Data Protection — DPDP & GDPR
Last updated 12 July 2026
VaaniAPIis designed with data protection in mind and aims to support the obligations of India’s Digital Personal Data Protection (DPDP) Act, 2023 and the EU General Data Protection Regulation (GDPR).
Roles
For customer conversation data, the business using VaaniAPI is the data fiduciary / controller, and VaaniAPIacts as a data processor handling that data on the business’s instructions.
Your rights
- Access & export — request a copy of the personal data associated with your account or a customer record.
- Correction — ask us to correct inaccurate data.
- Deletion / right to be forgotten — request deletion or anonymisation of personal data, subject to lawful retention exceptions.
- Consent withdrawal — withdraw consent where processing relies on it.
How to make a request
Business admins can raise a data-protection request from the dashboard, or email privacy@vaaniapi.com. We propagate deletions and exports across stored documents, conversation records, and derived indexes, and we log completion for auditability.
Retention
Data is retained only as long as needed to provide the service or to meet legal obligations. Retention windows are configurable per business.
Sub-processors & transfers
We use a limited set of sub-processors (hosting, model inference, email) under data-protection terms. Where data is transferred across regions, we apply appropriate safeguards.
Data Processing Agreement
Enterprise customers can request a signed Data Processing Agreement (DPA). Contact privacy@vaaniapi.com.
This page is a plain-language summary provided for transparency and is not legal advice. Confirm your specific DPDP / GDPR obligations with qualified counsel.