Scope
Vayun is an AI assistant platform that helps businesses respond to messages, answer questions, capture leads, support bookings, and automate customer-facing conversations across WhatsApp, websites, and related digital channels.
This Privacy Policy applies when people use Vayun’s website, dashboard, embeddable chat widget, WhatsApp integrations, booking flows, connected integrations, and support channels.
In this document, “Client” means a business, clinic, consultant, organisation, account owner, workspace owner, or authorised team member using Vayun. “End user” means a person who interacts with a client’s Vayun-powered assistant, including through WhatsApp, website chat, booking pages, or other connected channels.
Vayun is operated by NEBULIX LABS PRIVATE LIMITED, an Indian private limited company.
Where a client uses Vayun to communicate with its own end users, the client is responsible for deciding the purpose and lawful basis of that communication. For such end-user data, Vayun generally acts as a service provider/data processor on behalf of the client, except where Vayun processes limited data for its own service security, debugging, billing, legal compliance, or platform-improvement purposes.
Data we collect
Depending on how the service is used, we may collect account and profile data, chat and messaging data, knowledge-base and uploaded content, lead/contact/booking data, integration data, operational and analytics data, and support communications data.
Examples include names, email addresses, phone numbers, WhatsApp identifiers, appointment details, uploaded PDFs/DOCX/TXT files, text snippets, Q&A pairs, extracted summaries, search index data, WhatsApp business account IDs, phone number IDs, Shopify connection data, calendar data, payment-related records where applicable, webhook logs, application logs, and security logs.
How we collect data
We collect data directly from clients when they create an account, upload files, configure a chatbot, connect integrations, create booking flows, or contact support.
We also collect data automatically through use of the service, from third-party services that clients choose to connect, and from end users when they interact with a client’s Vayun-powered assistant, booking page, WhatsApp number, or web chat.
Why we use data
We use personal data to operate, secure, and improve the service. This includes account management, authentication, chat/search/knowledge-base/WhatsApp/web-widget/booking/calendar/integration/payment features, storage and retrieval of client content, embeddings, summaries, AI-assisted responses, lead capture, appointment records, follow-up workflows, troubleshooting, misuse detection, service communications, legal compliance, dispute resolution, and protection of users, clients, end users, systems, and rights.
AI-specific processing
Vayun uses AI systems to process certain content submitted by clients and end users. This may include chat prompts, retrieved context, document snippets, transcript text, document chunks, conversation summaries, and embeddings used for search and answer generation.
We may create search indexes and vector representations from uploaded or submitted content so the service can retrieve relevant information later. Clients should not upload or submit content unless they have the right to do so and are comfortable using AI-assisted processing for that content.
AI-generated output may contain mistakes, omissions, outdated information, or unsuitable responses for a specific situation. Clients and end users should review important outputs before relying on them, especially for professional, financial, medical, legal, or operational decisions.
Sensitive data and healthcare-related use
The MVP can technically process sensitive or health-related data because it supports clinic-style onboarding, appointments, free-text chats, uploads, and contact records.
Unless and until Vayun publishes a dedicated healthcare or regulated-data offering, clients should not use the service for emergency care, diagnosis, treatment decisions, or workflows that require specific contractual, technical, or regulatory commitments not expressly offered by Vayun.
Clients are responsible for deciding whether their use of Vayun is suitable for their sector, internal policies, and legal obligations.
Sharing of data
We do not sell personal data.
We may share personal data only as reasonably necessary with infrastructure and operations providers, AI service providers, client-selected integrations, relevant client workspaces, professional advisers, regulators, authorities, and parties involved in protecting rights, safety, systems, property, or service integrity.
For the current MVP, relevant service categories may include self-hosted cloud infrastructure, database/storage systems, vector search, AI processing, WhatsApp/Meta integrations, authentication, payment providers, and logging/security components.
Retention
During the MVP and beta testing period, personal data may be retained for up to 90 days to support product testing, debugging, service improvement, security review, and client support, unless a longer period is required by law, dispute handling, backup recovery, or a client-approved operational need.
After general availability, standard retention periods may be reduced. For example, chat and messaging data may be retained for around 30 days by default, unless the client requests a longer retention period, configures a different retention setting, or the data is needed for service operation, legal obligations, security, dispute handling, or support.
Clients may request deletion by contacting [email protected]. Some deleted data may remain temporarily in backups or logs until normal backup rotation, security, or legal retention periods expire.
| Data category | MVP / beta retention approach |
|---|---|
| Chat and messaging data | Up to 90 days during MVP/beta; expected to reduce after launch |
| Leads, contacts, and booking data | Retained while the client account is active or until deleted/requested |
| Uploaded knowledge-base content | Retained while the client uses it, until removed or deletion is requested |
| Operational logs | Retained only as long as reasonably needed for debugging, security, and operations |
| Backups | May persist for a limited rolling backup period before automatic overwrite or deletion |
Security
We use technical and organisational measures intended to protect personal data, including authentication controls, access controls, ownership checks, signed tokens where applicable, upload restrictions, file scanning, webhook verification in certain flows, and restricted internal administrative access.
No system is perfectly secure. Clients are responsible for keeping account credentials safe, limiting internal access, and configuring the service responsibly. If you believe an account or data has been compromised, contact us promptly at [email protected].
International transfers
Vayun and its service providers may process personal data in different countries depending on the infrastructure, integrations, messaging platforms, AI providers, payment providers, and support tools used to provide the service.
Where required, Vayun and its clients are responsible for using appropriate notices, consents, contracts, and safeguards for such processing.
Your choices and rights
Clients may be able to access, correct, update, export, or delete certain data through the product itself. Depending on applicable law, individuals may also have rights to request access, correction, deletion, withdrawal of consent where consent is the basis for processing, or complaint review.
Privacy requests may be sent to [email protected]. We may ask for reasonable verification before acting on a request.
End users who interacted with a client’s Vayun-powered assistant should normally contact that client/business first for access, correction, deletion, opt-out, or consent-related requests, because the client controls the relationship and communication purpose. Vayun may assist clients with such requests where reasonably possible.
Data Deletion
Users may request deletion of their personal data at any time by contacting [email protected].
Requests will be reviewed and processed within a reasonable timeframe, subject to verification and any legal or operational requirements.
For end users interacting with a business via Vayun, data deletion requests should typically be directed to the respective business. Vayun will assist clients in fulfilling such requests where applicable.
Children
The service is not intended for children. Clients must not use Vayun to knowingly collect personal data from children in violation of applicable law.
Client responsibilities
Clients must have the legal right to upload, submit, connect, or otherwise process the data they use with Vayun.
Businesses using Vayun are responsible for ensuring they have appropriate consent to contact users. Vayun provides tools to help collect, record, and manage consent and opt-out preferences for messages sent through Vayun. Clients are responsible for any messages sent outside Vayun or through other systems.
Clients must not use Vayun for spam, unsolicited messaging, abusive communications, misleading communications, illegal communications, or any activity that violates applicable laws or WhatsApp Business Platform / Meta policies.
Clients are responsible for the content, templates, timing, purpose, and nature of messages sent using the service. Clients are also responsible for ensuring that any personal or sensitive data collected through Vayun is handled in accordance with applicable laws and their own privacy obligations.
For WhatsApp and similar messaging channels, clients must obtain clear and explicit opt-in consent before initiating messages to end users, use approved or compliant templates where required, maintain lawful contact lists, and honour opt-out, unsubscribe, or stop requests promptly.
Follow-Up Messaging (Vayun)
Follow-up or reminder messages sent through Vayun are sent only where permitted by applicable messaging rules, including: (a) within an active user-initiated WhatsApp 24-hour customer service window as permitted by WhatsApp policies, or (b) outside that 24-hour customer service window only after explicit user consent has been requested and confirmed inside a Vayun-powered user-initiated chat flow, recorded by Vayun, and any required WhatsApp approved message template requirements are satisfied. If consent status is not known, Vayun may request confirmation during an active user-initiated WhatsApp conversation before enabling follow-up or reminder messages outside that 24-hour customer service window.
Consent Collection
For the MVP, Vayun does not rely on consent collected outside Vayun. Consent for follow-up or outbound messaging outside an active user-initiated WhatsApp 24-hour customer service window must be collected through Vayun’s in-chat consent flow during a user-initiated conversation and recorded by Vayun before such messages are sent. Consent collected through external forms, manual notes, client systems, or offline channels is not automatically recognized by Vayun for follow-up or outbound messaging. Messages sent outside the WhatsApp 24-hour customer service window may also require approved WhatsApp message templates under WhatsApp policies.
WhatsApp / Messaging Responsibility
Vayun enables businesses to communicate with users via messaging platforms such as WhatsApp.
If a client connects their own WhatsApp Business Account, they remain responsible for their account configuration, message templates, user consent (opt-ins), and compliance with applicable messaging platform policies.
When interacting via WhatsApp, data may be processed by Meta Platforms in accordance with their policies and terms.
Opt-Out
Users may receive follow-up or outbound messages through Vayun only where permitted by applicable messaging rules, such as within an active user-initiated WhatsApp 24-hour customer service window or after consent has been confirmed through Vayun’s in-chat consent flow during a user-initiated conversation, subject to any required WhatsApp approved message template requirements. Users may opt out at any time through the relevant business, Vayun-supported flows, or the applicable messaging platform. Vayun provides safeguards intended to help prevent further messaging after an opt-out request is recorded within the system.
Payments, billing, and refunds during MVP
If payment or booking-payment features are enabled, payment-related processing may be handled through connected payment providers. Vayun may store limited payment-related records needed for booking confirmation, reconciliation, support, fraud prevention, or dispute handling.
During the MVP period, billing, cancellation, and refund requests should be sent to [email protected]. Refund requests will be reviewed case by case according to the applicable plan, usage, service issue, and stage of the client relationship.
Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we may update the effective date and provide notice through the website, product, email, dashboard, or another reasonable method.
Contact
Privacy, support, billing, deletion, refund, and WhatsApp-related requests may be sent to [email protected].
Vayun is operated by NEBULIX LABS PRIVATE LIMITED, an Indian private limited company.
Backup contact: Vijay Kumar Raju Penmetsa, Hyderabad, India · [email protected] · +91 91008 58999.