At Karma Automations, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you interact with our services, website, and AI automation solutions. By using our services, you agree to the practices described in this policy.
1. Information We Collect
We collect various types of information to provide and improve our services:
1.1 Information You Provide Directly
- Contact Information: Name, email address, phone number, and company details when you submit inquiries, book consultations, or sign up for our services
- Communication Data: Messages, feedback, and any other information you provide when communicating with us through our website, email, or chat interfaces
- Project Information: Details about your business needs, automation requirements, and specifications you share during consultations
- Account Information: If you create an account with us, we collect login credentials and profile information
1.2 Information Collected Automatically
- Usage Data: Information about how you interact with our website, including pages visited, time spent, click patterns, and navigation paths
- Device Information: IP address, browser type, operating system, device identifiers, and screen resolution
- Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance user experience and analyze website performance
- Chat Interactions: Conversations with our AI-powered chat assistants (powered by Voiceflow) to improve service quality and provide support
1.3 Information from Third-Party Sources
- Social Media: If you interact with us through social media platforms, we may receive basic profile information in accordance with your privacy settings
- Business Partners: Information from partners or service providers who help us deliver our services
2. How We Use Your Data
We use the collected information for the following purposes:
2.1 Service Delivery and Operations
- Providing AI automation solutions, custom workflows, and intelligent agent development
- Processing and responding to your inquiries, consultation requests, and support tickets
- Delivering project updates, technical documentation, and implementation guidance
- Managing client relationships and ongoing service agreements
2.2 Service Improvement and Development
- Analyzing usage patterns to improve website functionality and user experience
- Training and optimizing our AI models and automation systems
- Conducting research and development for new features and services
- Testing and quality assurance of our solutions
2.3 Communication and Marketing
- Sending service-related notifications, updates, and important announcements
- Sharing educational content, case studies, and industry insights (with your consent)
- Conducting customer satisfaction surveys and feedback collection
- Marketing our services to potential clients (you can opt-out anytime)
2.4 Legal and Security
- Complying with legal obligations and regulatory requirements
- Protecting against fraud, security threats, and unauthorized access
- Enforcing our terms of service and protecting our legal rights
- Resolving disputes and preventing misuse of our services
3. Data Storage & Security
3.1 Data Storage
Your data is stored securely using industry-standard practices:
- Cloud Infrastructure: We utilize secure cloud storage services with data centers located in compliance with applicable data protection regulations
- Retention Period: Personal data is retained only as long as necessary to fulfill the purposes outlined in this policy or as required by law
- Data Minimization: We collect and retain only the data necessary for our legitimate business purposes
- Backup Systems: Regular backups are performed to prevent data loss, with encrypted backup storage
3.2 Security Measures
We implement comprehensive security measures to protect your data:
- Encryption: Data is encrypted both in transit (using SSL/TLS) and at rest using industry-standard encryption protocols
- Access Controls: Strict role-based access controls ensure only authorized personnel can access sensitive data
- Authentication: Multi-factor authentication for internal systems and administrative access
- Regular Audits: Periodic security assessments, vulnerability scanning, and penetration testing
- Employee Training: Regular security awareness training for all team members handling client data
- Incident Response: Established protocols for detecting, responding to, and mitigating security incidents
- Secure Development: Security-by-design principles in all our automation solutions and custom implementations
3.3 Data Protection Commitment
While we implement robust security measures, no method of transmission over the internet is 100% secure. We continuously update our security practices and will notify affected users in the event of any data breach as required by applicable laws.
4. Third-Party Services
We work with trusted third-party service providers to deliver our services effectively. Your data may be processed by the following services:
4.1 Marketing and Analytics Platforms
Meta (Facebook)
Google Analytics
Used for website analytics, advertising campaigns, and understanding user behavior to improve our marketing efforts and user experience.
4.2 Automation and Workflow Platforms
n8n
Make.com
Zapier
Used for building custom automation workflows, integrating various business tools, and orchestrating complex data processing pipelines for our clients.
4.3 AI and Machine Learning Services
Pinecone
OpenAI
Anthropic Claude
Google AI
Vector databases and AI model providers used for building intelligent agents, semantic search capabilities, and natural language processing features.
4.4 Communication and Support Tools
Voiceflow
WhatsApp Business API
Email Services
Chatbot platforms and messaging services used for customer support, consultation scheduling, and client communication.
4.5 Cloud Infrastructure and Hosting
Google Cloud Platform
AWS
Azure
Cloud hosting and infrastructure services that power our applications and store client data securely.
4.6 Payment Processing
Razorpay
Stripe
Secure payment gateways for processing transactions. We do not store complete payment card information on our servers.
4.7 Third-Party Data Sharing Principles
- We only share data with third parties necessary for service delivery
- All third-party providers are required to maintain appropriate data protection standards
- Data processing agreements are in place with all service providers
- Third parties are prohibited from using your data for their own marketing purposes without your consent
- We regularly review and audit our third-party relationships for compliance
5. Your Rights and Choices
You have important rights regarding your personal data:
5.1 Access and Transparency
- Right to Access: Request a copy of all personal data we hold about you
- Right to Information: Understand how your data is being processed and for what purposes
- Data Portability: Receive your data in a structured, commonly used, machine-readable format
5.2 Control and Correction
- Right to Rectification: Correct any inaccurate or incomplete personal information
- Right to Erasure: Request deletion of your personal data (subject to legal obligations)
- Right to Restriction: Limit how we process your data in certain circumstances
- Right to Object: Oppose processing of your data for direct marketing or other purposes
5.3 Consent and Communication Preferences
- Withdraw Consent: Revoke consent for data processing at any time (where consent is the legal basis)
- Marketing Opt-Out: Unsubscribe from marketing communications via the unsubscribe link or by contacting us
- Cookie Management: Control cookie preferences through your browser settings
5.4 How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days. You may be required to verify your identity before we process your request.
5.5 Complaints and Regulatory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
6. Additional Privacy Information
6.1 Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete that information promptly.
6.2 International Data Transfers
As we operate globally and use international service providers, your data may be transferred to and processed in countries outside of India. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
6.3 Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website with a new "Last Updated" date. Continued use of our services after such changes constitutes acceptance of the updated policy.
6.4 Data Retention
We retain personal data for different periods depending on the purpose:
- Active Client Data: Retained for the duration of our business relationship plus any legal retention period
- Contact Form Submissions: Retained for up to 2 years or until you request deletion
- Analytics Data: Anonymized and aggregated data may be retained indefinitely for statistical purposes
- Legal Requirements: Certain data may be retained longer to comply with tax, accounting, or legal obligations
6.5 Your California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell your personal information.
6.6 European Data Protection (GDPR)
If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including those outlined in Section 5 above. Our legal basis for processing your data includes consent, contractual necessity, legal obligations, and legitimate interests.