Privacy Policy
How we handle personal data
In effect from · July 8, 2026
This Privacy Policy explains how Volume Labs Private Limited (“Volumelabs”, “we”) collects, uses, discloses and protects personal data when you visit volumelabs.live, create an account, or use our AI customer support and business intelligence platform (the “Service”). It is published in accordance with the Information Technology Act, 2000 and rules thereunder, the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and — where applicable to users in the European Economic Area or United Kingdom — the GDPR/UK GDPR.
1. Two roles we play
- As a data fiduciary / controller — for data about you as our customer, prospect or website visitor (account details, billing, usage, marketing preferences).
- As a data processor on your behalf — for data of your end users that flows through conversations, knowledge bases and connected systems (“Customer Data”). Our customers are responsible for the notices and lawful basis covering that data; we process it only on their instructions and under our agreement with them.
2. Data we collect
- Account data — name, work email, phone, organisation, role, password hashes.
- Billing data — plan, invoices, GST details where provided. Card details are handled by our payment processors; we do not store full card numbers.
- Service content — conversations across voice, WhatsApp, email and chat; call recordings and transcripts; documents you upload; CRM/ERP records you connect.
- Usage and device data — log data, IP address, browser type, pages viewed, feature interactions, and cookie identifiers (see the Cookie Policy).
- Support communications — messages you send us and related metadata.
3. How we use data
- To provide, secure and operate the Service — including routing conversations, generating AI responses, analytics and reports for your workspace.
- To train and improve your workspace’s AI configuration (your company model) using your data. We do not use your Customer Data to train models for other customers without your explicit agreement.
- To bill, prevent fraud and abuse, comply with law, and enforce our Terms.
- To send service notices and — with your consent or as otherwise permitted — product updates you can opt out of at any time.
4. Legal bases
Where GDPR applies, we rely on: performance of a contract (providing the Service), legitimate interests (security, product improvement, B2B communications), consent (where required, e.g. certain cookies and marketing), and legal obligation. Under the DPDP Act, we process personal data for the uses above with your consent or for legitimate uses recognised by law.
5. Sharing and disclosures
- Sub-processors — cloud hosting, telephony, messaging (e.g. WhatsApp Business Platform), email delivery, analytics and payment providers, bound by contracts to process data only for us.
- Connected systems you authorise — CRMs, ERPs, calendars and similar integrations exchange data at your direction.
- Legal — where required by law, regulation or valid legal process, or to protect rights, safety and the integrity of the Service.
- Corporate events — in connection with a merger, financing or acquisition, subject to this Policy.
We do not sell personal data.
6. International transfers
Data may be processed in India and other countries where we or our sub-processors operate. Where required, we use appropriate safeguards (such as contractual clauses) for cross-border transfers.
7. Retention
We retain account data for the life of your account and as required for legal, tax and audit purposes. Customer Data is retained per your workspace settings and plan; on termination you may export it, and we delete or anonymise it after 30 days except where law requires longer retention. Call recordings follow the retention window configured in your workspace.
8. Security
We apply reasonable security practices and procedures — encryption in transit, access controls, least-privilege administration, logging and monitoring — described further on our Security page. No method of transmission or storage is completely secure; we notify affected users and authorities of incidents as required by law.
9. Your rights
- India (DPDP Act) — access, correction, erasure, grievance redressal, and nomination. You may withdraw consent at any time with prospective effect.
- EEA/UK (GDPR) — access, rectification, erasure, restriction, portability, objection, and the right to complain to a supervisory authority.
- End users of our customers should direct requests to the relevant business; we will assist that business as its processor.
To exercise rights, email labsvolume@gmail.com. We respond within the timelines prescribed by applicable law.
10. Cookies
See our Cookie Policy for the categories we use and your choices.
11. Children
The Service is for business use and not directed to children under 18. We do not knowingly collect children’s personal data as a fiduciary; if you believe a child has provided data, contact us for deletion.
12. Automated interaction disclosure
Conversations handled by the Service may be AI-generated. We support and encourage configurations that disclose automated interaction to end users, and require customers to comply with disclosure laws applicable to them.
13. Grievance Officer & contact
- Entity
- Volume Labs Private Limited
- CIN
- U62010MP2026PTC084678
- Grievance / privacy contact
- labsvolume@gmail.com
- Registered office
- C-254 Raksha Vihar Colony, Parwaliya Sadak, Fanda, Bhopal, Madhya Pradesh, India — 462030
- Response time
- Acknowledgement within 48 hours; resolution within statutory timelines
14. Changes
We may update this Policy from time to time. Material changes will be notified by email or in-product notice before they take effect. The “in effect from” date above reflects the latest revision.
