Last updated: 28 June 2026
This page describes how IAC ("IAC", "we", "our") processes personal data when you visit useiac.in, email us at sales@useiac.in, or message the IAC business account on WhatsApp. IAC is based in India. This page is provided for transparency. It is not legal advice and does not claim full legal compliance — it is written to align, where applicable, with India's Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, which are being commenced in phases.
1. Scope
This policy covers:
- the public website at useiac.in and its routes;
- direct enquiries to sales@useiac.in;
- the IAC customer-support chatbot on WhatsApp, operated through the WhatsApp Business Platform (Cloud API).
It does not cover third-party websites we link to, or systems that IAC builds and operates inside a client's own environment — those are governed by that client's own privacy notices.
2. What we collect
2.1 Website (useiac.in)
The site does not set advertising cookies, run third-party trackers, or build a behavioural profile of visitors. Web fonts are loaded from Google Fonts, which receives standard request metadata (IP address, user agent, referrer) as an unavoidable part of serving the font files. The site stores a small local log of clicks on the WhatsApp, email, and Instagram buttons in your own browser (localStorage on your device) to help IAC understand which calls-to-action are working. This log stays on your device and is not transmitted to IAC servers.
2.2 Email enquiries
When you email sales@useiac.in we receive the contents of your message, any attachments, your email address, and the metadata your mail provider attaches (timestamps, headers).
2.3 WhatsApp chatbot
- your WhatsApp phone number / WhatsApp ID, as delivered by Meta in the webhook;
- your WhatsApp profile name, if Meta shares it in the payload;
- the text content of messages you send to the IAC number;
- the WhatsApp message ID and the timestamp Meta attaches;
- any information you voluntarily share inside your messages.
Voice notes, images, video, documents, and reactions are ignored by the bot. Statuses (delivered/read) are not processed for content.
3. Why we use it, and on what basis
- Answering your enquiry. Replying to questions you start over email or WhatsApp. Basis: your action of contacting us, which we treat as consent under the DPDP Act, 2023.
- Providing requested information. Sharing details about IAC's services so you can decide whether to engage us.
- Security and abuse prevention. Rate-limiting, deduplicating retries, blocking spam and prompt-injection attempts on the chatbot.
- Debugging and reliability. Short-lived operational logs to keep the service working.
- Service improvement. Understanding which questions come up most so we can write clearer answers.
- Legal obligations. Where a law or a lawful order requires us to retain or disclose information.
We do not use your data for behavioural advertising, lead resale, or unrelated purposes.
4. Automated replies and AI
Chatbot replies on WhatsApp are generated using Google's Gemini model, accessed through the Lovable AI gateway. The model receives your message as untrusted input wrapped in delimiters, together with an instruction prompt that defines the assistant's role. The replies are informational customer-support messages only. They are not legal, financial, medical, or otherwise "significant" decisions about you, and they do not determine pricing, eligibility, or any commercial outcome on their own. You can ask for a human at any time by replying with "human" or by emailing sales@useiac.in.
Please do not send passwords, OTPs, payment card or bank account numbers, government IDs (Aadhaar, PAN, passport), health records, or other highly sensitive information through the chatbot.
5. Who we share data with (processors)
IAC does not sell or rent personal data. We rely on the following providers to operate the service. Each one processes data under its own terms, which may involve transfer or storage outside India.
- Meta Platforms, Inc. — WhatsApp Business / Cloud API. Delivers your messages to IAC and our replies to you, and retains message data under its own retention and infrastructure terms. See the WhatsApp Business policy.
- Lovable Cloud. Hosts the useiac.in website and runs the webhook edge function that receives WhatsApp events. See Lovable's privacy notice.
- Lovable AI / Google Gemini. Generates the chatbot's reply text from your message. See Google's Gemini API terms.
- Google Fonts. Serves the web fonts the site uses.
- Email provider. Delivers and stores mail you send to sales@useiac.in.
Some of these providers operate infrastructure outside India. We rely on each provider's own published safeguards for cross-border processing and do not make independent guarantees about server locations.
6. How long we keep it
| Data | Where | Retention |
|---|---|---|
| WhatsApp message body | Webhook processing only | Held in memory for the duration of a single reply, then discarded. Not written to any database or log. |
| WhatsApp message ID (deduplication) | In-memory cache | 10 minutes |
| Hashed sender identifier (rate-limit bucket) | In-memory cache | Up to 1 minute. The raw phone number is SHA-256 hashed before use; the hash is not stored on disk. |
| Edge function application logs | Lovable Cloud | Short-lived, per the platform's own retention. We deliberately exclude message bodies, phone numbers, tokens, and secrets from log lines. |
| WhatsApp conversation history | Meta / WhatsApp | Controlled by Meta under its own retention policy; we do not set this. |
| Email correspondence | Mailbox | Kept while the conversation is active and for a reasonable period afterwards for business records; deleted on request unless retention is required by law. |
| Website CTA click log | Your browser's localStorage | Stays on your device until you clear it. Capped at the most recent 1,000 entries. |
Where the chatbot pipeline does not technically write durable records of message content, "deletion" of that content from IAC is effectively immediate. Records held by Meta about your WhatsApp conversation are not under IAC's control.
7. What we don't do
- We do not sell, rent, or trade personal data.
- We do not run behavioural advertising or ad-network pixels.
- The chatbot does not send marketing templates, promotional broadcasts, scheduled reminders, or any proactive outbound message. It only replies to a message you have just sent, within WhatsApp's active customer-service window. This is enforced in code.
- We do not knowingly process data of children.
8. Security
The webhook validates Meta's request signature before processing, deduplicates retries by message ID, enforces a freshness window on inbound events, applies per-sender rate limits using hashed identifiers, and blocks known prompt-injection patterns. Access tokens, app secrets, and the WhatsApp phone number ID are stored as server-side secrets and are not exposed to the browser. No security control is perfect; we cannot guarantee that any system is immune to compromise. If we become aware of a personal-data breach that affects you, we will notify you and the appropriate authority where the law requires it.
9. Your rights and how to exercise them
Subject to applicable law, including the DPDP Act, 2023, you can ask IAC to:
- confirm what personal data we hold about you and provide a summary;
- correct or update inaccurate data;
- erase personal data we no longer need;
- withdraw a consent you previously gave;
- nominate another individual to exercise your rights, where applicable;
- raise a grievance.
Send requests to sales@useiac.in with enough information for us to identify you and the data in question. We may ask a proportionate question to verify your identity. We will respond within a reasonable period. Some records may be retained where retention is required or permitted by law.
For a chatbot-specific deletion request, see /data-deletion.
10. Children
The IAC website and chatbot are intended for business enquiries from adults — owners, decision-makers, and operations staff. The service is not directed to children and we do not knowingly collect their personal data. If you believe a child has shared data with us, write to sales@useiac.in and we will delete it.
11. Third-party links
The site links to external resources (for example provider privacy notices, Instagram). IAC does not control those sites and is not responsible for their content or privacy practices.
12. Changes to this policy
We may update this policy as the service evolves or as the law changes. Material changes will be reflected by updating the "Last updated" date at the top.
13. Contact and grievance
Questions, privacy requests, or grievances: sales@useiac.in. IAC is based in India and operates the website useiac.in. If you are not satisfied with our response, you may approach the relevant data-protection authority once it is operational in your jurisdiction.