Privacy Policy

Effective date: 30 June 2026

This Privacy Policy explains how the Uproach platform (“Uproach”, “we”, “us”, or “our”), operated by Everapps Infinity Private Ltd, a company incorporated in India with its registered office at Everapps Infinity, 16/3, 1st Cross Street, Besant Nagar, Chennai, India, collects, uses, discloses, and protects information when you use uproach.me, our web applications, the embeddable chat widget, and related services (collectively, the “Service”).

Uproach is a multi-tenant lead-operations platform that helps businesses (“Customers”) communicate with their own customers and prospects (“End Users”) across WhatsApp, Instagram, Facebook Messenger, and website chat. For most personal data of End Users, the Customer is the data controller (or “Data Fiduciary” under India’s Digital Personal Data Protection Act, 2023) and Uproach acts as a processor (or “Data Processor”) on the Customer’s behalf. For account and billing data of Customers, Uproach acts as the controller.

By using the Service you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Depending on how you interact with the Service, we collect the following categories of information:

  • Account & profile data: name, email address, phone number, business name, workspace settings, and authentication identifiers (managed via our identity provider, Auth0).
  • Channel & integration data: when a Customer connects WhatsApp, Instagram, or Facebook, we receive identifiers and access tokens needed to send and receive messages on their behalf (e.g., Instagram-scoped user IDs, WhatsApp Business phone number IDs, page identifiers).
  • Messaging content: messages, direct messages, comments, and attachments exchanged between Customers and End Users through connected channels, including sender identifiers, usernames, profile pictures, and timestamps.
  • Lead data: contact details and conversation history that Customers collect and manage about their End Users.
  • Payment data: billing details processed by our payment processors (Stripe and Razorpay). We do not store full card numbers.
  • Usage & technical data: log data, device and browser information, IP address, and analytics about how the Service is used.

2. Information From Meta Platforms

When a Customer connects an Instagram, Facebook, or WhatsApp Business account, we access information through Meta’s APIs strictly to provide the Service. This may include the connected account’s profile information (such as username, account ID, and profile picture), direct messages, comments, and message metadata.

We use Meta Platform data only to operate features the Customer has enabled — such as receiving inbound messages, displaying conversations in the inbox, sending replies (including AI-assisted replies), and monitoring comments. We do not sell Meta Platform data, do not use it for advertising, and do not share it except with the service providers described below or as required by law. Our use of information received from Meta APIs complies with the Meta Platform Terms and Developer Policies.

3. How We Use Information

  • To provide, operate, and maintain the Service, including routing messages and managing conversations and leads.
  • To generate AI-assisted replies and suggestions (see “Artificial Intelligence” below).
  • To authenticate users, secure accounts, and prevent fraud and abuse.
  • To process payments and manage subscriptions.
  • To provide customer support and respond to requests.
  • To analyze and improve the Service and develop new features.
  • To comply with legal obligations and enforce our Terms of Use.

4. Artificial Intelligence

The Service uses third-party large language models (provided by Anthropic) to generate automated replies, draft suggestions, and assistive features. Relevant message content may be transmitted to these providers solely to generate responses for the Customer’s workspace. AI-generated output may be inaccurate and should be reviewed by a human where appropriate. We do not permit our AI providers to use Customer or End User content to train their foundation models other than as permitted under our agreements with them.

5. How We Share Information

We share information only as needed to run the Service:

  • Service providers (sub-processors): Meta (messaging APIs), Anthropic (AI), Amazon Web Services (hosting and storage), Stripe and Razorpay (payments), Auth0 (authentication), and Google (calendar integration, where enabled).
  • Between Customer and their End Users: messaging content flows between the Customer’s workspace and the End Users they communicate with.
  • Legal & safety: where required by law, regulation, legal process, or to protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.

6. Data Retention

We retain personal data for as long as a Customer’s account is active or as needed to provide the Service, and thereafter only as required to comply with legal obligations, resolve disputes, and enforce our agreements. Customers may delete leads, conversations, and channels at any time within the Service, and may request deletion of their workspace as described below. Access tokens are stored encrypted and are revoked when a channel is disconnected.

7. Data Deletion & Your Rights

Subject to applicable law (including the DPDP Act, 2023 and, where applicable, the GDPR), you may have the right to access, correct, update, port, or delete your personal data, to withdraw consent, and to object to or restrict certain processing.

To delete data you control within the Service, disconnect the relevant channel and delete the associated leads and conversations. To request deletion of your entire workspace and associated data, or to exercise any other right, email admin@everapps.in. End Users whose data is processed on behalf of a Customer should contact that Customer (the data controller); we will support Customers in responding to such requests.

To remove Uproach’s access to a connected Instagram or Facebook account, you can also revoke the app from your Instagram or Facebook account settings, which immediately stops further data collection from that account.

8. Security

We implement technical and organizational measures to protect personal data, including encryption of data in transit (TLS) and encryption of sensitive secrets such as access tokens at rest (AES-256-GCM). No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. International Data Transfers

We may process and store information in countries other than where you reside, including via our cloud infrastructure providers. Where required, we put in place appropriate safeguards for such transfers.

10. Children’s Privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us so we can delete it.

11. Cookies

We use strictly necessary cookies and similar technologies to authenticate users, maintain sessions, and operate the Service. You can control cookies through your browser settings, though some features may not function without them.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised effective date and, where appropriate, provide additional notice. Continued use of the Service after changes take effect constitutes acceptance.

13. Contact Us

For questions or requests regarding this Privacy Policy or your personal data, contact our Grievance Officer / Data Protection contact at admin@everapps.in, or by post at Everapps Infinity Private Ltd, Everapps Infinity, 16/3, 1st Cross Street, Besant Nagar, Chennai, India.