1. Introduction
PuzzleAI Technologies Private Limited (“PuzzleAI,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, create an account, or use our Puzzle Voice platform and related services (collectively, the “Services”).
By accessing or using the Services you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please discontinue use of the Services immediately.
2. Who We Are
PuzzleAI Technologies Private Limited is a company incorporated under the Companies Act, 2013, with its registered office in India. We operate the Puzzle Voice platform — a voice AI solution that enables businesses to deploy intelligent voice agents for customer support, sales qualification, appointment scheduling, and other operational workflows.
For data-protection purposes we act as a data controller for information about our direct customers and website visitors, and as a data processor when we handle personal data on behalf of our customers’ end-users during voice interactions.
3. Data We Collect
3.1 Account & Contact Data
When you register for Puzzle Voice, we collect:
- Full name and work email address
- Company name, job title, and phone number
- Billing information (processed by our payment provider; we do not store raw card data)
- Account credentials (passwords are hashed; we never store them in plain text)
3.2 Usage & Technical Data
When you use the platform, we automatically collect:
- Log data (IP address, browser type, pages viewed, timestamps)
- Device and operating system information
- API request metadata (endpoint, response times, error codes)
- Dashboard interaction events (clicks, feature usage) via first-party analytics
3.3 Communications Data
When your customers interact with a Puzzle Voice agent, the platform may process:
- Audio recordings and real-time audio streams
- Transcripts generated by automatic speech recognition (ASR)
- Conversation metadata (call duration, intent labels, outcome codes)
- Any personal data your end-users voluntarily share during a call (names, account numbers, etc.)
You, as our customer, are responsible for obtaining all necessary consents from your end-users before routing their calls through Puzzle Voice.
3.4 Data You Provide Voluntarily
- Support tickets and chat messages
- Survey responses and feedback
- Content you upload (voice scripts, knowledge-base documents, prompt templates)
4. Voice & Call Data
Voice data is the core of what Puzzle Voice processes. Here is our specific commitment:
- Recording notices: Puzzle Voice can play configurable disclosure prompts at the start of every call. You are responsible for enabling these where required by law.
- Retention: Raw audio is retained for up to 90 days by default. Transcripts and metadata are retained for 12 months. Enterprise customers may configure custom retention windows down to zero.
- Deletion: You may request deletion of specific call records or bulk data through the dashboard or by contacting us at privacy@puzzleai.in.
- Aggregated insights: We may use de-identified, aggregated metrics (e.g., average call duration, intent distribution) to improve platform reliability. No individual end-user can be identified from this data.
5. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Provide and maintain the Services | Account data, usage data, communications data |
| Process billing and prevent fraud | Account data, payment information, IP address |
| Deliver customer support | Account data, support tickets, call context |
| Send product updates and security alerts | Email address |
| Improve platform performance and reliability | Aggregated, de-identified usage and technical data |
| Comply with legal obligations | As required by applicable law |
| Enforce our Terms and detect abuse | Usage logs, API metadata |
We will not use your personal data for purposes materially different from those listed above without obtaining your prior consent.
6. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:
- Contractual necessity (Art. 6(1)(b) GDPR): Processing necessary to provide the Services you have subscribed to.
- Legitimate interests (Art. 6(1)(f) GDPR): Fraud prevention, platform security, and improving service reliability — balanced against your rights.
- Legal obligation (Art. 6(1)(c) GDPR): Processing required by applicable law (e.g., tax records, regulatory requests).
- Consent (Art. 6(1)(a) GDPR): For optional communications such as newsletters and product surveys.
7. Data Sharing & Sub-processors
We do not sell your personal data. We share data only with trusted third parties necessary to run the platform, under data processing agreements that bind them to equivalent protections. Our current sub-processors include:
| Sub-processor | Role | Data Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure & storage | India / Singapore (configurable) |
| OpenAI (API) | Large language model inference | United States |
| Stripe | Payment processing | United States / Ireland |
| Postmark / SendGrid | Transactional email | United States |
| Sentry | Error monitoring | United States |
We will notify you at least 14 days before adding a new sub-processor. Enterprise customers may request our full sub-processor list at privacy@puzzleai.in.
We may also disclose data to law enforcement or regulatory authorities when required by law, or to protect the safety and legal rights of PuzzleAI and its users.
8. Data Retention
- Account data: Retained for the duration of your subscription and deleted within 60 days of account closure, unless a longer period is required by law.
- Raw audio recordings: 90 days (default); configurable to 0–365 days on Enterprise plans.
- Transcripts & call metadata: 12 months (default); configurable on Enterprise plans.
- Billing & financial records: 7 years as required by Indian tax law.
- Backup copies: Purged within 30 days of primary deletion.
9. Security
We implement industry-standard administrative, technical, and physical safeguards to protect your data, including:
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- Role-based access controls and least-privilege principles
- Multi-factor authentication for all internal systems
- Regular penetration testing and vulnerability assessments
- Logical tenant isolation — your data is never co-mingled with another customer’s
- Incident response plan with breach notification within 72 hours of discovery (GDPR compliant)
No system is 100% secure. If you discover a vulnerability, please report it to security@puzzleai.in.
10. International Data Transfers
Our primary data residency is India. Where we transfer personal data outside India or the EEA (e.g., to our sub-processors in the United States), we rely on one or more of the following mechanisms:
- EU Standard Contractual Clauses (SCCs) for EEA data subjects
- The EU–US Data Privacy Framework (DPF) where applicable
- Adequacy decisions by the relevant supervisory authority
Enterprise customers may request a Data Processing Addendum (DPA) that specifies transfer mechanisms in detail.
11. Your Rights
Depending on your location, you may have the following rights over your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that inaccurate or incomplete data be corrected.
- Deletion: Request erasure of your personal data (subject to legal retention requirements).
- Portability: Receive your data in a machine-readable format.
- Restriction: Ask us to restrict processing in certain circumstances.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent: Withdraw any consent you have given at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, email privacy@puzzleai.in. We will respond within 30 days. EEA residents who are not satisfied with our response have the right to lodge a complaint with their local supervisory authority.
12. Cookies & Tracking
We use a minimal set of cookies and similar technologies on our website and dashboard:
- Strictly necessary cookies: Authentication session tokens, CSRF protection. These cannot be disabled.
- Functional cookies: User preferences (language, timezone). Can be disabled in browser settings.
- Analytics: We use privacy-friendly, first-party analytics. We do not use Google Analytics or third-party ad tracking on authenticated pages.
You may control cookies through your browser settings. Disabling necessary cookies may prevent access to certain features of the platform.
13. Children’s Privacy
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@puzzleai.in and we will promptly delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top of this page and, for material changes, notify you by email or prominent in-product notice at least 14 days before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
15. Contact Us
For privacy-related questions, requests, or complaints, please contact our Data Protection team:
- Email: privacy@puzzleai.in
- Mailing address: PuzzleAI Technologies Private Limited, [Registered Office Address], India
We aim to respond to all privacy requests within 30 days.