updates). You can opt out of marketing emails.
- To comply with legal obligations.
3. Third-party AI providers (sub-processors)
To generate responses, we transmit the relevant prompt to one of the following providers, selected per-request based on the customer’s configuration:
- Groq — LLM inference.
- Google Gemini — LLM inference.
- Mistral — LLM inference.
We choose providers that contractually commit not to use your prompts to train their models. Payments are handled on each product’s own website by third-party gateways (e.g. Razorpay, Stripe, PayPal, Paddle, Lemon Squeezy); each gateway has its own privacy policy.
4. Data retention
- Conversation content: not retained after response generation, unless you opt in.
- Account & billing records: retained for the life of the account, plus the period required by Indian tax / accounting law (typically 8 years).
- Security logs: 90 days, unless required longer for an active investigation.
5. Your rights
Depending on where you live (e.g. under India’s DPDP Act, the EU GDPR, the UK GDPR, or the California CPRA) you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and associated personal data.
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent (where processing is based on consent).
To exercise any of these rights, email hello@theconsultant.chat from the address registered on your account. We respond within 30 days.
6. Security
- TLS in transit, encryption at rest for stored data.
- Per-tenant container isolation for WhatsApp message processing.
- Credentials and gateway API keys are encrypted with AES-256 before being persisted.
- Least-privilege access to production systems with audit logging.
7. International transfers
Our infrastructure and our sub-processors may be located outside your country. Where required, we use standard contractual clauses and equivalent safeguards.
8. Children
The Service is not directed at children under 18. We do not knowingly collect personal data from children.
9. Changes
We will update this policy as the Service evolves. Material changes will be notified by email or through the dashboard.
10. Contact & data requests
Email hello@theconsultant.chat (subject line: “Privacy Request”).