Privacy Policy
Last updated: 23 June 2026
This Privacy Policy explains how Hardik Agarwal (“auto4you”, “we”, “us” or “our”), a Sole Proprietorship registered in India and the operator of the website https://auto4you.in and the software platform at https://app.auto4you.in (together, the “Platform”), collects, uses, shares, stores, protects and discloses personal data.
We are committed to handling personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and the rules made under it, and other applicable Indian law.
This Policy applies to:
- Visitors to our marketing website auto4you.in;
- Business customers who subscribe to and use the auto4you Platform; and
- Authorised users within a customer’s organisation who access the dashboard at app.auto4you.in.
Please read this Policy together with our Terms & Conditions and Refund & Cancellation Policy.
1. Who we are and what auto4you does
auto4you is a business-to-business (B2B) software-as-a-service (SaaS) platform. We provide AI voice agents that place outbound calls and answer inbound calls on behalf of our business customers — for use cases such as outbound sales and cold-calling, lead qualification, appointment booking, follow-up reminders and inbound customer support — in Hindi, Hinglish and Indian languages.
Our customers are businesses (for example, in real estate, lending, edtech, insurance and direct-to-consumer sectors) who configure AI calling campaigns from a dashboard. The Platform is sold to verified businesses only and is not intended for consumers.
It is important to understand the two different relationships we have with personal data:
- When you interact with auto4you directly (you visit our website, sign up for an account, pay us, or contact support), we act as the Data Fiduciary / data controller for that personal data, and this Policy governs how we handle it.
- When our business customer uploads contact lists and runs calling campaigns through the Platform — including the resulting call recordings and transcripts of the people they call — we act only as a Data Processor acting on that customer’s documented instructions. In that relationship, our business customer is the Data Fiduciary / controller and is responsible for having a lawful basis and valid consent to contact those individuals. This distinction is explained further in Section 5.
2. The personal data we collect
We collect the following categories of personal data. We collect only what is necessary for the purposes described in this Policy.
2.1 Data we collect as a controller (about our customers and website visitors)
| Category | Examples | When collected |
|---|---|---|
| Account & identity data | Name, business name, work email, phone number, role/designation, login credentials | When you create or manage an account |
| Business & KYC data | Company name, registered address, GST number, PAN, authorised-signatory details, business documents | When you onboard as a paying customer (as required for tax, billing and gateway compliance) |
| Billing & transaction data | Plan selected, billing history, invoices, credits purchased and consumed, transaction references | When you subscribe, buy credits, or are billed |
| Communications data | Emails, support tickets, chat messages, WhatsApp messages and demo-booking details you send us | When you contact us or request a demo |
| Technical & usage data | IP address, browser and device type, operating system, pages viewed, dashboard activity, log files, approximate location | Automatically when you use the website or dashboard |
| Cookies & similar technologies | Session, preference and analytics identifiers | Automatically — see Section 8 |
2.2 Payment-card data
When you pay us, card and bank details are collected and processed directly by our PCI-DSS-compliant payment gateway — PayU (for INR / India payments). auto4you does not collect, see or store your full card number, CVV or complete bank credentials. We receive only limited transaction metadata (such as a payment reference, status, the last four digits of a card, and the amount) needed to confirm payment and maintain records.
2.3 Data we process on behalf of our customers (as a processor)
When a business customer runs campaigns on the Platform, we process — strictly on that customer’s instructions — the following data relating to the individuals our customer chooses to call (“Called Parties”):
- Contact and lead data uploaded by the customer: names, phone numbers, and any other fields the customer includes in their lead lists or CRM (for example, location, language preference, product interest, lead source).
- Call recordings: audio recordings of calls placed or received by the AI voice agent. Calls made and answered through the Platform may be recorded.
- Call transcripts and voice data: machine-generated transcripts, detected intent, call outcomes, sentiment and other analytics derived from the call audio.
- Call metadata: call time, duration, phone numbers involved, disposition/outcome, and campaign identifiers.
We act on this data only to deliver the calling, transcription and analytics services our customer has asked us to provide. We do not sell this data and do not use it for our own marketing.
Honesty about recordings: AI voice agents on auto4you place calls that may be artificially generated, and those calls may be recorded and transcribed. Where the law requires the Called Party to be told that a call is recorded or that they are speaking with an automated/AI system, our business customer is responsible for making that disclosure and obtaining any required consent. See Section 5 and our Acceptable Use Policy in the Terms.
We do not intentionally collect sensitive personal data (such as health, financial-account, caste, religious or biometric data) and ask customers not to upload such data into the Platform unless they have a lawful basis to do so and have a separate agreement with us covering it.
3. How and why we use personal data
We use personal data for the purposes set out below. Under the DPDP Act, our lawful bases are your consent, the necessity to perform our contract with you, certain legitimate uses permitted by the Act, and compliance with our legal obligations — identified against each purpose below:
- To provide the Platform — create and manage your account, provision credits, run the AI voice-agent service you have configured, and deliver call recordings, transcripts and analytics to you (performance of contract).
- To process payments and manage billing — charge subscriptions and usage-based credits, issue invoices and tax documents, and detect failed or duplicate payments (performance of contract; legal obligation).
- To provide support and communicate with you — respond to enquiries, demo requests and tickets, and send service and transactional messages (performance of contract; consent).
- To operate, secure and improve the Platform — monitor performance, prevent fraud and abuse, debug, maintain audit logs, and improve features and call quality (legitimate use).
- To comply with law — meet tax, accounting, telecom, KYC and regulatory obligations, and respond to lawful requests from authorities (legal obligation).
- For limited marketing — send you product updates and offers about auto4you, where permitted. You can opt out at any time using the unsubscribe link or by writing to us (consent).
We do not use customer call recordings, transcripts or uploaded lead data to train general-purpose AI models for unrelated purposes, and we do not sell personal data to anyone.
4. Who we share personal data with
We share personal data only as described below, and we require our service providers to protect it and use it only for the services they provide to us.
4.1 Sub-processors and service providers
To run the Platform we rely on the following categories of third parties (“sub-processors”):
- Payment gateway — PayU (INR / India) — to process payments securely under PCI-DSS.
- Telephony and DLT / connectivity providers — to originate and receive calls over the telecom network and to deliver the audio.
- AI / large-language-model and speech providers — including Google (Gemini) and other speech-to-text, text-to-speech and language-model providers — to generate the agent’s speech, understand the caller and produce transcripts.
- Cloud hosting and infrastructure providers — to host the Platform, store data and serve the website.
- Analytics, email, messaging and support tools — to operate our website, communications and customer support.
Each provider receives only the data needed for its function. The payment gateway acts as an independent controller for the payment data it collects under its own privacy policy (PayU).
4.2 Other disclosures
We may also disclose personal data:
- to comply with law, a court order, or a lawful request from a government, telecom or regulatory authority;
- to enforce our Terms, investigate misuse, or protect the rights, safety and property of auto4you, our customers or the public; and
- in connection with a merger, acquisition, financing or sale of assets, in which case data would be transferred subject to this Policy.
We do not sell or rent personal data.
5. Our role as a Data Processor (customer-uploaded data and call recordings)
This Section is important and applies to the contact lists, call recordings, transcripts and call data described in Section 2.3.
- Our business customer is the Data Fiduciary / controller of the personal data of the Called Parties. The customer decides whom to call, what to say, and why.
- auto4you is a Data Processor. We process that data only to provide the calling, transcription and analytics services, strictly on the customer’s documented instructions, and not for our own purposes.
- The customer is responsible for compliance, including: having a valid lawful basis and consent to contact each Called Party; honouring DND / NCPR registrations and Do-Not-Call requests; completing any required DLT registration and using approved sender headers; making any legally required disclosure that the call is recorded and/or AI-generated; and complying with the TRAI Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018, the DPDP Act, the IT Act and the Consumer Protection Act, 2019.
- If a Called Party contacts us about how their data was used in a campaign, we will, where appropriate, direct them to the relevant business customer (the controller) and assist that customer in responding, as the law requires.
A separate data-processing arrangement within our Terms & Conditions governs this relationship between us and our business customers.
6. International data transfers
auto4you is based in India and primarily stores data in India. However, some of our sub-processors (for example, certain AI, speech and cloud providers such as Google/Gemini) may process or store data outside India. Where personal data is transferred outside India, we do so in accordance with the DPDP Act and applicable law, and we take steps to ensure the data continues to receive an appropriate level of protection through contractual safeguards with those providers.
7. How long we keep data (retention) and deletion
We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
- Account, billing and KYC data — kept for the life of your account and then for up to 8 years after closure, to meet tax, accounting and legal-retention obligations.
- Call recordings and transcripts — retained for the period configured by the business customer, or by default for 90 days, after which they are deleted or anonymised, unless a longer period is required by law or the customer’s instructions.
- Communications and support records — kept for as long as needed to handle your query and for a reasonable period afterwards.
- Technical logs — kept for a limited period for security, debugging and audit purposes.
Deletion on request: any Data Principal may ask us to delete personal data we hold about them, and business customers may request earlier deletion of their campaign data (including call recordings and transcripts), by contacting our Grievance Officer (see Section 11). We will action such requests subject to the verification and legal-retention limits described in Sections 9 and 10. When data is no longer needed, we delete it securely or irreversibly anonymise it.
8. Cookies and tracking technologies
Our website and dashboard use cookies and similar technologies to:
- keep you signed in and maintain your session (strictly necessary);
- remember your preferences (functional); and
- understand how the site and dashboard are used so we can improve them (analytics).
You can control or delete cookies through your browser settings. Disabling strictly necessary cookies may prevent parts of the dashboard from working. We do not use cookies to build advertising profiles of you across unrelated websites.
9. How we protect your data (security)
We maintain reasonable security practices and procedures designed to protect personal data, including:
- encryption in transit (HTTPS/TLS across auto4you.in and app.auto4you.in);
- encryption at rest for stored data, including call recordings, where applicable;
- access controls so that staff and sub-processors can access data only on a need-to-know basis;
- outsourcing card processing to a PCI-DSS-compliant gateway (PayU) so we never hold full card data;
- logging, monitoring and regular review of our systems.
No method of transmission or storage is completely secure. While we work hard to protect your data, we cannot guarantee absolute security. If a personal-data breach occurs that affects you, we will notify you and the Data Protection Board of India as required by the DPDP Act.
10. Your rights
Subject to the DPDP Act and applicable law, you (as a Data Principal) have the right to:
- Access — obtain a summary of the personal data we process about you and how we process it;
- Correction and updating — have inaccurate or incomplete data corrected, completed or updated;
- Erasure — request deletion of your personal data where it is no longer needed and we are not required to keep it;
- Withdraw consent — withdraw consent you previously gave, without affecting processing already carried out;
- Grievance redressal — raise a complaint with us about how we handle your data (see Section 11); and
- Nominate — nominate another individual to exercise your rights in the event of death or incapacity, as provided under the DPDP Act.
To exercise any of these rights, contact our Grievance Officer using the details below. We may need to verify your identity before acting, and we will respond within the timelines required by law.
Note for Called Parties: if your data was used in a calling campaign run by one of our business customers, that customer is the controller of your data. We will help you reach them and assist them in responding to your request. To stop receiving calls, you may also ask to be added to that business’s Do-Not-Call list and register with the national DND / NCPR registry.
11. Grievance Officer and how to contact us
In accordance with the DPDP Act, 2023 and the Information Technology Act, 2000, we have appointed a Grievance Officer (who also serves as our point of contact for data-protection matters) to address questions, concerns or complaints about this Policy and our handling of personal data.
Grievance & Data Protection Officer: Hardik Agarwal Designation: Proprietor, Grievance Officer & Data Protection Contact Grievance email: hardikagarwal@autosysai.dev Grievance / data-protection phone: +91 73404 00524 General support email: hardikagarwal@autosysai.dev Operated by: Hardik Agarwal (Sole Proprietorship, trading as auto4you) — not registered under GST Registered address: Rajasthan Agro Agencies, Shyam Colony, Shahpura, Jaipur, Rajasthan – 303103
We aim to acknowledge grievances within 48 hours and to resolve them within the period prescribed under applicable law (and in any event within approximately 30 days). If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India under the DPDP Act. For other ways to reach us, please see our Contact Us page.
12. Children’s data
The Platform is intended for use by businesses and authorised adult users only. We do not knowingly collect personal data of children. If you believe a child’s data has been provided to us, please contact our Grievance Officer so we can take appropriate action.
13. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology or the law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you. Your continued use of the Platform after an update means you accept the revised Policy.
This Privacy Policy is governed by and construed in accordance with the laws of India, and the courts at our registered place of business shall have jurisdiction over any disputes, as set out in our Terms & Conditions.