This Privacy Policy describes how Connect First ("we", "us", or "our"), a business communication solutions provider based in Mumbai, Maharashtra, India, collects, uses, and protects your personal information when you use our website at connect-first.in or engage with our services including Bulk SMS, WhatsApp Business API, Voice Call, Google Verified SMS, and RCS Messaging. By using our services, you agree to the practices described in this policy.

1. Overview & Scope

Connect First is committed to protecting your privacy and handling your personal data with transparency and care. This policy applies to all individuals who visit our website, use our communication platform, or interact with us as business clients and their end-customers.

We comply with applicable data protection laws in India, including the Information Technology Act, 2000, its rules, and the Digital Personal Data Protection Act, 2023 (DPDPA). We also adhere to TRAI (Telecom Regulatory Authority of India) regulations governing business messaging and DLT (Distributed Ledger Technology) compliance.

2. Information We Collect

We collect information in the following categories depending on how you interact with us:

Account Information

Name, business name, email address, phone number, billing address, and GSTIN when you register with us.

Usage Data

IP address, browser type, pages visited, time spent, device information, and log data from platform usage.

Communication Data

Message content, delivery logs, sender IDs, templates, and campaign analytics processed through our platform.

Payment Information

Transaction details, invoices, and payment confirmations (card/bank data processed securely by our payment partners).

We do not collect sensitive personal data such as passwords in plaintext, biometric data, or health records unless explicitly required for a specific service and with your consent.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and improve our Bulk SMS, WhatsApp Business API, Voice Call, Google Verified SMS, and RCS messaging services
  • To process account registrations, onboarding, and manage your relationship with Connect First
  • To send service-related communications such as invoices, delivery reports, API alerts, and account updates
  • To comply with TRAI DLT regulations and ensure all messaging templates and sender IDs are appropriately registered
  • To detect, investigate, and prevent fraudulent activity, abuse, spam, or violations of our terms of service
  • To personalise your experience on our platform and improve our product features
  • To respond to your customer support queries and technical issues
  • To send marketing communications about new features or services (with your consent and with a clear opt-out mechanism)
  • To meet our legal, regulatory, and compliance obligations under Indian law

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share data only in these limited circumstances:

  • Telecom Operators & Aggregators: To deliver SMS, voice, and RCS messages through licensed telecom networks in India
  • Meta / WhatsApp Business API: To facilitate WhatsApp Business API services, subject to Meta's own data policies
  • Payment Processors: Secure third-party payment gateways to process transactions (they have their own data security obligations)
  • Technology Partners: Cloud hosting, analytics, and infrastructure providers who are contractually bound to data confidentiality
  • Legal & Regulatory Bodies: Government authorities, TRAI, or law enforcement when required by law or court order
  • Business Transfers: In the event of a merger, acquisition, or sale of business assets, subject to continued privacy protections

All third-party partners are vetted and required to maintain appropriate security standards consistent with this policy.

5. Data Security

We take data security seriously and implement industry-standard safeguards to protect your information:

  • SSL/TLS encryption for all data transmitted between your browser and our servers
  • Access controls and role-based permissions to limit who can view or edit your data within our organisation
  • Regular security audits and vulnerability assessments of our platform infrastructure
  • Secure API authentication using API keys and OAuth 2.0 protocols
  • Data stored on servers located within India or in compliant cloud regions, consistent with applicable law

While we implement robust security measures, no system is completely immune to security incidents. We advise you to protect your account credentials and notify us immediately at info@connect-first.in if you suspect any unauthorised access.

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Specifically:

  • Account data is retained for the duration of your active account plus up to 3 years after account closure
  • Message delivery logs and campaign data are retained for 12 months for compliance and troubleshooting
  • Financial and billing records are retained for 7 years as required under Indian accounting and tax laws
  • DLT-related registration data is retained as mandated by TRAI regulations

After the applicable retention period, data is securely deleted or anonymised in a manner that prevents re-identification.

7. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your data, subject to legal retention requirements
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw consent for marketing communications at any time
  • Right to Lodge a Complaint: File a grievance with the Data Protection Board of India if you believe your rights have been violated

To exercise any of these rights, please contact our Grievance Officer at info@connect-first.in. We will respond to your request within 30 days.

8. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience:

  • Essential Cookies: Required for the website to function correctly (login sessions, security tokens)
  • Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics)
  • Preference Cookies: Remember your settings and preferences for future visits
  • Marketing Cookies: Used to show relevant advertisements (only with your consent)

You can control cookie settings through your browser preferences. Disabling certain cookies may affect the functionality of our website. We do not respond to "Do Not Track" browser signals at this time.

9. Third-Party Links

Our website and platform may contain links to third-party websites, applications, or services (such as Meta/WhatsApp Business, Google, or telecom operator portals). We are not responsible for the privacy practices or content of these external sites.

We encourage you to read the privacy policies of any third-party services you access through our platform. Connect First's privacy policy applies only to information collected by us directly.

10. Children's Privacy

Connect First's services are intended solely for businesses and adult individuals (18 years of age or older). We do not knowingly collect personal data from individuals under the age of 18.

If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we may have collected data from a person under 18, please contact us at info@connect-first.in.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, business practices, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify registered users via email or a notice on our platform
  • Obtain fresh consent where required by applicable law

We encourage you to review this policy periodically. Continued use of our services after updates constitutes acceptance of the revised policy.

Questions About Your Privacy?

Our team is here to help. Reach out to our Grievance Officer for any privacy-related queries, data requests, or concerns. We aim to respond within 30 business days.