Privacy Policy

Privacy Policy

Effective Date: April 7, 2026  ·  Last Updated: April 7, 2026

This Privacy Policy describes how Samcom Technologies ("we", "our", or "us") collects, uses, stores, and discloses information when you use Pingly (available at pingly.in), our AI-powered WhatsApp & Web Chat communication platform. By accessing or using Pingly, you agree to this Privacy Policy.

1. Overview

Pingly is a B2B SaaS platform that enables businesses ("Workspace Administrators" or "Customers") to manage customer communications over WhatsApp and Web Chat. We act as a data processor on behalf of our customers when processing their end-users' personal data, and as a data controller for our own operational data (such as account and billing information).

This policy applies to:

  • Visitors to pingly.in
  • Registered users (Admins, Managers, Agents) of the Pingly platform
  • End-customers ("Contacts") whose data is processed through Pingly by our business customers

2. Information We Collect

2.1 Information You Provide Directly

When you register for or use Pingly, we collect:

  • Account information: Full name, email address, password (hashed), role, and organization name
  • Business configuration: WhatsApp phone numbers, API credentials (Gupshup, Anthropic, OpenAI — stored encrypted), business hours, bot settings
  • Billing & signup information: Company name, contact details submitted during onboarding
  • Support communications: Messages you send to us via email or the platform's support channels

2.2 Contact & Conversation Data (Processed on Behalf of Customers)

When businesses use Pingly to communicate with their customers, we process on their behalf:

  • Contact profiles: Name, phone number, email, tags, opt-in/opt-out status, and custom attributes
  • Conversation data: Message content (text, images, documents, audio), timestamps, delivery and read receipts, conversation status
  • CSAT ratings: Satisfaction scores (1–5) and optional text comments submitted by end-users
  • Web Chat session data: Visitor name, email, phone number collected via pre-chat form; chat messages; session identifiers
  • Bot interaction logs: Queries submitted to the AI agent and responses generated

2.3 Automatically Collected Data

  • Log data: IP addresses, browser type, operating system, pages visited, timestamps
  • Session data: JWT authentication tokens stored in browser localStorage
  • Usage analytics: Feature usage patterns, API call volumes, error logs (no personally identifiable content)
  • Cookies: Session and preference cookies (see Section 9)

2.4 Third-Party Integrations

If you connect third-party services (e.g., external databases via Contact Sync), we may receive data from those services as part of the sync operation. You are responsible for ensuring you have the right to transfer that data to Pingly.

3. How We Use Your Information

We use collected information to:

PurposeLegal Basis
Provide and operate the Pingly platformContractual necessity
Process and deliver WhatsApp and Web Chat messagesContractual necessity
Authenticate users and secure accountsContractual necessity / Legitimate interests
Generate analytics, performance reports, and CSAT summariesContractual necessity
Run the AI agent (Claude AI / GPT) on your workspace dataContractual necessity
Send SLA breach alerts and in-app notificationsContractual necessity
Improve platform features and fix bugsLegitimate interests
Comply with legal obligationsLegal obligation
Prevent fraud and abuseLegitimate interests
Send service and security announcementsContractual necessity / Legitimate interests

We do not use your data or your end-customers' data for advertising or sell it to third parties.

4. Data Sharing & Disclosure

We do not sell, rent, or trade personal information. We may share data only in the following limited circumstances:

4.1 Service Providers (Sub-processors)

We engage trusted sub-processors who help us deliver the platform. They are contractually bound to process data only as instructed by us:

  • Gupshup — WhatsApp Business API message delivery
  • Anthropic (Claude AI) — AI-powered bot responses (if configured)
  • OpenAI (GPT) — AI-powered bot responses (if configured)
  • Cloud infrastructure providers — Hosting, storage, and database services
  • Redis Labs / Upstash — Session and cache storage

4.2 Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of Samcom Technologies, our customers, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected customers via email or a prominent notice on our platform before data is subject to a different privacy policy.

4.4 With Your Consent

We may share data with third parties when you explicitly consent to such sharing.

5. Third-Party Services

Pingly integrates with third-party APIs. When you enable these integrations, data may be transmitted to those services according to their own privacy policies:

Important: AI providers (Anthropic, OpenAI) may process message content when the AI agent feature is enabled. We recommend reviewing their privacy policies and data processing agreements before enabling AI features if you handle sensitive personal data.

We use your own API keys for AI and WhatsApp integrations. Pingly never stores unencrypted API keys, and all keys are encrypted at rest.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, subject to the following:

  • Conversation data & messages: Retained for the duration of the workspace subscription plus 90 days after termination, then permanently deleted
  • Contact profiles: Retained while the workspace is active; deleted within 90 days of workspace termination or upon explicit deletion request
  • Account data (users): Retained until the account is deleted or the workspace is terminated
  • Audit logs: Retained for up to 12 months for security and compliance purposes
  • CSAT ratings & analytics: Retained for the workspace subscription period plus 90 days
  • Backup copies: Securely purged within 30 days of the primary data deletion

You may request early deletion of your data by contacting us at privacy@samcomtechnologies.com.

7. Security

We implement industry-standard technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Password hashing using bcrypt with per-user salts
  • API key encryption before storage
  • JWT-based authentication with configurable idle session timeouts
  • Role-based access control (SUPER_ADMIN, ADMIN, MANAGER, AGENT)
  • Regular dependency updates and security patches
  • Access logging and anomaly detection

No system can guarantee absolute security. If you suspect a security breach involving your account, please contact us immediately at privacy@samcomtechnologies.com.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you

Rectification

Request correction of inaccurate or incomplete data

Erasure

Request deletion of your data ("right to be forgotten")

Portability

Receive your data in a structured, machine-readable format

Restriction

Request that we restrict processing of your data

Objection

Object to processing based on legitimate interests

Withdraw Consent

Withdraw consent at any time where processing is consent-based

Non-discrimination

Exercise your rights without receiving inferior service

For workspace users (Admins/Managers/Agents): You may access and update your account data directly in the platform under Settings → Profile. To delete your account, contact your Workspace Administrator or email us.

For end-customers (Contacts): Contact the business that communicated with you via Pingly. Samcom Technologies acts as a data processor in that relationship and will assist the business Customer in fulfilling your request.

To exercise any right, email us at privacy@samcomtechnologies.com. We will respond within 30 days.

9. Cookies & Tracking

Pingly uses minimal cookies and local storage:

NameTypePurposeDuration
tokenlocalStorageStores JWT authentication token for logged-in sessionsUntil logout or idle timeout
userlocalStorageStores basic user profile (name, role) for UI displayUntil logout
Session cookieHTTP CookieMaintains server-side session contextSession (browser close)

We do not use advertising cookies, third-party tracking pixels, or analytics platforms that share data with advertisers (e.g., Google Analytics, Facebook Pixel).

10. Children's Privacy

Pingly is a business-to-business (B2B) platform intended for use by organisations and their employees. It is not directed at children under the age of 13 (or 16 where required by applicable law). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly. If you believe a child's data has been collected, contact us at privacy@samcomtechnologies.com.

11. International Data Transfers

Samcom Technologies is based in India. Your data may be processed by our sub-processors in other countries, including the United States (e.g., Anthropic, OpenAI) and other jurisdictions where cloud infrastructure operates. When we transfer personal data internationally, we rely on appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
  • Data Processing Agreements with all sub-processors
  • Adequacy decisions where applicable

By using Pingly, you consent to the transfer and processing of your data in India and other countries as described in this policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Effective Date" at the top of this page
  • Display a prominent notice within the Pingly application for at least 14 days
  • Send an email notification to registered Workspace Administrators

Your continued use of Pingly after the effective date of the revised policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Samcom Technologies

Privacy / Data Protection Officer

Email: privacy@samcomtechnologies.com

Address: Samcom Technologies, India

Website: pingly.in

We aim to respond to all privacy-related inquiries within 30 days. For urgent security matters, please mark your email "URGENT — Security".

← Back to HomeTerms of Service© 2026 Samcom Technologies. All rights reserved.