Last updated: 24 June 2026
Privacy Policy
Klovac is a product of Klovant Tech Private Limited, a company incorporated in India. This policy explains what data we collect, why we collect it, and how we protect it.
1. Who we are
Klovant Tech Private Limited ("Klovac", "we", "us") operates the Klovac platform — an AI-powered customer support agent for businesses. Our registered address is in India. You can reach our privacy team at hello@klovac.com.
2. Data we collect
2.1 Account data
When you sign up, we collect your name, email address, and workspace name to create and manage your account.
2.2 Usage data
We log API usage events (number of LLM calls, token counts, estimated cost in INR) to power your usage dashboard and enforce plan limits. We do not log the content of LLM prompts or responses for our own purposes.
2.3 Conversation data
Chat conversations between your end-users and your Klovac bot are stored in your tenant's isolated database partition. This includes messages, timestamps, channel (web or WhatsApp), and any contact details your end-users voluntarily share (name, email, phone). This data belongs to you — we process it only to operate the service.
2.4 Knowledge base content
Documents, URLs, and Q&A pairs you upload to your knowledge base are stored and indexed to power your bot's responses. File uploads are stored in Supabase Storage under your tenant's isolated bucket.
2.5 API keys (BYOK)
Klovac uses a Bring Your Own Keys model. Your AI provider keys (Anthropic, Voyage, etc.) are encrypted using AES-256 symmetric encryption before being stored. Keys are decrypted only at request time, in memory, and are never logged, shared with other tenants, or sent to third parties other than the respective AI provider.
2.6 Billing data
Subscription and payment data is processed by Razorpay. We store your Razorpay customer ID and subscription status but do not store card numbers or bank details — these remain with Razorpay.
3. How we use your data
- To provide, operate, and improve the Klovac platform
- To send transactional emails (welcome, lead alerts, handoff notifications, weekly summaries)
- To enforce usage limits and billing
- To detect and prevent abuse, fraud, and security incidents
- To respond to support requests
We do not sell your data. We do not use your conversation data or knowledge base content to train AI models.
4. Data storage and subprocessors
Your data is stored and processed using the following infrastructure providers:
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Database, auth, file storage | US / EU (configurable) |
| Vercel | Application hosting | Global edge |
| Resend | Transactional email | US |
| Razorpay | Payment processing | India |
| Upstash | Rate limiting (Redis) | Global edge |
| Anthropic / Groq / Voyage | AI inference (via your own API keys) | Per provider |
| Meta (WhatsApp Business API) | WhatsApp channel messaging | Global |
5. Tenant data isolation
Every tenant's data is isolated using Row-Level Security (RLS) policies enforced at the database level. No tenant can access another tenant's conversations, leads, knowledge base, or settings.
6. Data retention
We retain your data for as long as your account is active. If you cancel and request deletion, we will delete your workspace data within 30 days, except where retention is required by law or for fraud prevention. Backups may retain data for up to 90 days after deletion.
7. Your rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Export your data in a portable format
- Object to or restrict certain processing
To exercise any of these rights, email us at hello@klovac.com. We respond within 30 days.
8. GDPR
If you are based in the European Economic Area (EEA), we act as a data processor for end-user conversation data your bot collects, and as a data controller for your account data. A Data Processing Agreement (DPA) is available on request.
9. Security
We implement industry-standard safeguards including encrypted connections (TLS 1.2+), encrypted API key storage, row-level database isolation, and access controls. If you discover a vulnerability, please disclose it responsibly to hello@klovac.com.
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email or in-app notice. Continued use after the effective date constitutes acceptance.