Legal & Policies

1. Introduction

These Terms and Conditions ("Terms") govern the rules and regulations for the use of the BotlinQ platform, including but not limited to the website located at botlinq.com ("Website"), the mobile applications available on Google Play Store and Apple App Store ("Applications"), and all related services, tools, features, and content offered by BotlinQ (collectively, the "Service").

BotlinQ is a brand and product owned and operated by OptiAI Entrepreneurial Solutions (P) Limited, a company incorporated under the Companies Act, 2013 (hereinafter referred to as "the Company", "we", "us", or "our").

The BotlinQ platform is operated from the Company's Corporate Office in Bengaluru, Karnataka, which serves as the principal place of business for all BotlinQ-related operations, support, and communications.

By accessing, browsing, or using the Service in any manner, you ("Client", "You", "Your", or "User") acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree to these Terms, you must immediately discontinue use of the Service.

These Terms constitute a legally binding agreement between you and the Company. All terms refer to the offer, acceptance, and consideration of payment necessary to undertake the process of our assistance to the Client in the most appropriate manner for the express purpose of meeting the Client's needs in respect of provision of the Company's stated services, in accordance with and subject to the prevailing laws of India.

Any use of the above terminology or other words in the singular, plural, capitalisation and/or he/she or they, are taken as interchangeable and therefore as referring to the same.

2. Definitions

2.1 "Platform" means the BotlinQ AI automation platform accessible through the Website and Applications, enabling Users to deploy AI-powered automation across WhatsApp, Instagram, and website channels.

2.2 "User" means any individual or business entity that registers for an account on BotlinQ, configures automation workflows, and utilises the Service for business purposes.

2.3 "End User" or "Respondent" means any individual who interacts with the AI automation, AI Agents, or conversational workflows deployed by a User through WhatsApp, Instagram, website widgets, or any other supported channel.

2.4 "Account" means the registered account created by a User on the BotlinQ platform to access and use the Service.

2.5 "Subscription" means any paid plan (monthly or annual) selected by the User to access premium features of the Service.

2.6 "Content" means all text, images, data, automation flows, conversation logs, analytics, templates, and any other material generated, uploaded, or processed through the Service.

2.7 "Third-Party Services" means external software, APIs, platforms, or tools integrated with or accessed through the BotlinQ platform, including but not limited to WhatsApp Business API (provided by Meta Platforms, Inc.), Instagram Graph API, payment gateways, CRM tools, and other third-party integrations.

3. Eligibility

3.1 You must be at least 18 years of age to use the Service. By using the Service, you represent and warrant that you are of legal age and have the legal capacity to enter into a binding agreement.

3.2 If you are using the Service on behalf of a business entity, you represent and warrant that you have the authority to bind such entity to these Terms.

3.3 The Service is intended for lawful business purposes. Use of the Service for any illegal, fraudulent, or prohibited activity is strictly forbidden.

4. Account Registration and Security

4.1 To access the Service, you must create an Account by providing accurate, current, and complete registration information, including but not limited to your name, business name, email address, phone number, and billing details.

4.2 You are solely responsible for maintaining the confidentiality of your Account credentials, including your password. You agree to notify us immediately of any unauthorised use of your Account or any other breach of security.

4.3 The Company shall not be liable for any loss or damage arising from your failure to maintain the security of your Account credentials.

4.4 You may not assign, transfer, or share your Account with any third party without prior written consent from the Company.

4.5 The Company reserves the right to suspend or terminate your Account at any time, with or without notice, if we reasonably believe that you have violated these Terms, engaged in fraudulent activity, or used the Service in a manner that is harmful to the Company, other Users, or third parties.

5. Services

5.1 BotlinQ provides an AI-powered automation platform that enables businesses to automate conversations, lead capture, appointment bookings, follow-ups, catalogue sharing, and customer engagement across WhatsApp, Instagram, and website channels from a single dashboard.

5.2 The Service may include, but is not limited to:

(a) AI Agents for automated customer conversations;
(b) Voice Agents for call handling;
(c) Lead capture and qualification workflows;
(d) Broadcast messaging (subject to channel policies);
(e) Live chat and unified inbox;
(f) Analytics and reporting;
(g) Third-party integrations;
(h) Personal setup, configuration, and support services.

5.3 The Company reserves the right to modify, update, or discontinue any feature or functionality of the Service at any time, with or without prior notice. We will make reasonable efforts to notify Users of material changes.

5.4 Certain features of the Service may be subject to additional terms, usage limits, or fair use policies as specified in the applicable Subscription plan.

6. Subscriptions and Payments

6.1 BotlinQ offers a 7-day free trial period for new Users to evaluate the Service. No payment is required during the trial period.

6.2 Upon expiry of the free trial, continued access to the Service requires the purchase of a paid Subscription plan. Details of available plans and pricing are published on the Website and may be updated from time to time.

6.3 All Subscription fees are payable in advance and in Indian Rupees (INR), unless otherwise specified. Fees are exclusive of applicable taxes, including Goods and Services Tax (GST), which shall be charged additionally as per prevailing rates. The applicable GST shall be levied under the Company's Karnataka GSTIN for all BotlinQ transactions.

6.4 Payments shall be processed through our authorised payment gateway partner(s). The Company does not directly store or process credit card or debit card information.

6.5 By purchasing a Subscription, you authorise the Company (or its payment gateway partner) to charge your selected payment method on a recurring basis (monthly or annually, as applicable) until the Subscription is cancelled.

6.6 The Company reserves the right to revise Subscription pricing at any time. Any price changes shall be effective from the next billing cycle following the date of notification to the User. Continued use of the Service after such notification constitutes acceptance of the revised pricing.

6.7 WhatsApp conversation charges, as mandated by Meta Platforms, Inc. for WhatsApp Business API usage, are separate from BotlinQ Subscription fees and shall be borne entirely by the User. These charges are subject to Meta's pricing policies and may vary by conversation category and region.

7. Cookies

7.1 The Service employs the use of cookies. By accessing the Website and/or Applications, you agree to the use of cookies in accordance with our Privacy Policy.

7.2 Cookies are used to enable the functionality of certain areas of the Service, to enhance User experience, and to collect anonymised usage statistics. Some of our analytics and advertising partners may also use cookies.

7.3 You may configure your browser or device settings to refuse cookies; however, doing so may limit the functionality of the Service.

8. Intellectual Property and Licence

8.1 Unless otherwise stated, OptiAI Entrepreneurial Solutions (P) Limited and/or its licensors own all intellectual property rights for all material, software, design, trademarks, trade names, logos, and content on the BotlinQ platform. All intellectual property rights are reserved.

8.2 Subject to these Terms, the Company grants you a limited, non-exclusive, non-transferable, revocable licence to access and use the Service for your internal business purposes during the term of your Subscription.

8.3 You must not:

(a) Republish, reproduce, duplicate, or copy material from BotlinQ;
(b) Sell, rent, sublicense, or otherwise commercially exploit the Service or any part thereof to any third party;
(c) Redistribute content from the Service;
(d) Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the platform;
(e) Use the Service to build a competing product or service;
(f) Remove, alter, or obscure any proprietary notices, labels, or marks on the Service.

8.4 You retain ownership of all data, content, and automation workflows that you create, upload, or configure within the Service ("User Content"). By using the Service, you grant the Company a limited, non-exclusive licence to host, store, process, and display your User Content solely for the purpose of providing the Service to you.

9. User Content and Conduct

9.1 You are solely responsible for the content of any automation workflows, messages, templates, and communications deployed through the Service. The Company does not pre-screen, review, edit, or endorse User Content.

9.2 You warrant and represent that:

(a) You have all necessary rights, licences, and consents to use and distribute any content deployed through the Service;
(b) Your use of the Service complies with all applicable laws and regulations, including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, the Consumer Protection Act, 2019, and the applicable guidelines and policies of WhatsApp/Meta, Instagram, and any other integrated third-party platforms;
(c) Your content does not infringe any intellectual property right, including copyright, patent, or trademark of any third party;
(d) Your content does not contain any defamatory, libellous, offensive, indecent, or otherwise unlawful material;
(e) Your content will not be used for spamming, phishing, unsolicited messaging, or any activity that violates applicable anti-spam laws and platform policies;
(f) You will not use the Service to transmit harmful code, malware, or any material designed to interrupt, damage, or limit the functioning of any software or hardware.

9.3 The Company reserves the right to remove any User Content and suspend or terminate any Account that violates these Terms or applicable laws, without prior notice and without liability.

10. WhatsApp, Instagram, and Third-Party Platform Compliance

10.1 The Service integrates with WhatsApp Business API (Meta Platforms, Inc.), Instagram Graph API, and other third-party platforms. Your use of these integrations is subject to the respective terms of service, commerce policies, and usage guidelines of each platform.

10.2 You acknowledge and agree that:

(a) The Company is not responsible for any changes, restrictions, suspensions, or terminations imposed by WhatsApp, Instagram, Meta, or any other third-party platform on your account or access;
(b) You are solely responsible for ensuring that your use of automation through these channels complies with all applicable platform policies, including Meta's Business Messaging Guidelines, WhatsApp Business Policy, and Instagram Platform Policy;
(c) Any violations of third-party platform policies may result in suspension of your access to the respective channels, for which the Company shall bear no liability;
(d) WhatsApp Business API access and associated conversation charges are governed by Meta's policies and pricing, which are beyond the Company's control.

11. Third-Party Integrations — Disclaimer

11.1 The Service may integrate with or enable connections to various third-party software solutions ("Integrated Software"), including but not limited to CRM tools, payment gateways, Google services, Shopify, and other business applications.

11.2 By engaging in such integration, you explicitly acknowledge and agree to the following:

(a) Limitation of Liability: The Company shall not be held liable for any failures, malfunctions, data loss, or unsatisfactory experiences arising from the use of Integrated Software.

(b) User Responsibility: You are responsible for conducting due diligence to assess the suitability and functionality of Integrated Software for your specific requirements.

(c) Exclusion of Warranty: The Company does not provide any warranties, express or implied, regarding the performance, compatibility, security, or functionality of any Integrated Software.

(d) Release and Indemnification: You hereby release and discharge the Company from any and all claims, liabilities, losses, or demands arising from or related to the use of Integrated Software. You also agree to indemnify and hold the Company harmless from any such claims.

11.3 Any issues related to Integrated Software fall outside the scope of the Company's support obligations and liability under these Terms.

12. Hyperlinking to Our Content

12.1 The following organisations may link to our Website without prior written approval: (a) Government agencies; (b) Search engines; (c) News organisations; (d) Online directory distributors, in the same manner as they hyperlink to the websites of other listed businesses; and (e) System-wide accredited businesses, except soliciting non-profit organisations, charity shopping malls, and charity fundraising groups.

12.2 These organisations may link to our home page, to publications, or to other Website information so long as the link: (a) is not in any way deceptive; (b) does not falsely imply sponsorship, endorsement, or approval; and (c) fits within the context of the linking party's site.

12.3 No use of the Company's logo, brand name, or other artwork shall be permitted for linking absent a written trademark licence agreement.

13. Limitation of Liability

13.1 To the maximum extent permitted by applicable law, the Company, its directors, employees, partners, agents, suppliers, and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunities, goodwill, or other intangible losses, resulting from: (a) Your access to, use of, or inability to access or use the Service; (b) Any conduct or content of any third party on the Service; (c) Any content obtained from the Service; (d) Unauthorised access, use, or alteration of your transmissions or content; (e) Any interruption, suspension, or termination of the Service; (f) Any bugs, viruses, or other harmful components transmitted through the Service by any third party.

13.2 In no event shall the Company's total cumulative liability to you for all claims arising out of or related to these Terms or the Service exceed the total amount paid by you to the Company during the twelve (12) months immediately preceding the event giving rise to the claim.

13.3 The limitations of liability set forth in this Section shall apply regardless of the legal theory on which the claim is based, whether in contract, tort (including negligence), strict liability, or otherwise, even if the Company has been advised of the possibility of such damages.

14. Indemnification

14.1 You agree to indemnify, defend, and hold harmless the Company, its directors, officers, employees, agents, and affiliates from and against any and all claims, damages, obligations, losses, liabilities, costs, or debt, and expenses (including but not limited to legal fees) arising from: (a) Your use of and access to the Service; (b) Your violation of any provision of these Terms; (c) Your violation of any third-party right, including any intellectual property or privacy right; (d) Any claim that your User Content caused damage to a third party; (e) Any violation of applicable laws or regulations arising from your use of the Service.

15. Disclaimer of Warranties

15.1 The Service is provided on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, or course of performance.

15.2 The Company does not warrant that: (a) The Service will function uninterrupted, secure, or error-free; (b) The results obtained from the use of the Service will be accurate or reliable; (c) The quality of any products, services, information, or other material obtained through the Service will meet your expectations; (d) Any errors in the Service will be corrected.

15.3 The Company does not guarantee any specific business outcomes, lead generation results, conversion rates, or revenue increases from the use of the Service.

16. Termination

16.1 Either party may terminate the use of the Service at any time. You may cancel your Subscription from your Account dashboard or by contacting our support team.

16.2 The Company may suspend or terminate your access to the Service immediately, without prior notice or liability, for any reason, including but not limited to breach of these Terms.

16.3 Upon termination: (a) Your right to use the Service shall immediately cease; (b) Any outstanding payment obligations shall survive termination; (c) The Company may, at its discretion, delete your Account and all associated data within a reasonable period following termination, subject to any legal retention obligations; (d) Provisions of these Terms that by their nature should survive termination shall survive, including but not limited to intellectual property provisions, indemnification, limitation of liability, and dispute resolution.

17. Governing Law and Jurisdiction

17.1 These Terms shall be governed by and construed in accordance with the laws of India, including but not limited to: (a) The Indian Contract Act, 1872; (b) The Information Technology Act, 2000 and the rules framed thereunder; (c) The Digital Personal Data Protection Act, 2023; (d) The Consumer Protection Act, 2019; (e) The Companies Act, 2013.

17.2 Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the competent courts located in Bengaluru, Karnataka, India, where the principal place of business for BotlinQ operations is situated. Notwithstanding the foregoing, matters relating to the corporate or statutory affairs of OptiAI Entrepreneurial Solutions (P) Limited as a company shall remain subject to the jurisdiction of the courts at Raipur, Chhattisgarh, India, being the location of the Registered Office.

17.3 Before initiating any formal legal proceedings, the parties shall attempt to resolve any dispute through good-faith negotiation for a period of not less than thirty (30) days.

18. Force Majeure

18.1 The Company shall not be liable for any failure or delay in performing its obligations under these Terms where such failure or delay results from circumstances beyond the Company's reasonable control, including but not limited to natural disasters, acts of God, pandemics, epidemics, war, terrorism, riots, civil disturbances, government actions, orders or legislation, labour disputes, power failures, internet or telecommunication failures, fire, flood, earthquake, or any other force majeure event.

19. Grievance Redressal

19.1 In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the Grievance Officer for the purposes of these Terms and the Service is:

19.2 The Grievance Officer shall acknowledge receipt of any complaint within 24 (twenty-four) hours and shall resolve the complaint within 15 (fifteen) days from the date of receipt, in accordance with applicable law.

20. Contact Information

All operational correspondence, support requests, and legal notices pertaining to the BotlinQ platform should be directed to the Corporate Office at Bengaluru. Statutory notices to the Company may be served at the Registered Office at Raipur.

1. Parties and Scope

1.1 This Privacy Policy ("Policy") describes how OptiAI Entrepreneurial Solutions (P) Limited (hereinafter referred to as "BotlinQ", "the Company", "we", "us", or "our") collects, uses, stores, shares, and protects your information in connection with services offered by BotlinQ, including but not limited to: (a) Services provided at or through the domain botlinq.com ("Website"); (b) Mobile applications available on Google Play Store and Apple App Store ("Applications"); (c) AI-powered automation tools, AI Agents, Voice Agents, dashboards, and related software; (d) All text, images, data, conversation logs, analytics, automation workflows, metadata, and other material available through the above (collectively, the "Service").

1.2 This Policy applies when you ("you", "your", "User", or "Respondent") access, visit, or use any portion of the Service.

1.3 A "User" is an individual or business entity that registers for an Account on BotlinQ. A "Respondent" or "End User" is an individual who interacts with AI automation deployed by a User.

1.4 This Privacy Policy is part of, and is governed by, the Terms and Conditions of BotlinQ.

2. Agreement to Terms of This Privacy Policy

2.1 The Service provided by BotlinQ is purely voluntary. You are not required to provide any personal information to us unless you choose to access features of the Service that require such information. If you do not agree with the terms of this Policy or BotlinQ's Terms and Conditions, please do not provide us with personal information, exit the Website and Applications immediately, and discontinue using the Service.

2.2 By creating a BotlinQ Account, or by otherwise accessing, visiting, or using the Service, you expressly consent to our collection, use, disclosure, and retention of your information as described in this Privacy Policy and in the BotlinQ Terms and Conditions.

2.3 Where the Digital Personal Data Protection Act, 2023 ("DPDP Act") applies, your continued use of the Service after being presented with this Policy shall constitute valid consent for the processing of your personal data for the purposes described herein.

3. Changes to This Privacy Policy

3.1 We may amend this Privacy Policy from time to time. You may be required to accept the amended Privacy Policy upon logging in to your BotlinQ Account in order to continue using the Service.

3.2 If you do not agree to the amended Privacy Policy, you may terminate your use of the Service within thirty (30) days of notification, and you will not be bound by the new terms. Otherwise, the new terms shall take effect after thirty (30) days.

4. Applicable Legal Framework

4.1 This Privacy Policy has been drafted in compliance with: (a) The Digital Personal Data Protection Act, 2023 (DPDP Act); (b) The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; (c) The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021; (d) The General Data Protection Regulation (EU) 2016/679 ("GDPR") — to the extent applicable; (e) The Consumer Protection Act, 2019; (f) Meta's Data Use Policy and WhatsApp Business Policy.

5. Your Data Protection Rights and Choices

5.1 Right to Access: You may request confirmation of whether your personal data is being processed and request access to such data.

5.2 Right to Correction: You may contact us to update, correct incomplete, inaccurate, or outdated personal data.

5.3 Right to Erasure: You may request deletion of your personal data from our systems, subject to our legal retention obligations.

5.4 Right to Information about Sharing: You have the right to request information about whether your personal data has been shared with third parties.

5.5 Right to Withdraw Consent: Where we process your personal data based on your consent, you may withdraw such consent at any time.

5.6 Right to Grievance Redressal: You have the right to file a grievance with our Grievance Officer.

5.7 Right to Nominate: Under the DPDP Act, you have the right to nominate an individual who will exercise your data protection rights on your behalf in the event of your death or incapacity. You may submit the name and contact details of your nominated person by writing to us at support@botlinq.com.

5.8 Rights under GDPR (where applicable): If you are located in the EEA, the UK, or Switzerland, you may additionally have the right to: (a) Object to processing; (b) Request restriction of processing; (c) Request data portability; (d) Not be subject to a decision based solely on automated processing; (e) Obtain information about international transfers; (f) Lodge a complaint with a supervisory authority.

5.9 You may submit any request by emailing support@botlinq.com.

5.10 Access to Data Controlled by Our Users: The Company does not have direct contractual relationships with Users' End Users. An individual who seeks access to personal data processed through the Service by a User is advised to direct their request to the relevant User directly in the first instance.

6. Personal Information We Collect — BotlinQ Users

6.1 Information We Collect Directly from the User

(a) Registration Information: Name, business name, email address, phone number, business address, industry type.
(b) Automation and Workflow Data: Automation configurations, AI Agent settings, conversation flow designs, templates.
(c) Subscription and Billing Information: Subscription plan, billing history, invoice details, GST information.
(d) Communication Data: Support correspondence, feedback, testimonials.
(e) KYC and Business Verification Data: Business registration documents, GST certificates, authorised signatory details (where required for WhatsApp Business API access).
(f) Other Voluntarily Provided Data: Surveys, promotions, or campaigns data.

6.2 Information We Collect Indirectly or Passively

(a) Usage Data: Features used, pages visited, actions taken, frequency and duration of activities.
(b) Device and Application Data: IP address, browser type and version, operating system, device identifiers, screen resolution, language preferences.
(c) Referral Data: Source that referred you to us.
(d) Information from Third Parties: Personal information from third parties where you have given them permission to share.
(e) Information from Cookies: Aggregated and anonymised data via tracking technologies.

7. Personal Information We Collect — Respondents / End Users

7.1 Information Collected Directly from the Respondent

(a) Conversation Responses: Messages, responses, selections, and data provided during interactions with automation workflows and AI Agents. The BotlinQ User who deployed the automation is responsible for this data.
(b) Contact Information: Name, phone number, email address, location, or other personal details as configured by the User.
(c) Important Notice: BotlinQ is not responsible for the content of automation workflows or the questions posed to Respondents by Users.

7.2 Information Collected Indirectly

(a) Usage Data: Channel used, timestamps, conversation flow paths.
(b) Device and Application Data: IP address, browser type, operating system, device identifiers.
(c) Channel-Specific Identifiers: WhatsApp phone number and display name; Instagram user ID and display name — as provided by Meta APIs.

8. Purposes of Use and Sharing of Information

8.1 How We Use Your Information

(a) Service Delivery: To provide, maintain, operate, and improve the Service.
(b) Account Management: To create and manage your Account, process Subscriptions and payments.
(c) Personalisation: To personalise your experience with the Service.
(d) Communication: Service-related notices, updates, security alerts, billing information, and optional promotional communications.
(e) Analytics and Improvement: To analyse usage patterns and develop new features.
(f) Legal and Compliance: To comply with applicable laws and enforce our Terms.
(g) Business Operations: Auditing, data analysis, research, and record-keeping.

8.2 How We Share Your Information

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your information in the following circumstances:

(a) With Service Providers: Third-party service providers who perform services on our behalf.
(b) With Third-Party Platforms: When you use integrations with WhatsApp Business API, Instagram Graph API, or other platforms.
(c) With Your Consent: When you have given us explicit consent.
(d) For Legal Reasons: When required by law, court order, or governmental authority.
(e) Business Transfers: In the event of a merger, acquisition, or sale of assets.
(f) Aggregated and Anonymised Data: Data that cannot reasonably be used to identify you.

9. Cookies and Tracking Technologies

9.1 Cookies are small text files placed on your device when you visit a website. BotlinQ uses cookies and similar tracking technologies for the following purposes:

(a) Essential Cookies: Necessary for core functionalities such as authentication and session management.
(b) Functionality Cookies: Allow the Website to remember your preferences.
(c) Analytics and Performance Cookies: Collect anonymised data about usage patterns.
(d) Advertising and Marketing Cookies: Deliver targeted advertisements and measure campaign effectiveness.

9.2 You may configure your browser or device settings to refuse all or some cookies. However, disabling cookies may affect the functionality of the Service.

10. Data Storage, Security, and Transfers

10.1 Your personal data is stored on secure servers. Details of our hosting infrastructure and security practices are described in our Security Policy.

10.2 We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit using SSL/TLS, network security controls, access restrictions, and regular security audits.

10.3 Your information may be transferred to, stored in, and processed in countries other than the country in which you are resident. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where GDPR applies.

10.4 Data processed via WhatsApp Business API or Instagram Graph API may be processed and stored by Meta Platforms, Inc. in accordance with their data policies.

11. Cancelling Your Account and Opting Out

11.1 You may cancel your Account at any time through your Account dashboard or by contacting support@botlinq.com.

11.2 You may opt out of receiving promotional emails at any time by clicking the "unsubscribe" link or by contacting support@botlinq.com.

11.3 Where processing is based on your consent, you may withdraw your consent at any time by writing to support@botlinq.com.

12. Retention of Your Information

12.1 We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law.

(a) Account Data: Retained for the duration of your active Account plus ninety (90) days following cancellation.
(b) Conversation and Automation Data: Retained for the duration of the User's active Account. Deleted within ninety (90) days of termination.
(c) Billing and Transaction Data: Retained for a minimum of eight (8) financial years as required under the Income Tax Act, 1961 and the GST Act, 2017.
(d) Usage and Analytics Data: May be retained in anonymised form indefinitely.
(e) Legal and Compliance Data: Retained as required by applicable legal obligations.

13. Children's Privacy

13.1 The Service is not intended for use by individuals under the age of 18 years. We do not knowingly collect personal data from children under 18.

13.2 If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such data.

14. Use of Google Workspace API

14.1 Where the Service integrates with Google Workspace APIs, BotlinQ's use and transfer of information received from Google APIs shall adhere to the Google API Services User Data Policy, including the Limited Use requirements.

14.2 We will not use Google Workspace data for serving advertisements or allow humans to read such data unless we have your affirmative agreement or it is necessary for security or legal compliance.

15. Use of WhatsApp Business API Data

15.1 Data processed through the WhatsApp Business API is handled in accordance with Meta's WhatsApp Business API Terms of Service and Meta's Data Use Policy.

15.2 BotlinQ processes WhatsApp-related data on behalf of Users and in accordance with their instructions.

15.3 The Company does not use WhatsApp conversation data for any purpose other than providing the Service.

16. Use of Instagram API Data

16.1 Data processed through the Instagram Graph API is handled in accordance with Meta's Instagram Platform Policy and Meta's Data Use Policy.

16.2 BotlinQ processes Instagram-related data on behalf of Users and in accordance with their instructions.

17. Grievance Officer and Data Protection Officer

17.2 The Grievance Officer shall acknowledge receipt of any complaint within 24 hours and shall endeavour to resolve the complaint within 15 days.

18. Contact Information

1. Introduction

At BotlinQ, the security of your data is a fundamental priority. We understand that when you entrust your business communications, customer conversations, and lead data to our platform, you expect it to be handled with the highest standards of security and care.

This Security Policy describes the technical and organisational measures implemented to protect the confidentiality, integrity, and availability of information processed through the BotlinQ platform.

2. Hosting and Infrastructure

2.1 All BotlinQ services and data are hosted on Amazon Web Services (AWS) infrastructure.

2.2 AWS data centres maintain extensive physical and environmental security controls, including 24/7 on-site security, biometric access controls, surveillance, fire detection and suppression systems, climate control, and redundant power systems.

2.3 The Company leverages AWS security certifications including SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, and PCI DSS Level 1.

3. Data Backups

3.1 We maintain daily backups of all User data.

3.2 Backup copies are replicated to geographically separate locations for disaster recovery.

3.3 Backup data is subject to the same security controls as production data.

4. Encryption

4.1 Data in Transit

All data transmitted between your browser or device and the BotlinQ platform is encrypted using SSL/TLS protocols. This applies to all Website connections, mobile Application communications, API communications, and data exchanged with WhatsApp Business API and Instagram Graph API endpoints.

4.2 Data at Rest

Sensitive data stored within the BotlinQ platform is encrypted at rest using industry-standard encryption algorithms. AWS infrastructure provides server-side encryption for stored data.

5. Network Security

5.1 All BotlinQ environments are hosted within a Virtual Private Cloud (VPC) on AWS.

5.2 Production networks are separated between public-facing and internal/private services. No inbound internet traffic is allowed on private subnets. All application servers reside in private subnets without public IP addresses. Firewalls and security groups are configured to allow only authorised traffic.

5.3 Administrative access to production systems is restricted to authorised personnel only and is protected by multi-factor authentication (MFA) and audit logging.

6. Payment Security

6.1 BotlinQ does not directly store, process, or retain any credit card, debit card, or sensitive payment instrument information.

6.2 All payments within India are processed through Razorpay (PCI-DSS compliant). International payments (when activated) will be processed through Stripe (PCI-DSS compliant).

7. Access Controls

7.1 Role-based access controls (RBAC) are implemented. Only authorised personnel with a legitimate business need are granted access to production systems and User data.

7.2 Principle of Least Privilege is applied. Multi-factor authentication (MFA) is enforced. Access permissions are reviewed periodically. Unique identifiers are assigned to all authorised personnel.

8. Security Monitoring and Auditing

8.1 Application, infrastructure, and system logs are collected in a centrally managed log repository for monitoring, troubleshooting, security reviews, and analysis.

8.2 Automated alerting mechanisms are configured for suspicious or anomalous activity.

8.3 Logs are retained in accordance with regulatory requirements.

9. Penetration Testing and Vulnerability Management

9.1 External penetration tests are performed regularly by recognised security research firms to identify potential vulnerabilities.

9.2 Vulnerabilities are ranked and prioritised according to severity, and remediation is undertaken on a risk-based priority basis.

9.3 Regular internal vulnerability assessments, timely security patches, and code review practices incorporating security considerations are maintained.

10. Incident Response

10.1 The Company maintains a documented Security Incident Response Plan covering: Detection and Identification, Containment, Investigation, Notification (to affected Users and authorities as required by the DPDP Act and GDPR), Remediation, and Documentation.

10.2 Under the DPDP Act, the Company shall notify each affected Data Principal and the Data Protection Board of India (once operational) of any personal data breach.

10.3 Under the GDPR (where applicable), the Company shall notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying personal data breach.

11. Employee and Personnel Security

11.1 All personnel with access to User data are subject to confidentiality obligations and non-disclosure agreements, receive regular training on data security and privacy, and are subject to disciplinary measures for violations.

11.2 Access is revoked immediately upon termination of employment or engagement.

12. Third-Party and Sub-Processor Security

12.1 All third-party service providers and sub-processors are selected based on their ability to maintain appropriate security measures, bound by contractual obligations, and subject to periodic review.

13. Business Continuity and Disaster Recovery

13.1 The Company maintains business continuity and disaster recovery plans including daily data backups with geographically distributed replicas, redundant infrastructure, defined recovery time objectives (RTO) and recovery point objectives (RPO), and periodic testing.

14. Reporting Security Concerns

14.2 We acknowledge receipt within 24 hours and investigate promptly. We request responsible disclosure — do not exploit vulnerabilities or disclose publicly before remediation.

1. Introduction

At BotlinQ, we believe that trust is the foundation of every business relationship. We are committed to transparency in our pricing, billing, and refund practices. This Refund Policy outlines the terms governing payments, refunds, cancellations, and related matters for all services offered through the BotlinQ platform.

2. The 7-Day Free Trial Period

2.1 Every BotlinQ plan begins with a 7-day free trial period. The trial is your opportunity to fully evaluate the Service before making any financial commitment.

2.2 During the trial period, you may set up automation workflows, deploy across WhatsApp, Instagram, and website, test AI Agents, live chat, unified inbox, and experience personal support.

2.3 No payment information is required to begin the trial, unless otherwise specified.

2.4 By choosing a paid plan after the trial period, you acknowledge that you have evaluated the Service and found it suitable for your needs.

2.5 Each User is entitled to only one (1) free trial. Creating multiple accounts for additional trials is a violation of the Terms.

3. Paid Subscriptions

3.1 All paid Subscription fees — whether monthly or annual — are non-refundable.

3.2 Add-ons, integrations, custom configurations, and custom development work are also non-refundable.

3.3 WhatsApp conversation charges (as mandated by Meta) are separate, usage-based, and non-refundable.

4. Exceptions — When Refunds Will Be Processed

4.1.1 Duplicate Billing: If you were charged more than once for the same period due to a technical error, the duplicate amount will be refunded.

4.1.2 Unauthorised Payment: If a payment was debited without your authorisation due to a technical error in the recurring billing system.

4.1.3 Overcharging: If you were charged more than the published price.

4.1.4 Payment Made After Cancellation: If payment was processed after you had successfully cancelled your Subscription.

5. Refund Process

5.1 Submit a written request to support@botlinq.com with Subject Line: Refund Request — [Your Account Email / Business Name].

5.2 Include: registered email, business name, transaction date and amount, description of issue, and supporting documentation.

5.3 We will acknowledge receipt within 24 hours, investigate within 7 business days, and communicate the outcome via email.

5.4 Approved refunds will be processed to the original payment method. Razorpay refunds typically take 5–10 business days. Stripe refunds (when activated) will follow Stripe's processing timelines.

6. Subscription Cancellations

6.1 You may cancel your Subscription at any time from your Account dashboard or by contacting support@botlinq.com.

6.2 Cancellation takes effect at the end of your current billing cycle. You retain access until then. You will not be billed for subsequent cycles.

6.3 For annual Subscriptions cancelled early, no pro-rata refund is issued for remaining months. Access continues until the end of the paid annual period.

7. Plan Downgrades

7.1 Downgrades take effect at the beginning of the next billing cycle. No refund or credit is issued for the difference in the current cycle.

8. Chargebacks

8.1 We strongly encourage contacting support@botlinq.com before initiating a chargeback.

8.2 Unwarranted or frivolous chargebacks may result in: immediate temporary Account suspension, permanent Account termination, and recovery of disputed amounts through legal remedies.

9. Payment Gateway

9.1 All payments within India are processed through Razorpay Software Private Limited, an RBI-authorised payment aggregator. BotlinQ does not directly store payment card data.

9.2 In the event the Company activates Stripe, Inc. for international transactions, this Policy will be updated accordingly.

10. Taxes

10.1 All fees are exclusive of applicable taxes, including GST, unless expressly stated otherwise. GST is charged under the Company's Karnataka GSTIN.

10.2 Tax invoices are available through the Account dashboard or via email.

11. Contact Information

Preamble

This Data Processing Addendum ("DPA") forms part of the Terms and Conditions ("Agreement") between the Customer (as defined in the Agreement) and OptiAI Entrepreneurial Solutions (P) Limited, a company incorporated under the Companies Act, 2013 (the "Processor" or "BotlinQ"), under which the Processor provides the Customer with AI-powered automation software and related services (the "Services").

The Parties seek to implement this DPA to comply with the requirements of applicable data protection laws, including the Digital Personal Data Protection Act, 2023 ("DPDP Act") and, to the extent applicable, the General Data Protection Regulation (EU) 2016/679 ("EU GDPR").

1. Definitions

"Applicable Data Protection Laws" means all laws applicable to the processing of Personal Data, including the DPDP Act, IT Act 2000, EU GDPR, UK GDPR, and any other applicable legislation.

"Controller" / "Data Fiduciary" means the Customer who determines the purposes and means of processing Personal Data.

"Processor" / "Data Processor" means OptiAI Entrepreneurial Solutions (P) Limited (operating as BotlinQ).

"Data Principal" / "Data Subject" means the individual to whom the Personal Data relates.

"Personal Data" means any information relating to a Data Principal/Data Subject processed by the Processor on behalf of the Controller.

"Personal Data Breach" means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data.

"Sub-processor" means a third-party appointed by the Processor for all or parts of the Services who processes Personal Data on behalf of the Controller.

"Standard Contractual Clauses" ("SCCs") means the clauses pursuant to EU Commission Implementing Decision (EU) 2021/914.

2. Purpose of This Addendum

2.1 This DPA sets out the obligations of the Processor in relation to the Processing of Personal Data and ensures compliance with Applicable Data Protection Laws.

3. Categories of Personal Data and Data Subjects

3.1 The Controller authorises the Processor to process Personal Data to the extent determined and regulated by the Controller through its use of the Services.

3.2 The categories are specified in Annex I of this DPA.

4. Purpose of Processing

4.1 The objective of Processing shall be limited to the Processor's provision of the Services, including: providing the BotlinQ platform; processing conversations across WhatsApp, Instagram, and website channels; storing lead data; providing support; generating analytics; and processing billing information.

5. Duration of Processing

5.1 The Processor shall process Personal Data for the duration of the Agreement, unless otherwise agreed in writing.

6. Controller's Obligations

6.1 The Controller shall warrant that it has all necessary rights and legal basis to provide Personal Data to the Processor.

6.2 The Controller shall ensure all necessary consents are obtained and maintain a record of such consents.

6.3 The Controller shall provide Data Principals with the relevant privacy notice.

6.4 The Controller shall ensure automation workflows comply with Applicable Data Protection Laws.

6.5 The Controller shall immediately advise the Processor of any complaints, data subject requests, regulatory inquiries, or legal processes.

7. Processor's Obligations

7.1 The Processor shall process Personal Data only on documented instructions from the Controller.

7.2 The Processor shall provide reasonable assistance in responding to data subject requests.

7.3 The Processor shall inform the Controller if a processing instruction infringes applicable legislation.

7.4 The Processor shall assist the Controller in conducting Data Protection Impact Assessments (DPIAs) where required.

8. Data Secrecy and Confidentiality

8.1 The Processor shall use only personnel informed of the confidential nature of Personal Data and bound by confidentiality obligations.

8.2 Regular training on data security and privacy is provided to all personnel with access to Personal Data.

8.3 Appropriate technical and organisational measures are maintained as specified in Annex II.

9. Audit Rights

9.1 Upon reasonable request, the Processor shall make available information demonstrating compliance with this DPA.

9.2 The Controller may conduct audits with at least 15 days' prior written notice, during business hours, limited to the Controller's Personal Data, and at the Controller's expense (unless the audit reveals a material breach).

9.3 The Processor may satisfy audit obligations by providing third-party audit reports or compliance attestations.

10. Mechanism of Data Transfers

10.1 Personal Data may be processed in India and in jurisdictions where the Processor's infrastructure providers (including AWS) maintain facilities.

10.2 Transfers from the EEA/UK/Switzerland shall be governed by the Standard Contractual Clauses attached as Schedule 1.

10.3 Under the DPDP Act, transfer outside India shall be subject to conditions notified by the Central Government.

11. Sub-processors

11.1 The Controller acknowledges the Processor may engage Sub-processors subject to appropriate contractual obligations.

11.2 The Processor shall notify the Controller at least 30 calendar days in advance of any Sub-processor changes.

11.3 The Processor remains liable for any failure by a Sub-processor to fulfil data protection obligations.

11.4 If the Controller objects to a proposed Sub-processor, the Parties shall confer in good faith. If unresolved within 30 days, the Controller may terminate the affected Services without penalty.

12. Personal Data Breach Notification

12.1 The Processor shall notify the Controller within 72 hours of becoming aware of a Personal Data Breach.

12.2 Notification shall include: nature of the breach, categories and approximate number of Data Principals affected, likely consequences, and measures taken or proposed.

12.3 The Processor's notification shall not be construed as an acknowledgement of fault or liability.

13. Return and Deletion of Personal Data

13.1 Upon termination, the Processor shall, at the Controller's election: (a) Return all Personal Data in a commonly used format; or (b) Delete all Personal Data within 90 days.

13.2 The Controller must communicate its election within 30 days of termination. Otherwise, the Processor shall proceed to delete.

13.3 The Processor may retain data as required by applicable law (Income Tax Act, GST Act, etc.).

14. Technical and Organisational Measures

14.1 The Processor implements and maintains appropriate measures as described in Annex II, including: hosting on AWS, encryption in transit and at rest, VPC network security, role-based access controls, MFA, daily backups, centralised logging, regular penetration testing, documented incident response, payment security via Razorpay/Stripe, personnel confidentiality obligations, and business continuity plans.

Annexures

Annex I — Description of Processing

Data Exporter (Controller): The Customer, as identified in the Agreement.

Data Importer (Processor): OptiAI Entrepreneurial Solutions (P) Limited (operating as BotlinQ), Prestige Atlanta, Koramangala 1A Block, Bengaluru – 560034, Karnataka, India.

Categories of Data Subjects: End Users/Respondents who interact with automation; Customer's employees and authorised representatives; Customer's clients, prospects, and leads.

Categories of Personal Data: Contact information (name, phone, email, WhatsApp number, Instagram user ID); Communication data (messages, conversation logs, media files); Business data (appointment details, product inquiries, lead qualification data); Technical data (IP addresses, device identifiers, geolocation); Account data (registration, billing, subscription data); Any other data the Customer configures workflows to collect.

Annex III — List of Sub-processors

This list is current as of March 2026. The Processor shall notify the Controller at least 30 calendar days in advance of any changes.