Privacy Policy – KryoChat

Effective Date: January 1, 2026
Last Updated: January 1, 2026

1. Introduction & Data Controller Information

KryoChat ("Platform," "we," "us," "our") is an application owned and operated by Synqronlabs Pvt Ltd that enables users to connect their Instagram accounts and automate messaging workflows across Meta platforms.

Data Controller:
KryoChat (Synqronlabs Pvt Ltd)
Email: privacy@kryo.chat

For registered office details, please refer to Synqronlabs Pvt Ltd's Privacy Policy.

Applicable Law:
This Privacy Policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian data protection laws.

2. Purpose of Data Collection & Processing

We collect and process personal data for the following legitimate purposes:

• Account Management: User registration, authentication, and account maintenance
• Service Delivery: Executing messaging workflows and automating communications through Instagram
• Payment Processing: Facilitating transactions via Razorpay and Dodo Payments
• Analytics & Improvement: Understanding platform usage and improving service quality
• Compliance & Legal Obligations: Fulfilling statutory requirements under Indian law
• Fraud Prevention & Security: Protecting against unauthorized access and abuse
• Communication: Sending service updates, policy changes, and support communications

3. Data We Collect

3.1 User Account Data

• Email address
• Instagram account information (via Instagram OAuth login)
• Account creation and modification dates
• Account deletion/deactivation records

3.2 Workflow & Messaging Data

• Workflows created by users (definitions of what messages to send and when)
• Messaging logs (delivery status, success/failure records)
• Message send/receipt timestamps
• Integration history with Meta platforms

3.3 Payment Data

• Payment transaction details (processed via Razorpay and Dodo Payments)
• Billing information (handled by payment processors)
• Transaction receipts and invoices

3.4 Technical & Analytics Data

• OpenTelemetry & Google Analytics: IP address, device type, browser, operating system, page views, session duration, interaction events, and other standard web analytics
• Platform access logs
• Error logs and system diagnostics

3.5 Communication Data

• Email communications with support
• Customer feedback and inquiries

Note: KryoChat does not collect or store the actual content of end-customer messages sent through your workflows. We only log metadata (success/failure, delivery timestamps).

4. Legal Basis for Processing

We process personal data based on the following legal bases under the DPDP Act:

• Consent: Express user consent for account creation and data processing
• Contract Performance: Data processing necessary to provide services
• Legal Compliance: Compliance with statutory obligations under Indian law (IT Act 2000, Income Tax Act, etc.)
• Legitimate Interests: Platform security, fraud prevention, and service improvement

5. Data Retention & Deletion

5.1 Automatic Data Retention

Data is retained for the duration of your active account and the operational period required to maintain service functionality.

5.2 User-Initiated Deletion

When you request account deletion:

1. Your account is queued for deletion
2. Our cleanup service processes the deletion request on a periodic basis
3. Personal data is permanently deleted once the cleanup process completes

Note: We do not guarantee a specific SLA for deletion completion. Processing typically occurs within a reasonable timeframe following the cleanup schedule.

5.3 Compliance Retention

Certain data may be retained longer to comply with Indian tax laws, payment processor requirements, or legal obligations, but will be dissociated from your identity.

5.4 Cron Job Cleanup

Data marked for deletion by users is automatically purged by our cleanup service running on 7, 14, and 28-day intervals based on deletion request dates.

6. Data Sharing & Third Parties

6.1 Meta Platforms (Instagram, Facebook, WhatsApp - Future)

We share user authentication data with Meta via OAuth to enable the Platform to function. Meta acts as an independent data controller for social media data. Please review Meta's Privacy Policy for details.

6.2 Payment Processors

• Razorpay: Processes payment transactions. Review Razorpay's Privacy Policy.
• Dodo Payments: Processes payment transactions. Review Dodo Payments' privacy documentation.

6.3 Email Service Provider

• Resend: Handles email verification and communications. Review Resend's Privacy Policy. Resend acts as a data processor on our behalf.

6.4 Analytics & Monitoring

• Google Analytics: Collects web analytics data. Review Google Analytics Privacy.
• OpenTelemetry: Collects application performance and usage telemetry.

6.5 Law Enforcement & Legal Compliance

We may disclose personal data if required by:

• Court orders or legal process
• Government agencies or authorities
• Statutory obligations under Indian law
• Protection of rights, privacy, or safety

6.6 No API Access

KryoChat does not provide API access to third parties. Data is not sold, rented, or shared for commercial purposes.

7. Your Rights Under DPDP Act 2023

You have the following rights regarding your personal data:

7.1 Right to Access

You have the right to request access to personal data we hold about you. Submit requests to privacy@kryo.chat.

7.2 Right to Correction

You can request correction of inaccurate or incomplete personal data. We will update your information promptly.

7.3 Right to Deletion

You have the right to request deletion of your personal data, subject to legal and contractual obligations. See Section 5.2 for the deletion process.

7.4 Right to Portability

Upon request, we will provide your personal data in a structured, commonly used, machine-readable format.

7.5 Right to Object

You may object to certain processing activities. We will assess your objection and respond accordingly.

7.6 Right to Grievance Redressal

If you have concerns about our data practices, contact:
Email: privacy@kryo.chat

We will respond to grievances within 30 days of receipt.

8. Data Security

We implement technical and organizational security measures to protect personal data, including:

• Encryption of sensitive data in transit and at rest
• Secure authentication mechanisms (OAuth via Meta)
• Access controls and role-based permissions
• Regular security assessments
• Incident response procedures

Note: While we employ industry-standard security practices, no system is entirely secure. You are responsible for maintaining confidentiality of your account credentials.

9. Children's Privacy

KryoChat is not intended for users under 13 years of age. Additionally, users must have an active Instagram account, which requires compliance with Instagram's age requirements. We do not knowingly collect data from children under 13. If we become aware of such collection, we will take immediate action to delete the data.

10. International Data Transfers

KryoChat primarily operates within India. If data is transferred outside India (e.g., to cloud service providers), we ensure equivalent data protection standards as required under the DPDP Act.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or platform notification. Your continued use of KryoChat constitutes acceptance of updated terms.

12. Contact & Grievance Redressal

For Privacy Inquiries:
Email: privacy@kryo.chat

For Registered Office Details:
Please refer to Synqronlabs Pvt Ltd's official documentation.

Response Timeline: We aim to respond to all privacy requests within 30 days.

13. Disclaimer

This Privacy Policy is provided for informational purposes. While we strive for accuracy, we recommend consulting a legal professional for jurisdiction-specific guidance. The DPDP Act, IT Act 2000, and other Indian laws govern your data protection rights.