Last updated: 24 June 2026

Privacy Policy

Klovac is a product of Klovant Tech Private Limited, a company incorporated in India. This policy explains what data we collect, why we collect it, and how we protect it.


1. Who we are

Klovant Tech Private Limited ("Klovac", "we", "us") operates the Klovac platform — an AI-powered customer support agent for businesses. Our registered address is in India. You can reach our privacy team at hello@klovac.com.

2. Data we collect

2.1 Account data

When you sign up, we collect your name, email address, and workspace name to create and manage your account.

2.2 Usage data

We log API usage events (number of LLM calls, token counts, estimated cost in INR) to power your usage dashboard and enforce plan limits. We do not log the content of LLM prompts or responses for our own purposes.

2.3 Conversation data

Chat conversations between your end-users and your Klovac bot are stored in your tenant's isolated database partition. This includes messages, timestamps, channel (web or WhatsApp), and any contact details your end-users voluntarily share (name, email, phone). This data belongs to you — we process it only to operate the service.

2.4 Knowledge base content

Documents, URLs, and Q&A pairs you upload to your knowledge base are stored and indexed to power your bot's responses. File uploads are stored in Supabase Storage under your tenant's isolated bucket.

2.5 API keys (BYOK)

Klovac uses a Bring Your Own Keys model. Your AI provider keys (Anthropic, Voyage, etc.) are encrypted using AES-256 symmetric encryption before being stored. Keys are decrypted only at request time, in memory, and are never logged, shared with other tenants, or sent to third parties other than the respective AI provider.

2.6 Billing data

Subscription and payment data is processed by Razorpay. We store your Razorpay customer ID and subscription status but do not store card numbers or bank details — these remain with Razorpay.

3. How we use your data

  • To provide, operate, and improve the Klovac platform
  • To send transactional emails (welcome, lead alerts, handoff notifications, weekly summaries)
  • To enforce usage limits and billing
  • To detect and prevent abuse, fraud, and security incidents
  • To respond to support requests

We do not sell your data. We do not use your conversation data or knowledge base content to train AI models.

4. Data storage and subprocessors

Your data is stored and processed using the following infrastructure providers:

SubprocessorPurposeLocation
SupabaseDatabase, auth, file storageUS / EU (configurable)
VercelApplication hostingGlobal edge
ResendTransactional emailUS
RazorpayPayment processingIndia
UpstashRate limiting (Redis)Global edge
Anthropic / Groq / VoyageAI inference (via your own API keys)Per provider
Meta (WhatsApp Business API)WhatsApp channel messagingGlobal

5. Tenant data isolation

Every tenant's data is isolated using Row-Level Security (RLS) policies enforced at the database level. No tenant can access another tenant's conversations, leads, knowledge base, or settings.

6. Data retention

We retain your data for as long as your account is active. If you cancel and request deletion, we will delete your workspace data within 30 days, except where retention is required by law or for fraud prevention. Backups may retain data for up to 90 days after deletion.

7. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, email us at hello@klovac.com. We respond within 30 days.

8. GDPR

If you are based in the European Economic Area (EEA), we act as a data processor for end-user conversation data your bot collects, and as a data controller for your account data. A Data Processing Agreement (DPA) is available on request.

9. Security

We implement industry-standard safeguards including encrypted connections (TLS 1.2+), encrypted API key storage, row-level database isolation, and access controls. If you discover a vulnerability, please disclose it responsibly to hello@klovac.com.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email or in-app notice. Continued use after the effective date constitutes acceptance.

11. Contact

Klovant Tech Private Limited
India
hello@klovac.com
+91 90324 89675